Guidance

On May 28th, U.S. markets are moving to a one-day settlement cycle, familiarly known as T+1. On this episode, we hear from four individuals across FINRA about what all market participants need to be thinking about and testing ahead of the transition.

This notification is to warn member firms of an ongoing phishing campaign that involves fraudulent emails purporting to be from FINRA and using the e-mail addresses “[email protected]” and “[email protected]”. The e-mail addresses and domain “data-finra.org” are not connected to FINRA, and firms should delete all emails originating from these domains. Member firms should be aware that they may receive similar phishing emails from other domain names in addition to those identified in this Alert.

These days, it's not a matter of if, but when, when it comes to cybersecurity incidents, which is why it's essential for all firms to ensure they're prepared for the inevitable. On this episode, we're catching up with two members of FINRA's Complex Investigations and Intelligence Team for an update on the cyber threat landscape and what firms should be thinking about and doing in response to the latest trends.

The Neutral Corner – Volume 1—2024

Recently, FINRA's Market Regulation and Transparency Services (MRTS) team realigned its structure around specific functions, rather than around specific rules or products. On this episode, we hear from three of the group's senior leaders to learn how the change allows MRTS to be more nimble in addressing and anticipating risks, to better leverage its data and more.

While Generative AI and large language models present numerous opportunities to create business efficiencies and offer many potential benefits to firms, regulators and investors, they also introduce unique risks. On this episode, we hear from three experts at FINRA who are closely looking at these technologies and following developments in this space.

As we approach the end of the first quarter of 2024, FINRA’s Cyber and Analytics Unit (CAU) proactively warns member firms of continuing social engineering campaigns involving fraudulent representations of individuals purporting to be FINRA representatives. As with many types of social engineering campaigns, threat actors may use website domain names (sites) that are similar to FINRA.org (e.g., Finra-latam.org, finra.world, finra.eu), fraudulently use FINRA’s logo or purport to be legitimate FINRA employees. These domains and individuals are not associated with FINRA.

On this episode, we dig into a new report from the FINRA Investor Education Foundation, Investors of Color in the United States, that highlights interesting trends related to the pace at which Black/African American, Hispanic/Latino and Asian American/Pacific Islander investors are entering the market, their views on risk, where they're receiving information and more.

Request for TRACE Reporting Exemption Under FINRA Rule 6732

FINRA Enforcement works tirelessly on the front lines of investor protection, and this tremendous undertaking demands steadfast leadership. On this episode of FINRA Unscripted, we are reintroduced to Bill St. Louis, FINRA's new Executive Vice President and Head of Enforcement, to learn more about what's on the horizon for Enforcement in the new year.

LockBit, one of the most deployed ransomware variants in recent years, continues to impact organizations across the globe, including FINRA member firms. Since November of 2023, FINRA has received reports from several member firms related to cyber incidents allegedly perpetrated by LockBit. The reported incidents varied in severity from no impact to significant disruptions in firms’ business operations. As a result, the Cyber and Analytics Unit (CAU) within FINRA’s Member Supervision Program is notifying firms of the increased activity of this threat actor to heighten awareness and visibility of this risk. CAU is also providing a compilation of resources that outline effective practices firms may consider in response to this elevated risk.

On this episode, we delve into the results of FINRA's targeted review of certain member firms and their communications to retail investors regarding crypto products and services.

The 2024 FINRA Annual Regulatory Oversight Report (the Report) provides member firms with insight into findings from FINRA’s Member Supervision, Market Regulation and Enforcement programs (collectively, “regulatory operations programs”). The Report reflects FINRA’s commitment to providing greater transparency to member firms and the public about our regulatory activities.

As a self-regulatory organization, information sharing is key to FINRA's pursuit of its mission of investor protection and market integrity, and no single resource is a better example of that than FINRA's Annual Regulatory Oversight Report. On this episode, we hear from four leaders within FINRA's Member Supervision department to discuss highlights from the 2024 report.

The Neutral Corner – Volume 4—2023

Q1. Who can offer or sell securities under Regulation Crowdfunding? A1. Regulation Crowdfunding allows eligible issuers1 to offer and sell securities through the platform of a broker-dealer or funding portal that is both registered with the SEC and a FINRA member (an “intermediary”). This activity must be conducted exclusively through the platform of a single intermediary. A firm cannot act as an intermediary if it is not a registered broker-dealer or a registered funding portal, and is not a member of FINRA.

With the holiday season upon us and 2023 coming to an end, FINRA’s Cyber and Analytics Unit (CAU) would like to remind member firms to prepare for cyber threats and attacks that may occur around the holidays. Member firms and their vendors should consider reviewing and validating their Written Supervisory Procedures (WSPs), continuing to educate their employees with respect to cybersecurity and effective practices, and testing incident response plans (IRPs) to prepare for, prevent, or recover from an incident.

FINRA’s Cyber and Analytics Unit (CAU) is highlighting an Okta data breach spanning from September 28 to October 17, 2023 that impacts Okta customer support system users.  Okta reported that threat actors downloaded names and email addresses, along with other relevant metadata, of their customer support system users. The information could be leveraged in phishing or other social engineering attacks and potentially lead to the targeting of firm personnel in an Okta administrator or customer support role.

The prevalence of cybersecurity incidents continues to increase at FINRA member firms. As a result of the continued proliferation of cybercrime, the Cyber and Analytics Unit (CAU) within FINRA’s Member Supervision program is issuing this advisory to highlight effective practices and considerations for member firms when responding to cyber incidents, including the benefits of voluntarily reporting information related to the incident to various entities.

Succession planning is important not just for customers and representatives but can even be a matter of life or death when it comes to the continued existence of a firm. On this episode, we hear how and why firms should plan for the expected and unexpected in life.

Due to increased reports related to cyber incidents occurring at FINRA member firms which have been attributed to specific threat actors, the Cyber and Analytics Unit (CAU) within FINRA’s Member Supervision Program is highlighting a recent joint Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) Cybersecurity Advisory published on November 16, 2023, which may be updated as new intelligence is uncovered.

The small firm community, those firms with 150 or fewer registered financial professionals came together in October to discuss and engage on key areas of concern at the Small Firm Conference. On this episode, we go behind the scenes of this year's event to share with you the fireside chat between FINRA CEO Robert Cook and FINRA's Head of Member Relations, Kayte Toczylowski.

FINRA is highlighting recently reported vulnerabilities that impact Citrix NetScaler services including NetScaler ADC and NetScaler Gateway. Threat actors can exploit these vulnerabilities to exfiltrate sensitive information and to infect data and systems with ransomware. These Citrix services are typically used in support of internet-based application systems, to balance and manage incoming requests, and to enhance security and resiliency.