By Kara Williams and Gargi Sharma
FINRA’s Special Investigations Unit (SIU) anticipates continuing our focus on Russia-related sanctions and evasion tactics, as well as other priority threats such as new account fraud, reporting of cyber-events and cyber-enabled fraud, market manipulation and trading-related frauds and Ponzi schemes. While SIU will focus our investigative resources on these threats, we also seek to proactively work with other units across FINRA’s regulatory operations and member firms to mitigate the threats by sharing intelligence as early as possible.
For example, we provided early notification of an emerging threat related to fraudulent account transfer requests submitted to the Automated Customer Account Transfer System through Regulatory Notice 22-21. After publication of this Notice, FINRA’s Financial Intelligence Unit then engaged with member firms to better understand the threat and steps being taken across the industry to detect, mitigate and otherwise combat this threat. Another example centered around “imposter websites,” where malicious actors were using registered representatives’ names and other information to establish websites that appeared to be the representatives’ personal sites and were also calling and directing potential customers to use these imposter websites. The malicious actors may have been using these sites to collect personal information from potential customers with the likely end goal of committing financial fraud. FINRA issued Information Notice 4/29/19 and Regulatory Notice 20-30 to raise awareness of the imposter website threat among member firms and investors. FINRA’s Financial Intelligence Unit also identified ways to detect these imposter websites, which allowed FINRA to proactively contact the relevant financial institutions or registered representatives who could then work to remove the sites.
The evolution, increasing frequency, and mounting sophistication of cybersecurity attacks and cyber-enabled financial crimes continues to present challenges to member firms, investors and the securities markets. FINRA’s Cyber and Analytics Unit leads FINRA’s efforts to evaluate member firms’ approaches to cybersecurity risk management through reviews of controls related to technology governance, risk assessment, technical controls, access management, incident response, vendor management, data loss prevention, system change management, branch controls and staff training. Through these reviews, FINRA also assesses a firm’s ability to protect the confidentiality, integrity, and availability of sensitive customer information.
To help member firms in their efforts to establish and implement sound cyber-security governance practices, FINRA maintains a dedicated Cybersecurity webpage containing information on common cybersecurity threats, upcoming FINRA events, compliance tools such as the Small Firm Cybersecurity Checklist, and information on what to do in case of a disruptive attack or breach. In 2022, FINRA started hosting the FINRA/FBI Cyber Threat Briefing Series that focuses on cybersecurity and cyber-enabled fraud threat intelligence relevant to member firms. At these events, member firms can hear about real-time cyber threat intelligence, practical guidance on responding to cybersecurity incidents, and how to obtain assistance from local and regional FBI resources. Member firms interested in participating should be on the lookout for 2023 events.
It is important to note that financial institutions, including member firms, are required to file Suspicious Activity Reports (SARs) on cyber-events and cyber-enabled financial crime that meet the standards for reporting. These SARs provide law enforcement, national security agencies and regulators with critical intelligence and FINRA is focused on ensuring its member firms are reasonably detecting and reporting these events.