The protection of customer personal data continues to be a priority for the Financial Industry Regulatory Authority (FINRA), primarily from an examination perspective and, the author predicts, increasingly from an enforcement perspective. In its December Report on Selected Cybersecurity Practices—2018, FINRA shares information learned during its examinations to help broker-dealer firms to increase the effectiveness of their cybersecurity programs. Attention to this report will assist even the most sophisticated firms in both strengthening their data security controls and responding to FINRA examination requests.
This articles first summarizes the key regulations that govern broker-dealers’ data management and protection efforts. The article then describes the key points of the report. Finally, it offers some observations from the author’s practice, to amplify the suggestions in FINRA’s report.