Introducing FINRA's Complex Investigations and Intelligence team and Cyber and Analytics Unit

The new Complex Investigations and Intelligence (CII) team and Cyber and Analytics Unit (CAU) are driving a shift in terms of how Member Supervision's National Cause and Financial Crimes Detection Program comes at its work and leverages intelligence and analytics to drive decision making and operations.

On this episode, we hear from Omer Meisel, Vice President of CII, and Brita Bayatmakou, Senior Director of CAU, about how these changes will help FINRA better deliver on its mission of investor protection, market integrity.

Conferences and Events

Episode 86: FINRA's Financial Intelligence Unit

Episode 72: Overlapping Risks, Part 2: AML and Elder Exploitation

FBI Cyber Threat Briefing Series

Listen and subscribe to our podcast on Apple Podcasts, Google Podcasts, Spotifyor wherever you listen to your podcasts. Below is a transcript of the episode. Transcripts are generated using a combination of speech recognition software and human editors and may contain errors. Please check the corresponding audio before quoting in print.

FULL TRANSCRIPT

00:00 - 00:27

Kaitlyn Kiernan: Member Supervision's National Cause and Financial Crimes Detection Program is making a shift in terms of how it comes at its work and how it leverages intelligence and analytics to drive decision making and operations. On this episode, we hear from two leaders helping to drive that change through FINRA's new Complex Investigations and Intelligence team and Cyber and Analytics Unit about how these changes will help FINRA better deliver on its mission of investor protection and market integrity.

00:27-00:37

Intro Music

00:37 - 01:04

Kaitlyn Kiernan: Welcome to FINRA Unscripted. I'm your host, Kaitlyn Kiernan. I'm pleased to welcome to the show today two new guests who are still also relatively new to FINRA. First, we have Omer Meisel, vice president of the new Complex Investigations and Intelligence group within Member Supervision. Then we also have Brita Bayatmakou, senior director of the Cyber and Analytics Unit within Omar's team. Both of them joined us at FINRA in 2021. So, Omer and Brita, welcome to the show.

01:05 - 01:06

Brita Bayatmakou: Thank you. Thanks so much for having us.

1:07 - 01:19

Omer Meisel: Yeah, thank you. Kaitlyn, thanks for having us. I have to say, before I joined FINRA, I would actually listen to the podcasts. So now I'm extremely excited to be here today and to be able to participate in podcast itself.

01:19 - 01:35

Kaitlyn Kiernan: Great. So, we have long-term listener, first time caller here! Awesome to hear. And Omer and Brita, can you start us off by introducing yourselves and telling us a little bit about your background and what you did prior to joining FINRA? Omer, maybe you can kick it off?

01:35- 04:33

Omer Meisel: I started my professional career after graduating from high school as a trader in Chicago, and after doing that for a little bit, what I realized is that I was really more interested, I think, in securities law and compliance areas. And so, I went to law school, and I got an internship with the SEC. And that's where I really found or started to find my passion for investigations and specifically securities fraud investigations. And after that internship, they hired me to be a full-time investigator. I put myself through law school while working full time at the SEC, and then I had the opportunity to move over to NASD, as we all know now, as FINRA, as a young investigator in the Market Surveillance department investigating market manipulations and pump and dumps.

That really was part of the foundation where I build the passion for being an investigator in, specifically in, the securities fraud arena. And then subsequent to that, I was recruited by the FBI, specifically for that role-to be a special agent investigating complex securities fraud. So then for the next 23 years I was at the FBI before I retired last August. And the first part of my career, I investigated complex securities fraud cases, whether that be corporate fraud, pump and dumps, market manipulations or insider trading. I was one of the case agents on the Enron task force. At the time, it was the largest corporate fraud case that the country has ever seen. And the foundation I developed at NASD as an investigator really served me well at the FBI.

Then as I started to move up into management and leadership positions, I initially started as a supervisor of a securities fraud squad. And shortly thereafter, I was moved to be the supervisor of a counterterrorism squad. The FBI's priorities had really shifted post-9/11 to terrorism and that being our number one priority.

