To read the full version of this content please select one of the options below:

FINRA publishes its 2015 “Report on Cybersecurity Practices”

Richard Kuhlman (Bryan Cave LLP, St. Louis, Missouri, USA)
Jason Kempf (Bryan Cave LLP, St. Louis, Missouri, USA)

Journal of Investment Compliance

ISSN: 1528-5812

Article publication date: 6 July 2015




To summarize and comment on FINRA’s report on cybersecurity practices, published on February 4, 2015, which arose from its 2014 targeted examination of firms’ cybersecurity preparedness.


Explains the implications of the FINRA report and general guidance FINRA provides and expects all firms to consider in connection with developing their respective cybersecurity programs in eight areas: governance and risk management for cybersecurity; cybersecurity risk assessment; technical controls; incident response planning; vendor management; staff training; cyber intelligence and information sharing; and cyber insurance.


There is no doubt that cybersecurity is a key risk facing the financial services industry now. Accordingly, FINRA expects that firms will review the report and assess how the principles and effective practices provided therein could help build or improve cybersecurity readiness. The report reflects FINRA’s risk-management-based approach to cybersecurity issues, identifying principles and “effective practices” for member firms to consider, as opposed to decreeing specific requirements, policies or procedures.


Expert guidance from experienced securities lawyers.



© Bryan Cave LLP, All rights reserved.


Kuhlman, R. and Kempf, J. (2015), "FINRA publishes its 2015 “Report on Cybersecurity Practices”", Journal of Investment Compliance, Vol. 16 No. 2, pp. 47-51.



Emerald Group Publishing Limited

Copyright © 2015, Authors