FINRA has issued an alert to regulated firms, providing advice on how to protect themselves and their clients while remote working. They also point out that this guidance is designed to be helpful, not to relax regulatory expectations or create new expectations.
As previously mentioned in our blogs, it is essential to keep an eye on the compliance dashboard while working through this crisis.
As work processes adjust in response to COVID-19, firms and their associated persons should take appropriate measures to address increased vulnerability to cybersecurity attacks and to protect customer and firm data on firm and home networks, as well as devices.
This alert provides firms and associated persons with measures they may use to help strengthen their cybersecurity controls in areas where risks may increase in the current environment. In particular, FINRA understands the resource challenges that small firms may face, but hopes that the information included below may help them address possible cybersecurity issues associated with remote work.
However, this alert does not provide an exhaustive list of steps that firms and associated persons should consider ... [and] does not create any new legal requirements or change any existing regulatory obligations.