BROWSE BY TOPIC
Stories of Interest
- State Street Challenging BNY Mellon As Largest Custody Bank
- Changes to FINRA Advisory Committees: Phase 1
- SEC Approves CAT Fee Dispute Resolution Process
- Boston-Area Consultant & Friend Settle SEC Insider Trading Charges
- SEC Chair Clayton: Statement on Status of the Consolidated Audit Trail ('CAT')
- Goldman to Launch $5bn Fund with China Investment Corp.
- Wells Fargo Launches Robo-Adviser Targeting Millenial Investors
- Barclays Fails to End U.S. 'Dark Pool' Class Action
- Goldman Sachs' Chief Risk Officer, Craig Broderick, to Retire
- Time to Renew FINRA Registrations - B/D, IA, Agent, IA Rep, Branches
- New Jersey’s Next Governor Could Be a Democrat Who Worked at Goldman Sachs
- FINRA New York Region Networking Seminar - December 1st
- SEC Approves “Pay-to-Play” and Related Rules for Capital Acquisition Brokers
- Hedge Fund Giant Paul Singer Targeted for Destruction by Steve Bannon
- Saudi Arabia's arrest of Prince Alwaleed 'would be like arresting Warren Buffett or Bill Gates' in the US
- Arrest of Billionaire Saudi Prince Touches Sizable Stakes - Citigroup, Twitter, Lyft
- New York Fed President William Dudley set to announce retirement
- FINRA Arbitration Panel Rules Against ex-LPL Broker in $30Mn Lawsuit vs. Firm
- OOPS! Goldman, JPMorgan, BofA Fail in Pricing an IPO
- Former Merrill Broker Pleads Guilty to Fee Fraud, Faces Up To 25 Years
We seek to provide information, insights and direction that may enable the Financial Community to effectively and efficiently operate in a regulatory risk-free environment by curating content from all over the web.
Stay Informed with the latest fanancialish news.
NEWSLETTERS & ALERTS
Broker-Dealer Cybersecurity - FINRA Podcast (Part 2 of 3)
In the second of a 3-part series on common cybersecurity program deficiencies, Chip Jones, FINRA’s SVP of Member Relations and Education, leads a discussion with Dave Kelley, the Surveillance Director from FINRA's KC District Office, on formalizing the oversight of a firm's cyber program and strengthening controls around access to data and systems. The podcast duration is 6-1/2 minutes.
When formalizing a cybersecurity program, firms should incorporate the following elements:
- involvement of top management including, where applicable, the board of directors;
- one person dedicated to organizing the entire program firmwide (in a small firm, that might be the CCO or an outside IT consultant); and,
- communications between the designated person and top management.
The FINRA Small Firm Cybersecurity Checklist is designed to assist small firms in establishing a cybersecurity program to:
► identify and assess cybersecurity threats, protect assets from cyber intrusions
► detect when their systems and assets have been compromised
► plan for the response when a compromise occurs
► implement a plan to recover lost, stolen or unavailable assets
To control access to a firm’s data, a firm must have answers to the following questions:
- How do people get access?
- How is access taken away when people leave the firm?
- What type of monitoring is done on an annual basis to know who has access to data?
- Is the firm’s data stored on an internal server or on a vendor’s remote server?
- Who, at the firm, has more access to firm data than anyone else, and what is the process for knowing what they’re doing at any/all times?
When it comes to password protection, ... firm’s should require longer and more complex passwords that are changed periodically. Firms should also utilize “multi-factor authentication” for people who access firm data from outside the organization.
NEXT UP - PART 3 - Vendor Management, Branch Controls, Data Protection.
[Click here to access PART 1 OF 3]