Cybersecurity

Given the evolving nature, increasing frequency, and mounting sophistication of cybersecurity attacks – as well as the potential for harm to investors, firms, and the markets – cybersecurity practices are a key focus for firms and FINRA.

FINRA evaluates firms’ approaches to cybersecurity risk management through reviews of their controls in areas including: technology governance, risk assessment, technical controls, access management, incident response, vendor management, data loss prevention, system change management, branch controls and staff training. Through these reviews, FINRA also assesses a firm’s ability to protect the confidentiality, integrity, and availability of sensitive customer information.

These pages are designed to assist a firm in building out its cybersecurity program by addressing the individual risks and discussing related controls needed to protect customer and firm confidential data. FINRA has updated this Cybersecurity page to include the following resources:

In case of a Disruptive Attack or Breach
Common Cybersecurity Threats
Events
Reports
Compliance Tools
FINRA Cybersecurity Contact

In Case of a Disruptive Attack or Breach

Firms should get to know their local Federal Bureau of Investigation (FBI) and proactively plan for a cybersecurity attack or breach.

In case your firm is the victim of a disruptive attack or breach, for instance your data has been accessed or your customers cannot do business, you should immediately report the incident to your:

If you need RANSOMWARE assistance, one helpful resource is CISA’s Stop Ransomware!

Unsuccessful and successful cyber-related incidents could require that a SAR be filed, for more information visit The Financial Crimes Enforcement Network (FinCEN)’s guidance.

Common Cybersecurity Threats

This section highlights some of the common cybersecurity threats faced by broker-dealers. In a number of cases, FINRA has observed that different types of attacks were coordinated and overlapped.

Phishing
Imposter Websites
Malware
Customer Account Takeover (ATO)
Firm Account Compromise or Takeover

Fraudulent Wires or ACH Transactions
Ransomware
Distributed Denial-of-Service (“DDoS”) Attacks
Vendor Breaches

Learn more about common cybersecurity threats

Events

Upcoming Events

2024 Cybersecurity Conference

February 6 | New York, NY | Hybrid Event

FINRA’s Cybersecurity Conference is a one-day, hybrid event that is designed to help you stay current on today’s cybersecurity challenges, understand vulnerabilities and latest threats and create resilience against cyber-attacks.

Past Events

2022 FINRA Annual Conference

May 16-18 | Washington, DC | Hybrid Event

FINRA's premier event—the Annual Conference provides the opportunity for practitioners, peers and regulators to exchange ideas on today's most timely compliance and regulatory topics.

2022 Cloud Computing Conference

March 30

This one-day conference brings together regulators, thought leaders and industry practitioners to discuss the use of Cloud Computing, and related opportunities and challenges.

2022 Cybersecurity Conference

March 29

FINRA’s Cybersecurity Conference helps you stay current on today’s cybersecurity challenges and the ways in which organizations can understand vulnerabilities and threats, and create resilience against cyber attacks.

FINRA Small Firm Conference: Cybersecurity Straight Talk

It is crucial that small financial firms take proper cybersecurity measures to protect their clients and firm. Join FINRA staff and industry panelists as they discuss the “why” behind threat-informed effective practices applicable to small firms, and how they can fit cybersecurity into their already overloaded schedule.

Moderator: David (Dave) Kelley, FINRA Member Supervision

Panelists: Peter Falco, Financial Services Information Sharing and Analysis Center (FS-ISAC) Jennifer Szaro, CRCP^®, XML Securities, LLC

Compliance Tools

Small Firm Cybersecurity Checklist
FINRA has created a Checklist for a Small Firm's Cybersecurity Program to assist small firms in establishing a cybersecurity program.

Compliance Vendor Directory (CVD)
In an effort to provide enhanced compliance tools and resources, FINRA has developed the Compliance Vendor Directory (CVD). The FINRA CVD is designed to give firms more options in locating vendors that provide compliance-related offerings, including cybersecurity vendors and services.

Core Cybersecurity Threats and Effective Controls for Small Firms
This tool helps small firms enhance their customer information protection, and cybersecurity written supervisory programs and related controls by (1) highlighting the most common and recent categories of cybersecurity threats; (2) providing a summary of effective core controls; and (3) listing relevant terms and additional resources.

