The potential hacking of sensitive customer information is a top threat facing the financial industry in 2014, according to the Financial Industry Regulatory Authority (FINRA) in its “2014 Regulatory and Examination Priorities” letter to financial firms released in January. FINRA, the largest independent regulator for all securities firms doing business in the United States, highlighted increased cybersecurity, along with anti-money laundering programs, additional disclosure practices, and several other activities, as the primary defenses to protect the financial industry in 2014.
Cybersecurity was identified as a top priority because of ongoing cybersecurity issues across the financial services industry, such as the recent Target security breach which compromised 40 million customers credit and debit card information. “Many of the nation’s largest financial institutions were targeted for disruptions through a range of different types of attacks,” which appear to be increasing, according to the letter.
Additionally, FINRA is concerned about the integrity of financial firms’ infrastructure and safety and security of sensitive customer data that is vulnerable to hackers. The authority may take action later in the year to evaluate controls on that sensitive data through examinations and targeted investigations, the letter said.
Also identified as a top concern for the financial industry is money laundering and FINRA plans to focus on anti-money laundering tactics with institutional business in 2014. The authority identified a misconception among some executing brokers that the Customer Identification Program (CIP) requirements—which require banks to form a reasonable belief that they know the true identity of each customer—do not apply to delivery versus payment/receipt versus payment (DVP/RVP) customers. FINRA asserts that the CIP requirements do apply and that the executing broker is responsible for implementing the requirements for these customers, who were identified as responsible for a new trend in money laundering in the past year.
“Depending on the nature of the account and the risks associated with it, firms may conduct additional due diligence on this type of account [DVP/RVP] and obtain information on the individuals with authority or control over the account,” the letter said. It also recommended that all firms develop a risk-based anti-money laundering program to address the risk of money laundering specific to their firm. “Firms that have high-risk customer bases should tailor their programs around the specific risks of those customers, including the types of customers, where its customers are located, and the types of services they offer to those customers.” To read more about these challenges, or to read the 2014 letter in full, visit www.finra.org and click on the News Releases tab.