SUGGESTED ROUTING
Senior Management
Internal Audit
Legal & Compliance
Operations
Trading
Executive Summary
As requested by the Department of Treasury (Treasury) the NASD® provides members with information from the Office of Foreign Assets Control (OFAC) about persons and entities identified as "Specially Designated Nationals and Blocked1 Persons." On
SUGGESTED ROUTING
Legal & Compliance
Operations
Options
Executive Summary
The Securities and Exchange Commission has approved proposals by each of the five registered national options exchanges and the National Association of Securities Dealers, Inc. (the SROs) that provide member firms with more flexibility in how they store account statements and other information for
FINRA Requests Comment on Proposed Limited Safe Harbor From FINRA Equity and Debt Research Rules for Desk Commentary
On Oct. 16, 2024, the Cybersecurity & Infrastructure Security Agency (CISA) released Cybersecurity Advisory - AA24-290A, which provides threat actors’ tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with Iranian cyber actors. In light of the historical proclivity of Iranian threat actors targeting the financial services industry, FINRA is sharing this information with member firms.
In 2021, considerable industry, and in some cases public, attention was focused on topics that FINRA also addressed through its exam and risk monitoring program. These topics include newer SEC Rules (e.g., Regulation Best Interest (Reg BI), Form CRS, amendments to Rule 606), recent increases in the number and sophistication of cybersecurity threats, and the proliferation of securities trading
FINRA member firms should be aware of a technique threat actors use to avoid network defenders detecting the required communications of malware. On April 3, 2025, the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), Canadian Centre for Cyber Security (CCCS) and New Zealand National Cyber Security Centre (NCSC-NZ) issued a joint cybersecurity advisory (CSA) to warn organizations of the ongoing threat of one such technique: fast flux.
Industry Governor (Small Firm Representative)Chief Compliance Officer, XML Securities, LLCGovernor Since 2024Committee: Regulatory Oversight CommitteeProfessional ExperienceXML Securities, LLCManaging equity member (2022 – Present)Chief Compliance Officer, XML Securities, LLC (2013 – Present)Chief Administrative Officer, XML Securities, LLC (2008 – 2012)XML Financial, LLCManaging equity
This notification is to warn member firms of an ongoing phishing campaign that involves fraudulent emails purporting to be from FINRA and using the e-mail addresses “[email protected]” and “[email protected]”. The e-mail addresses and domain “data-finra.org” are not connected to FINRA, and firms should delete all emails originating from these domains. Member firms should be aware that they may receive similar phishing emails from other domain names in addition to those identified in this Alert.
Funding and Liquidity Risk Management Practices
FINRA Announces the Publication of Consolidated Interpretations of SEC Rules Governing Financial Responsibility, Customer Protection and Books and Records
