ALERT: FINRA Cyber-Security Sweep

FINRA is conducting an assessment of firms’ approaches to managing cyber-security threats. FINRA is conducting this assessment in light of the critical role information technology (IT) plays in the securities industry, the increasing threat to firms’ IT systems from a variety of sources, and the potential harm to investors, firms, and the financial system as a whole that these threats pose.

cyber-security-sweep

Click to Download the FINRA Cyber-Security Sweep Alert

FINRA has four broad goals in performing this assessment:

  • To understand better the types of threats that firms face
  • To increase its understanding of firms’ risk appetite, exposure and major areas of vulnerabilities in their IT systems
  • To understand better firms’ approaches to managing these threats, including through risk assessment processes, IT protocols, application management practices and supervision
  • As appropriate, to share observations and findings with firms

 

 

Note: The assessment addresses a number of areas related to cyber-security, including firms’:

 

  • Approaches to information technology risk assessment
  • Business continuity plans in case of a cyber-attack;
  • Organizational structures and reporting lines
  • Processes for sharing and obtaining information about cyber-security threats;
  • Understanding of concerns and threats faced by the industry
  • Assessment of the impact of cyber-attacks on the firm over the past twelve months
  • Approaches to handling distributed denial of service attacks
  • Training programs
  • Insurance coverage for cyber-security related events; and
  • Contractual arrangements with third-party service provider

 

 

Click Here to download the FINRA Cyber-Security Sweep Alert.
For questions regarding this Alert or any other regulatory matter can be directed to:

Mitch Avnet, Managing PartnerEmail or T:(646) 346-2468

Bill Schloth, National Director of Client DevelopmentEmail or T: (203) 247-3687


SHARE: