Industry Risks and Threats – Resources for Member Firms

FINRA provides extensive resources to assist member firms with managing and addressing risks and threats that could pose harm to their business, compliance programs and investors, including:

Highlights on the recent risks FINRA observed in our regulatory programs;
Observations from recent targeted exams (sweeps) on emerging industry issues and related regulatory obligations; and
Other FINRA resources, including those that represent particularly significant ongoing and emerging threats to firms and investors – such as cybersecurity, fraud, anti-money laundering (AML) and sanctions.

Member firms may consider using these resources to help them evaluate and enhance their supervisory and compliance programs. However, these resources do not create new legal or regulatory requirements or new interpretations of existing requirements, nor do they relieve firms of any existing obligations under federal securities laws and regulations. Member firms may consider the following information when developing new, or modifying existing, practices that are reasonably designed to achieve compliance with relevant regulatory obligations based on the member firm’s size and business model.

RECENT HIGHLIGHTS – INSIDER THREAT RISKS AND CONTROLS

FINRA has recently observed an increase in the frequency, sophistication and variety of threat incidents (i.e., instances where firm employees, advertently or inadvertently, use their access to firms’ systems and data to cause harm to firms, their investors or both).

In response, FINRA summarizes effective controls and practices we have observed firms employ to manage insider threat risks, as well as relevant questions for consideration that firms may use to evaluate their current insider threat programs.

Sweep Updates

FINRA conducts targeted exams, or sweeps, to review firms' conduct relating to certain emerging industry issues and help focus our regulatory responses.

To support our ongoing goals of transparency with the industry and help firms continually improve their compliance programs, FINRA publishes sweep letters and provides updates to share initial themes from our reviews. Most recently, we provided updates on four of our most significant sweeps, including:

FINRA Provides Update on Sweep: Crypto Asset Communications – NEW IN JANUARY 2024

This update summarizes initial themes from this targeted exam and poses questions for firms to consider if they use retail communications concerning Crypto Assets, including:

accuracy of statements or claims; and
fair and balanced presentation.

Member firms may consider the information in this update in developing new, or modifying existing, policies and procedures that are reasonably designed to achieve compliance with relevant regulatory obligations based on the member firm’s size, business model, or practices.

The update also provides links to additional resources.

FINRA Provides Update on Sweep: Special Purpose Acquisition Companies (SPACs)

The update highlights a number of initial themes from our reviews of firms’ offering of, and services provided to, SPACs and their affiliates (e.g., sponsors, principal stockholders, board members, and related parties) and includes questions for firms to consider as they evaluate whether their supervisory systems are reasonably designed to address risks of their SPAC-related activities, including:

reasonable investigation of the issuers and the securities they recommend, including SPACs;
underwriting compensation and disclosures;
identifying, addressing and disclosing potential or actual conflicts of interest when underwriting or recommending transactions in SPACs; and
firms’ supervisory systems, procedures, processes, and controls for underwriting and recommending transactions in SPACs.

FINRA Provides Update on Sweep: Social Media Influencers, Customer Acquisition and Related Information Protection

This update focuses on firms’ practices and supervisory systems regarding their social media influencer and referral programs, such as maintaining:

Written supervisory procedures (WSP) that differentiate between social media influencer and referral programs and address firms’ obligations under Regulation S-P;
Written policies regarding social media influencer and referral program participants’ compensation and conduct; and
Written policies regarding sharing customer information with third parties (including permitting customers to opt out of information sharing).

FINRA Provides Update on Sweep: Option Account Opening, Supervision and Related Areas

This update includes questions for consideration for members – based on FINRA’s observations to this point in its review – to help firms evaluate whether their supervisory systems adequately address risks related to supervising the approval of options accounts and monitoring the trading activity in options accounts, including questions addressing:

Processes for collecting and reviewing customer information;
Disclosures about options trading; and
Supervision of approved options accounts.

Compliance Resources on Key Risks and Threats

The sections below provide select resources on ongoing and emerging risks in areas that may present significant threats to member firms and investors.