And so, as it continued to rise in the ranks within the FBI, I started to work on many different diverse threat scenarios. I led our office in Israel and the Palestinian territories, where I ran all operations with the Israeli government and the Palestinian Authority. Then I came back and decided to use my law degree and became the equivalent of the general counsel for the FBI in one of their field offices. After doing that for some time, what I realized is I've missed being involved in investigations and operations. And so, I went back to various leadership positions in Ops, and I became the assistant special agent in charge. And shortly before retiring, I was the acting special agent in charge of the San Diego field office. I helped shift throughout my career my focus from being very much tactically driven to strategically driven.

04:34 - 04:47

Kaitlyn Kiernan: Well, it's a long boomerang trail, but we're very glad it brought you back to FINRA after your time in the FBI. Thanks for sharing. It's very interesting career. Brita, how about you? What's your background?

04:47 - 07:13

Brita Bayatmakou: Omer's always a tough act to follow with all of his incredible experiences. Like you mentioned, I'm a senior director now within the National Cause and Financial Crimes Detection Program based out of our San Francisco office. And I spent the early part of my career in the legal and risk management field. So, I pursued a degree in International Relations and Policy, which really was where I was introduced to concepts and disciplines like transnational organized crime and became drawn into the financial crimes arena through a variety of experiences both here and overseas.

I'd say I have dedicated much of my career, the past decade or so, to financial crimes compliance, specifically. My combined early career focus in the anti-money laundering compliance and sanctions space paired with experience I gained in the financial intelligence discipline, unlocked my subsequent interests exploring ways that institutions and organizations can leverage data and analytics solutions to improve how we detect criminal enterprises, how we look at their associated behaviors.

That has led me to the broader financial crime space in terms of looking at things like cyber, which really led me to my role today. I joined FINRA, as you mentioned, I'm coming up on my year anniversary here in September. I joined over from Charles Schwab, where I had the opportunity to lead several teams within the firm's Financial Crimes Risk Management department. I built out the department's intelligence team function. This group analyzed and identified emerging complex fraud, cyber and money laundering-related trends.

I also oversaw our AML fraud and conduct risk assessment programs, the AML testing and training programs and led a lot of the department's board reporting functions and then served as the BSA officer of Schwab's Mutual Funds, ETFs, Worldwide Fund and Futures Business. And most recently, I'd say, before coming to FINRA, I worked within the financial crimes risk management department on expanding our capabilities internally in terms of data and analytics, leading a team that really focused on financial crime threat detection using data science and leveraging advanced analytics solutions to really drive investigations and support that intelligence function.

07:14 - 07:34

Kaitlyn Kiernan: Great. Well, we have heard on past episodes that there is an increasing focus on data and analytics here at FINRA, do that sounds like great experience.

Omer, I mentioned at the top you head up the new Complex Investigations and Intelligence Group. Can you tell us what that team is and what its primary responsibilities are?

07:35- 08:35

Omer Meisel: I was hired back in September of 2021 to lead this new section uniting, at the time, NCFC's four specialist groups, and that included the Special Investigation Unit, the High-Risk Registered Representative unit, the Cybersecurity group and the Vulnerable Adult and Seniors Team. Since joining the FINRA team, it's been an extremely exciting time in CII. We've expanded our scope and our mission to include creating the Cyber Analytics Unit, or as we refer to it as CAU, which is an expansion of the cybersecurity group, which Brita leads, and she'll further discuss in this podcast.

And we've added a new group to the Special Investigation Unit, which is the Anti-Fraud Investigation Group. And we've realigned the Financial Intelligence Unit under CII, and that will further Member Supervision's vision of leveraging intelligence and data to drive decision making and operations.

08:36 - 08:44

Kaitlyn Kiernan: How do you think some of these changes will improve the effectiveness of the team like you said, in driving decision making and operations?

