Feb. 7 --The Financial Industry Regulatory Authority has sent targeted sweep letters to almost 20 broker-dealers querying their approaches to managing cybersecurity risks, a spokesperson told Bloomberg BNA Feb. 7.
Among other questions, the survey asks the firms about their:
• approaches to information technology risk assessment;
• business continuity plans in case of a cyber-attack;
• organizational structures and reporting lines; and
• processes for sharing and obtaining information about cybersecurity threats.
Michelle Ong said the letters were sent to a “diverse group of firms with different business models.”
Cybersecurity has become a top regulatory concern in the wake of high profile attacks on Target Corp. (20 SLD, 1/30/14), Neiman Marcus and other companies.
FINRA posted the sweep notice on its website Feb. 6. It said in the notice that it wants to better understand the types of cyber threats firms face, and their “risk appetite, exposure and major areas of vulnerabilities.” FINRA said it will share the survey findings with its members where appropriate.
FINRA and other regulators, including the Securities and Exchange Commission, conduct targeted examinations--known as sweeps--to gather information and to facilitate investigations. Data gathered from sweep letters--which are sent to select regulated entities based on various factors--helps the regulators focus their exams and learn more about emerging issues.
In January, Jane Jarcho, NEP national associate director, said SEC examiners will be reviewing the resources expended by registrants on information security, their policies to ensure regular assessment of cybersecurity risks, and their policies to prevent, detect and respond to cyber attacks (21 SLD, 1/31/14). The examiners also will look at registrants' plans for identity theft, lost information and business continuity, Jarcho said.
To contact the reporter on this story: Yin Wilczek in Washington at email@example.com
To contact the editor responsible for this story: Susan Jenkins at firstname.lastname@example.org
FINRA's sweep notification is available at http://www.finra.org/Industry/Regulation/Guidance/TargetedExaminationLetters/P443219.
White's testimony is available at http://www.sec.gov/News/Testimony/Detail/Testimony/1370540757488#.UvVcWJUo61s.
To view additional stories from Bloomberg Law® request a demo now