2024 FINRA Annual Regulatory Oversight Report – Financial Crime and Related Risks

The 2024 FINRA Annual Regulatory Oversight Report includes several updates to its Financial Crime section, which is focused on helping firms address financial crime and other industry risks and emerging threats:

Cybersecurity

FINRA has recently seen an increase in the frequency and sophistication of cyberattacks – such as imposter websites and phishing campaigns – that target member firms, their customers and their employees. FINRA responds to these attacks, in part, by promptly issuing cybersecurity alerts or notices to warn firms.

New Cybersecurity Rules

In July 2023, the SEC adopted rules requiring public reporting companies to disclose:

material aspects of cybersecurity incidents they experience (e.g., nature, scope, timing, material impact) within four business days after the firm determines the incident is material; and
material information regarding their cybersecurity risk management, strategy and governance on an annual basis.
For additional guidance, please see the FINRA Cybersecurity Advisory – SEC Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies.

In addition, in March 2023, the SEC proposed a cybersecurity risk management rule that, if adopted, would require member firms and other market participants to address cybersecurity risks, including by:

establishing, maintaining and enforcing written policies and procedures that are reasonably designed to address cybersecurity risks; and
providing the SEC with immediate written electronic notice of significant cybersecurity incidents.

Member firms that are “covered entities” would further be required to:

include minimum specified elements in their written cybersecurity policies and procedures;
report to the SEC and update information about significant cybersecurity incidents; and
publicly disclose summary descriptions of their cybersecurity risks and the significant cybersecurity incidents they experienced during the current or previous calendar years.

Phishing Campaigns

FINRA has observed and quickly responded to address several phishing campaigns that involve fraudulent emails claiming to be from FINRA, such as those that:

FINRA promptly issued cybersecurity alerts to warn firms, worked with firms to suspend domain names, where applicable, and helped to suspend these phishing campaigns. Member firms should be aware that they may receive similar phishing emails from other domain names.

Alerts About Other Cybersecurity Risks

In certain situations, FINRA also shares alerts issued by other government and non-governmental organizations that concern potential cybersecurity attacks relevant to member firms:

Cybersecurity Alert - FINRA Notifies Member Firms of MOVEit Software Vulnerability (CVE-2024-5806) (June 27, 2024) [On June 25, 2024, Progress Software released the MOVEit Transfer Critical Security Alert Bulletin for CVE-2024-5806, a newly identified Critical Vulnerability, which was described as an Improper Authentication vulnerability in MOVEit Transfer, Secure File Transfer Protocol (SFTP) module and could lead to Authentication Bypass.]
Cybersecurity Alert – Lockbit (Threat Actor) (January 25, 2024) This alert highlights recent ransomware activity allegedly perpetrated by threat actor LockBit, and includes possible reasons behind the increase in this activity as well as effective practices that may reduce the likelihood and impact of a cyberattack by this threat actor.
Cybersecurity Alert - FINRA Notifies Members of Joint CISA & FBI Cybersecurity Advisory (AA23-320A) (November 17, 2023) This alert highlights a joint Cybersecurity & Infrastructure Security Agency (CISA) and FBI advisory issued in response to recent activity by the threat actor Scattered Spider, and includes the social engineering tactics leveraged by Scattered Spider as well as effective practices that may reduce the likelihood and impact of a cyberattack by this threat actor.
FINRA Cyber Alert – High-Risk Vulnerabilities Related to Citrix NetScaler Products (November 10, 2023) This alert highlights reported vulnerabilities that impact Citrix NetScaler services and are exploited by threat actors to exfiltrate sensitive information and infect data and systems with ransomware.
Cybersecurity Alert - FINRA Notifies Member Firms of Joint CISA & FBI Cybersecurity Advisory (AA23-242A) (August 31, 2023) This alert highlights a joint CISA and FBI advisory that describes the infrastructure of the ransomware Qakbot, warning signs of potential compromise and incident response recommendations.
Cybersecurity Alert - FINRA Notifies Member Firms of FBI Flash (AC-000172-TT) (August 28, 2023) This alert highlights an FBI Flash that warns how certain Barracuda Email Security Gateway appliances affected by a zero-day vulnerability – even those with up-to-date security patches – remain at risk for continued computer network compromise from threat actors.
Cybersecurity Alert: FINRA Notifies Member Firms of CISA Advisory (AA23-158A) (June 16, 2023) This alert notes an Advisory issued by the Cybersecurity & Infrastructure Security Agency (CISA) that helps firms better understand the tactics, techniques and procedures (TTPs) used by the Cl0p Ransomware Gang, which allegedly used a SQL injection vulnerability in MOVEit to obtain unauthorized control of an affected system.
Cybersecurity Alert - FINRA Notifies Member Firms of CISA Advisory (AA23-165A) (June 15, 2023) This alert notes an Advisory issued by CISA that helps firms better understand the TTPs used by affiliates of LockBit, a prominent ransomware variant.
FINRA Notifies Member Firms of Microsoft Alert (CVE-2022-30190) (June 3, 2022) This alert notes an update issued by Microsoft, which describes a remote code execution vulnerability related to the Microsoft Support Diagnostic Tool (MSDT) that can be used by a threat actor to run malicious code.
FINRA Notifies Member Firms of CISA Alert (AA22-110A) (May 2, 2022) This alert notes an update issued by CISA that warns organizations about potential malicious cyber activity due to economic sanctions the US and its allies and partners imposed upon Russia.

