FINRA Releases 2024 Regulatory Oversight Report
The Financial Industry Regulatory Authority (FINRA) released its 2024 Annual Regulatory Oversight Report highlighting several areas of focus for the Self-Regulatory Organization (SRO). Areas of focus include:
- Cybersecurity and Technology Management
- Books and Records
- Communications with the Public
- Consolidated Audit Trail
- Best Execution
- Crypto Asset Developments
- Liquidity and Credit Risk Management
Regarding cybersecurity and technology management, the FINRA report notes several SEC and FINRA rules that govern how broker-dealers develop written policies and procedures and how/when broker-dealers are required to report cybersecurity incidents. FINRA lists several considerations around cybersecurity that may also be beneficial for fund directors to consider, including:
- Does your firm have supervisory controls for designing, implementing and monitoring the health and performance of technology solutions?
- What process has your firm established to assess the risks associated with third-party vendors during the initial onboarding and on a regular basis thereafter?
- In the event there is a report of a security breach at a vendor, can your firm identify all components and services third parties provide?
- What steps has your firm taken to prevent a cybersecurity intrusion, such as a ransomware attack? In the event your firm experiences an intrusion, how will it restore critical data from backups, as well as identify and recover customer information that was exfiltrated?
- What kind of security training does your firm conduct, such as email best practices and phishing? Does your firm provide training to all staff and not just to registered persons? Is the training tailored to the staff’s role and level of access to systems?
FINRA notes that it has “observed an increase in the variety, frequency and sophistication of certain cybersecurity incidents” including cybersecurity events at vendors, ransomware, and insider threats. Additionally, FINRA urges firms using AI to focus on regulatory implications, especially regarding cybersecurity, money laundering, and public communication.
Click here to read FINRA’s 2024 Annual Regulatory Oversight Report.