07 Apr 2016

Implementing Cybersecurity Guidance

In early 2016, the Financial Industry Regulatory Authority (FINRA) released a Regulatory and Examination Priorities Letter providing an overview of core focus areas for financial firms. The areas outlined in the letter include culture, conflicts of interest and ethics; supervisions, risk management and controls; liquidity; sales practices; financial and operations controls; and market integrity. But understanding what each focus area actually means, and how it applies to your individual business, can be challenging. Today’s post will take you through an explanation of each key focus area so that you can understand the impact on your business.

Culture, conflicts of interest, and ethics refers to the factors that determine how firm members make and implement decisions for their business. As part of the examination process, FINRA will now be formally assessing culture due to its central role in firm compliance and risk management practices. Specifically, FINRA will be looking at how firms communicate and evaluate their culture, and whether policies, and controls are valued within the organization. As you begin to review your firm’s approach to culture, consider the following questions:

  • How does your firm respond to policy and procedure breaches?
  • Does firm management exemplify the values and culture of the organization?
  • Is compliance valued within the organization?
  • Do individual departments within the organization exemplify the corporate culture?

Supervisions, risk management, and controls will be a one of the broadest focus areas for FINRA, and will cover a wide range of areas including managing conflicts, technology infrastructure, outsourcing, and anti-money laundering. Specifically within technology infrastructure, FINRA will be looking at hardware, software and the personnel tasked with its management. Firms will have to demonstrate compliance with cybersecurity controls, data quality and governance, vendor assessments, and reporting practices. As you begin to review your firm’s approach to risk management and controls, consider the following questions:

  • Which controls are in place to prevent and mitigate data loss?
  • How robust is your firm’s cybersecurity framework?
  • Which types of reporting practices does your firm have in place for data quality and governance?
  • How are third party vendors assessed and supervised?

The final four focus areas include liquidity, sales practices, financial and operational controls, and market integrity. FINRA will be assessing these focus areas in order to ensure that controls are in place to protect investors and lessen financial and operational risks.

Regulatory oversight of the financial industry will only continue to increase, so now is the time to begin assessing your firm’s current policies and procedures and making the appropriate revisions based on the current guidance. Stay tuned for next week’s post, which will delve into FINRA’s focus on technology infrastructure and how you can prepare.

Redefining technological support every day

Let our experienced team discuss your organization’s requirements, review your current IT setup, and provide tailored guidance on the right course for you.

Get a callback