Given the evolving nature, increasing frequency, and mounting sophistication of cybersecurity attacks – as well as the potential for harm to investors, firms, and the markets – cybersecurity practices are a key focus for firms and FINRA.
FINRA evaluates firms’ approaches to cybersecurity risk management through reviews of their controls in areas including: technology governance, risk assessment, technical controls, access management, incident response, vendor management, data loss prevention, system change management, branch controls and staff training. Through these reviews, FINRA also assesses a firm’s ability to protect the confidentiality, integrity, and availability of sensitive customer information.
These pages are designed to assist a firm in building out its cybersecurity program by addressing the individual risks and discussing related controls needed to protect customer and firm confidential data. FINRA has updated this Cybersecurity page to include the following resources:
- In case of a Disruptive Attack or Breach
- Common Cybersecurity Threats
- Compliance Tools
- FINRA Cybersecurity Contact
In Case of a Disruptive Attack or Breach
Firms should get to know their local Federal Bureau of Investigation (FBI) and proactively plan for a cybersecurity attack or breach.
In case your firm is the victim of a disruptive attack or breach, for instance your data has been accessed or your customers cannot do business, you should immediately report the incident to your:
If you need RANSOMWARE assistance, one helpful resource is CISA’s Stop Ransomware!
Unsuccessful and successful cyber-related incidents could require that a SAR be filed, for more information visit The Financial Crimes Enforcement Network (FinCEN)’s guidance.
Common Cybersecurity Threats
This section highlights some of the common cybersecurity threats faced by broker-dealers. In a number of cases, FINRA has observed that different types of attacks were coordinated and overlapped.
- Imposter Websites
- Customer Account Takeover (ATO)
- Firm Account Compromise or Takeover
- Fraudulent Wires or ACH Transactions
- Distributed Denial-of-Service (“DDoS”) Attacks
- Vendor Breaches
February 6 | New York, NY | Hybrid Event
FINRA’s Cybersecurity Conference is a one-day, hybrid event that is designed to help you stay current on today’s cybersecurity challenges, understand vulnerabilities and latest threats and create resilience against cyber-attacks.
May 16-18 | Washington, DC | Hybrid Event
FINRA's premier event—the Annual Conference provides the opportunity for practitioners, peers and regulators to exchange ideas on today's most timely compliance and regulatory topics.
This one-day conference brings together regulators, thought leaders and industry practitioners to discuss the use of Cloud Computing, and related opportunities and challenges.
FINRA’s Cybersecurity Conference helps you stay current on today’s cybersecurity challenges and the ways in which organizations can understand vulnerabilities and threats, and create resilience against cyber attacks.
FINRA Small Firm Conference: Cybersecurity Straight Talk
It is crucial that small financial firms take proper cybersecurity measures to protect their clients and firm. Join FINRA staff and industry panelists as they discuss the “why” behind threat-informed effective practices applicable to small firms, and how they can fit cybersecurity into their already overloaded schedule.
Moderator: David (Dave) Kelley, FINRA Member Supervision
Panelists: Peter Falco, Financial Services Information Sharing and Analysis Center (FS-ISAC) Jennifer Szaro, CRCP®, XML Securities, LLC
Small Firm Cybersecurity Checklist
FINRA has created a Checklist for a Small Firm's Cybersecurity Program to assist small firms in establishing a cybersecurity program.
Compliance Vendor Directory (CVD)
In an effort to provide enhanced compliance tools and resources, FINRA has developed the Compliance Vendor Directory (CVD). The FINRA CVD is designed to give firms more options in locating vendors that provide compliance-related offerings, including cybersecurity vendors and services.
Core Cybersecurity Threats and Effective Controls for Small Firms
This tool helps small firms enhance their customer information protection, and cybersecurity written supervisory programs and related controls by (1) highlighting the most common and recent categories of cybersecurity threats; (2) providing a summary of effective core controls; and (3) listing relevant terms and additional resources.