Report on Selected Cybersecurity Practices
The Report on Selected Cybersecurity Practices – 2018 is a detailed review of effective information-security controls at securities firms. The report is designed to help broker-dealers – including small firms – further develop their cybersecurity programs. The report addresses areas that firms tend to find most challenging: cybersecurity controls in branch offices; methods of limiting phishing attacks; identifying and mitigating insider threats; elements of a strong penetration-testing program; and establishing and maintaining controls on mobile devices.

Report on Cybersecurity Practices
In 2014 and 2011, FINRA reviewed firms' cybersecurity practices to better understand the types of cybersecurity threats firms face and how they counter these threats. This report highlights effective practices in the industry and discusses a risk management-based approach to cybersecurity.

Non-FINRA Resources
FINRA has assembled a list of industry and governmental cybersecurity resources that firms may use to manage their cybersecurity risk.

FINRA Rules Related to Cybersecurity

SEC Rules Related to Cybersecurity

248.201-202. Regulation S-ID: Identity Theft Red Flags
248.1-100. Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Personal Information
240.17a-4(f). The Securities Exchange Act of 1933 (17 CFR §240.17a-4(f)) requires firms to preserve electronically stored records in a non-rewriteable, non-erasable format.

Regulatory Notice 22-29
FINRA Alerts Firms to Increased Ransomware Risks
12/14/2022
Regulatory Notice 21-42
FINRA Alerts Firms to “Log4Shell” Vulnerability in Apache Log4j Software
12/14/2021
Regulatory Notice 21-30
FINRA Alerts Firms to a Phishing Email Campaign Using Multiple Imposter FINRA Domain Names
08/13/2021
Regulatory Notice 21-29
FINRA Reminds Firms of their Supervisory Obligations Related to Outsourcing to Third-Party Vendors
08/13/2021
Regulatory Notice 21-22
FINRA Alerts Firms to Phishing Email From “FINRA Support” From the Domain Name “westour.org”
06/23/2021
Regulatory Notice 21-20
FINRA Alerts Firms to Phishing Email Using “gateway-finra.org” Domain Name
06/07/2021
Regulatory Notice 21-18
FINRA Shares Practices Firms Use to Protect Customers From Online Account Takeover Attempts
05/12/2021
Regulatory Notice 21-14
FINRA Alerts Firms to Recent Increase in ACH “Instant Funds” Abuse
03/25/2021
Regulatory Notice 21-08
FINRA Alerts Firms to Phishing Email Using “finra-online.com” Domain Name
03/04/2021
Regulatory Notice 20-40
FINRA Alerts Firms to Phishing Email Using Invest-FINRA.org Domain Name
11/30/2020
Information Notice - 10/15/20
Cybersecurity Background: Authentication Methods
10/15/2020
Regulatory Notice 20-35
FINRA Alerts Firms to Phishing Email Requesting Them to Respond to Fraudulent FINRA Survey
10/06/2020
Regulatory Notice 20-32
FINRA Reminds Firms to Be Aware of Fraudulent Options Trading in Connection With Potential Account Takeovers and New Account Fraud
09/17/2020
Regulatory Notice 20-30
Fraudsters Using Registered Representatives Names to Establish Imposter Websites
08/20/2020
Regulatory Notice 20-27
FINRA Alerts Firms to Use of Fake FINRA Domain Name
08/12/2020
Regulatory Notice 20-13
FINRA Reminds Firms to Beware of Fraud During the Coronavirus (COVID-19) Pandemic
05/05/2020
Regulatory Notice 20-12
FINRA Warns of Fraudulent Phishing Emails Purporting to be from FINRA
05/04/2020
Information Notice – 3/26/20
Cybersecurity Alert: Measures to Consider as Firms Respond to the Coronavirus Pandemic (COVID-19)
03/26/2020
Information Notice – 10/2/19
Cybersecurity Alert: Cloud-Based Email Account Takeovers
10/02/2019
Information Notice – 4/29/19
Imposter Websites Impacting Member Firms
04/29/2019
Information Notice – 2/13/19
FINRA Warns of Fraudulent Phishing Emails Targeting Member Firms
02/13/2019
Information Notice – 6/19/15
Distributed Denial of Service (DDoS) Attacks on Member Firms
06/19/2015
Information Notice 2/9/12
FINRA Warns Firms of Hoax Emails That Purport to Be From Regulators
02/29/2012
Regulatory Notice 12-05
Verification of Emailed Instructions to Transmit or Withdraw Assets From Customer Accounts
01/26/2012
Notice to Members 05-48
Members' Responsibilities When Outsourcing Activities to Third-Party Service Providers
07/22/2005

