Use Case IT & Compliance
Unify For Compliance and Risk Managers
Who do we serve:
Compliance and Risk Managers at firms responsible for educating and enforcing cybersecurity polices on employees and 1099 contractor firms that are under their management.
We focus on firms that are regulated by the Securities and Exchange Commission (SEC), Financial Industry Regulatory Authority (FINRA) and state securities boards.
Some of these firms include:
• Broker Dealer Firms
• Insurance Firms
• Office of Supervisory Jurisdiction (OSJs)
• Large Branch Offices
• 3rd party compliance firms
"Cybersecurity Risk Managerment Challenge"
Most Broker Dealers (B-Ds) and OSJs are responsible for thousands of Independent financial services firms within their network. However, in many cases they do not procure laptops, servers, mobile devices, networking and storage Infrastructure Technology (IT) for these independent financial services within their network.
At the same time, these B-Ds have the constant challenge of educating firms that are part of their network about the risks of cyber threats. They need to do this to avoid the risk of any cybersecurity related legal blowback.
Most recently, SEC and FINRA have increased their scrutiny of cybersecurity supervisory practices of large broker dealers. There are countless cases of multi-million $ fines against broker dealer firms.
What do firms do today?
Broker dealers and OSJs can take on the burden of IT procurement and manual supervision of the financial services firms in their field of responsibility. In most cases, compliance and risk managers rely on point-in-time, manual audits and selfreporting to monitor cybersecurity policies today. In some cases BrokerDealer firms take on a very active role in managing and enforcing IT practices. Many B-Ds use 3rd party IT vendors to assist with IT set-up, procurement as well as break/fix support. Some firms may use 3rd party compliance firms to assist with compliance activities as well. At the other end of the spectrum, some B-Ds will recommend purchasing expensive monitoring software with an overlay of installation and management fees. This approach essentially generates highly complex reports that are difficult to understand and not tailored to the needs of the financial industry. Above all, in this case most independent financial firms are unhappy about the level of IT restriction placed on their business!
So, what’s the problem?
With the growing use of BYOD/mobile devices and mobile productivity apps, many independent financial firms demand a fine balance between supervisory practices and IT freedom.
The challenge is - how do you maintain a uniform cybersecurity policy on geographically separated financial services firms wanting IT freedom?
There are many complex tools available in the marketplace, which would take time to set-up and be cost prohibitive for most growing firms. IT firms are good at IT set-up and maintenance. Compliance firms cover many areas including core financial compliance and documentation.
In adequate industry-specific coverage exists around cyber security policy enforcement
on end-point devices, networks and applications in use.
Here are some examples of gaps that still exist:
• Providing a written and up-to-date cyber security policy
• Automated enforcement of cyber security policy on devices and IT
• Generate appropriate audit trail and logs to prove that policies have been enforced on all IT systems.
So, whose problem is it?
Many firms are led to believe that this is not their problem and it is that of the IT firm, compliance firm or a Broker Dealer OSJ/Branch Manager. This is not true.
According to Rule 30 of Regulation S-P (referred to as the safeguards rule),“Every worker, dealer and investment company, and every investment adviser registered with the commission must adopt written polices and procedures...”
What’s the cost of not doing anything?
This results in more cyber incidents and fines. If a firm experiences a data breach then the reputation damage is enough to adversely affect their business.
What does Entreda do?
Entreda is a software company founded in 2011 with offices in San Mateo, California. Entreda's Unify cybersecurity policy enforcement software analyzes and monitors servers, computers, mobile devices and networks financial firms use in order to verify enforcement of security best practices including compliance with a comprehensive checklist that conforms to FINRA and SEC technology guidelines. Our weekly reports and alerts are customized for the financial services industry and form the basis for audit trail necessary to pass new SEC/FINRA compliance mandates. Our integrated security apps and services complement the cybersecurity monitoring and remediation software together forming a complete enforcement system.
Share this post!
Smarsh Blog
Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.
Ready to enable compliant productivity?
Join the 6,500+ customers using Smarsh to drive their business forward.
Subscribe to the Smarsh Blog Digest
Subscribe to receive a monthly digest of articles exploring regulatory updates, news, trends and best practices in electronic communications capture and archiving.
Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.
FOLLOW US