Report on Selected Cybersecurity Practices
The Report on Selected Cybersecurity Practices – 2018 is a detailed review of effective information-security controls at securities firms. The report is designed to help broker-dealers – including small firms – further develop their cybersecurity programs. The report addresses areas that firms tend to find most challenging: cybersecurity controls in branch offices; methods of limiting phishing attacks; identifying and mitigating insider threats; elements of a strong penetration-testing program; and establishing and maintaining controls on mobile devices.
Report on Cybersecurity Practices
In 2014 and 2011, FINRA reviewed firms' cybersecurity practices to better understand the types of cybersecurity threats firms face and how they counter these threats. This report highlights effective practices in the industry and discusses a risk management-based approach to cybersecurity.
FINRA has assembled a list of industry and governmental cybersecurity resources that firms may use to manage their cybersecurity risk.
FINRA Rules Related to Cybersecurity
- 3110. Supervision
- 3120. Supervisory Control System
- 4530(b). Reporting Requirements
- Supplementary Material 4530.01. Reporting of Firms' Conclusions of Violations
SEC Rules Related to Cybersecurity
- 248.201-202. Regulation S-ID: Identity Theft Red Flags
- 248.1-100. Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Personal Information
- 240.17a-4(f). The Securities Exchange Act of 1933 (17 CFR §240.17a-4(f)) requires firms to preserve electronically stored records in a non-rewriteable, non-erasable format.
- FINRA Alerts Firms to Increased Ransomware Risks12/14/2022
- FINRA Alerts Firms to “Log4Shell” Vulnerability in Apache Log4j Software12/14/2021
- FINRA Alerts Firms to a Phishing Email Campaign Using Multiple Imposter FINRA Domain Names08/13/2021
- FINRA Reminds Firms of their Supervisory Obligations Related to Outsourcing to Third-Party Vendors08/13/2021
- FINRA Alerts Firms to Phishing Email From “FINRA Support” From the Domain Name “westour.org”06/23/2021
- FINRA Alerts Firms to Phishing Email Using “gateway-finra.org” Domain Name06/07/2021
- FINRA Shares Practices Firms Use to Protect Customers From Online Account Takeover Attempts05/12/2021
- FINRA Alerts Firms to Recent Increase in ACH “Instant Funds” Abuse03/25/2021
- FINRA Alerts Firms to Phishing Email Using “finra-online.com” Domain Name03/04/2021
- FINRA Alerts Firms to Phishing Email Using Invest-FINRA.org Domain Name11/30/2020
- Cybersecurity Background: Authentication Methods10/15/2020
- FINRA Alerts Firms to Phishing Email Requesting Them to Respond to Fraudulent FINRA Survey10/06/2020
- FINRA Reminds Firms to Be Aware of Fraudulent Options Trading in Connection With Potential Account Takeovers and New Account Fraud09/17/2020
- Fraudsters Using Registered Representatives Names to Establish Imposter Websites08/20/2020
- FINRA Alerts Firms to Use of Fake FINRA Domain Name08/12/2020
- FINRA Reminds Firms to Beware of Fraud During the Coronavirus (COVID-19) Pandemic05/05/2020
- FINRA Warns of Fraudulent Phishing Emails Purporting to be from FINRA05/04/2020
- Cybersecurity Alert: Measures to Consider as Firms Respond to the Coronavirus Pandemic (COVID-19)03/26/2020
- Cybersecurity Alert: Cloud-Based Email Account Takeovers10/02/2019
- Imposter Websites Impacting Member Firms04/29/2019
- FINRA Warns of Fraudulent Phishing Emails Targeting Member Firms02/13/2019
- Distributed Denial of Service (DDoS) Attacks on Member Firms06/19/2015
- FINRA Warns Firms of Hoax Emails That Purport to Be From Regulators02/29/2012
- Verification of Emailed Instructions to Transmit or Withdraw Assets From Customer Accounts01/26/2012
- Members' Responsibilities When Outsourcing Activities to Third-Party Service Providers07/22/2005
