Datapath industry news analysis of FINRA cyber-enabled fraud guidance
Back to Industry News
FINANCE Published May 16, 2026 4 min read Source: FINRA

FINRA Keeps Cyber-Enabled Fraud in the 2026 Compliance Spotlight

FINRA's 2026 Regulatory Oversight Report keeps cybersecurity, account takeover, ransomware, insider threats, and cyber-enabled fraud on the financial IT agenda.

Nathan La Fleche, Director of Strategic Partnerships at Datapath

By

Nathan La Fleche

Director of Strategic Partnerships

cybersecuritycompliancedata security

Key takeaways

  • FINRA's 2026 report identifies cybersecurity and cyber-enabled fraud as continuing risks for member firms.
  • Financial IT teams should connect identity controls, monitoring, supervision, and business continuity planning.
  • Cybersecurity evidence needs to support compliance obligations, not just technical response.

Original source

FINRA

FINRA’s 2026 Annual Regulatory Oversight Report keeps cybersecurity and cyber-enabled fraud squarely in view for broker-dealers and other member firms. FINRA identifies cybersecurity incidents as events that can create customer information exposure, financial loss, reputational damage, and operational failures.1

That framing matters for IT leaders because the cybersecurity program is part of the firm’s supervisory and continuity posture. FINRA points to rules and regulations that may be implicated, including Regulation S-P, Regulation S-ID, FINRA Rule 3110, FINRA Rule 4370, and Exchange Act books-and-records rules.1

The operational risk is broader than ransomware

Ransomware remains a concern, but the report also calls attention to account takeovers, insider threats, network intrusions, and cyber-enabled fraud.1 For financial firms, these scenarios often begin with identity compromise or social engineering and end with customer harm, unauthorized transactions, data exposure, or operational disruption.

That means controls need to be layered:

  • MFA and conditional access
  • privileged access review
  • phishing-resistant training
  • endpoint detection
  • suspicious login monitoring
  • customer account change controls
  • incident escalation to compliance and supervision

Why evidence matters

In a regulated financial environment, a security alert is not just a technical artifact. It may become evidence for an internal review, exam response, insurance claim, customer communication, or board report.

IT teams should make sure incident tickets record the facts that compliance will need later: affected systems, users, data types, timestamps, containment steps, vendor involvement, root cause, and remediation.

Datapath perspective

The firms that make the strongest progress treat cyber-enabled fraud as an operating model problem. They align IT, compliance, supervision, operations, and client-facing teams around the same escalation thresholds.

For example, a suspicious mailbox rule in Microsoft 365 may look like a minor email-security issue. In a financial firm, it could also indicate attempted invoice fraud, unauthorized customer communication, credential theft, or account takeover preparation.

What to do next

Run a cyber-enabled fraud scenario with IT and compliance together. Use a compromised advisor mailbox or fake client distribution request as the trigger. Track whether the team can identify affected data, pause risky activity, preserve logs, notify the right leaders, and document the final disposition.

That exercise will expose whether the firm’s cybersecurity program is connected to its real compliance obligations.

Footnotes

  1. FINRA, “Cybersecurity and Cyber-Enabled Fraud - 2026 Annual Regulatory Oversight Report” 2 3

Disclaimer: This industry news analysis is intended for informational and marketing purposes only, and nothing presented here is contractually binding or necessarily the final opinion of the authors.

Need to turn industry change into an IT plan?

Datapath can help translate security, compliance, and infrastructure signals into practical next steps for your organization.

Book a Consultation