PODCAST
Building Cybersecurity Resilience Through FINRA Forward
Today's cybersecurity threats aren't isolated incidents—they are sophisticated operations orchestrated by organized criminals and even nation states. This new reality demands we respond not as individual organizations, but as a unified industry with shared intelligence and coordinated defenses. Through FINRA Forward, we are applying this perspective to create practical tools that firms can use to protect themselves and their clients from emerging threats.
On this episode, we explore the topic with Bryan Smith, FINRA’s Senior Vice President of Complex Investigations and Intelligence; Brita Bayatmakou, Vice President of Strategic and Threat Intelligence; and Jason Beachy, Vice President of the Cyber and Analytics Unit. Our guests discuss how FINRA is working to provide firms with the intelligence, preparation, and collaborative tools they need to better protect themselves and their customers in an increasingly complex threat landscape. These efforts include workshops and tabletop exercises, the Cyber and Operational Resilience program, and our forthcoming Financial Intelligence Fusion Center.
Resources mentioned in this episode:
FINRA Crypto and Blockchain Education Program
Blog Post: FINRA Forward’s Rule Modernization—An Update
Blog Post: Vendors, Intelligence Sharing and FINRA’s Mission
Blog Post: FINRA Forward Initiatives to Support Members, Markets and the Investors They Serve
Ep. 177: Previewing FINRA’s Crypto and Blockchain Education Program
FIFC Email: [email protected]
Listen and subscribe to our podcast on Apple Podcasts, Google Podcasts, Spotify, YouTube or wherever you listen to your podcasts. Below is a transcript of the episode. Transcripts are generated using a combination of speech recognition software and human editors and may contain errors. Please check the corresponding audio before quoting in print.
FULL TRANSCRIPT
00:00 – 01:15
Margherita Beale: Today's cybersecurity threats aren't isolated incidents. They're sophisticated operations orchestrated by organized criminals and even nation states. This new reality demands we respond not as individual organizations, but as a unified industry with shared intelligence and coordinated defenses. Through FINRA Forward, we are applying this perspective to create practical tools that firms can use to protect themselves and their clients from emerging threats. You can hear all about it on this episode of FINRA Unscripted.
Welcome to FINRA Unscripted. I'm your host, Margherita Beale. In this episode, we'll explore how FINRA is working to provide firms with the intelligence, preparation, and collaborative tools they need to protect themselves and their customers in an increasingly complex threat landscape. Here to talk about the ways in which we are doing exactly that are FINRA Senior Vice President of Complex Investigations and Intelligence, Bryan Smith, Vice President of Strategic and Threat Intelligence, Brita Bayatmakou, and Vice President of the Cyber and Analytics Unit, Jason Beachy. Bryan, Brita and Jason, welcome to the podcast.
01:15 – 01:16
Brita Bayatmakou: Thank you.
01:15 – 01:16
Bryan Smith: Great to be here.
01:16 – 01:17
Jason Beachy: Thank you.
01:17 – 01:24
Margherita Beale: So, to start, can you please introduce yourselves and tell us a bit about what you do at FINRA? Bryan, maybe we can start with you.
01:25 – 01:59
Bryan Smith: Thanks for having me, Margherita. My name is Bryan Smith and I'm a Senior Vice President over the Complex Investigations and Intelligence Group, which really is FINRA’s specialty investigative team focused on cyber, crypto, financial crimes, money laundering.
Prior to being here, I was at the FBI for 21 years, mainly working white collar securities fraud, spent some time at the SEC and ran the anti-money laundering for the Bureau. And then my last job I spent the last two and a half years overseeing the FBI cybercriminal operations. So, any investigation the FBI had that was non-nation state.
02:00 – 02:02
Margherita Beale: Great, thanks Bryan. What about you, Brita?
02:03 – 03:53
Brita Bayatmakou: Thank you. Yeah, it's great to be back on the show. As you mentioned, I'm the vice president of strategic and threat intelligence here at FINRA. Our mission is to proactively leverage regulatory and human intelligence to provide actionable insights that inform enterprise-wide decision making. So, my team is composed of human intel analysts, subject matter experts, and long tenured FINRA staff. And this group generates strategic intelligence and insights by collecting, analyzing, contextualizing information and then pushing out intelligence to our stakeholders often in collaboration with other teams. So, we are really in the business of scanning the horizon, listening for threat signals so that we can make informed decisions, get ahead of any risks and provide that value to our internal and external stakeholders, whether it's member firms, law enforcement or regulatory partners.
