Cybersecurity and technology governance remain a top area of focus for the SEC and FINRA, as the regulators continue to concentrate on improving the overall cybersecurity posture and resiliency of the financial sector. FINRA covered this in its 2022 Report on its Examination and Risk Monitoring Program. The SEC is also implementing a campaign to overhaul the agency’s expectations around cybersecurity and cyber incident reporting for the financial services industry and corporate America generally.
FINRA “expects firms to develop reasonably designed cybersecurity programs and controls that are consistent with their risk profile, business model and scale of operations.” FINRA also spotlights the risks posed by technology-related programs (e.g., change and program management practices and increased trading volumes) that can “expose firms to operational failures that may compromise firms’ ability to comply with a range of rules and regulations.” FINRA specifically mentioned Rules 3110, 4370, and 4511 and SEC Rules 17a-3 and 17a-4.
FINRA’s primary theme across this focus area relates to the sufficiency of internal processes, procedures, and controls. FINRA…
