Cybersecurity threats remain one of the most significant risks for firms. FINRA will review how firms are handling and protecting customer data and employee information, including personally identifiable or sensitive information. FINRA will monitor controls, such as passwords, encryption, use of portable storage devices, and virus protections and patches. They will also assess firms’ supervisory controls testing. FINRA will determine if firms have implemented the required controls and supervision to protect and segregate customer assets, and to monitor suspicious activity and money laundering.