Prior to joining FINRA just over four years ago, 2021, I worked on the industry side at a member firm where I built and led intelligence functions there, focusing more in the financial crime space. And then before stepping into my current role, I built up and oversaw the Cyber and Analytics Unit, which is a team that conducts complex investigations in the cybersecurity, cyber-enabled fraud, and crypto asset discipline. So, I think it was really this role when I realized that the need for strategic foresight has never been greater. And formalizing, establishing, broadening the scope of our intelligence program at FINRA has really brought the structure that enables and empowers our partners across the enterprise to really focus on the right priorities. And as we're going to discuss more in this conversation, really accelerates the disruption of fraud and cyber related crimes, which is one of our key FINRA Forward initiatives.
03:54 – 03:57
Margherita Beale: Perfect, thank you, Brita. Last but not least, Jason.
03:58 – 05:17
Jason Beachy: Thank you, Margherita. Jason Beachy. I joined FINRA about a year and a half ago, starting out as the senior director of cyber enabled fraud after a 22-year career, also with the FBI, where I did predominantly work cyber investigations, both national security and criminal. And coming out of the FBI, I was coming from an international collaboration background, so understanding how to work with individual partners and for group goals.
So now I am the VP of Cyber Analytics taking over for Brita who did a great job of introducing my team as well. It sits within our National Cause and Financial Crimes Detection Program under Complex Investigations and Intelligence. I oversee those teams that Brita mentioned, Cybersecurity, Cyber-Enabled Fraud and Crypto Asset Investigations team. This is a talented group from across the landscape including people with backgrounds in the tech industry, law enforcement, other regulators, member firms. And our goal is to identify and mitigate new and existing cyber threats and crypto threats. And what we want to do is understand the threats that our member firms face, help them protect themselves and their investors, prepare for and respond to events should and when they do happen. And then do that in part through the programs that we're going to discuss here today. So, thank you for the opportunity. I appreciate this is my first one, so I look forward to it.
05:18 – 05:37
Margherita Beale: Great. Thank you, Jason. Lots of FBI alums on this call. So, Bryan, let's start with the big picture. Can you help our listeners understand how the cybersecurity and fraud prevention efforts fit into the broader FINRA Forward initiative and why this has become such a priority for the organization?
05:38 – 08:18
Bryan Smith: It's very simple to explain it in some respects in that it's a priority for FINRA because it's a priority for the firms. We are a membership organization and so we need to be able to deliver the services and the insight that are going to enable firms to engage in business and for us to fulfill our mission of investor protection and market integrity. And with my background and Jason's background and then Brita's background at a member firm, you really can kind of see from the threat perspective of what is facing firms on a day-to-day basis in the financial crimes arena as well in the cyber arena. And we talk about them separately, but the way we think about it here at FINRA and the way that we thought about it at the FBI and the way that we encourage firms to be thinking about it is that those are two interrelated but separate threats.
And so, you need to have expertise in both of them, but you also need to be working on blending your experience and the knowledge across your teams. And so, if you're going to have any ability to address either of those, you need to have work being done in both. And to that end, what we've done at FINRA is, last couple of years even before I got here, was an effort to try and be more proactive and to get in front of the threats as a resource and to be able to provide guidance to firms, particularly in those two areas. And so, we've done a couple things in that space.
One, we already had talent here at FINRA in those spaces, but we've also actively recruited individuals from industry to supplement and complement the resources and expertise that we already had. But that's not enough. We also need to be engaging more with firms because they're on the front line. And you'll hear a lot about that today, about what they see on a day-to-day basis. And then we've also listened to membership about what their needs are and what they would like for help in this space.
