Share these talks and lectures with your colleagues
Invite colleaguesPractice paper
Assessing cybersecurity risks and practices in the broker-dealer industry
Journal of Securities Operations & Custody,
9
(4),
302-312
(2017)
Abstract
Cyber-attacks impacting the broker-dealer industry are increasingly common, causing greater financial losses and damage than ever before. Firms are employing a broad range of practices to defend against and mitigate these cybersecurity risks. This paper examines the cybersecurity risks faced by broker-dealers and common cybersecurity practices at broker-dealers. The Financial Industry Regulatory Authority (FINRA) is a US-based self-regulatory organisation (SRO) for broker-dealers with the dual mission of investor protection and market integrity. Pursuant to its mission, FINRA continues to emphasise the importance of broker-dealers understanding how to identify cyber risks and the actions necessary to safeguard their systems, data and operations to mitigate the risk of cybersecurity attacks and breaches and to protect their customers. Sources include information obtained or observed during FINRA examinations, enforcement cases, customer complaints and firm self-reported cyber events.
Keywords: Financial Industry Regulatory Authority (FINRA); broker; cybersecurity; risks; personally identifiable information (PII); hackers
The full article is available to subscribers to the journal.
Author's Biography
Yolanda Trottman-Adewumi is a surveillance director in the Financial Industry Regulatory Authority’s (FINRA’s) Risk Oversight and Operational Regulation Department of Member Regulation at FINRA. She has been with FINRA since its inception in 2007. She currently has responsibility for managing the surveillance of member firms for financial and operational soundness, and business conduct compliance. Prior to this role, Yolanda was an examination director of the Alternative Net Capital Program. She also managed the development of FINRA’s Technology Governance and Cybersecurity examination programmes. Yolanda chairs FINRA’s IT Advisory Team, which was created to host educational forums and provide assistance with risk assessment and examination execution relative to IT governance, cybersecurity and related internal controls. Prior to joining FINRA, Yolanda was an examination director at NYSE Regulation. She received a BSBA from the University of Missouri- Columbia and holds certifications from the Securities Industry Institute and the FINRA Excellence in Management Program from The Wharton School of The University of Pennsylvania.
David Kelley is a surveillance director in FINRA’s Kansas City District office. He joined FINRA in 2010. David also leads FINRA’s sales practice exam programme for cybersecurity and the regulatory specialist team for cyber security, IT controls and privacy. Prior to joining FINRA, he worked for more than 19 years at American Century Investments in various positions, including chief privacy officer, director of IT audit and director of electronic commerce controls. He led the development of website controls, including customer application security, ethical hacking programmes and application controls. David is a CPA and certified internal auditor, and previously held the Series 7 and 24 licenses.
Len Smuglin is an IT exam manager with the Risk Oversight and Operational Regulation (ROOR) group at FINRA. He is responsible for planning and executing technology reviews at member firms. Prior to joining FINRA, Len worked in the financial services industry for over 20 years for several large New York area institutions. His roles and responsibilities were in the following areas: IT audit, technology risk and systems quality assurance. He is a University of Wisconsin (at Milwaukee) graduate where he majored in management information systems. Len also completed an Advanced Certificate Program in Systems Auditing at New York University. Len holds a certified information systems auditor (CISA) certification.
Gregory Markovich is a Regulatory Principal at FINRA. He joined FINRA in February 2016 and is responsible for leading cybersecurity examinations and providing security consultation and training for other staff. Prior to joining FINRA, Gregory worked for 30 years in information technology (IT) and security at the investment management firms Capital Group — American Funds and American Century Investments. His leadership roles at these firms included responsibility for information security, risk management, identity access management, and disaster recovery. Gregory also has experience leading applications development and infrastructure support teams. In addition to having an MBA degree from the University of Missouri, Gregory has several security certifications including a certified information systems security professional (CISSP) and a certified ethical hacker (CEH) certification.
