Request a
Consultation
FINRA hero image of someone reviewing stocks

Financial Industry Regulatory Authority (FINRA)

FINRA is a nonprofit organization overseen by the U.S. Securities and Exchange Commission (SEC) that regulates U.S. brokerage firms. 

FINRA writes rules related to investor protection and market integrity; it examines firms for and enforces compliance with FINRA rules and federal securities laws. 

Individuals and firms that want to conduct business with the investing public must achieve and maintain certification as members of FINRA. 

As part of its mission to protect investors, brokerage firms, and financial markets, FINRA has specific rules related to cybersecurity that firms must comply with. The 2022 Report on FINRA’s Examination and Risk Monitoring Program gives firms information to help establish their compliance programs; it lists relevant rules, describes effective practices, and includes helpful resources. Part of this report includes regulatory obligations for cybersecurity and technology governance, including Rule 30 of the SEC’s Regulation S-P, which requires firms to have written policies and procedures that are reasonably designed to safeguard customer records and information, and FINRA Rule 4370, Business Continuity Plans and Emergency Contact Information.

These rules provides cybersecurity guidance and resources to help firms build out their cybersecurity programs and maintain compliance with these regulations. These include a Small Firm Cybersecurity Checklist, Core Cybersecurity Threats and Effective Controls for Small Firms, and a Report on Selected Cybersecurity Practices – 2018.

Cerberus provides several key services listed in the Report on Selected Cybersecurity Practices, including penetration testing, security awareness training, and risk assessment services.

FINRA evaluates brokerage firms’ approaches to cybersecurity risk management by reviewing controls in several areas: 

  • Technology governance
  • Technical controls
  • Risk assessment
  • Access management
  • Incident response
  • Vendor management
  • Data loss prevention
  • System change management
  • Branch controls
  • Staff training

It publishes Information Notices on common cybersecurity threats that broker-dealers face, including phishing, imposter websites, customer account takeover incidents, fraudulent wires of ACH transactions, and vendor breaches. FINRA also pushes out cybersecurity alerts to members based on recent attacks.

Get Started with Cerberus Sentinel

Contact us for more information on how to maintain compliance with cybersecurity regulations.