TLDR:
- Finra fined Osaic Wealth Inc. and Securities America Inc. $150,000 each for cybersecurity failures.
- The firms were cited for violations of Regulation S-P related to client information protection.
The Financial Industry Regulatory Authority Inc. fined Osaic Wealth Inc. and Securities America Inc. $150,000 each for failures in protecting private client information and cybersecurity gaffes. The firms, part of the Osaic network of broker-dealers, were found to lack basic cybersecurity controls such as multi-factor authentication and encryption for outbound emails with clients’ information. Both firms experienced cyber intrusions leading to exposure of sensitive information. Despite following incident response policies and engaging cybersecurity consultants, they did not enhance their cybersecurity requirements until March 2023. The violations of Regulation S-P highlight the importance of implementing robust cybersecurity measures in financial services firms to protect client data.