Business and Legal Insights

On January 4, 2017, FINRA released its 2017 Regulatory and Examination Priorities Letter. In its Letter, and for the third year in row, FINRA identified cybersecurity as a top priority. FINRA stated that cybersecurity is “one of the most significant risks many firms face.”

FINRA identified two areas where it observed repeated failures by firms:

1. cybersecurity controls at branch offices, and
2. preservation of electronic records in “write once, read many” (WORM) format.

To underscore its point, FINRA spotlighted its December 2016 disciplinary action wherein 12 firms where collectively fined $14.4 million for WORM retention failures. Read our December 21, 2016 post about this.

Branch office controls and WORM retention are not the only top areas of cybersecurity regulatory focus. In 2015 and 2016, FINRA and the SEC brought cybersecurity enforcement proceedings for failing to safeguard customer records and information, and for failing to adopt adequate cybersecurity policies and procedures prior to a breach:

• Sterne Agee Settles With FINRA Over Laptop Privacy Breach
• SEC Charges Investment Adviser With Failing to Adopt Proper Cybersecurity Policies and Procedures Prior To Breach
• SEC: Morgan Stanley Failed to Safeguard Customer Data
• FINRA Imposes Fines Totaling $600,000 Against Lincoln Financial Securities and Lincoln Financial Advisors for Failure to Protect Confidential Customer Information

In 2017, we expect FINRA to execute more cybersecurity examinations than in years past. Firms — be prepared.

Relevant Resources

• 2017 Regulatory and Examination Priorities Letter