Skip to main content

For updates and guidance related to COVID-19 / Coronavirus, click here.

Cybersecurity

Given the evolving nature, increasing frequency, and mounting sophistication of cybersecurity attacks – as well as the potential for harm to investors, firms, and the markets – cybersecurity practices are a key focus for firms and FINRA. 

FINRA evaluates firms’ approaches to cybersecurity risk management through reviews of their controls in areas including: technology governance, risk assessment, technical controls, access management, incident response, vendor management, data loss prevention, system change management, branch controls and staff training.  Through these reviews, FINRA also assesses a firm’s ability to protect the confidentiality, integrity, and availability of sensitive customer information.

These pages are designed to assist a firm in building out its cybersecurity program by addressing the individual risks and discussing related controls needed to protect customer and firm confidential data.  FINRA has updated this Cybersecurity page to include the following resources:

  • In case of a Disruptive Attack or Breach
  • Common Cybersecurity Threats
  • Events
  • Reports
  • Compliance Tools
  • FINRA Cybersecurity Contact

In Case of a Disruptive Attack or Breach

Firms should get to know their local Federal Bureau of Investigation (FBI) and proactively plan for a cybersecurity attack or breach.

In case your firm is the victim of a disruptive attack or breach, for instance your data has been accessed or your customers cannot do business, you should immediately report the incident to your:

If you need RANSOMWARE assistance, one helpful resource is CISA’s Stop Ransomware!

Unsuccessful and successful cyber-related incidents could require that a SAR be filed, for more information visit The Financial Crimes Enforcement Network (FinCEN)’s guidance.


Common Cybersecurity Threats

This section highlights some of the common cybersecurity threats faced by broker-dealers. In a number of cases, FINRA has observed that different types of attacks were coordinated and overlapped.

  • Phishing
  • Imposter Websites
  • Malware
  • Customer Account Takeover (ATO)
  • Firm Account Compromise or Takeover
  • Fraudulent Wires or ACH Transactions
  • Ransomware
  • Distributed Denial-of-Service (“DDoS”) Attacks
  • Vendor Breaches

Events

Upcoming Events

Virtual Compliance Boot Camps

FINRA's Virtual Compliance Boot Camps are one-hour interactive virtual classroom sessions that include training on a variety of topics including Cybersecurity. Past event topics included:

  • Small Firm Technical Controls: Defense-in-Depth
  • Customer Account Take Over
  • Using the FINRA’s Small Firm Checklist

Past Events

FINRA Small Firm Conference: Cybersecurity Straight Talk

It is crucial that small financial firms take proper cybersecurity measures to protect their clients and firm. Join FINRA staff and industry panelists as they discuss the “why” behind threat-informed effective practices applicable to small firms, and how they can fit cybersecurity into their already overloaded schedule.

Moderator: David (Dave) Kelley, FINRA Member Supervision

Panelists: Peter Falco, Financial Services Information Sharing and Analysis Center (FS-ISAC) Jennifer Szaro, CRCP®, XML Securities, LLC

2021 FINRA Virtual Technology Conference

June 23, 2021
Join FINRA cybersecurity leaders as they discuss the current state of cybersecurity and the ever-changing threat landscape. The conversation will focus on three facets of FINRA’s cybersecurity initiatives: how FINRA secures its own systems, unique security features of the Consolidated Audit Trail (CAT) system, and how FINRA supports member firms’ cybersecurity programs.

2020 Cybersecurity Conference

January 14, 2020 • New York, NY
FINRA’s Cybersecurity Conference helps you stay current on today’s cybersecurity challenges and the ways in which organizations can understand vulnerabilities and threats, and create resilience against cyber attacks.


2021 Report on FINRA’s Examination and Risk Monitoring Program

The Cybersecurity and Technology Governance section of the 2021 Report on FINRA’s Risk Monitoring and Examination Activities (the Report) informs member firms’ compliance programs by providing annual insights from FINRA’s ongoing regulatory operations, including (1) relevant regulatory obligations and related considerations, (2) exam findings and effective practices, and (3) additional resources.


Compliance Tools

Small Firm Cybersecurity Checklist
FINRA has created a Checklist for a Small Firm's Cybersecurity Program to assist small firms in establishing a cybersecurity program.