- GuidanceThe prevalence of cybersecurity incidents continues to increase at FINRA member firms. As a result of the continued proliferation of cybercrime, the Cyber and Analytics Unit (CAU) within FINRA’s Member Supervision program is issuing this advisory to highlight effective practices and considerations for member firms when responding to cyber incidents, including the benefits of voluntarily reporting information related to the incident to various entities.November 30, 2023
- GuidanceDue to increased reports related to cyber incidents occurring at FINRA member firms which have been attributed to specific threat actors, the Cyber and Analytics Unit (CAU) within FINRA’s Member Supervision Program is highlighting a recent joint Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) Cybersecurity Advisory published on November 16, 2023, which may be updated as new intelligence is uncovered.November 17, 2023
- GuidanceFINRA is highlighting recently reported vulnerabilities that impact Citrix NetScaler services including NetScaler ADC and NetScaler Gateway. Threat actors can exploit these vulnerabilities to exfiltrate sensitive information and to infect data and systems with ransomware. These Citrix services are typically used in support of internet-based application systems, to balance and manage incoming requests, and to enhance security and resiliency.November 10, 2023
- Report / Study/**/
Quantum mechanics is a branch of physics that deals with the complex properties of atoms and sub-atomic particles.2 Quantum computing leverages the principles of quantum mechanics to solve problems too large or complex for traditional computers.October 30, 2023
- GuidanceThis notification is to warn member firms of an ongoing phishing campaign that involves fraudulent emails purporting to be from FINRA and using the domain name “@rfs-finra.org”.October 13, 2023
- GuidanceFINRA Cybersecurity Advisory - SEC Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies (Exchange Act Release No. 97989)The Cyber and Analytics Unit (CAU) within FINRA’s Member Supervision program is highlighting the new SEC rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure that were adopted on July 26, 2023. The SEC adopted final rules requiring disclosure of material cybersecurity incidents on Form 8-K and periodic disclosure of a registrant’s cybersecurity risk management, strategy and governance in annual reports.September 21, 2023
- GuidanceCybersecurity Alert - FINRA Notifies Member Firms of Joint CISA & FBI Cybersecurity Advisory (AA23-242A)FINRA is highlighting a recent joint Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) Cybersecurity Advisory published on August 30, 2023, which may be updated as new intelligence is uncovered.August 31, 2023
- GuidanceFINRA is highlighting a recent Federal Bureau of Investigation (FBI) Flash published on August 23, 2023. According to the FBI Flash, all exploited Barracuda Email Security Gateway (ESG) appliances, even those with up-to-date security patches, remain at risk for continued computer network compromise from threat actors exploiting a zero-day vulnerability documented in CVE-2023-2868.August 28, 2023
Impact: All Firms
Update (June 22, 2023): The link to the Advisory issued by CISA on June 7, 2023 has been updated to reflect CISA’s current guidance.
Firms should review this information with any vendors who provide information technology services to the firm.June 16, 2023
Impact: All Firms
Firms without dedicated information security professionals may wish to review this information with any vendors who provide those services to the firm.June 15, 2023
This publication outlines emerging insider threat risks and helps member firms identify, prevent, detect, and respond to these threats, including:April 18, 2023
Impact: All Firms
This notification is to warn member firms of an ongoing phishing campaign that involves fraudulent emails purporting to be from FINRA and using the domain names “@finrarps.org” or “@finrarps.net”. The domains of “finrarps.org” and “finrarps.net” are not connected to FINRA, and firms should delete all emails originating from these domains. Member firms should be aware that they may receive similar phishing emails from other domain names in addition to those identified in this Alert.
