BROWSE BY TOPIC
- Bad Brokers
- Compliance Concepts
- Investor Protection
- Investments - Unsuitable
- Investments - Strategies
- Wall Street News
- Investments - Private
- Rules & Regulations
- Bad Advisors
- Boiler Rooms
- Terminations/Cost Cutting
- General News
- Donald Trump & Co.
- Big Banks
- Regulatory Sanctions
Stories of Interest
- Sarah ten Siethoff is New Associate Director of SEC Investment Management Rulemaking Office
- Catherine Keating Appointed CEO of BNY Mellon Wealth Management
- Credit Suisse to Pay $47Mn to Resolve DOJ Asia Probe
- SEC Chair Clayton Goes 'Hat in Hand' Before Congress on 2019 Budget Request
- SEC's Opening Remarks to the Elder Justice Coordinating Council
- Massachusetts Jury Convicts CA Attorney of Securities Fraud
- Deutsche Bank Says 3 Senior Investment Bankers to Leave Firm
- World’s Biggest Hedge Fund Reportedly ‘Bearish On Financial Assets’
- SEC Fines Constant Contact, Popular Email Marketer, for Overstating Subscriber Numbers
- SocGen Agrees to Pay $1.3 Billion to End Libya, Libor Probes
- Cryptocurrency Exchange Bitfinex Briefly Halts Trading After Cyber Attack
- SEC Names Valerie Szczepanik Senior Advisor for Digital Assets and Innovation
- SEC Modernizes Delivery of Fund Reports, Seeks Public Feedback on Improving Fund Disclosure
- NYSE Says SEC Plan to Limit Exchange Rebates Would Hurt Investors
- Deutsche Bank faces another challenge with Fed stress test
- Former JPMorgan Broker Files racial discrimination suit against company
- $3.3Mn Winning Bid for Lunch with Warren Buffett
- Julie Erhardt is SEC's New Acting Chief Risk Officer
- Chyhe Becker is SEC's New Acting Chief Economist, Acting Director of Economic and Risk Analysis Division
- Getting a Handle on Virtual Currencies - FINRA
We seek to provide information, insights and direction that may enable the Financial Community to effectively and efficiently operate in a regulatory risk-free environment by curating content from all over the web.
Stay Informed with the latest fanancialish news.
NEWSLETTERS & ALERTS
B/D Cybersecurity - FINRA Podcast (Last of 3 Parts)
by Howard Haykin
In this third and last of a 3-part series on common cybersecurity program deficiencies, Chip Jones, FINRA’s SVP of Member Relations and Education, leads a discussion with Dave Kelley, the Surveillance Director from FINRA's KC District Office, on formalizing the oversight of a firm's cyber program and strengthening controls around access to data and systems. The podcast duration is 7-1/2 minutes.
VENDOR MANAGEMENT AS IT RELATES TO CYBERSECURITY. These days, every firm – large or small – uses a vendor for something, and those vendors often have access to firm data. Therefore, before engaging with those vendors:
- Before engaging a vendor: (i) know how the vendor is going to protect firm data; (ii) know who at the vendor will have access to your firm’s data; (iii) design controls that will monitor data protection; (iv) incorporate all this information in the contract with the vendor.
- After the vendor has been engaged, verify on an ongoing basis that the designated controls are in place and are working.
- After the vendor completes its assignment and departs, ascertain (to whatever extent is possible) that the vendor has deleted any firm data from its computers and storage facilities.
EFFECTIVE CYBERSECURITY CONTROLS AT BRANCHES. Branch offices of a broker-dealer may be responsible for buying their own hardware and setting up security. Here’s what FINRA likes to see, with respect to branch cybersecurity:
- Firms should require having a training program in place to instruct new personnel so that they understand firm controls and expectations.
- Firms should have processes that monitor what’s happening at branch offices. This can be accomplished with: (i) branch inspections; and/or (ii) software installed on computers at those locations that monitor such controls as encryption and virus protection.
- Annual training for all associated persons.
REMOVABLE MEDIA. For such devices as CDs and thumb drives, FINRA looks to see that firms have controls in place to prevent inadvertent or purposeful downloading of firm data.
[Click here to access PART 1 OF 3]
[Click here to access PART 2 OF 3]