And so, I think the other theme you'll hear throughout today's conversation is the importance of that feedback that goes back and forth between us and member firms. And with that, we then kind of developed a couple of programs that we wanted to highlight today, our workshops and tabletop exercises that we do in the cyber arena to prepare for an event that might happen or likely will happen. Some proactive work that we're doing in one of the particular highest risk areas, third-party risk, and then also then how do we engage on an ongoing basis in a more structured way is through the financial intelligence fusion cell. So those are kind of the three big things that we want to kind of talk through today and make sure people understand what we're doing, why we're doing, and how they might engage with us.
08:19 – 08:31
Margherita Beale: Great. That's a fantastic overview. Thank you. So, let's start with the tabletop exercises and workshops. Jason, can you tell us what these are, how they work, and how they differ from other FINRA education?
08:32 – 13:02
Jason Beachy: Absolutely. I think the best place to start with this is what are we doing here? What's the goal? And I think as we talk about it, it's the idea of helping elevate cybersecurity competency of individual firms as well as the membership collectively. So, it's a dual-purpose kind of goal. The tabletop exercises and workshops are hands-on, real-world interactive scenarios designed to help firms prepare for cyber incidents through structured exercises, injects that people have had come up in actual events and scenarios. They strengthen coordination and clarify roles. And the idea of doing this is before the event hits. Again, you don't want to be doing these types of things on the spot without having practice. And then there's the practicality of it. Implementation guidance. have experts ourselves that are there to help build on the scenarios and really interact with the folks who are in the audience.
That target audience is going to be chief compliance officers, obviously cyber and IT personnel, business line leadership, legal, HR, communication staff, and risk and audit professionals. So, what is that? That's literally everybody. This is a whole of entity engagement because when the time comes for a cyber event response, it's going to be a whole of enterprise reaction to what those look like and everybody needs to know their role.
We offer a couple of types of workshops. The first is threat focused. So that's held quarterly, exploring high impact threats facing the broader broker dealer space. Things like ransomware, third party, compromise, insider risk, credential theft. Think of those as the generalized threats. And then there's the tailored exercises. Those are also quarterly customized based on firm specific attributes like business model, size, operational complexity, firm groupings, depending on what it is that we're sort of catering those exercises to. Each one has a, as I mentioned, a real-world scenario informed by collected current intelligence. And then they're facilitated step by step through discussions of cross-functional engagement. So, all of those audience members in their roles describing what they would do in each event, getting post-session feedback to help firms then strengthen their governance and then understand and refine their risk controls.
The uniqueness of this is that practicality, getting folks in a room and really discussing what's happening in each event. The real-world scenarios where you get to test your own and understand what your incident response programs look like, and then provide targeted intelligence. And then the networking opportunities where we get folks from different firms, different backgrounds to be able to discuss scenarios, how they might interact with it. Because in the end, we're all on the same team when it comes to cybersecurity. So far this year we've done about eight tabletops, had hundreds of attendees. The topics so far have included supply chain problems, AI powered social engineering issues, and generalized incident response. Feedback wise has been really, really positive. And even the most recent one we did out in Chicago, the audience was really engaged. They said the escalation of complexity. And so, we've tried to inject that in the cascading failure. These things don't happen with one simple issue. There are going to be issues that kind of fall on top of each other and how an organization reacts to that is critical. And again, that's that practice.
The technical depth and approach that we apply to these tabletops really give insight into what is your cybersecurity posture? What are your incident response capabilities and what's your business continuity plan? Are they realistic? Are they valuable? Do they need to be amended in some way? And we know that many of the firms out there don't have the time or resources to develop this type of training. So, we're trying to provide that value. That's how we're leaning into the FINRA forward model of aiding firms in their risk management capabilities against cybersecurity risks and threats. That's where this is coming into play. And hopefully the folks and what we've seen is that they see value in that.
And my ask of the listeners here is that if you have thoughts or ideas on how to prove that based on like what Bryan was saying about that feedback loop, it's really critical. If there are things that you're experiencing or ideas that you think are relevant, bring that back into the group. This is a iterative cycle. It's not one and done. So that's a bit about what we've seen and how we've done it so far. It's nascent, but we're still growing.