Guidance
Cybersecurity Alert - LockBit (Threat Actor)
LockBit, one of the most deployed ransomware variants in recent years, continues to impact organizations across the globe, including FINRA member firms. Since November of 2023, FINRA has received reports from several member firms related to cyber incidents allegedly perpetrated by LockBit. The reported incidents varied in severity from no impact to significant disruptions in firms’ business operations. As a result, the Cyber and Analytics Unit (CAU) within FINRA’s Member Supervision Program is notifying firms of the increased activity of this threat actor to heighten awareness and visibility of this risk. CAU is also providing a compilation of resources that outline effective practices firms may consider in response to this elevated risk.
January 25, 2024
Guidance
Cybersecurity and Technology Management
The Cybersecurity and Technology Management topic of the 2024 FINRA Annual Regulatory Oversight Report (the Report) informs member firms’ compliance programs by providing annual insights from FINRA’s ongoing regulatory operations, including (1) regulatory obligations and related considerations, (2) findings and effective practices, and (3) additional resources.
January 09, 2024
Guidance
Cybersecurity Advisory - FINRA Holiday Cybersecurity Practices
With the holiday season upon us and 2023 coming to an end, FINRA’s Cyber and Analytics Unit (CAU) would like to remind member firms to prepare for cyber threats and attacks that may occur around the holidays. Member firms and their vendors should consider reviewing and validating their Written Supervisory Procedures (WSPs), continuing to educate their employees with respect to cybersecurity and effective practices, and testing incident response plans (IRPs) to prepare for, prevent, or recover from an incident.
December 12, 2023
Guidance
Potential Phishing Attacks Related to Okta Customer Support System
FINRA’s Cyber and Analytics Unit (CAU) is highlighting an Okta data breach spanning from September 28 to October 17, 2023 that impacts Okta customer support system users. Okta reported that threat actors downloaded names and email addresses, along with other relevant metadata, of their customer support system users. The information could be leveraged in phishing or other social engineering attacks and potentially lead to the targeting of firm personnel in an Okta administrator or customer support role.
December 11, 2023
Guidance
Cybersecurity Advisory - FINRA Highlights Effective Practices for Responding to a Cyber Incident
The prevalence of cybersecurity incidents continues to increase at FINRA member firms. As a result of the continued proliferation of cybercrime, the Cyber and Analytics Unit (CAU) within FINRA’s Member Supervision program is issuing this advisory to highlight effective practices and considerations for member firms when responding to cyber incidents, including the benefits of voluntarily reporting information related to the incident to various entities.
November 30, 2023
Guidance
Cybersecurity Alert - FINRA Notifies Members of Joint CISA & FBI Cybersecurity Advisory (AA23-320A)
Due to increased reports related to cyber incidents occurring at FINRA member firms which have been attributed to specific threat actors, the Cyber and Analytics Unit (CAU) within FINRA’s Member Supervision Program is highlighting a recent joint Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) Cybersecurity Advisory published on November 16, 2023, which may be updated as new intelligence is uncovered.
November 17, 2023
Guidance
FINRA Cyber Alert – High-Risk Vulnerabilities Related to Citrix NetScaler Products
FINRA is highlighting recently reported vulnerabilities that impact Citrix NetScaler services including NetScaler ADC and NetScaler Gateway. Threat actors can exploit these vulnerabilities to exfiltrate sensitive information and to infect data and systems with ransomware. These Citrix services are typically used in support of internet-based application systems, to balance and manage incoming requests, and to enhance security and resiliency.
November 10, 2023
Report / Study
Quantum Computing and the Implications for the Securities Industry
/**/
Quantum mechanics is a branch of physics that deals with the complex properties of atoms and sub-atomic particles.² Quantum computing leverages the principles of quantum mechanics to solve problems too large or complex for traditional computers.
October 30, 2023
Guidance
Cybersecurity Alert - Ongoing Phishing Campaign
This notification is to warn member firms of an ongoing phishing campaign that involves fraudulent emails purporting to be from FINRA and using the domain name “@rfs-finra.org”.
October 13, 2023
Guidance
FINRA Cybersecurity Advisory - SEC Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies (Exchange Act Release No. 97989)
The Cyber and Analytics Unit (CAU) within FINRA’s Member Supervision program is highlighting the new SEC rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure that were adopted on July 26, 2023. The SEC adopted final rules requiring disclosure of material cybersecurity incidents on Form 8-K and periodic disclosure of a registrant’s cybersecurity risk management, strategy and governance in annual reports.
September 21, 2023
Guidance
Cybersecurity Alert - FINRA Notifies Member Firms of Joint CISA & FBI Cybersecurity Advisory (AA23-242A)
FINRA is highlighting a recent joint Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) Cybersecurity Advisory published on August 30, 2023, which may be updated as new intelligence is uncovered.
August 31, 2023
Guidance
Cybersecurity Alert - FINRA Notifies Member Firms of FBI Flash (AC-000172-TT)
FINRA is highlighting a recent Federal Bureau of Investigation (FBI) Flash published on August 23, 2023. According to the FBI Flash, all exploited Barracuda Email Security Gateway (ESG) appliances, even those with up-to-date security patches, remain at risk for continued computer network compromise from threat actors exploiting a zero-day vulnerability documented in CVE-2023-2868.
August 28, 2023
Guidance
Cybersecurity Alert: FINRA Notifies Member Firms of CISA Advisory (AA23-158A)
Impact: All Firms

