Search Our Blog

FINRA Examinations Report Cites Broker-Dealer Cybersecurity Deficiencies

By Jonah A. Toleno, Esq. of Shustak Reynolds & Partners, P.C. posted on Tuesday, December 12, 2017.

Jonah A. Toleno

Jonah A. Toleno

Of Counsel

Location: San Diego, California
Phone: (619) 696-9500 (Ext. 104)
Direct: (619) 501-6483
Email: [email protected]

Jonah A. Toleno, Esq.
619.696.9500 ext. 104
[email protected]

On December 6, 2017, the Financial Industry Regulatory Authority (FINRA) released a report on recent findings by it Examination program, citing to key deficiencies in broker-dealer cybersecurity processes. As part of its Examination program, FINRA examines broker-dealers at least once every four years to identify potential and existing compliance and regulatory issues. FINRA’s stated intent in examining firms is to help “better protect investors and the integrity of the markets.”

In the report, FINRA noted that “[c]ybersecurity is one of the principal operational risks facing broker-dealers.” Among other findings, FINRA identified the following key deficiencies and practical examples in various broker-dealer firms’ cybersecurity exams:

-          Access Management (some firms lacked systems to log, monitory and supervise activities to detect anomalies, and to timely terminate departing employees’ access to firm systems);

-          Risk Assessment (lack of formal processes to conduct ongoing risk assessments of data, systems, and applications)

-          Vendor Management (no formal processes to review prospective vendors’ cybersecurity preparedness)

-          Branch Office challenges in managing passwords, implementing patches and software updates)

-          Segregation of Duties (failure to segregate responsibilities for requesting, implementing, and approving cybersecurity rules and systems changes)

-          Data Loss Prevention (larger and medium sized firms could use expansion of programs to prevent transmission of sensitive information such as Social Security numbers)

While FINRA did report an increase in firms’ awareness of cybersecurity threats and implementation of cybersecurity policies and procedures, it is clear the threats are ever-present and evolving. For more information on FINRA’s findings on cybersecurity and other examination results, visit the FINRA Report directly at

Jonah Toleno is a partner in our San Diego office and has extensive experience representing individuals and firms before the SEC, FINRA, state courts and federal courts. She acts as trial counsel in a range of litigation and arbitration matters and offers outside counsel services to various financial services firms.

Shustak Reynolds & Partners, P.C. focuses its practice on securities and financial services law and complex business disputes. We represent many broker-dealers, registered representatives, investment advisors, investors and businesses. For more information, or if you or your company require counsel in these areas, contact us today for a confidential, complimentary consultation.

Share This Article linkedin