13:03 – 13:54
Bryan Smith: I was just at an event last week with member firms and we were talking about the tabletop exercises. The benefit that I heard in that feedback that I hadn't really thought of was the benefit of doing this with your peers, of learning from the other 40, 50 individuals who are in the room and have gone through this. We try to do a really good job of aggregating the lessons learned from different places and get that out to people. But sitting side by side with that person who just lived it maybe a couple months ago and what they thought they did well and what they would have done differently, there's extreme value to that. And so even the firms that are doing workshops and tabletops on their own, I think there's still a benefit to them because you're getting a different perspective from someone else who's been through a different scenario than you have. And I think that's really important.
13:55 – 14:04
Margherita Beale: And Bryan, to continue with you, know you have an outside perspective on these as well. Can you talk about that and why these exercises are so important?
14:05 – 16:03
Bryan Smith: Yeah, so in my previous role at the FBI, I had every single cybercriminal case that happened. So, this was every major cyber breach or ransomware attack came across my desk. And so often I would be on calls with the victim company, their general counsel, outside counsel, and we were walking them through what happened, what can they expect from the adversary, what they can expect in the process, what information we might be able to provide when I was at the FBI, and then what are the decision points that they're near. All things that you would get in one of these workshops. I can't tell you how many times that was. It was dozens upon dozens of instances. And these are high pressure situations for those firms. I could often tell whether a firm had gone through this before, whether they had practiced, whether they had a plan in place. Those that had, they knew the questions to ask of the FBI. They knew the game plan and the response that they would get. They had an orderly progression of, here's our decision points that we're going to make on this. We have a media and comms plan that we've set aside and we've got people who've engaged on that.
For chaotic, it was orderly. And I liken it to, if you think about professional athletes, they always talk about, at some point the game slows down for them and they can start to read things before it happens. And that's what was going on with these firms is that the game had slowed down. And so, these companies could then deal with the situation certainly as high pressure, but they did it in a way that was thoughtful and planned out. And the results ended up turning out much better for those companies than it did for the ones who hadn't planned for it and were making decisions in the moment. And that's never what you want to do.
So, Jason talked about how they're doing 10 to 12 of these a year, but, Brita, that's not where we started from. We started from a different place, right?
16:04 – 17:52
Brita Bayatmakou: That's right. Backing up a little bit, Bryan, since the inception of FINRA's dedicated cyber team and capability, training and education always was central to the team's mission with different bootcamp style sessions and other offerings. We often emphasized for firms the importance of incident response plans and performing that tabletop exercise. And as we grew, we really needed to start practicing what we preached. So, with CISA, the Cybersecurity Infrastructure Security Agency, who facilitated our own tabletop that we hosted in 2023. The goal being really to evaluate FINRA's plans and processes and look at the U.S. government framework for responding to cyber incidents impacting the financial services and broader markets.
So that was a launch pad to what Jason was talking about, our really enhanced suite of educational resources that we provide today. He talked through the different scenarios that we now provide. And as I think about my time back on the membership side of things when I was in the industry, that resonates with what Jason was saying that tabletops really are about everybody. And we've seen that, it is truly a business problem and some of the outcomes of our own exercise, as well as what we've observed is that there's just a whole range of stakeholders that need to be involved. And we saw that in our own actions and really helped us to move from this reactive compliance mindset to being proactive in our management of risk.
17:53 – 20:33
Bryan Smith: So, we've talked about the workshops and the tabletops, and we really think that those are great opportunities for engagement with FINRA and experts as your peers that we've talked about before. But we've also talked about being proactive. And how can we move further up on the lifecycle of a cyber event? How can we get to the point where maybe we can anticipate and or prevent an attack, which is more ideal than having to deal with it after the fact, which is what you're going to have in one of these cyber workshops or in tabletop exercises. And that's a difficult proposition. And we're not going be able to do that every time, but Brita and her team and now Jason and his team have contributed to putting out threat intelligence and products on cyber and financial crime to get us to the point where maybe we won't need those tabletops because we've provided information where a firm can identify the activity early on and they can mitigate it for themselves or the investor.
And we've also done that through our regulatory report. So, we push out on a yearly basis, the trends that we're seeing both in financial crimes, in cyber, we'll be having another one coming out here shortly, and the effective practices that we recommend that firms put in place to help mitigate these, again, to be more on the proactive side of that. We also looked at this in another way of how can we enable firms, not just in a report, but in additional information and leverage some of the expertise that we have.
