Insider Threats – Effective Controls and Practices
This publication outlines emerging insider threat risks and helps member firms identify, prevent, detect, and respond to these threats, including:
- identifying how insider threats can occur at firms, and what factors may indicate that these attacks are on the rise;
- providing a summary of core controls and effective practices firms may consider when evaluating their insider threat programs, including questions to assist firms with addressing such threats; and
- providing appendices with a glossary of relevant terms and FINRA publications that provide additional information on effective cybersecurity practices.
This publication does not create new legal or regulatory requirements or new interpretations of existing requirements, nor does it relieve firms of any existing obligations under federal securities laws and regulations. Member firms may consider this information in developing new, or modifying existing, practices that are reasonably designed to achieve compliance with relevant regulatory obligations based on the member firm’s size and business model.
FINRA Compliance Resources Disclaimer
This optional resource is provided to assist member firms in fulfilling their regulatory obligations. This resource is provided as a starting point, and you must tailor this resource to reflect the size and needs of your firm. Using this resource does not guarantee compliance with or create any safe harbor with respect to FINRA rules, the federal securities laws or state laws, or other applicable federal or state regulatory requirements. This resource does not create any new legal or regulatory obligations for firms or other entities.
This resource was last updated on April 18, 2023. This resource does not reflect any regulatory changes since that date. FINRA periodically reviews and updates these resources. FINRA reminds member firms to stay apprised of new or amended laws, rules and regulations, and update their WSPs and compliance programs on an ongoing basis. Member firms seeking additional guidance on certain regulatory obligations should review the Cybersecurity Topic Page and other relevant FINRA Topic Pages.
FINRA’s Office of General Counsel (OGC) staff provides broker-dealers, attorneys, registered representatives, investors and other interested parties with interpretative guidance relating to FINRA’s rules. Please see Interpreting the Rules for more information.
OGC staff contacts: