Cyberhacks in the U.S. options market have increased from about 10-20 per year a few years ago to upwards of 1,000 currently, and companies and individuals need to step up vigilance, according to Gene DeMaio, Executive Vice President, Options Regulation & Trading Execution at FINRA.
Speaking Thursday morning on the “Washington Perspectives” panel at the Options Industry Conference (OIC) in San Antonio, DeMaio said the primary issue in options is the “account intrusion,” in which a cybercriminal either accesses an account nefariously, or creates a fraudulent account using a stolen identity. From there, the hacker will attempt to make a profit via market manipulation, often in very illiquid, far-out-of-the-money options with very wide bid-ask spreads.
“This is not new, but it is something that has increased in frequency over past two years, due to higher volatility in the market,” DeMaio said.
FINRA is working to boost awareness of account intrusions and wants to meet with more options brokers to help them avert these hacks. It’s impossible to fully eliminate this threat, but it can be greatly reduced with practices such as stronger password management and internal surveillance systems.
“We feel very confident that most firms are taking this very seriously,” DeMaio said. “But some firms are still not doing enough, which is why we see this prevalence.”
Ellen Greene, Managing Director, Equity and Options Market Structure at SIFMA, noted when it comes to cybersecurity, the industry of retail options firms and options market makers can be only as strong as its weakest link.
“What’s important is that we need to see investments made across each broker-dealer,” Greene said. “If we don’t have the same level of investment, it’s the weak link that makes things vulnerable.”
Changes in market structure can come from competitive pressure, regulatory initiatives, or legislative actions. The OIC panel covered the latter two agents of change, and it was noted that there are a lot of moving parts on both fronts, including a sweeping agenda set forth by U.S. Securities and Exchange Commission Chair Gary Gensler, and the House Committee on Financial Services’ hearings on digital assets.
Jameel Aalim-Johnson, Vice President of Government Relations at Nasdaq, said the hearings have been constructive, as Democrats and Republicans alike have been thoughtful and non-prescriptive in their approach.
“Both sides have been in-depth, trying to learn by asking questions before looking to legislate,” Aalim-Johnson said. “It’s a big field, and a new field. (House) members do not want to put forth legislation that doesn’t protect markets or that stops innovation.”
“They are being cautious in their approach,” he added. “You can’t always say what the answers are, but you can see what the questions are, and the number of questions is growing.”
Greene cited unresolved data-protection concerns around the Consolidated Audit Trail (CAT), especially ahead of a July deadline that will expand reporting requirements to more of the industry. “We would like to see the SEC take a pause,” in rolling out new proposals, she said. “We want to see them prioritize and complete things that are already started and are critically important.”