08:45 - 10:27

Omer Meisel: The teams within CII, they focus on the most complex issues within their area of specialization. And that's not to say that other departments within Member Supervision don't conduct complex exams or investigations or work on complex matters. Rather, the units within CII are teams that are subject matter experts in their respective disciplines. And they should focus their efforts on the most complex matters that impact investors. Furthermore, one of CII's main objectives is to be both proactive and preventative in identifying and mitigating the most complex threats that the financial industry faces in their areas of specialization.

And so, when I was at the FBI, we referred to this as being left of boom, which is a reference to basically being ahead of the threat and disrupting threats before they blow up, so to speak. And that's the mindset and culture that we're building, not just here in CII, but also throughout FINRA. We're developing left of boom, proactive and innovative strategies so we can identify and mitigate the numerous complex threats that investors and the financial industry face as quickly as possible so we can have the greatest impact on protecting investors and our member firms.

And a significant component of achieving that goal is being an intelligence-driven operations, so we can continue to stay ahead of threats. Lastly, within CII, we've intentionally built these teams to be agile and nimble, to be able to pivot quickly and adapt to address emerging threats or risks in their area of specialization.

10:28 - 10:50

Kaitlyn Kiernan: Great. And for listeners of the podcast, the phrase "left of boom" probably sounds familiar. We've heard it from Greg Rupert before, which is probably no surprise as a fellow FBI alum at FINRA.

The Cyber and Analytics Unit is one group within CII. Brita, can you tell us more about your team?

10:51 - 14:29

Brita Bayatmakou: Yeah, absolutely, Kaitlyn. I lead up our Cyber and Analytics Unit whose mission is to conduct complex investigations in the cybersecurity, cyber-enabled fraud and crypto asset disciplines. We also have a team called our Analytics Threat Targeting Team that is here to proactively target our top financial crime-related threats. FINR's core mission, as many of our listeners know, is investor protection and ensuring market integrity. And we could not be more aligned in terms of FINRA's mission with the vision for this group and its rollout.

When we are thinking about the type of threats that we're seeing to markets and to investors when it comes to cyber and fraud associated with a variety of areas, including crypto. And so, it's really critical that we ensure we're keeping pace with trends and important that we do establish a team like this bringing it together to proactively detect and address those threats that we see across the cyber discipline.

And so, it's made of three core teams. The first one, as Omer mentioned, was already in place prior to me joining, the Cybersecurity group. This is a team that focuses on assessing and enhancing member firms' cyber controls, providing some support for our firm exam teams, conducting, like I mentioned, complex cybersecurity control-related investigations to really ensure that firms are developing reasonably designed programs that are consistent with their own risk profile, with their business model and scale of operations.

The next team that we are building out is our cyber-enabled fraud team, and this group is going to focus on, as the title suggests, all cyber-related fraud or misconduct related to things like account takeover incidents using compromised information, things like business email compromise, different scams, ransomware attacks and other various things we've been seeing on the rise like impostor website schemes.

And the last team I lead is the Crypto Asset Investigations Team, and for the first time FINRA will have a dedicated crypto asset focused group, which is really exciting. I think there's been a lot of attention to this space across headlines. You can pretty much pick up a newspaper any day, although nobody does that anymore, but you can take a look at headlines and see this is such a top-of-mind issue and question that's come up. And while our current footprint and FINRA's touch points might be limited today, it is really important that we identify and address developments in markets to ensure that the investing public, even in adjacent markets, are protected, again, aligning with FINRA's core mission.

So, we are putting ourselves in a position to be prepared for what's to come. And this team is going to be conducting crypto asset fraud-related investigations, examinations and reviews of member firms and affiliates, and will provide advisory support as well to our internal firm Examination and Risk Monitoring teams.

There are a lot of exciting projects to come. This is obviously an area that has seen incredible amount of growth in recent years. And while the past couple of months have been rocky with the market cap of crypto assets, of course, falling significantly, trends do still indicate that there will be sustained interest going forward. So, with the amount of regulatory uncertainty out there, there is also a lot of attention being paid and work being done to provide a regulatory framework that will certainly guide FINRA's future role in this space.

