Regulatory Expectations for Cybersecurity Practices at Broker‐Dealers


In Vo. 54, No.1 of the Review of Securities & Commodities Regulation, Orrick partners Daniel Nathan and Heather Egan Sussman examine how cybersecurity has become an increasingly important priority for broker-dealer regulators as the number of data breaches has grown rapidly in recent years. In this article, they also focus on rules, regulations, and extensive guidance from the Securities and Exchange Commission (SEC) and the Financial Industry Regulatory Authority (FINRA). Daniel and Heather then turn to the lessons to be drawn from the law and guidance and conclude with a discussion of SEC and FINRA enforcement actions arising from cybersecurity failures and the lessons to drawn from those cases.

Read More 

The Review of Securities & Commodities Regulation is an analysis of current laws and regulations affecting the securities and futures industry. If you have questions about your cybersecurity incident preparedness practices, please contact one of the authors.