FINRA found that a large number of member firms had shortcomings. These included: insufficient vendor controls, access management, change management supervision, system testing and data loss prevention. In some cases this caused violations of FINRA and SEC rules. Firms are advised to evaluate their supervisory controls for the vendor relationship lifecycle to ensure compliance with SEC requirements to protect the security and confidentiality of customer information.
Due Diligence: FINRA Guidance on Supervising Vendor Cybersecurity
Related Posts
University of Michigan Data Breach
The recent cyberattack on the University of Michigan, where sensitive employee and student data fell victim to a…
Irish National Police Data Leak Highlights Third-Party Risk
The recent data breach incident involving the Irish National Police. This breach underscores the critical importance of addressing…
California Enacts New Delete Act to Strengthen Data Privacy
We are thrilled to share a significant development in data privacy regulation. California has taken a momentous step…