Update (June 22, 2023): The link to the Advisory issued by CISA on June 7, 2023 has been updated to reflect CISA’s current guidance.

Firms should review this information with any vendors who provide information technology services to the firm.
June 16, 2023
Guidance
Cybersecurity Alert - FINRA Notifies Member Firms of CISA Advisory (AA23-165A)
Impact: All Firms

Firms without dedicated information security professionals may wish to review this information with any vendors who provide those services to the firm.
June 15, 2023
Guidance
Insider Threats – Effective Controls and Practices
Overview

This publication outlines emerging insider threat risks and helps member firms identify, prevent, detect, and respond to these threats, including:
April 18, 2023
Guidance
Cybersecurity Alert - Ongoing Phishing Campaign
Impact: All Firms

This notification is to warn member firms of an ongoing phishing campaign that involves fraudulent emails purporting to be from FINRA and using the domain names “@finrarps.org” or “@finrarps.net”. The domains of “finrarps.org” and “finrarps.net” are not connected to FINRA, and firms should delete all emails originating from these domains. Member firms should be aware that they may receive similar phishing emails from other domain names in addition to those identified in this Alert.

The email from “finrarps.org” states:
April 04, 2023
Guidance
FINRA Provides Update on Sweep: Social Media Influencers, Customer Acquisition and Related Information Protection
This follow-up to the September 2021 targeted exam (sweep) of firms’ practices related to their acquisition of customers through social media channels and their sharing of customers’ usage information with affiliates and non-affiliated third parties summarizes selected practices FINRA has observed firms implement to this point in the sweep.
February 28, 2023
Guidance
Cybersecurity Alert - Ongoing Phishing Campaign
This notification is to warn member firms of an ongoing phishing campaign that involves fraudulent emails purporting to be from FINRA and using either the domain name “@finra.eu” and “@finrarec.com”. Samples of both emails are provided in Appendices 1 and 2.