And so, a couple of years ago, Risk Monitoring put out a vendor survey to all of the firms to get a list of all the vendors that they're using. In my experience at the FBI, what we saw starting in 2023 was a trend towards targeting of third-party entities, which is why there's been another FINRA Unscripted podcast that Greg Ruppert has done because it's such an important industry and it's such a risk to the broker-dealers’ writ large. So that survey went out and I'll say there was some pushback as to you're asking for all this information, what are you going to do with it? And Jason is going to talk a little bit about details of this, but what we did was we used that information to figure out how can we better protect member firms.
And this is where we talk about this one FINRA approach where we use expertise and capabilities of different teams at different times. And so here we leverage risk monitoring and their ability to get that information. And then we get the information to our cyber experts who then can action it and action in a way that provides benefit and value and protection to member firms.
20:34 – 20:43
Margherita Beale: So, on the subject of the Cyber and Operational Resilience Program, or CORE, Jason, can you walk us through what that is and how it works?
20:44 – 24:21
Jason Beachy: So, this program was designed to provide that actionable intelligence that Bryan talked about to help protect markets, firms and investors launched this year so it's very new again, another brand new program. This has enhanced third-party risk intelligence capability for our firms. It monitors and assesses technology cybersecurity risks across the entire broker dealer ecosystem. And it derives its value through a bunch of key intelligence sources.
First, as Bryan mentioned, the vendor responses, that's the cornerstone of this. We wouldn't be able to do much along these lines without that information provided back by the firms themselves on which vendors they're using. We use open-source intelligence, dark web monitoring, and then all of that through commercial threat intelligence platforms that are trusted in the industry. And then we align that with our FINRA internal cyber risk policies as well. So, fusing all of that intelligence together, we identify various threats, looking for breaches, exploits, vulnerabilities at the vendors, and thereby those things are exposing our firms to those breaches, exploits, and vulnerabilities. We take that information about a breach, and then we go through the vendor surveys and look for those firms that might be impacted by any of those vulnerabilities. And then we contact them directly through the cyber event impact assessment. So direct contact with member firms who have said that they use a particular vendor. These are targeted event notifications as opposed to things that we've done in the past as broad scale alerts and tips and things like that. They're meant to go entire member firm wide.
And the other part that's unique about this is we asked for information back. So, were you impacted? Were the firms impacted by this event? And if so, can you share with us any details that might help broaden the cybersecurity resiliency of all member firms? It enables earlier detection of cybersecurity risks. It gives focus to shared vulnerabilities, whether that's cloud services or authentication platforms and things like that. And then it helps build that bespoke threat picture for FINRA member firms.
We talk about identifying that threat picture. Right now, it's for our member firms, it's either very unique tied to the individual firms or extremely broad where you're seeing the entire financial services sector being hit. And really, we want to understand what is the threat picture for our member firms. Obviously, it will mirror those things in many ways, but there's some unique aspects to that too that we think we can learn from these types of engagements. The benefits are deeper visibility into the vendor and technology risks, timely targeted intelligence, insight into cross-firm dependencies and vulnerabilities, maybe places where you didn't know that you shared that vulnerability with other firms or inside your organization that you have multiple systems reliant on a particular vendor that could represent a vulnerability. And then stronger coordination, building that muscle memory of understanding what the threat picture is and how you're going to respond to it. So dovetails into the tabletop exercises and workshops that we talked about earlier.
The focus here is with all things cyber, it's got to be accurate. So technical accuracy and speed. If you have really good technical accuracy and you're slow to getting that information to the right people, it's not going to be very valuable. Likewise, if you don't have that technical detail, it's not going to be very valuable either. So, we're really trying to fuse those things together in a program that helps build the resiliency of our member firms.
24:22 – 24:29
Margherita Beale: Great. So, on the subject of getting information back, what is the feedback that we're getting from firms about CORE?
24:30 – 27:23
Jason Beachy: So, I'll start with a perspective on what we've done in this space right now, because I didn't do that initially. We have 33 different events that we've sent out targeted notifications. Those have been about 7,000 targeted notifications since the beginning of the year. So quite a bit. What's that perspective? We're looking at 60% or so of member firms have received at least one targeted notification, and over 40% have received two or more. So really a large-scale engagement across the membership to show the value of their member surveys and what the program itself does to highlight the risks that are inherent to those.