Other Cybersecurity Compliance Resources

Core Cybersecurity Threats and Effective Controls for Small Firms
This tool helps small firms enhance their customer information protection, and cybersecurity WSPs and related controls by (1) highlighting common categories of cybersecurity threats; (2) providing a summary of core controls; and (3) listing relevant terms and additional resources.
Cybersecurity Checklist
This checklist helps small firms establish and evaluate their data protection policies and controls.
Cybersecurity Alert - FINRA Notifies Member Firms of MOVEit Software Vulnerability (CVE-2024-5806) (June 27, 2024)
Cybersecurity Advisory – Social Engineering Attempts Impersonating FINRA
Cybersecurity Advisory - FINRA Highlights Effective Practices for Responding to a Cyber Incident
This advisory issued by the Cyber and Analytics Unit highlights effective practices and considerations for member firms when responding to cyber incidents, including the benefits of voluntarily reporting information related to the incident to various entities.
Cybersecurity Advisory - FINRA Holiday Cybersecurity Practices
This advisory issued by the CAU reminds member firms to prepare for cyber threats and attacks that may occur around the holidays and highlights effective practices firms may consider, such as reviewing and validating their Written Supervisory Procedures (WSPs), continuing to educate their employees with respect to cybersecurity and testing incident response plans (IRPs) to prepare for, prevent, or recover from an incident.
Cybersecurity Advisory - SEC Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies
The advisory issued by the CAU highlights the new SEC rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure that were adopted on July 26, 2023.
Firm Checklist for Compromised Accounts
This checklist includes practices and steps firms may consider if they learn that an unauthorized person may have gained access to customers’ accounts.

Recent Cybersecurity Threat Alerts and Notices – Phishing and Imposter Domain Names

Cybersecurity Alert – Ongoing Phishing Campaign Using FINRA Executives (April 4, 2024)
Potential Phishing Attacks Related to Okta Customer Support System (December 11, 2023)
Cybersecurity Alert - Ongoing Phishing Campaign (October 13, 2023)
@finrarps.org and @finrarps.net Phishing Alert (April 4, 2023)
@finra.eu and @finrarec.com Phishing Alert (February 23, 2023)
@filing-regfinra.com Phishing Alert (November 15, 2022)
@firms-finra.org or @firms-sipc.org Phishing Alert (June 16, 2022)
@claims-finra.org Phishing Alerts – April 25, 2022 and April 27, 2022
Regulatory Notice 21-42 (FINRA Alerts Firms to “Log4Shell” Vulnerability in Apache Log4j Software) (December 14, 2021)
Regulatory Notice 21-30 (FINRA Alerts Firms to a Phishing Email Campaign Using Multiple Imposter FINRA Domain Names) (August 13, 2021)
Regulatory Notice 21-22 (FINRA Alerts Firms to Phishing Email From “FINRA Support” From the Domain Name “westour.org”) (June 23, 2021)
Regulatory Notice 21-20 (FINRA Alerts Firms to Phishing Email Using “gateway-finra.org” Domain Name) (June 7, 2021)
Regulatory Notice 20-40 (FINRA Alerts Firms to Phishing Email Using “finra-online.com” Domain Name) (March 4, 2021)
Regulatory Notice 20-35 (FINRA Alerts Firms to Phishing Email Requesting Them to Respond to Fraudulent FINRA Survey) (October 6, 2020)

