First taking a look at last year, FINRA levied $204.2 million in fines and restitution and conducted more than 4,100 exams. *
As for 2017, here’s how FINRA fines stack up:
- There were $81.6 million in fines in the 1st quarter 2017.
- A total of 181 firms were sanctioned.
- 14 firms have been expelled.
If FINRA fines continue at this rate, we can expect another record year in fines and sanctions.
Financial firms that archive their Website, social media and emails may be vulnerable to cyberattacks.
Suggestions to prevent your archives from being attacked:
- Stay current with patches. Make sure your vendor or IT department is current with all patches and that patches are scheduled regularly and not patched as a reactionary response to the latest attack.
- Make sure hardware is secure. Ask that archiving tools are tested regularly and that hardware and firewalls are secure.
- Keep open lines of communication. Maintain open lines of communication with vendors/IT and be aware if they or any of their systems have been compromised.
FINRA recently provided further guidance for broker/dealers and financial advisors on how to stay compliant when using social media.
Public comments – advisors can create sites that allow clients/prospects to make unsolicited comments regardless if they sound like testimonials or “likes.”
Compliance Officers still need to make sure that the statements made are not paid testimonials or falsified.
Brokers that place links to third party Website that are independent of the firm need to determine two important factors:
- is the link “ongoing”
- does the broker have control over the content of the third party Website
Firms must make certain that the third party site does not contain any misleading or untrue statements.
Broker/Dealer Websites and social media must be archived to non-erasable storage and saved for six years or as defined by your compliance manual.
FINRA continues to fine firms for failing to keep proper records. It recently fined a large broker/dealer $900,000 for failing to create and send records to more than 1.6 million of its customers.
Compliance officers must ensure that their firm properly sends and stores its records properly or risk being fined.
Hundreds of thousands of Websites became unavailable after Amazon’s cloud service suddenly went down for 4-hours.
This meant that financial firms that use Amazon Web Services couldn’t access their information.
Financial firms using cloud services for archiving and storage should think twice if it’s unacceptable for your Website and archives to be inaccessible and potentially compromised.
Instead use data centers that store your information to WORM (Write-Only Read-Many) file format to protect your firm and archives.
Compliance vault has physical geographically diverse SSAE-16 certified compliant data centers that store your Website archives to non-erasable, immutable storage.
Contact us for your complimentary archive of your Website.
FINRA fined 12 firms $14.4 million for failing to store their firm’s records in “write-one read-many” format.
Storing in WORM format assures that your electronic records such as your firm’s Websites have not been changed or altered.
Simply “back up” or storing your Website in “the cloud” means that you are not storing your Website to an immutable format. Firms failing to use non-erasable WORM format could be opening themselves up to unnecessary risks and fines.
Make sure your Website is being stored to an immutable WORM file format.
Firms are also required to archive their Websites to geographically diverse, separate and secure multiple data centers.
If you’re unsure if you’re following stringent FINRA regulations, ask! You could save your firm from being fined from not storing your Website properly.
For a full checklist on FINRA Website archiving requirements, visit http://compliancevault.com/compliance-checklist.html
FINRA news release on fines
Contrary to what you may have heard archiving firms differ greatly in their archiving methods and approaches.
For example if your Website is being archived using cloud storage, your firm may be opening itself up to unnecessary risks like outages, and the ability to prove that your archives are immutable.
What if the cloud storage your vendor uses goes down like Amazon cloud storage has. This makes your archives unaccessible and opens your firm to undue risks. When cloud storage goes down, this means you won’t have access to important firm information.
FINRA/SEC requires broker/dealers to storage their firm Website archives to WORM or immutable file format storage. Using WORM storage assures without a doubt that your information cannot be changed, altered or deleted.
To assure you’re following regulatory guidelines, verify that your vendor uses WORM storage (not the cloud) and that your Website is being archived to separate and secure data centers (physical locations). Archives are needed every time your Website posts an update or revision.
FINRA, the enforcement and arbitration agency that regulates broker/dealer firms and exchange markets, reported this year will be a record year for fines. It reported over $79 million in fines had been levied for the first half of 2016. Projections for the entire year could total $160 million in fines – representing a nearly 20% increase from record-setting year 2014.
As part of the books and records requirements, broker/dealers are required to store their firm Websites and firm information to WORM or non-erasable storage to multiple, secure, and geographically diverse data centers.
Is your Website being stored to WORM?
Press release from Sutherland: http://www.sutherland.com/NewsCommentary/Press-Releases/193640/FINRAs-Projected-2016-Fines-Ginormous-Fines-May-Propel-2016-toRecord-Setting-Year
Financial firms using cloud storage to archive firm Websites, emails and social media may be opening up their company to unnecessary risks and should absolutely be concerned.
Last Friday 7amEST, hackers released a DDoS (distributed denial-of-service), taking offline popular Websites such as Amazon, Twitter, Tumblr, Soundcloud.
While cloud storage has been rising in popularity over the years, firms that use Amazon and other cloud providers for archiving their Websites and other important information subject to government regulations may just find their archives unaccessible and open to further attacks and outages.
Do you know if your Websites and other information subject to books and records requirements are being stored in the cloud?
If so, you may want to rethink your archiving storage strategy and use a provider that uses actual secure data centers for archiving storage.