SEC, Finra Issue Cybersecurity Reports

Terry Flanagan

The U.S. Securities and Exchange Commission has issued publications that address cybersecurity at brokerage and advisory firms and provide suggestions to investors on ways to protect their online investment accounts.

“Cybersecurity threats know no boundaries. That’s why assessing the readiness of market participants and providing investors with information on how to better protect their online investment accounts from cyber threats has been and will continue to be an important focus of the SEC,” said SEC chair Mary Jo White, in a statement.

One publication, a Risk Alert from the SEC’s Office of Compliance Inspections and Examinations (OCIE), contains observations based on examinations of more than 100 broker-dealers and investment advisers. The examinations focused on how firms identify cybersecurity risks, establish cybersecurity policies, procedures, and oversight processes, and protect their networks and information

The Financial Industry Regulatory Authority has issued its own report on cybersecurity, which details practices that firms can tailor to their business model as they strengthen their cybersecurity efforts.

The report draws in part from the results of FINRA’s recent targeted examination (“sweep”) of a cross-section of firms. The sweep, conducted in 2014, focused on the types of threats firms face, areas of vulnerabilities in their systems and firms’ approaches to managing these threats.

According to Finra, broker-dealers identified the top three threats as hackers penetrating firm systems, insiders compromising firm or client data, and operational risks.

The ranking of threats varied by firm and by business model, Finra said. While online brokerage firms and retail brokerages are more likely to list hackers as their top-priority risk, firms that engage in algorithmic trading were more likely to consider insider risks potentially more damaging. Large investment banks or broker-dealers typically ranked risks from nation states or hacktivist groups more highly than other firms.

Grigoriy Milis, chief technology officer at Richard Fleischman & Associates, an outsourced technology provider to hedge funds, told Markets Media that internal threats are primarily about threats to the intellectual property.

“If the company has some kind of very valuable intellectual property then the internal threat would be more important to them than external,” Milis said.

Today, said Milis, external threats have become more dangerous because of the sophisticated attack vectors being employed.

“If you look a few years back, the external threat was about creating a business disruption. It was about creating some kind of chaos and mischief inside the company’s network,” said Milis. “Today, however, the external threat is all about data extrusion. They will take whatever they can get their hands on. It’s even worse because they also can potentially initiate fraudulent financial transactions.”

Featured image via bluebay2014/Dollar Photo Club

Related articles

  1. EMSAC Looks to Reduce Trading Halts

    State Street said the regulatory path would involve more delays, and all approvals have not been resolved.

  2. Saphyre’s AI platform allows data to be entered once for simultaneous access.

  3. Bar Raised on FX Trading

    Upgrades enable hedge funds and asset managers to gain actionable insights quicker and more efficiently.

  4. They will help investors identify companies committed to improving gender diversity.

  5. Investors are seeking the tax efficiency, trading flexibility and cost benefits of ETFs.