The Financial Industry Regulatory Authority (aka: FINRA) is an entity that should be familiar to anyone working in the financial services industry. It’s a not-for-profit organization that is authorized by Congress to protect investors in the U.S. by ensuring broker-dealer entities operate honestly and fairly.
FINRA compliance can cover everything from how your store client records to what you tweet out on social media, they also have the authority to shut down businesses for severe compliance violations.
Because of our work in cybersecurity with accounting and financial firms in Olympia Fields and the Chicagoland area, we’re experts at data security compliance with FINRA regulations.
Our Technical Evolutions TE Security program does the heavy lifting for you so your and your team can focus on your business without worrying about your data security and compliance.
As with any wide-arching regulations, there are a lot of areas to FINRA and what’s required of a business can sometimes be confusing for those in the financial industry. We’ve got an overview of what FINRA covers below and then we’ll zero in a bit more on their cybersecurity regulations
What Does FINRA Regulate?
FINRA is an agency dedicated to protecting investors and ensuring those working in the financial industry are adhering to good and fair business practices.
Their rules and regulations are designed to ensure:
- Investors receive basic protections
- Those selling securities are tested, qualified, and licensed
- Financial firms adhere to truthful advertising guidelines
- Investors are receiving securities that are suited to them
- Investors receive complete disclosure about financial products before making a purchase.
There are multiple areas covered by FINRA including licensing of brokers, and a financial firm’s requirement to properly train and supervise their employees dealing with financial products, just to name a couple.
Here’s a bird’s eye-view of some of the multiple areas of regulation that businesses are subject to with FINRA:
- Proper supervision of staff
- Filings of staff information
- Maintaining a business continuity plan
- Proper hiring practices
- Registration of trading personnel
- Attending annual compliance meetings
- Continuing education
- Oversite of compensation and transactions
- Proper handling of correspondence (including email and instant messages)
- Proper evaluation of customers
- Proper record keeping
- Advertising and lead generation (calls, emails)
- Firm communications
- Customer disclosures
- Fair pricing and fees
- Proper cybersecurity and data transmission protections
What FINRA Means for Your Technology and Cybersecurity
An important part of FINRA compliance has to do with cybersecurity. Financial firms handle a good deal of sensitive customer data and financial information every day and FINRA’s cybersecurity rules are designed to help keep that data safe both for their clients and for the firms’ benefit as well.
Financial services firms are 300 times more likelyto be hit by a cyber attack than other industries.
Data breaches are costly for any company, but especially so for businesses in the financial industry. The average cost for each lost or stolen record during a data breach is $225. But if you’re in the financial industry, the cost is $336 per record.
FINRA reviews the ability of financial firms to protect the confidentiality, integrity, and availability of sensitive customer data. This includes whether or not a firm is in compliance with these three SEC regulations:
- Regulation S-P (17 CFR §248.30), relating to protecting customer information against cyber-attacks and unauthorized access
- Regulation S-ID (17 CFR §248.201-202), relating to a firm’s ability to detect, prevent, and mitigate identity theft
- The Securities Exchange Act of 1934 (17 CFR §240.17a-4(f)), relating to the preservation of electronically stored records in a non-rewriteable, non-erasable format
Tips for Cybersecurity Compliance
Here are some of the key requirements from the FINRA Small Firm Cybersecurity Checklist and tips for what you can do to meet them.
Storage and Encryption of Data: Use a trusted and reliable cloud backupand storage system backed up by a local hard drive stored in a secure area.
Virus and Ransomware Protection: A layered approach is best, including a firewall, anti-malware software, anti-phishing software, and employee training.
Intrusion Detection System: Having managed IT services can ensure your network and devices are protected and monitored 24/7 for any intrusions and potential attacks.
Third-Party Data Access: Vendor management services can help you keep track of any vendors that require access to your data and their risk severity level.
Employee Access Controls: A multi-factor authentication system that integrates multiple application access in once place and a mobile device management software can help you stay on top of permissions and user access to your data.
Cybersecurity Training: You can save time and money and stay in compliance by having an IT pro, like Technical Evolutions, perform regular employee training on data security.
Get Help with Cybersecurity Compliance for FINRA
Trying to get through tons of regulations and checklists for FINRA compliance can be time consuming and confusing. Technical Evolutions takes the hassle out of cybersecurity compliance by doing the heavy lifting for you!
Schedule a free cybersecurity evaluation today by calling 708-540-6201 or reaching out online.