FINRA Reminds Members to Comply with SEC Cybersecurity Requirements
In a Cybersecurity Advisory, FINRA reminded members of their obligations to comply with recent amendments to Regulation S-P ("Privacy of Consumer Financial Information and Safeguarding Personal Information") "to ensure their cybersecurity programs are modified, as needed."
The amendments expanded the scope of information under the regulation by requiring covered institutions "to (1) adopt an incident response program and (2) notify affected individuals whose sensitive customer information was, or is reasonably likely to have been, accessed or used without authorization." (See related coverage.)
The Advisory was issued by the Cyber and Analytics Unit ("CAU") within FINRA's Member Supervision program.
Related Articles
-
The SEC adopted a final rule mandating that covered institutions develop, implement and maintain written policies and procedures for an incident response program that is reasonably designed to detect, respond to and recover from unauthorized access to or use of customer information.
-
The Financial Information Forum, Nasdaq, CME and Investment Company Institute recommended changes to the SEC's proposed rules on cybersecurity risk management practices.
-
SIFMA, the Bank Policy Institute, the Institute of International Bankers and the American Bankers Association urged the SEC to revise its proposals on cybersecurity related regulations, emphasizing the need for clear guidance across government agencies and collaboration with the securities industry.
-
The SEC proposed amendments to regulations on consumer financial privacy and information safeguards that would, among other things, require firms to implement written incident response plans and provide data breach notifications to customers.
