Cloud computing is the delivery of computing services (i.e., storage and network infrastructure and software-as-a-service (“SaaS”)) on the internet rather than your computer’s hard drive. Currently, cloud computing is considered a valuable asset to firms, industry wide. It is important to have Malecki Law’s FINRA Regulatory Lawyers in New York assist in ensuring your firm’s storage systems are sufficient. As a result, the Financial Industry Regulatory Authority’s (“FINRA”) Office of Financial Innovation (“OFI”) published a report addressing the results of a study regarding the state of cloud adoption within the securities industry. In drafting the report, FINRA obtained data from roughly 40 broker-dealer firms, cloud service providers, industry analysts, and technology consultants.
The report noted that cloud computing strengthens a brokerage firm’s ability to scale operations, generate business continuity solutions and quickly deploy products. Moreover, firms claimed that there are both benefits and challenges regarding agility, resiliency, costs, cybersecurity, staffing, and operations. Additionally, many firms claimed that migrating to the cloud may allow them to be more innovative and offer products at a faster speed. Firms also felt that cloud computing enables them to more efficiently scale computer usage to assist with the increase in IT resources.
As part of its recommendations, FINRA advised broker-firms that use third-party service providers that they have an ongoing responsibility to monitor and supervise the provider’s performance and create oversight procedures. FINRA also encourages companies and vendors to “re-evaluate their approach to security, including reviewing cloud misconfigurations and poor access controls; update data-related policies and procedures if a firm’s cloud adoption leads to changes in how it collects, stores, analyzes, and shares sensitive customer data; create, maintain, and annually review a written business continuity plan, in line with the FINRA Rule 4370 (Business Continuity Plans and Emergency Contact Information); consider the risk posed by cloud vendors and service providers; ensure that any data and information stored in the cloud is compliant with Exchange Act Rule 17a -4, and are preserved in a non-rewriteable and non-erasable format.”