Podcasts

At, By or Through: Fraud in the Broker-Dealer Industry (April 2021)
This episode discusses recent fraud trends and how firms can work to protect themselves and their customers.
Encore | Overlapping Risks: Anti-Money Laundering and Cybersecurity (October 2021)
This episode covers the intersection of firms’ AML and cybersecurity risks, and how firms can best manage these risks.
Introducing FINRA's Complex Investigations and Intelligence team and Cyber and Analytics Unit (August 2022).
This episode introduces FINRA’s recently established Complex Investigations and Intelligence team and Cyber and Analytics Unit, and discusses how these new groups will help FINRA better deliver on its mission of investor protection and market integrity.

Regulatory Notices

Regulatory Notice 22-29 (FINRA Alerts Firms to Increased Ransomware Risks)
This Notice provides questions firms can use to evaluate their cybersecurity programs in light of the increased ransomware threat, lists possible additional firm controls and provides relevant resources.
Regulatory Notice 22-18 (FINRA Reminds Firms of Their Obligation to Supervise for Digital Signature Forgery and Falsification)
This Notice addresses the risks presented by signature forgeries and falsifications by identifying the relevant regulatory obligations, and describing the scenarios member firms reported to FINRA in which representatives forged or falsified customer signatures, as well as the methods firms used to identify the forgeries or falsifications.
Regulatory Notice 21-29 (FINRA Reminds Firms of their Supervisory Obligations Related to Outsourcing to Third-Party Vendors)
This Notice reminds firms about applicable regulatory obligations for vendor management; summarizes recent trends in examination findings, observations and disciplinary actions; and provides questions member firms may consider when evaluating their systems, procedures and controls relating to Vendor management.
Regulatory Notice 21-18 (FINRA Shares Practices Firms Use to Protect Customers From Online Account Takeover Attempts)
This Notice outlines the increase in ATO incidents observed in 2021; reiterates firms’ regulatory obligations to protect customer information; and discusses common challenges firms identified in safeguarding customer accounts against ATO attacks, as well as practices they find effective in mitigating risks from ATOs—including recent innovations—which firms may consider for their cybersecurity programs.
Regulatory Notice 21-14 (FINRA Alerts Firms to Recent Increase in ACH “Instant Funds” Abuse)
This Notice warns member firms of a sharp increase (as of March 2021) in new customers opening online brokerage accounts and engaging in Automated Clearing House (ACH) “instant funds” abuse to effect securities trading, and urges firms to evaluate and, as appropriate, mitigate the potential financial risk they face in light of the increase in “instant funds” abuse.
Regulatory Notice 20-32 (FINRA Reminds Firms to Be Aware of Fraudulent Options Trading in Connection With Potential Account Takeovers and New Account Fraud)
This Notice provides member firms and associated persons with information regarding options transactions in connection with these account takeover and new account fraud schemes to help identify, prevent and respond to such activity.
Regulatory Notice 20-30 (Fraudsters Using Registered Representatives Names to Establish Imposter Websites)
This Notice describes certain common characteristics of imposter websites and actions firms and registered representatives can take to monitor for and address these sites.

AML, Fraud and Sanctions

Moving Forward: FINRA's Anti-Money Laundering Actions in 2023

New account fraud, Russia-related sanctions and cyber-enabled fraud aren’t the only threats that FINRA’s Special Investigations Unit (SIU) keep their eye on. Read more about how the SIU flagged a host of emerging threats, and their proactive work with other units across FINRA’s regulatory operations and member firms.

Select Compliance Resources

Anti-Money Laundering (AML) Template for Small Firms
This template provides text examples, instructions, relevant rules, websites and other resources that help small firms develop an AML compliance program plan.
Frequently Asked Questions (FAQ) regarding Anti Money Laundering (AML)
This page provides answers to FAQs regarding FINRA Rule 3310 and firms’ AML requirements, including the required elements of firms’ AML compliance programs; whether firms’ AML compliance personnel have to be registered principals; how the Customer Identification Program (CIP) defines “account” and “customer”; and whether there are any exceptions from the Suspicious Activity Reporting (SAR) reporting requirement.