The email from “finrarps.org” states:April 04, 2023
- GuidanceFINRA Provides Update on Sweep: Social Media Influencers, Customer Acquisition and Related Information ProtectionThis follow-up to the September 2021 targeted exam (sweep) of firms’ practices related to their acquisition of customers through social media channels and their sharing of customers’ usage information with affiliates and non-affiliated third parties summarizes selected practices FINRA has observed firms implement to this point in the sweep.February 28, 2023
This notification is to warn member firms of an ongoing phishing campaign that involves fraudulent emails purporting to be from FINRA and using either the domain name “@finra.eu” and “@finrarec.com”. Samples of both emails are provided in Appendices 1 and 2.
The domains of “finra.eu” and “finrarec.com” are not connected to FINRA, and member firms or their customers may receive similar phishing emails from other domain names in addition to those identified in this Alert.February 23, 2023
- 2023 Report on FINRAs Examination and Risk Monitoring ProgramThe Cybersecurity and Technology Governance section of the 2023 Report on FINRA’s Examination and Risk Monitoring Program (the Report) informs member firms’ compliance programs by providing annual insights from FINRA’s ongoing regulatory operations, including (1) regulatory obligations and related considerations, (2) observations and effective practices, and (3) additional resources.January 10, 2023
This email is to warn member firms of an ongoing phishing campaign that involves fraudulent emails purporting to be from FINRA and using the domain name “@filling-regfinra.com”. The domain of “filling-regfinra.com” is not connected to FINRA, and firms should delete all emails originating from this domain. Member firms should be aware that they may receive similar phishing emails from other domain names in addition to those identified in this Alert.
The email states:
I hope all is well!November 15, 2022
- Media CenterThe new Complex Investigations and Intelligence (CII) team and Cyber and Analytics Unit (CAU) are driving a shift in terms of how Member Supervision’s National Cause and Financial Crimes Detection Program comes at its work and leverages intelligence and analytics to drive decision making and operations. On this episode, we hear how these changes will help FINRA better deliver on its mission of investor protection, market integrity.August 09, 2022
- GuidanceThis email is to warn member firms of an ongoing phishing campaign that involves fraudulent emails purporting to be from FINRA and using either the domain name “@firms-finra.org” or “@firms-sipc.org”. Neither of these domains is connected to FINRA and firms should delete all emails originating from these domain names.June 16, 2022
FINRA’s National Cause and Financial Crimes Detection (NCFC) Cyber and Analytics Unit (CAU) has noted a recent alert issued by Microsoft on May 30, 2022.June 03, 2022
- GuidanceThe Cyber and Analytics Unit (CAU) within FINRA’s National Cause and Financial Crimes Detection (NCFC) program would like to highlight an alert issued by the Cybersecurity & Infrastructure Security Agency (CISA) on April 20, 2022.May 02, 2022
- GuidanceOn April 25, FINRA issued an alert to member firms which highlighted a phishing attack using the domain name “@claims-finra.org”. This alert is to warn you about a new, potentially related, phishing attack also purporting to be from FINRA.April 27, 2022
- GuidanceThis email is to warn member firms of an ongoing phishing campaign that involves fraudulent emails purporting to be from FINRA and using the domain name “@claims-finra.org.” The domain of “claims-finra.org” is not connected to FINRA and firms should delete all emails originating from this domain name.April 25, 2022
- Technical NoticeFINRA is aware of the critical Spring4Shell vulnerability and has taken immediate steps to neutralize the risk.April 04, 2022
The Cyber and Analytics Unit (CAU) within FINRA’s National Cause and Financial Crimes Detection (NCFC) program is highlighting a statement released today by President Biden regarding possible threats to our nation’s cyber security, urging private sector companies to remain vigilant and harden their cyber defenses "immediately" based on "evolving intelligence that the Russian Government is exploring options for potential cyberattacks." The PresidentMarch 21, 2022
The Cyber and Analytics Unit (CAU) within FINRA’s National Cause and Financial Crimes Detection (NCFC) program would like to bring an important cyber-related development to your attention. The Cybersecurity & Infrastructure Security Agency (CISA) and the FBI issued a “Shields Up” warning this week regarding potential Russian cyberattacks to target U.S. organizations related to Russia’s potential destabilizing actions against Ukraine. CISA advised that while there are not currently any specific credible threats to the U.S., they recommend that all organizations, namely U.S.February 15, 2022
