Regulatory Compliance

 

 

FINRA Compliance

FINRA (Financial Industry Regulatory Authority) is a non-governmental agency that provides regulatory services for the financial industry. FINRA regulates over 4200 brokerage firms (which amounts to approximately 63,000 brokers) and oversees the stock market and securities industry so that investors feel safe entering the market. FINRA works to help manage and minimize risk and keep the market ordered, uniformed, and structured. Even though FINRA is not a government agency, they are themselves overseen by the SEC, and enforce both SEC and FINRA regulations and rules.

 

HIPAA Compliance

HIPAA, the Health Insurance Portability and Accountability Act, sets the standard for protecting sensitive patient data. Any company that deals with protected health information (PHI) must ensure that all the required physical, network, and process security measures are in place and followed.

SOX Compliance

The Sarbanes-Oxley Act (SOX) requires that all publicly held companies must establish internal controls and procedures for financial reporting to reduce the possibility of corporate fraud. Your entire IT infrastructure–from server and network security to IT practices and operations–must be reinforced and configured to maintain and demonstrate compliance in the event of an audit.

 

Learn how MetaAccess' posture check capabilities can help you ensure compliance by downloading the datasheet

 

 

What is FINRA?

FINRA (Financial Industry Regulatory Authority) is a non-governmental agency that provides regulatory services for the financial industry. FINRA regulates over 4200 brokerage firms (which amounts to approximately 63,000 brokers) and oversees the stock market and securities industry so that investors feel safe entering the market. FINRA works to help manage and minimize risk and keep the market ordered, uniformed, and structured. Even though FINRA is not a government agency, they are themselves overseen by the SEC, and enforce both SEC and FINRA regulations and rules.

Independent Financial services firms that own their own laptops, servers, mobile devices, networking and storage Infrastructure Technology (IT). Most of these firms are regulated by the Securities and Exchange Commission (SEC), Financial Industry Regulatory Authority (FINRA) and state securities boards. These firms typically include Independent Financial Advisors, commonly referred to as Registered Investment Advisors (RIAs), Fee-only advisors, Broker – Dealer Reps or Independent Financial Advisor contractors that have a 1099 relationship with a Broker-Dealer (B-D), and Chartered Public Accountant (CPA) firms that are regulated by the SEC and FINRA.

Given time, budget and operational bandwidth limitations, many growing firms do not have an adequate handle on continuous cyber security monitoring, remediation and compliance of their firm’s device, networks and applications. This results in vulnerabilities that may get unnoticed until a malicious attack happens or a cyber audit failure occurs. Starting 2014, the SEC/FINRA stepped up their cyber security audit exams of investment advisors given the number of cyber attacks against financial services firms. These audits include having an SEC or FINRA examiner physically audit laptops, desktops, mobile devices and core networking as well as storage infrastructure that financial firms use to transact business. These audits are focused on assessing vulnerabilities and non-compliances from SEC/FINRA stated cyber security guidelines.

List of device security/posture checks

Screen Lock
Report if device does not have screen lock and passcode
Root/Jailbreak
Report if device is rooted (Android) or jailbroken (iOS)
Operating System Version
Report if device is running an out-of-date operating system and enforce minimum OS version
Storage Encryption
Report if device's internal storage is not encrypted
Scanning
On-demand scan for suspicious IP connections (Android only)