The 'Tug of War' Over Cyber/Data Security

Clarifying responsibilities and correcting assumptions related to data liability, examination requirements and breach response.

By now, the awareness to better define and document protection of critical information, strengthen data security procedures as well as integrate incident response plans is well understood at all levels of business. Recent breaches (Target, Disney, OPM) only confirm such and lead to significant legislative and regulatory actions including those recently by FINRA and the SEC.

The 2016 FINRA Regulatory and Examinations Priorities Letter raised the bar for expectations of IBDs and their advisors.  Requirements, now closely resembling previous SEC guidance, now demand comprehensive policies and procedures, testing and the training of associated and involved persons, as well as documented and proven incident response plans.  These new expectations flush to the surface many previously overlooked, misunderstood, or un-addressed issues.  Below are the top 5, in no particular order, based on actual client feedback:  MORE