So far in 2020, Finra has taken disciplinary action against 5 firms and 100 individuals for compliance issues surrounding information management or for failing to produce information in a timely manner.

With the world’s sudden and forced transition to remote offices as a result of the COVID-19 pandemic, it has never been more timely to re-approach how your firm is managing and protecting its data infrastructure.

Many modern workplaces have undergone significant changes to create flexible data infrastructures and innovative work environments. Those in heavily regulated environments, including financial institutions or financial advisors at both broker-dealers and RIAs, have been slow to adopt this new approach.

Instead, in an attempt to meet demanding security vigilance, regulatory obligations, insider risk concerns, and protect against public data breaches; many firms continue to rely on old technology stacks and supervisory procedures. This could in turn expose them to more sophisticated cybersecurity threats and regulatory enforcement risks.

The current techniques and tools in use were built to address information security vulnerabilities known at the time of design and implementation. Attack vectors evolve over time as do the tools and technology to combat them.

In today’s climate, firms can not afford — literally or figuratively — a weak data management infrastructure.

A few sobering statistics:

Compliance is no longer a check the box task, it’s an ongoing battle that requires attention.

In Finra's 2019 Report on Examination Findings and Observations, they identified digital communications and cybersecurity as key areas where firms encounter challenges complying with supervision and record-keeping requirements.

Specifically, these include areas of governance and risk management, access rights and controls, data loss prevention, mobile security, incident response and resiliency, vendor management, and training and awareness.

While only financial institutions and certain financial advisors are under FINRA and the SEC's direct regulation; data protection and efficiency are areas that all businesses would benefit from addressing.

 

In addition to increasing compliance demands, there’s been a paradigm shift surrounding data protection in today’s digital landscape.

The old model was to place all of an institution’s data, identities and infrastructure into an environment that was protected at the perimeter by investing into firewalls, intrusion detection systems (IDS) and intrusion prevention systems (IPS).

As the network perimeter expanded and information became more distributed, the nature of attacks changed. Increasingly, malware-less attacks have become normal. These take the form of phishing, password-spraying, social engineering and the grabbing of credentials.

The consensus was that information within the modern enterprise perimeter could no longer be secured at a network level but instead must be secured at the resource level. This ensures that the information is protected no matter where the data is or how it is being used or accessed. For example, a document opened at a physical office could be opened securely on an employee’s phone or laptop from home.

Again, this is incredibly significant in today’s climate of remote working which has been expedited by the pandemic and will leave an everlasting impact on how companies operate moving forward.

A firm can gain a significant competitive advantage by giving both its employees and customers a modern collaboration platform that’s easy to adopt and easy to use. However, this cannot be to the detriment of security and compliance.

We know this first-hand, as Horizon Globex’s securities and trading software suite was built with a compliance-focused approach. In developing our securities ecosystem for regulated entities, we realized we would have to address the information management problem head-on.

In doing this we realized the value our team of Wall Street and software pioneers with 25+ years of experience could add to other firms facing the same dilemma.

No matter your approach, the protection of data, identities, devices and applications is not only critical to a businesses’ functionality, for many, it’s required and heavily regulated to ensure data management infrastructure is up to par.

Pete Hall is the Chief Information Officer for Horizon Globex, a FinTech company offering a suite of integrated software applications for compliant issuance through secondary trading of electronic securities.

More Fintech News: