The Financial Industry Regulatory Authority (FINRA) has shared its Report on Selected Cybersecurity Practices — 2018.  This report focuses on firms’ primary challenges and most frequent Cybersecurity findings from FINRA’s examination program. The report highlights the importance of Data Loss Prevention (DLP), Security Information and Event Management (SIEM) Solutions, Penetration Testing and Cybersecurity Training within the firm.

#cyberSecurity #alwaysLeading #getTier1Net

SEC Office of Compliance Inspections and Examinations Announces 2019 Examination Priorities

FOR IMMEDIATE RELEASE
2018-299

Washington D.C., Dec. 20, 2018 —
The Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) today announced its 2019 examination priorities. OCIE publishes its exam priorities annually to promote transparency of its examination program and provide insights into the areas it believes present potentially heightened risk to investors or the integrity of the U.S. capital markets. This year, particular emphasis will be on digital assets, cybersecurity, and matters of importance to retail investors, including fees, expenses, and conflicts of interest.

“OCIE continues to thoughtfully approach its examination program, leveraging technology and the SEC staff’s industry expertise,” said SEC Chairman Jay Clayton. “As these examination priorities show, OCIE will maintain its focus on critical market infrastructure and Main Street investors in 2019.”

“OCIE is steadfast in its commitment to protect investors, ensure market integrity and support responsible capital formation through risk-focused strategies that improve compliance, prevent fraud, monitor risk, and inform policy. We believe our ongoing efforts to improve risk assessment and maintain an open dialogue with market participants advance these goals to the benefit of investors and the U.S. capital markets,” said OCIE Director Pete Driscoll.

This year, OCIE’s examination priorities are broken down into six categories: (1) compliance and risk at registrants responsible for critical market infrastructure; (2) matters of importance to retail investors, including seniors and those saving for retirement; (3) FINRA and MSRB; (4) digital assets; (5) cybersecurity; and (6) anti-money laundering programs.

Compliance and Risks in Critical Market Infrastructure – OCIE will continue to examine entities that provide services critical to the proper functioning of capital markets. OCIE will conduct examinations of these firms which include, among others, clearing agencies, national securities exchanges, and transfer agents, focusing on certain aspects of their operations and compliance with recently effective rules.

Retail Investors, Including Seniors and Those Saving for Retirement – Protecting Main Street investors continues to be a priority in 2019. OCIE will focus examinations on the disclosure and calculation of fees, expenses, and other charges investors pay, the supervision of representatives selling products and services to investors, broker-dealers entrusted with customer assets, and portfolio management and trading.

FINRA and MSRB – OCIE will continue its oversight of FINRA by focusing examinations on FINRA’s operations and regulatory programs and the quality of FINRA’s examinations of broker-dealers and municipal advisors. OCIE will also examine MSRB to evaluate the effectiveness of select operations and internal policies, procedures, and controls.

Cybersecurity – Each of OCIE’s examination programs will prioritize cybersecurity with an emphasis on, among other things, proper configuration of network storage devices, information security governance, and policies and procedures related to retail trading information security.

Anti-Money Laundering Programs – Examiners will review for compliance with applicable anti-money laundering requirements, including whether firms are appropriately adapting their AML programs to address their regulatory obligations.

The published priorities for 2019 are not exhaustive and will not be the only issues OCIE addresses in its examinations, Risk Alerts, and investor and industry outreach. While the priorities drive OCIE’s examinations, the scope of any examination is determined through a risk-based approach that includes analysis of the registrant’s operations, products offered, and other factors.

The collaborative effort to formulate the annual examination priorities starts with feedback from examination staff, who are uniquely positioned to identify the practices, products, and services that may pose significant risk to investors or the financial markets. OCIE staff also seek advice of the Chairman and Commissioners, staff from other SEC divisions and offices, and the SEC’s fellow regulators.

OCIE is responsible for conducting examinations of entities registered with the SEC, including more than 13,200 investment advisers, approximately 10,000 mutual funds and exchange traded funds, roughly 3,800 broker-dealers, about 330 transfer agents, seven active clearing agencies, 21 national securities exchanges, nearly 600 municipal advisors, FINRA, the MSRB, the Securities Investor Protection Corporation, and the Public Company Accounting Oversight Board, among others. The results of OCIE’s examinations are used by the SEC to inform rule-making initiatives, identify and monitor risks, improve industry practices, and pursue misconduct.

https://www.sec.gov/news/press-release/2018-299

With $13 billion of expected sales occurring between Thanksgiving Day and Cyber Monday consumers are especially susceptible to phishing attacks due to their eagerness to win the day with that “too good to be true” sale.   Cyber criminals capitalize on this prime opportunity by launching newly acquired cyber weapons which leverage advanced artificial intelligence at rates previously unseen.    According to the SonicWall Capture Labs Threat Research Team cybercriminals launched more than 113 million malware attacks on Cyber Monday last year and ransomware attacks spiked 127%, a 4.4x increase over the yearly average.

It is essential for your organization to leverage a multi-layered Cybersecurity platform.  Tier1Net’s Cybersecurity Business Operating Platform for Financial Services Organizations includes multiple distinct layers of Hybrid Artificial Intelligence and Advanced Machine Learning technologies to defend against these advanced Cyber Attacks.

Two unique technologies integrated into Tier1Net’s Cybersecurity Business Operating Platform for Financial Services Organizations to meet this challenge are SonicWall’s Advanced Threat Protection (ATP) and Real-Time Deep Memory Inspection technologies. SonicWall’s ATP provides multi-engine sandboxing to identify and block never-before-seen cyber attacks. SonicWall’s patent pending Real-Time Deep Memory Inspection technology identifies and stops difficult-to-find threats hidden in memory where malware’s weaponry is exposed for less than 100 nanoseconds.

If you are a looking for a holistic Cybersecurity solution customized to address the challenges facing the financial services industry please contact Tier1Net at 781-935-8050 to inquire about our Cybersecurity Business Operating Platform for Financial Services Organizations.

#alwaysahead   #alwaysleading  #cybermonday