So far in 2020, Finra has taken disciplinary action against 5 firms and 100 individuals for compliance issues surrounding information management or for failing to produce information in a timely manner.
With the world’s sudden and forced transition to remote offices as a result of the COVID-19 pandemic, it has never been more timely to re-approach how your firm is managing and protecting its data infrastructure.
Many modern workplaces have undergone significant changes to create flexible data infrastructures and innovative work environments. Those in heavily regulated environments, including financial institutions or financial advisors at both broker-dealers and RIAs, have been slow to adopt this new approach.
Instead, in an attempt to meet demanding security vigilance, regulatory obligations, insider risk concerns, and protect against public data breaches; many firms continue to rely on old technology stacks and supervisory procedures. This could in turn expose them to more sophisticated cybersecurity threats and regulatory enforcement risks.
The current techniques and tools in use were built to address information security vulnerabilities known at the time of design and implementation. Attack vectors evolve over time as do the tools and technology to combat them.
In today’s climate, firms can not afford — literally or figuratively — a weak data management infrastructure.
A few sobering statistics:
- The average cost of a data breach is $3.92 million as of 2019 (Security Intelligence).
- 43% of breach victims were small businesses (Verizon 2019 Data Breach Report).
- 60% of small businesses that suffer a cyber attack go out of business within half a year (U.S. National Cyber Security Alliance).
Compliance is no longer a check the box task, it’s an ongoing battle that requires attention.
In Finra's 2019 Report on Examination Findings and Observations, they identified digital communications and cybersecurity as key areas where firms encounter challenges complying with supervision and record-keeping requirements.
Specifically, these include areas of governance and risk management, access rights and controls, data loss prevention, mobile security, incident response and resiliency, vendor management, and training and awareness.
While only financial institutions and certain financial advisors are under FINRA and the SEC's direct regulation; data protection and efficiency are areas that all businesses would benefit from addressing.