- 2022 Report on FINRAs Examination and Risk Monitoring ProgramThe Anti-Money Laundering section of the 2022 Report on FINRA’s Risk Monitoring and Examination Activities (the Report) informs member firms’ compliance programs by providing annual insights from FINRA’s ongoing regulatory operations, including (1) relevant regulatory obligations and related considerations, (2) exam findings and effective practices, and (3) additional resources.February 09, 2022
- 2022 Report on FINRAs Examination and Risk Monitoring ProgramThe Cybersecurity and Technology Governance section of the 2022 Report on FINRA’s Risk Monitoring and Examination Activities (the Report) informs member firms’ compliance programs by providing annual insights from FINRA’s ongoing regulatory operations, including (1) relevant regulatory obligations and related considerations, (2) exam findings and effective practices, and (3) additional resources.February 09, 2022
- Report / Study
Cloud computing is transforming how broker-dealers operate by providing opportunities to enhance agility, efficiency, resiliency and security within firms’ technology and business operations while potentially reducing costs. As a result, cloud computing is increasingly seen by many firms as an important architectural component to their infrastructure.August 16, 2021
- Compliance Tools
Protecting investors means protecting their data, too. Our Small Firm Cybersecurity Checklist supports small firms in establishing a cybersecurity program to:July 12, 2021
- 2021 Report on FINRAs Examination and Risk Monitoring ProgramThe Anti-Money Laundering (AML) section of the 2021 Report on FINRA’s Risk Monitoring and Examination Activities (the Report) informs member firms’ compliance programs by providing annual insights from FINRA’s ongoing regulatory operations, including (1) relevant regulatory obligations and related considerations, (2) exam findings and effective practices, and (3) additional resources.February 01, 2021
- PodcastFirm regulatory risks and priorities don't exist in a vacuum. And that is perhaps nowhere clearer than when it comes to a firm's anti-money laundering responsibilities. A firm's AML risks can overlap with any number of other priorities. On this episode, the first of a two-part series, we look at the overlapping risks of AML and cybersecurity.October 27, 2020
- PodcastBetween the level of interconnectedness on the web and the sheer about of data available, we’re living in an era ripe for the perpetration of financial fraud. That makes it more important than ever for FINRA to have a holistic view of emerging trends and risks—and the ability to coordinate closely with other regulators and law enforcement. FINRA’s new National Cause and Financial Crimes Detection Programs (NCFC) will be the nerve center to do just that.May 26, 2020
- Virtual Conference PanelJoin FINRA staff and industry panelists as they provide examples of effective controls and tools their firms have put into place to monitor and address cybersecurity risks.May 19, 2020
- 2019 Exam Findings ReportThe Observations on Cybersecurity section of the 2019 Report on Exam Findings informs member firms’ compliance programs by describing recent findings and observations from FINRA’s examinations, and, in certain cases, also providing a summary of effective practices.October 16, 2019
This article highlights some of the common cybersecurity threats faced by broker-dealers. In a number of cases, FINRA has observed that different types of attacks were coordinated and overlapped.July 09, 2019
- A Few Minutes With FINRAFINRA’s Senior Vice President of Member Relations and Education Chip Jones, leads a discussion with Chief Information Security Officer John Brady, Senior Director Steve Polansky and Kansas City Surveillance Director Dave Kelley, on FINRA’s 2018 report on selected cybersecurity practices. The discussion includes an overview of the report, which highlights effective practices in five challenging areas that firms should consider to strengthen and further develop their cybersecurity programs—as well as core cybersecurity controls for small firms. (30 min. 17 sec.)December 20, 2018
- PodcastCybersecurity is a major challenge for everyone – but it can be a particularly big challenge for those in the financial industry. That’s why FINRA released a new report highlighting effective cybersecurity practices for FINRA member firms. Learn more in this episode of FINRA Unscripted.December 20, 2018
- Report / Study
