Key takeaways

• Enforcement authorities can be particularly tough the second time around. FINRA previously investigated the same company and fined it over other concerns regarding its cybersecurity.
• In FINRA’s view, policing the cybersecurity of vendors has gone from best practice to legal obligation.
• FINRA apparently sees the “mother ship” company’s obligation to police cybersecurity extending throughout the business, even through a decentralized network of registered representatives and the vendors they engage.