For one example, there was a Cisco vulnerability back in August of this year that would have allowed remote attackers to run malicious code on firm systems and basically take over their systems. We learned about it, put together the CEIA and send it out to those firms that indicated that they use Cisco systems in order for them to take the actions that Cisco said that they should take in an effort to mitigate that vulnerability. We're hearing that this is unique because we're FINRA and we're a self-regulatory organization. We're in a space that we can bring together other tech industry folks, law enforcement, other regulators, and we can operationalize, as Bryan mentioned, the information to help lift those firms up and the collective group cybersecurity. We know that it's a complex and difficult problem.
Good cybersecurity is a challenge and there's no guarantees no matter how much effort and resources you put into it. But we're trying to share best practices and get those in front of folks, whether they come from us seeing them being done at the different firms or what the vendors themselves are telling us are the best ways to move forward and sort of engaging along all of those lines. Things like monitoring for account intrusion, reviewing logs and technical data for potentially nefarious activity like odd trading or liquidation of assets into crypto where that wouldn't normally be relevant for those accounts. Outbound email monitoring, making sure that you're knowledgeable of when information maybe via a breach is leaving your control or your firm's control. And then doing training and security awareness is super critical. And that's part of that TTX program. Again, that life cycle of cybersecurity.
With all of that in mind, I think it's really important for that feedback loop. That's why we did the CEIAs the way we did. That's why Bryan's talked about it as well. Is this information helpful? Is it useful? And if not, where would it be more helpful? And then how do we provide additional value in this space? And I'll make the plug for everyone to keep updating your vendor surveys. It's really, really critical because we can only do as much through this program as your vendor survey accuracy allows. And it's really critical. And that's where we can talk about what's important and where we want to go and drive this program in the future.
27:24 – 27:45
Bryan Smith: So, Jason, I know you talk about the CORE program, but that's not a separate thing related to the workshops and the tabletops. Your team has put these together, as well as then even the work that the Examinations, that the team is doing and the advice and guidance that they're giving back to firms of things that they're seeing when then there's those examinations. What sort of feedback are you getting on this?
27:46 – 28:51
Jason Beachy: That's a great point, Bryan. This is a holistic effort of all of these things working together as interoperable pieces to help build that cybersecurity profile. Just to give an example of something that I think will resonate with folks listening out there is we had a firm that came back after having gone through several examinations and being a part of this FINRA Forward cyberthreat mitigation model telling us that they were able to go back to their insurance carrier and reduce their premium by 70% as a direct result of the enhancements they made to their cybersecurity controls. So basically, they took everything they learned, they had things through examinations, through other programs like CORE and the tabletop exercises and be able to update their risk management portfolio through penetration testing and access controls and data protection and really upgrade their cybersecurity profile. And that saved them money. That's a tangible result to applying resources in a reasonable and effective way to help build that cybersecurity profile. And the result is fiscal savings. Everybody wants that. So, it's a good thing.
28:52 – 29:55
Bryan Smith: So, cybersecurity does pay. So, we've talked a lot about the workshops in case there's an event that happens. We've talked about recommendations to try and prevent. We've talked about the CORE program and the risk with third parties and things that we can do when we identify that there's a risk or vulnerability in there. And those are really good programs that the team has put together. But we've also kind of tried to think about if you go back to the initial conversation about the threat spectrum and where you sit on it, we want to get closer to the left way before an event happens. So, the question is, how do you do that? And I think the answer is you do it by sharing information, by engaging with each other.
In my past, I had done a lot of work in public-private partnerships when I was at the FBI, particularly related to cyber and money laundering and Brita, actually, you and I worked on one related to money monitoring. What were kind of the benefits that you saw there?
