Today's testimony reflects an increasing need for financial services firms to focus on cybersecurity issues and vulnerabilities. This same focus is reflected in FINRA's "2016 Regulatory and Examination Priorities Letter"1 ("FINRA's Priorities") and the SEC's Office of Compliance Inspections and Examinations' "Examination Priorities for 2016"2 (the "SEC's Priorities"), in which the Regulators continue to recognize that cyber vulnerabilities pose threats to financial services firms, the financial markets and to individual investors and which serve as a reminder of firms' obligations to protect firm and customer information and to adopt written policies and procedures to address these issues.
FINRA's Priorities again reiterate that member firms should focus on cybersecurity preparedness, stressing that the evolving nature of cyberthreats requires its members' ongoing attention. FINRA explained: "[f]irms face risks from unauthorized internal and external access to customer accounts, online trading systems and asset transfer systems, as well as in the management of their vendor relationships." FINRA addressed its evaluation process, stating that it will evaluate a firm's approach to manage cybersecurity risks, focusing on one or more of these areas: "governance, risk assessment, technical controls, incident response, vendor management, data loss prevention, and staff training." FINRA also will consider the adequacy of protecting sensitive customer information and compliance with regulatory requirements, such as Regulation S-P. MORE