The domains of “finra.eu” and “finrarec.com” are not connected to FINRA, and member firms or their customers may receive similar phishing emails from other domain names in addition to those identified in this Alert.
February 23, 2023
Guidance
Cybersecurity Alert - Ongoing Phishing Campaign
This email is to warn member firms of an ongoing phishing campaign that involves fraudulent emails purporting to be from FINRA and using the domain name “@filling-regfinra.com”. The domain of “filling-regfinra.com” is not connected to FINRA, and firms should delete all emails originating from this domain. Member firms should be aware that they may receive similar phishing emails from other domain names in addition to those identified in this Alert.

The email states:

Dear Name,

I hope all is well!
November 15, 2022
Media Center
Introducing FINRA's Complex Investigations and Intelligence team and Cyber and Analytics Unit
The new Complex Investigations and Intelligence (CII) team and Cyber and Analytics Unit (CAU) are driving a shift in terms of how Member Supervision’s National Cause and Financial Crimes Detection Program comes at its work and leverages intelligence and analytics to drive decision making and operations. On this episode, we hear how these changes will help FINRA better deliver on its mission of investor protection, market integrity.
August 09, 2022
Guidance
Cybersecurity Alert - June 16, 2022
This email is to warn member firms of an ongoing phishing campaign that involves fraudulent emails purporting to be from FINRA and using either the domain name “@firms-finra.org” or “@firms-sipc.org”. Neither of these domains is connected to FINRA and firms should delete all emails originating from these domain names.
June 16, 2022
Guidance
Cybersecurity Alert - FINRA Notifies Member Firms of Microsoft Alert (CVE-2022-30190)
FINRA’s National Cause and Financial Crimes Detection (NCFC) Cyber and Analytics Unit (CAU) has noted a recent alert issued by Microsoft on May 30, 2022.
June 03, 2022
Guidance
Cybersecurity Alert - FINRA Notifies Member Firms of CISA Alert (AA22-110A)
The Cyber and Analytics Unit (CAU) within FINRA’s National Cause and Financial Crimes Detection (NCFC) program would like to highlight an alert issued by the Cybersecurity & Infrastructure Security Agency (CISA) on April 20, 2022.
May 02, 2022
Guidance
Cybersecurity Alert - April 27, 2022
On April 25, FINRA issued an alert to member firms which highlighted a phishing attack using the domain name “@claims-finra.org”. This alert is to warn you about a new, potentially related, phishing attack also purporting to be from FINRA.
April 27, 2022
Guidance
Cybersecurity Alert - April 25, 2022
This email is to warn member firms of an ongoing phishing campaign that involves fraudulent emails purporting to be from FINRA and using the domain name “@claims-finra.org.” The domain of “claims-finra.org” is not connected to FINRA and firms should delete all emails originating from this domain name.
April 25, 2022
Technical Notice
FINRA Statement Regarding Spring4Shell
FINRA is aware of the critical Spring4Shell vulnerability and has taken immediate steps to neutralize the risk.
April 04, 2022
Guidance
Cybersecurity Alert - March 21, 2022
The Cyber and Analytics Unit (CAU) within FINRA’s National Cause and Financial Crimes Detection (NCFC) program is highlighting a statement released today by President Biden regarding possible threats to our nation’s cyber security, urging private sector companies to remain vigilant and harden their cyber defenses "immediately" based on "evolving intelligence that the Russian Government is exploring options for potential cyberattacks." The President
March 21, 2022
Guidance
Cybersecurity Alert - February 15, 2022
The Cyber and Analytics Unit (CAU) within FINRA’s National Cause and Financial Crimes Detection (NCFC) program would like to bring an important cyber-related development to your attention. The Cybersecurity & Infrastructure Security Agency (CISA) and the FBI issued a “Shields Up” warning this week regarding potential Russian cyberattacks to target U.S. organizations related to Russia’s potential destabilizing actions against Ukraine. CISA advised that while there are not currently any specific credible threats to the U.S., they recommend that all organizations, namely U.S.
February 15, 2022
Report / Study
Cloud Computing in the Securities Industry
Cloud computing is transforming how broker-dealers operate by providing opportunities to enhance agility, efficiency, resiliency and security within firms’ technology and business operations while potentially reducing costs. As a result, cloud computing is increasingly seen by many firms as an important architectural component to their infrastructure.
August 16, 2021
Compliance Tools
Small Firm Cybersecurity Checklist
Protecting investors means protecting their data, too. Our Small Firm Cybersecurity Checklist supports small firms in establishing a cybersecurity program to:
July 12, 2021
Podcast
Overlapping Risks, Part 1: Anti-Money Laundering and Cybersecurity