Podcasts

AML Update: The Latest Trends and Effective Practices (May 2022)
This episode covers recent trends and emerging threats relevant to AML and how firms can ensure their AML program remains strong and effective.
Overlapping Risks, Part 1: Anti-Money Laundering and Cybersecurity (October 2020)
This episode covers the intersection of firms’ AML and cybersecurity risks, and how firms can best manage these risks.
Overlapping Risks, Part 2: Anti-Money Laundering and Elder Exploitation (November 2020)
This episode discusses how firms’ AML risks may overlap with their efforts to protect senior investors from exploitation and fraud.
Beyond Hollywood, Part I: Money Laundering in the Security Industry (April 2019)
This episode explains what money laundering is, how it looks different in the securities industry, how that makes regulation different for the securities industry, and what FINRA’s Anti-Money Laundering Investigative Unit does.
Beyond Hollywood, Part II: AML Priorities and Best Practices (May 2019)
This episode continues the discussion from the previous “Beyond Hollywood” episode, covering current priorities and best practices when it comes to anti-money laundering regulation.

Regulatory Notices

Regulatory Notice 23-06 (FINRA Shares Effective Practices to Address Risks of Fraudulent Transfers of Accounts Through ACATS)
Regulatory Notice 22-25 (Heightened Threat of Fraud: FINRA Alerts Firms to Recent Trend in Small Capitalization (“Small Cap”) IPOs)
This Notice alerts firms to a recently observed, emerging threat to customers and member firms, where FINRA, NASDAQ and NYSE have observed initial public offerings (IPOs) for certain small capitalization (small-cap) issuers listed on U.S. stock exchanges that may be the subject of pump-and-dump-like schemes.
Regulatory Notice 22-21 (FINRA Alerts Firms to Recent Trend in Fraudulent Transfers of Accounts Through ACATS)
This Notice provides an overview of how bad actors effect fraudulent transfers of customer accounts using ACATS (referred to as ACATS fraud), lists several existing regulatory obligations that may apply in connection with ACATS fraud, and provides contact information for reporting the fraud.
Regulatory Notice 22-06 (U.S. Imposes Sanctions on Russian Entities and Individuals)
This Notice provides member firms with information regarding the sanctions the U.S. government imposed in February 2022 in response to Russia’s actions in Ukraine.
Regulatory Notice 21-36 (FINRA Encourages Firms to Consider How to Incorporate the Government-Wide Anti-Money Laundering and Countering the Financing of Terrorism Priorities Into Their AML Programs)
This Notice informs member firms of the Financial Crimes Enforcement Network’s (FinCEN) government-wide priorities for anti-money laundering and countering the financing of terrorism policy, which was mandated by the Anti-Money Laundering Act of 2020 (AML Act).
Regulatory Notice 21-03 (FINRA Urges Firms to Review Their Policies and Procedures Relating to Red Flags of Potential Securities Fraud Involving Low-Priced Securities)
This Notice provides information that may help FINRA member firms that engage in low-priced securities business assess and, as appropriate, strengthen their controls to identify and mitigate their risk, and the risk to their customers, including specified adults and seniors, of becoming involved in activities related to fraud involving low-priced securities.
Regulatory Notice 20-13 (FINRA Reminds Firms to Beware of Fraud During the Coronavirus (COVID-19) Pandemic)
This Notice outlines four common scams to which firms and their customers were exposed during the COVID-19 pandemic: (1) fraudulent account openings and money transfers; (2) firm imposter scams; (3) IT Help Desk scams; and (4) business email compromise schemes—and describes measures that firms and associated persons may take to mitigate related risks.
Regulatory Notice 19-18 (FINRA Provides Guidance to Firms Regarding Suspicious Activity Monitoring and Reporting Obligations)
This Notice provides guidance to member firms regarding suspicious activity monitoring and reporting obligations under FINRA Rule 3310 (Anti-Money Laundering Compliance Program).