29:56 – 30:56
Brita Bayatmakou: When I think about wearing my industry hat and knowing that many firms have strong investigative, maybe intel functions, data functions, but there are limitations in terms of not having that holistic view into the vast amount of market data or case data that law enforcement or regulatory bodies might bring or peer firms for that matter. So having that collaborative engagement often kind of in a cross-border setting as well really is a force multiplier, particularly if you think about the trust that can be built up in those kinds of settings. So, criminals are going to exploit the silos and the disconnected nature of our systems. And so, I think that what you're describing, Bryan, is really about setting up the conditions, the framework, the technology that can unlock what I see as a game changer for the industry, which is information sharing. And that's what I'm going to talk a little bit more about in terms of
coming at the cyber and fraud threats as a collective versus trying to tackle it alone because that is certainly not going to work.
30:57 – 31:56
Bryan Smith: I think the lesson that I learned when we went through all of those was that government certainly had a lot of really good information, but then so did the private sector. And if you look at it from a threat actor perspective, they have banded together to attack us. And so we need to do the same and respond a little bit in kind. And by putting these groups together, it enabled us to take advantage of some of the benefits that each of them had. So you saw things at a member firm on a daily basis and you saw threat activity that no one in the government when I was at the FBI would see. So how do you then leverage the capabilities of both? And that here at FINRA, we're really good at aggregating information. We're really good at pulling it together, but we don't see that day-to-day activity. And I think that's kind of the story of why there's the value in the Financial Intelligence Fusion Center that you've put together.
31:57 – 32:04
Margherita Beale: That's a great segue. So, Brita, can you tell us what the Financial Intelligence Fusion Center is and how it works?
32:05 – 34:57
Brita Bayatmakou: Sure. The launch of the Financial Intelligence Fusion Center, or FIFC as you'll hear us refer to, is a very exciting development because, as Bryan pointed out, it really represents a tangible response to feedback we've gotten from members and leverages our unique position as a self-regulatory organization to match that increasingly sophisticated threat. I think we've talked about the rapidly evolving cyber risk and financial crime threat landscape. And we're up against a very difficult set of adversaries and significant potential losses to firms and to the investing public.
So, our vision with the FIFC is to meet these emerging challenges, whether it's AI-enabled fraud, the pervasive social engineering scams, cross-border financial crime in the digital domain that don't respect our traditional organizational silos. It directly supports FINRA Forward's commitment to expanding that cybersecurity and fraud prevention activity to help firms directly in protecting themselves.
So, you're asking, so what is it, Brita? Simply said, it's a modernized and dedicated bi-directional platform. So, meaning a two-way platform that collects, aggregates, analyzes, and then pushes out real-time cybersecurity and fraud threat intelligence, namely to member firms through a secure portal that we are developing. So, this is really going to allow us to provide a comprehensive risk and threat intelligence picture through this mechanism that is easy to access by the member firms that sign on because it is voluntary. So, it'll leverage our internal, our external intelligence sources really to connect the dots between different threat indicators, whether it's real-time cyber threats or fraud trends or manipulative trading schemes that firms are seeing and then turn that into actionable intelligence people can take away and then improve their programs upon.
So, what makes it a Fusion Center is really our ability and the ability we're building at FINRA to synthesize that intelligence from those multiple sources, including and very critically information from member firms, from law enforcement and other regulatory partners to create that unified threat picture. The real-time information will ultimately either inform action, it'll help strengthen firm controls to help protect their customers, protect their assets and investors as a whole.
I mentioned participating in the FIFC is voluntary. It doesn't create any new kind of regulatory obligation. It is solely intended for intelligence sharing. And I do want to note what it is not, it is not a trigger or a way to launch an investigation or an exam at FINRA. So, we are distinct and separate from other regulatory programs at the organization.
34:58 – 35:05
Margherita Beale: You touched on this a bit, Brita, but firms may want to know how is this different from other offerings that may be out there.
35:06 – 36:24
Brita Bayatmakou: There are other information sharing platforms in existence and there are a couple factors that make FINRA's FIFC unique. One being that two-way intelligence sharing mechanism. So it's interactive. It's designed to have a dialogue, to have the trust, to have the partnership to problem solve.
Secondly, a key distinguisher is that the information really is curated for member firms and for the broker-dealer industry specifically. So, while other mechanisms that exist might require sorting through intelligence and might not be relevant to the securities industry and broader markets, this is really gathered and specifically designed for our members as a focus and helps in terms of seeing the entire ecosystem and servicing those specific threats.