Firm regulatory risks and priorities don't exist in a vacuum. And that is perhaps nowhere clearer than when it comes to a firm's anti-money laundering responsibilities. A firm's AML risks can overlap with any number of other priorities. On this episode, the first of a two-part series, we look at the overlapping risks of AML and cybersecurity.
October 27, 2020
Podcast
Introducing Greg Ruppert and the National Cause and Financial Crimes Detection Programs
Between the level of interconnectedness on the web and the sheer about of data available, we’re living in an era ripe for the perpetration of financial fraud. That makes it more important than ever for FINRA to have a holistic view of emerging trends and risks—and the ability to coordinate closely with other regulators and law enforcement. FINRA’s new National Cause and Financial Crimes Detection Programs (NCFC) will be the nerve center to do just that.
May 26, 2020
Virtual Conference Panel
How to Protect Yourself and Your Firm From Cyberattacks When Working From Home During COVID-19
Join FINRA staff and industry panelists as they provide examples of effective controls and tools their firms have put into place to monitor and address cybersecurity risks.
May 19, 2020
Guidance
Common Cybersecurity Threats
This article highlights some of the common cybersecurity threats faced by broker-dealers. In a number of cases, FINRA has observed that different types of attacks were coordinated and overlapped.
July 09, 2019
A Few Minutes With FINRA
A Few Minutes With FINRA: Report on Selected Cybersecurity Practices – 2018
FINRA’s Senior Vice President of Member Relations and Education Chip Jones, leads a discussion with Chief Information Security Officer John Brady, Senior Director Steve Polansky and Kansas City Surveillance Director Dave Kelley, on FINRA’s 2018 report on selected cybersecurity practices. The discussion includes an overview of the report, which highlights effective practices in five challenging areas that firms should consider to strengthen and further develop their cybersecurity programs—as well as core cybersecurity controls for small firms. (30 min. 17 sec.)
December 20, 2018
Podcast
Bits & Bytes: A Look at Effective Cybersecurity Practices
Cybersecurity is a major challenge for everyone – but it can be a particularly big challenge for those in the financial industry. That’s why FINRA released a new report highlighting effective cybersecurity practices for FINRA member firms. Learn more in this episode of FINRA Unscripted.
December 20, 2018
Report / Study
2018 Report on Selected Cybersecurity Practices
This report continues FINRA’s efforts to share information that can help brokerdealer firms further develop their cybersecurity programs. Firms routinely identify cybersecurity as one of their primary operational risks. Similarly, FINRA continues to see problematic cybersecurity practices in its examination and risk monitoring program. This report presents FINRA’s observations regarding effective practices that firms have implemented to address selected cybersecurity risks while recognizing that there is no one-size-fits-all approach to cybersecurity.
December 01, 2018
Podcast
Cybersecurity Awareness Month: Stay Connected and Protected
In an era when much of our lives happen online, cybersecurity is more important than ever. But what do you do to protect your personal information? We all have a role to play in keeping ourselves secure. This National Cybersecurity Awareness Month, tune in to learn more about how you can keep yourself, your family and your clients safe online.
October 23, 2018
Podcast
Combatting Cybersecurity Threats
From banking and investing to social media and shopping, the internet is an essential part of our daily lives. That means cybersecurity is more important than ever. That is particularly true for FINRA, which can process up to 99 billion records in a single day. Here, John Brady explains how FINRA stays cyber secure.
February 27, 2018
Guidance
Cybersecurity Experts Gather for FINRA Conference
Cybersecurity experts and regulators gathered in New York City on February 22, 2018 to focus on key ways the financial services industry can maintain cybersecurity.
February 26, 2018
Compliance Tools
Non-FINRA Cybersecurity Resources
FINRA has assembled a list of resources that firms may use to manage their cybersecurity risk. These resources include: news and analysis; effective practices and guidance; and free diagnostic tools...
October 25, 2016
Guidance
Targeted Examination Letter on Cybersecurity
FINRA is conducting an assessment of firms’ approaches to managing cyber-security threats. FINRA is conducting this assessment in light of the critical role information technology (IT) plays in the securities industry, the increasing threat to firms’ IT systems from a variety of sources, and the potential harm to investors, firms, and the financial system as a whole that these threats pose.
January 01, 2014
Compliance Tools
Core Cybersecurity Threats and Effective Controls for Small Firms
Overview