This report continues FINRA’s efforts to share information that can help brokerdealer firms further develop their cybersecurity programs. Firms routinely identify cybersecurity as one of their primary operational risks. Similarly, FINRA continues to see problematic cybersecurity practices in its examination and risk monitoring program. This report presents FINRA’s observations regarding effective practices that firms have implemented to address selected cybersecurity risks while recognizing that there is no one-size-fits-all approach to cybersecurity.December 01, 2018
- PodcastIn an era when much of our lives happen online, cybersecurity is more important than ever. But what do you do to protect your personal information? We all have a role to play in keeping ourselves secure. This National Cybersecurity Awareness Month, tune in to learn more about how you can keep yourself, your family and your clients safe online.October 23, 2018
- PodcastFrom banking and investing to social media and shopping, the internet is an essential part of our daily lives. That means cybersecurity is more important than ever. That is particularly true for FINRA, which can process up to 99 billion records in a single day. Here, John Brady explains how FINRA stays cyber secure.February 27, 2018
- GuidanceCybersecurity experts and regulators gathered in New York City on February 22, 2018 to focus on key ways the financial services industry can maintain cybersecurity.February 26, 2018
- 2017 Exam Findings ReportThe Cybersecurity section of the 2017 Report on Exam Findings informs member firms’ compliance programs by describing recent findings and observations from FINRA’s examinations, and, in certain cases, also providing a summary of effective practices.December 06, 2017
- Compliance ToolsFINRA has assembled a list of resources that firms may use to manage their cybersecurity risk. These resources include: news and analysis; effective practices and guidance; and free diagnostic tools...October 25, 2016
- GuidanceFINRA is conducting an assessment of firms’ approaches to managing cyber-security threats. FINRA is conducting this assessment in light of the critical role information technology (IT) plays in the securities industry, the increasing threat to firms’ IT systems from a variety of sources, and the potential harm to investors, firms, and the financial system as a whole that these threats pose.January 01, 2014
- Compliance Tools
The following tool identifies key cybersecurity risks currently facing small firms and helps them enhance their customer information protection, and cybersecurity written supervisory programs (WSPs) and related controls, including:
- Compliance ToolsWhat should your firm do after it discovers that customers’ accounts have been compromised?
- February 09, 2022
- New FINRA Report: Diversity of Cloud Computing Models Among Broker-Dealers Raises Opportunities and Challenges for the Securities IndustryAugust 16, 2021
- December 20, 2018
- December 21, 2016
- FINRA Fines Scottrade $2.6 Million for Significant Failures in Required Electronic Records and Email RetentionNovember 16, 2015
- February 03, 2015
- January 26, 2012
- October 05, 2009
- April 28, 2009
- May 12, 2008
- Investor EducationPretexting is a tactic that hinges on telling a compelling—but fake—story. Hackers attempt to deceive their targets by establishing a false sense of trust, using a fabricated story, or pretext, to get you to download malware, send money or share sensitive information, to name a few examples. Here are some of ways you might be targeted—and how you can thwart an attempt to coax you into believing a bogus story.
- Investor EducationPhishing scams typically involve emails that falsely claim to be from a financial institution, credit card company or other familiar organization or service. Most of these emails attempt to lure you into providing sensitive personal information by requesting that you reply to the email or click on a link that mimics a legitimate website.
- Investor EducationFinancial institutions have an obligation to safeguard your personal financial information, but you have an important role to play as well. Understanding how customer account takeover incidents and theft of personal financial information might occur and taking steps to minimize your risk can make a difference.
- Investor EducationWhile impersonation scams are not new, surprising new variants arise every day. Regulators have observed an increase in cyber-related incidents, including fraudsters creating fake websites using the names and professional details of actual industry professionals (who have no connection to the imposter sites).
- Investor EducationUse this checklist to safeguard your sensitive information and help keep identity thieves at bay.