And then lastly and importantly, we're building this with and alongside member firms to actively shape the development through hands-on testing and feedback. And so, we've got cross-section of firms from small to large and various business models giving us real-time feedback, which has been very integral in informing how we're building it, how we're removing friction points, and really how we're responding to questions that the firms are thinking of that we hadn't thought of before. So, I think that really shows our ability to customize and create that collaborative trust that we're shooting for.
36:25 – 36:30
Margherita Beale: Great. So, can you tell me a bit about the timing for implementation and how firms can get involved?
36:31 – 37:32
Brita Bayatmakou: Yes, so currently we are in the pilot phase with our firms and have several versions of the platform being released and we expect it to be fully operational in early 2026. So, beyond operationalization, we plan to continue to expand those product offerings into the future and continue to deepen the partnerships.
I just want to emphasize the importance of participation by our member firms. If you're out there listening, you all are the eyes and ears, and your perhaps seemingly insignificant tiny piece of information or intel really is not too small. It might be a piece that helps us to bring more information and contextualize a broader puzzle that we can piece together. So, if you're interested, one, you can reach out to your Risk Monitoring Analyst and indicate your interest. You can reach out directly. We've got an email inbox, [email protected]. And yeah, if you've got other contacts at FINRA, everybody is informed and we're happy to hear from you directly.
37:32 – 37:56
Margherita Beale: Thanks, Brita. And we'll include that email and other resources in the notes for this podcast. Before we wrap up, I did want to circle back to where we started, which is FINRA Forward and this commitment to listening to member firm needs. Bryan, you mentioned at the beginning that these three efforts came directly from what we were hearing from firms. What would you like to add as we look ahead?
37:57 – 40:04
Bryan Smith: These efforts are based off the needs that firms have told us that they have, as well as then how do we execute on it? And so the topics that we're putting that Jason talked about in the workshops are based off what firms are asking for. And we're going to continue to listen to that. And so our ask from firms, and I guess a little bit of our call to action, is that each of these efforts relies on engagement from all of you, both as a participator in them, but then also as a contributor.
And if you look at it from the participation side, that can be signing up for the workshops and the tabletops, participating in the conversations with your peers so that they can learn from your experiences and vice versa. Participation by reading through the intelligence products and the CEIAs that Jason talked about. But then the second part is the contribution. And that's where we really get the value of us as an industry working together. And that comes through a lot of it through the FIFC, but also within those individual programs.
You share what you're seeing and doing in these workshops. Let our intelligence folks know what threats you're seeing, what tactics have changed so that we can do a better job of getting that out quickly to the industry. And then give us feedback on those products so we can make sure that what we're writing is meeting the demand and needs for your firms. We don't want to work on something that you don't find value in. And then participate in the FIFC. The more firms that we have that are using the information that we're pushing out and the more firms that are sharing information enables us all to better protect firms and the customers. And that gives us the ability to actually fight back against the bad actors on a real time basis. And when that threat information comes in, we can disseminate others so that they can stop those attacks that are coming to their door at the same time they're coming to yours.
And so, I'll close with just saying we're in this together. And I think it's important for you know that you have a willing partner here at FINRA to help you combat the threats that we're all facing.
40:05 – 40:23
Margherita Beale: And that's it for today's episode of FINRA Unscripted. Bryan, Brita and Jason, thank you for joining us today. Listeners, if you don't already, please be sure to subscribe to FINRA Unscripted wherever you listen to podcasts. Today's episode was produced by me, Margherita Beale, and engineered by John Williams. Until next time.
40:18 – 40:42
Outro Music
40:28 – 40:42
Disclosure: Please note FINRA podcasts are the sole property of FINRA, and the information provided is for informational and educational purposes only. The content of the podcast does not constitute any FINRA Rule or amendment or interpretation to such rules. Compliance with any recommended conduct presented does not mean that a firm or person has complied with the full extent of their obligations under FINRA Rules, the rules of any other SRO or securities laws. This podcast is provided as is. FINRA and its affiliates are not responsible for any human or mechanical errors or omissions. Parties may not reproduce these podcasts in any form without the express written consent of FINRA.