FINRA Publishes Report On Selected Cybersecurity Practices At Securities Firms – 2018


Friday, December 21, 2018   02.30AM / By FINRA


FINRA yesterday published its Report on Selected Cybersecurity Practices - 2018, a detailed review of effective information-security controls at securities firms.


The report represents the newest initiative in FINRA’s ongoing effort to help broker-dealers – including small firms – further develop their cybersecurity programs.


“Securities firms rate cybersecurity as one of their top operational risks, and our new report addresses areas that firms tend to find most challenging,” said David M. Kelley, Surveillance Director, Member Supervision in FINRA’s Kansas City office, referring to the report’s five main topics:

  • Cybersecurity controls in branch offices;
  • Methods of limiting phishing attacks;
  • Identifying and mitigating insider threats;
  • Elements of a strong penetration-testing program; and
  • Establishing and maintaining controls on mobile devices.


“Firms welcome the opportunity to see the effective practices used by other broker-dealers, so they can benchmark their controls and make informed decisions about establishing or evolving their own programs,” said Yolanda Adewumi-Trottman, Examination Director, Member Supervision in FINRA’s New York City office.


The new report builds on a 2015 cybersecurity report by FINRA that covered the main elements of a comprehensive cybersecurity program and provided guidance to firms seeking to improve their programs. The 2018 report adds greater depth and detail; for example, the section on branch controls lists more than three dozen specific, effective practices across written supervisory procedures, asset inventories, technical controls and branch review programs.


The section on phishing highlights how to detect such attacks, including phishes that appear to be from trusted sources such as a CEO or other executive, the company help desk, customers or friends.


“There is no one-size-fits-all approach to cybersecurity, so FINRA has made a priority of providing firms with reports and other tools to help them determine the right set of practices for their individual business,” said Steven Polansky, Senior Director, Member Supervision in FINRA’s Washington, D.C. office. He recommended that small firms review the report appendix regarding core controls for such firms, as well as FINRA’s previously published Small Firm Cybersecurity Checklist. All of these resources as well as a podcast and video based on the 2018 report are available at’s cybersecurity topic page.



Proshare Nigeria Pvt. Ltd.



Related News

1.       New S$30m Grant To Enhance Cybersecurity Capabilities In Financial Sector

2.      Security Tips for Your Business: Raising Awareness about Cybersecurity

3.      DHS and Private Sector Partners Establish Info and Comms Technology Supply Chain Risk Mgt Task Force

4.      Everything You Ever Needed To Know About Mobile Security and 3 Other Guides For Digital Security

5.      Cases of Bank Fraud Continue to Rise

6.      Phillips Consulting Transforms Banking in Nigeria with Introduction of Intellect Digital Solution

7.      4 In 5 Financial Services Professionals Using Search Engines Are Exposed To Financial Crime Risk

8.     NSE Of India Signs Post-Trade Technology And Strategic Partnership Pact With Nasdaq

9.      Breaking Down Canada’s National Cyber Security Strategy

10.  EU To Create A Common Cybersecurity Certification Framework And Beef Up Its Agency

11.   Kenya Bankers Association Partners With Tech Firms For Online Safety Campaign

12.  Eurojust - Council Of Europe: Joint Conference On Judicial Cooperation In Cybercrime Matters


 Proshare Nigeria Pvt. Ltd.

Related News