With cyber security threats on the rise, broker dealers must prioritize protection of electronic investor information. What cyber security threats exist for broker dealers? In its 2015 Report on Cyber Security Practices, the Financial Industry Regulatory Authority (FINRA) identified a wide range of actors that may attempt to compromise a broker dealers’ electronic records and functions: (1) cybercriminals seeking to steal; (2) nation states; (3) terrorist groups; (4) hacktivists seeking to cause disruption or embarrassment; (5) firm insiders and (6) competitors. With these threats in play, FINRA explained that many firms are particularly vulnerable because of increased web-based activities and use of mobile devices by clients.
The 46-page FINRA report details best principles and practices that firms should implement to mitigate cyber security risks. In the report, FINRA addresses, among other things, the key aspects of an effective incident response plan and also suggests that firms consider obtaining cyber insurance to transfer some of the unmitigated risk.
If broker dealers fail to meet cyber security compliance standards, FINRA may intervene and impose fines. In December 2016, FINRA announced that it had fined 12 firms a total of $14.4 million for failing to properly protect electronic records from alteration. Specifically, FINRA alleged that the firms did not safeguard against hackers changing the content of electronic records by saving them in “write once, read many” or WORM format, which prevents the records from being changed. Of the 12 firms fined, Wells Fargo Securities LLC and Wells Fargo Prime Services paid the highest fine of $4 million.
In light of heightened scrutiny by FINRA and firms’ increasing vulnerability to cyber attacks, firms should invest in improving their cyber security programs today. Another good resource for smaller firms is FINRA’s cybersecurity check list found here: FINRA Small Firm Cybersecurity Checklist.