Short answer: of course not!—That is, if you don’t mind providing a portion of the $176 million in fines that FINRA issued last year. However, if you’re like the majority of businesses out there, you can probably think of a lot of better ways to spend your company’s money.
If you think you're not at risk, think again. There's a lot more to FINRA then just avoiding investment fraud.
Wait. FINRA won't fine me...right?
FINRA is a regulatory authority within the financial services industry, with rules encompassing record keeping, investor protections and more. While some of the potential violations may see obvious (like not participating in illegal scams), others often fly under the radar. For example, in 2016, FINRA fined 12 firms a total of $14.4 million for cybersecurity related violations. Some of the companies fined included Suntrust and PNC Capital Markets. Keeping proper records in the required formats is just as important in avoiding violations as some of the better known regulations.
What does FINRA have to do with cybersecurity?
Since we live in an increasingly digital world, cybersecurity is of the utmost importance for properly protecting customer data. This means that improper management of the data within your systems could have negative effects on your customer, and that’s why FINRA regulates this preservation.
Regulations like FINRA 10-06 also require preservation of social media interactions, which includes both public facing platforms and internal social collaboration tools like Slack, Confluence/JIRA and Sharepoint. All of these systems could be vulnerable in the event of a cyberattack, so you'll want to make sure you're following FINRA guidelines for both your company and your customer's protection.
How do I know if I’m covering all my bases?
It all starts with knowing what data you have and where it's stored. With that knowledge, your compliance team can address any new regulatory requirements that come up, and they can determine what regulations you might be missing. Creating a searchable archive of all the platforms that your company uses, including internal collaboration software and retired applications. This way, you’ll cover the customer data that may appear in day to day conversations, plus you’ll be able to find any additional hidden pockets of data.
You’ll also want to make sure you’ve properly collected your website. FINRA requires that you preserve your customer journey, or the path that your customer takes to make a decision on your website. This includes any investment calculators, terms and conditions and other interactive features that your website may have. Capturing these types of dynamic content can be complicated, so make sure that the archiving software you use provides archives in a native format, so that you receive a working replica of your site that’s legally defensible, should you have to utilize the archive in court.
Okay, maybe I could be at risk. What should my company do next?
The first step is realizing that you’re at risk, so you’re on the right track! Next, it’s time to be proactive about data management. You don’t want to be scrambling when the regulators come around. If you’ve decided to start archiving your website and collaborative platforms, make sure that you’re consistently gathering the new data as it comes in to avoid missing important content.
Next, work with your compliance team to understand what regulations apply to you and to analyze the archives you’ve created for potential violations. By staying ahead of the regulators, you’ll be setting your business up both success with FINRA and preparing in advance for regulations like GDPR. When it comes to compliance, keeping a proactive mindset is the best way to avoid being a part of another year of hefty fines.
Additionally, If you’d like to speak with one of our experts of find out how Hanzo can help your organization prepare for a potential FINRA audit, request a demo with us today.