FINRA is conducting an assessment of firms' approaches to managing cyber-security threats. FINRA is conducting this assessment in light of the critical role information technology (IT) plays in the securities industry, the increasing threat to firms' IT systems from a variety of sources, and the potential harm to investors, firms, and the financial system as a whole that these threats pose.

FINRA has four broad goals in performing this assessment:

• To understand better the types of threats that firms face
• To increase its understanding of firms' risk appetite, exposure and major areas of vulnerabilities in their IT systems
• To understand better firms' approaches to managing these threats, including through risk assessment processes, IT protocols, application management practices and supervision
• As appropriate, to share observations and findings with firms

Note: The assessment addresses a number of areas related to cyber-security, including firms':

• Approaches to information technology risk assessment
• Business continuity plans in case of a cyber-attack;
• Organizational structures and reporting lines
• Processes for sharing and obtaining information about cyber-security threats;
• Understanding of concerns and threats faced by the industry
• Assessment of the impact of cyber-attacks on the firm over the past twelve months
• Approaches to handling distributed denial of service attacks
• Training programs
• Insurance coverage for cyber-security related events; and
• Contractual arrangements with third-party service provider

Click Here to download the FINRA Cyber-Security Sweep Alert.
For questions regarding this Alert or any other regulatory matter can be directed to:

Mitch Avnet, Managing Partner –Email or T:(646) 346-2468

Bill Schloth, National Director of Client Development –Email or T: (203) 247-3687

The post ALERT: FINRA Cyber-Security Sweep appeared first on Compliance Risk Concepts.