Finra warns brokerages to pay attention to rising cybersecurity threats

Finra warns brokerages to pay attention to rising cybersecurity threats
The broker-dealer self-regulator highlighted a recent government advisory about a ransomware attack and told member firms to brush up on Finra's guidance on the topic from last December.
JUN 20, 2023

Finra is warning brokerages to pay attention to rising cybersecurity threats, highlighting a recent advisory about a ransomware attack.

The Financial Industry Regulatory Authority Inc. sent an alert to its member firms Friday pointing to a Cybersecurity & Infrastructure Security Agency advisory from earlier this month. That alert, which was issued jointly with the Federal Bureau of Investigation, analyzed the tactics, techniques and procedures used by an outfit called the Ransomware Gang that is targeting financial services and other critical sectors.

The cyber criminals took advantage of a weakness in MOVEit, a file transfer system provided by Progress Software, to infiltrate their targets’ technology systems, according to the Finra alert.

“All Finra member firms should review Finra’s cybersecurity alert, regardless of whether [they] use MOVEit,” Amber Allen, executive vice president and general counsel at the consulting firm Fairview and president of Fairview Cyber, wrote in an email.

The alert “represents yet another move by regulators to tighten cybersecurity within the financial industry. Advisors who have not reviewed their cyber programs should do so as soon as possible,” Allen said.

Jim Scheinberg, managing partner at North Pier Search Consulting, said firms can’t afford to brush off Finra’s warning.

“They should be taking this very seriously,” Scheinberg said. “The threat of an attack is very real.”

The broker-dealer self-regulator used the latest ransomware intrusion to highlight its own regulatory notice about ransomware from last December, which provided guidance on how firms can evaluate their cybersecurity practices.

“Finra member firms should work to establish thorough risk assessment programs, tailored policies and procedures, comprehensive testing and ongoing training programs,” Allen said. “Adopting a well-documented incident response plan is critical to a firm’s success give the increase in cybersecurity threats and regulatory focus.”

Both Finra and the Securities and Exchange Commission are zeroing in on cybersecurity. The SEC released last year a cybersecurity proposal for registered investment advisors and followed up earlier this year with a proposal for broker-dealers.

Scheinberg’s firm does due diligence investigations of third-party providers for fiduciary advisory services, investment management and other functions. He said cybersecurity assessments are becoming more important in the outsourcing evaluation process.

“The time to know whether you’re ready for a fire is not when a fire is breaking out in your building,” Scheinberg said.

Cybersecurity also was highlighted as an examination priority this year by both Finra and the SEC.

Latest News

SEC moves to make electronic delivery the default for investor disclosures
SEC moves to make electronic delivery the default for investor disclosures

The proposal would end decades of paper-first delivery rules, but keeps a paper opt-out and draws early praise from fund and annuity industry groups.

Trump accounts could encompass every US family, 70 million children, says IRS chief
Trump accounts could encompass every US family, 70 million children, says IRS chief

The Trump accounts are “generationally changing” and bring financial literacy to youth, said IRS chief Frank Bisignano.

Creative Planning bolsters commercial insurance arm with Lovell deal
Creative Planning bolsters commercial insurance arm with Lovell deal

The Kansas-based RIA giant's latest purchase extends a run of specialized acquisitions that has defined its growth strategy through 2026.

Wealth Enhancement expands Houston footprint with Trippon acquisition
Wealth Enhancement expands Houston footprint with Trippon acquisition

Deal adds a $299 million tax-and-wealth practice as the RIA aggregator advances acquisition strategy around integrated financial and tax planning.

Alternatives gain traction in 401(k) plans as DOL rules open the door
Alternatives gain traction in 401(k) plans as DOL rules open the door

Large and mega plans show strongest appetite, but fee confusion persists.

SPONSORED Direct indexing webinar targets tax-loss harvesting amid market swings

Northern Trust’s Ken Lassner shows advisors how to convert volatility into after-tax portfolio gains

SPONSORED Who builds the income when the pension disappears?

Dan Biagini of American Equity says the steady decline of pensions, longer lifespans and a reset in interest rates are rewriting how advisors build retirement income