Going for Brokerages: FINRA and SEC Take Aim at Deficient Cyber Policies and Practices

On Feb. 3, the Securities and Exchange Commission (SEC) and the Financial Industry Regulatory Authority (FINRA) each released reports regarding cybersecurity issues for brokerage and advisory firms, both of which should be considered required reading for chief information security officers, chief information officers, legal teams and anyone else responsible for managing cybersecurity risk. These reports highlight best practices for managing cybersecurity risk and areas for potential improvement, and should encourage firms to consider further investments in cybersecurity because, as FINRA specifically points out, it ‘‘expects firms to consider the principles and effective practices presented in the report as they develop or enhance their cybersecurity programs.’’  As a result, firms should anticipate that elements covered in the reports will be benchmarks for measuring the effectiveness of a firm’s cybersecurity program in any enforcement action brought by either the SEC or FINRA.

Read the full article here

Reprinted with permission from Bloomberg BNA Privacy & Security Law Report, April 6, 2015