Compliance Vendor Directory (CVD)
In an effort to provide enhanced compliance tools and resources, FINRA has developed the Compliance Vendor Directory (CVD). The FINRA CVD is designed to give firms more options in locating vendors that provide compliance-related offerings, including cybersecurity vendors and services.

Core Cybersecurity Controls for Small Firms
Core Cybersecurity Controls for Small Firms is a list of core controls that are likely to be relevant to many small firms’ cybersecurity programs. This list was designed to help small firms in establishing an effective cybersecurity program.

Report on Selected Cybersecurity Practices
The Report on Selected Cybersecurity Practices – 2018 is a detailed review of effective information-security controls at securities firms. The report is designed to help broker-dealers – including small firms – further develop their cybersecurity programs. The report addresses areas that firms tend to find most challenging: cybersecurity controls in branch offices; methods of limiting phishing attacks; identifying and mitigating insider threats; elements of a strong penetration-testing program; and establishing and maintaining controls on mobile devices.

Report on Cybersecurity Practices
In 2014 and 2011, FINRA reviewed firms' cybersecurity practices to better understand the types of cybersecurity threats firms face and how they counter these threats. This report highlights effective practices in the industry and discusses a risk management-based approach to cybersecurity.

Non-FINRA Resources
FINRA has assembled a list of industry and governmental cybersecurity resources that firms may use to manage their cybersecurity risk.

  • FINRA Alerts Firms to a Phishing Email Campaign Using Multiple Imposter FINRA Domain Names
  • FINRA Reminds Firms of their Supervisory Obligations Related to Outsourcing to Third-Party Vendors
  • FINRA Alerts Firms to Phishing Email From “FINRA Support” From the Domain Name “westour.org”
  • FINRA Alerts Firms to Phishing Email Using “gateway-finra.org” Domain Name
  • FINRA Shares Practices Firms Use to Protect Customers From Online Account Takeover Attempts
  • FINRA Alerts Firms to Recent Increase in ACH “Instant Funds” Abuse
  • FINRA Alerts Firms to Phishing Email Using “finra-online.com” Domain Name
  • FINRA Alerts Firms to Phishing Email Using Invest-FINRA.org Domain Name
  • Cybersecurity Background: Authentication Methods
  • FINRA Alerts Firms to Phishing Email Requesting Them to Respond to Fraudulent FINRA Survey
  • FINRA Reminds Firms to Be Aware of Fraudulent Options Trading in Connection With Potential Account Takeovers and New Account Fraud
  • Fraudsters Using Registered Representatives Names to Establish Imposter Websites
  • FINRA Alerts Firms to Use of Fake FINRA Domain Name
  • FINRA Reminds Firms to Beware of Fraud During the Coronavirus (COVID-19) Pandemic
  • FINRA Warns of Fraudulent Phishing Emails Purporting to be from FINRA
  • Cybersecurity Alert: Measures to Consider as Firms Respond to the Coronavirus Pandemic (COVID-19)
  • Cybersecurity Alert: Cloud-Based Email Account Takeovers
  • Imposter Websites Impacting Member Firms
  • FINRA Warns of Fraudulent Phishing Emails Targeting Member Firms
  • Distributed Denial of Service (DDoS) Attacks on Member Firms
  • FINRA Warns Firms of Hoax Emails That Purport to Be From Regulators
  • Verification of Emailed Instructions to Transmit or Withdraw Assets From Customer Accounts
  • Members' Responsibilities When Outsourcing Activities to Third-Party Service Providers
  • Report / Study

    Cloud computing is transforming how broker-dealers operate by providing opportunities to enhance agility, efficiency, resiliency and security within firms’ technology and business operations while potentially reducing costs. As a result, cloud computing is increasingly seen by many firms as an important architectural component to their infrastructure.

