Amid proliferating cyberthreats and rapidly evolving fintech, FINRA is reevaluating its approach to digital concerns and seeking additional guidance from federal lawmakers.
"It's not just the rules that can get in the way; sometimes it's the way we administer the rules that can get in the way," FINRA CEO Robert Cook said at a joint SIFMA, AICPA conference in New York.
FINRA was looking to ratchet up engagement with industry players, he said.
To that end, the regulator has hosted roundtable discussions around the country with fintech firms, robos, vendors, and traditional broker-dealers' technology departments to get a better handle on how the business is changing, Cook said. Later this month, FINRA will convene a new fintech advisory committee.
On new digital technologies, it's not merely a question of what startups are doing — big firms are also quickly deploying new tools and products for advisors as well as clients, Cook said.
It's challenging for regulators to keep pace with industry change, Cook said. But he added that FINRA's member firms are key sources of information.
"We get the benefit of hearing from our member firms about what's going on. A lot of that is about new products coming out, new technology. Sometimes it's about areas of concern they have," he said.
Cook's talk was moderated by Giovanni Prezioso, a partner at Wall Street law firm Cleary Gottlieb. Cook worked there before joining FINRA last year following Richard Ketchum's retirement.
There is more work for regulators to do on cybersecurity, Cook said, adding that Washington policy makers must be more involved.
It's not unreasonable for firms to ask why they don't get more regulatory guidance on cyber issues, he said.
"That's something we struggle with because we don't think there should be a regulatory patchwork. We're concerned about getting ahead of federal policy makers," Cook said.
Cybersecurity has become a mounting concern due to a series of high profile data breaches, including credit reporting agency Equifax and the SEC itself. Concerns have also been raised about regulators' ability to defend sensitive data from threats.