The following tool identifies key cybersecurity risks currently facing small firms and helps them enhance their customer information protection, and cybersecurity written supervisory programs (WSPs) and related controls, including:
Compliance Tools
Firm Checklist for Compromised Accounts
What should your firm do after it discovers that customers’ accounts have been compromised?

FINRA Publishes 2022 Report on Exam and Risk Monitoring Program
February 09, 2022
New FINRA Report: Diversity of Cloud Computing Models Among Broker-Dealers Raises Opportunities and Challenges for the Securities Industry
August 16, 2021
FINRA Publishes Report on Selected Cybersecurity Practices – 2018
December 20, 2018
FINRA Fines 12 Firms a Total of $14.4 Million for Failing to Protect Records From Alteration
December 21, 2016
FINRA Fines Scottrade $2.6 Million for Significant Failures in Required Electronic Records and Email Retention
November 16, 2015
FINRA Issues Report on Cybersecurity Practices, Cybersecurity Investor Alert
February 03, 2015
FINRA Warns Investors of Email Hack Attacks
January 26, 2012
FINRA Warns Public of Scam Using Fake FINRA Emails in "Phishing" Scheme
October 05, 2009
FINRA Fines Centaurus Financial $175,000 for Failure to Protect Confidential Customer Information
April 28, 2009
FINRA Warns Job Seekers About Online Classifieds Scams Aimed at Identity Theft, Financial Fraud
May 12, 2008

Investor Education
Artificial Intelligence (AI) and Investment Fraud
The SEC, NASAA and FINRA are jointly issuing this Investor Alert to make investors aware of the increase of investment frauds involving the purported use of artificial intelligence (AI) and other emerging technologies. Bad actors are using the growing popularity and complexity of AI to lure victims into scams. Here are a few things to look out for to help you keep your money safe from these frauds.
Investor Education
Investor Alert: Social Media ‘Investment Group’ Imposter Scams on the Rise
FINRA has seen a recent significant spike in investor complaints resulting from recommendations made by fraudulent “investment groups” promoted through social media channels. Complaints describe bad actors, posing as registered investment advisers, who advertise “stock investment groups” on Instagram and other social media channels and then turn to encrypted group chats on WhatsApp to communicate with interested investors and pitch investments.
Investor Education
Pretexting: Fact or Fiction?
Pretexting is a tactic that hinges on telling a compelling—but fake—story. Hackers attempt to deceive their targets by establishing a false sense of trust, using a fabricated story, or pretext, to get you to download malware, send money or share sensitive information, to name a few examples. Here are some of ways you might be targeted—and how you can thwart an attempt to coax you into believing a bogus story.
Investor Education
Phishing Scams: Stay Clear of the Bait
Phishing scams typically involve emails that falsely claim to be from a financial institution, credit card company or other familiar organization or service. Most of these emails attempt to lure you into providing sensitive personal information by requesting that you reply to the email or click on a link that mimics a legitimate website.
Investor Education
Are You Staying Cyber Safe? 8 Tips for Securing Your Financial Accounts
Financial institutions have an obligation to safeguard your personal financial information, but you have an important role to play as well. Understanding how customer account takeover incidents and theft of personal financial information might occur and taking steps to minimize your risk can make a difference.
Investor Education
Beware of Broker Imposter Scams
While impersonation scams are not new, surprising new variants arise every day. Regulators have observed an increase in cyber-related incidents, including fraudsters creating fake websites using the names and professional details of actual industry professionals (who have no connection to the imposter sites).
Investor Education
Safeguarding Your Financial Information: An Identity Theft Prevention Checklist
Use this checklist to safeguard your sensitive information and help keep identity thieves at bay.