    August 16, 2021
  • Podcast
    Firm regulatory risks and priorities don't exist in a vacuum. And that is perhaps nowhere clearer than when it comes to a firm's anti-money laundering responsibilities. A firm's AML risks can overlap with any number of other priorities. On this episode, the first of a two-part series, we look at the overlapping risks of AML and cybersecurity.
    October 27, 2020
  • Podcast
    Between the level of interconnectedness on the web and the sheer about of data available, we’re living in an era ripe for the perpetration of financial fraud. That makes it more important than ever for FINRA to have a holistic view of emerging trends and risks—and the ability to coordinate closely with other regulators and law enforcement. FINRA’s new National Cause and Financial Crimes Detection Programs (NCFC) will be the nerve center to do just that.
    May 26, 2020
  • Virtual Conference Panel
    Join FINRA staff and industry panelists as they provide examples of effective controls and tools their firms have put into place to monitor and address cybersecurity risks.
    May 19, 2020
  • 2019 Exam Findings Report
    The Observations on Cybersecurity section of the 2019 Report on Exam Findings informs member firms’ compliance programs by describing recent findings and observations from FINRA’s examinations, and, in certain cases, also providing a summary of effective practices.
    October 16, 2019
  • Guidance

    This article highlights some of the common cybersecurity threats faced by broker-dealers. In a number of cases, FINRA has observed that different types of attacks were coordinated and overlapped.

    July 09, 2019
  • A Few Minutes With FINRA
    FINRA’s Senior Vice President of Member Relations and Education Chip Jones, leads a discussion with Chief Information Security Officer John Brady, Senior Director Steve Polansky and Kansas City Surveillance Director Dave Kelley, on FINRA’s 2018 report on selected cybersecurity practices. The discussion includes an overview of the report, which highlights effective practices in five challenging areas that firms should consider to strengthen and further develop their cybersecurity programs—as well as core cybersecurity controls for small firms. (30 min. 17 sec.)
    December 20, 2018
  • Podcast
    Cybersecurity is a major challenge for everyone – but it can be a particularly big challenge for those in the financial industry. That’s why FINRA released a new report highlighting effective cybersecurity practices for FINRA member firms. Learn more in this episode of FINRA Unscripted.
    December 20, 2018
  • Report / Study

    This report continues FINRA’s efforts to share information that can help brokerdealer firms further develop their cybersecurity programs. Firms routinely identify cybersecurity as one of their primary operational risks. Similarly, FINRA continues to see problematic cybersecurity practices in its examination and risk monitoring program. This report presents FINRA’s observations regarding effective practices that firms have implemented to address selected cybersecurity risks while recognizing that there is no one-size-fits-all approach to cybersecurity.

    December 01, 2018
  • Podcast
    In an era when much of our lives happen online, cybersecurity is more important than ever. But what do you do to protect your personal information? We all have a role to play in keeping ourselves secure. This National Cybersecurity Awareness Month, tune in to learn more about how you can keep yourself, your family and your clients safe online.
    October 23, 2018
  • Compliance Tools

    Protecting investors means protecting their data, too. Our Small Firm Cybersecurity Checklist supports small firms in establishing a cybersecurity program to:

    July 12, 2018
  • Podcast
    From banking and investing to social media and shopping, the internet is an essential part of our daily lives. That means cybersecurity is more important than ever. That is particularly true for FINRA, which can process up to 99 billion records in a single day. Here, John Brady explains how FINRA stays cyber secure.
    February 27, 2018
  • Video
    Cybersecurity experts and regulators gathered in New York City on February 22, 2018 to focus on key ways the financial services industry can maintain cybersecurity.
    February 26, 2018
  • 2017 Exam Findings Report
    The Cybersecurity section of the 2017 Report on Exam Findings informs member firms’ compliance programs by describing recent findings and observations from FINRA’s examinations, and, in certain cases, also providing a summary of effective practices.
    December 06, 2017
  • Compliance Tools
    FINRA has assembled a list of resources that firms may use to manage their cybersecurity risk. These resources include: news and analysis; effective practices and guidance; and free diagnostic tools...
    October 25, 2016
  • Compliance Tools
    FINRA has created a checklist to assist small firms in establishing a cybersecurity program.
    May 23, 2016
  • Guidance
    FINRA is conducting an assessment of firms’ approaches to managing cyber-security threats. FINRA is conducting this assessment in light of the critical role information technology (IT) plays in the securities industry, the increasing threat to firms’ IT systems from a variety of sources, and the potential harm to investors, firms, and the financial system as a whole that these threats pose.
    January 01, 2014
  • Compliance Tools
    What should your firm do after it discovers that customers’ accounts have been compromised?