14:30 - 17:40

Omer Meisel: I think this is a great example of FINRA being forward leaning in thinking about the threat and how to be ahead of that threat. And so, we aren't waiting, necessarily, for someone to tell us we should be in this space or reacting to the events. Rather, we are positioning ourselves to be able to address the threats, for example, in the crypto space very proactively so that way, whatever is mete from regulatory standpoint FINRA is in a position to best protect investors in the markets.

15:08 - 15:14

Kaitlyn Kiernan: How will CII and CAU you work with FINRA's Exam and Risk Monitoring teams?

15:14 - 16:05

Brita Bayatmakou: It is absolutely imperative and a critical component of what we do and how we do it when it comes to collaboration with these teams. As we expand our capacity, I can speak to my team across the cyber and crypto-related disciplines, this is a threat that is constantly evolving and making it more critical that we have an ongoing dialogue and collaborative effort in place. The more these teams are aware of what we are seeing, the more quickly we can identify when an issue arises that needs to be addressed and represent maybe something larger that we should perform more training on.

And on the flip side, the risk monitoring teams really are the eyes and ears for us and can identify a lot of red flags that we may not have noticed. And so having that ongoing partnership, that ongoing dialogue is key to what we do.

16:06 - 17:40

Omer Meisel: It might help to step back and think about what are the responsibilities of CII and the specialist units within CII? And, while they all focus on their areas of specialization, there's a thread that binds us all together and that is our core responsibilities and functions. So, I'll highlight a couple of them. One is, of course, is to conduct complex investigations, but another one is to provide advice and consultation to the firm exam program, to risk monitoring program, to Enforcement, to really every department within FINRA in their area of specialization. And that is a key component of what we do within CII. So, our connection and touch point to firm exam and risk monitoring is so strong, we are integrated in every aspect. We are constantly communicating, talking, sharing intelligence and information. And I think a large part of the transformation that FINRA has gone through over the past couple years, which I know has been a subject of previous podcasts, has really led to breaking down silos and being integrated in a very intimate way. And I can say, just in the almost year that I've been here, I've seen that in so many ways, and I've seen how it's improved significantly where now really there is no daylight between the three departments.

17:41 - 18:10

Kaitlyn Kiernan: Another topic that has come up a few times on this episode, and we've talked to Blake Snyder in the past about the Financial Intelligence Unit, which is also part of your team, but there's this increased focus on intelligence throughout Member Supervision and FINRA as a whole. How does FINRA and the National Cause and Financial Crimes Detection Program plan to use and share the intelligence developed through these programs with firms and others?

18:12 - 22:10

Omer Meisel: I talked about those core functions and responsibilities. And another one of those core functions that binds all of CII is to inform industry and external stakeholders in their areas of specialization. That is one of our core functions that we are laser focused on. What we're doing is we've really been intentional about how we share information, being very forward leaning in sharing information and intelligence with our membership.

When we either identify significant threats or another government agency identifies a significant threat that may impact FINRA member firms and or investors, we are proactively issuing Reg Notices. We are proactively issuing alerts to highlight the threat to our member firms so that they're not only aware of it, but so they can potentially implement measures to disrupt those threats. And we can give some examples recently where, for example, with the invasion of Ukraine by Russia and the significant sanctions that the US government has implemented, we immediately started issuing Regulatory Notices to member firms to make sure that they understood what was happening, the sanctions that were being imposed, and giving them resources to look to, to be able to understand how that impacts their firms.

By the same token, as we were doing that, we were very much in lockstep with Risk Monitoring in their outreach to the firms. And so, it was a two- way street. We are issuing Regulatory Notices, we are issuing alerts, but we're also working closely with our Risk Monitoring partners with their direct outreach to member firms. And we've done that in the cyber space when we've seen intelligence come out on different types of cyberattacks and vulnerabilities. We've done it with impostor websites. We've done it with many different types of fraud technologies.

But when I highlight and I talk about the sharing of intelligence, it's truly a team sport. And the fact of the matter is that the financial industry is more likely to identify emerging threats quicker than any government agency or FINRA. And the reason for that is because they're on the front lines, getting attacked by the bad actors every day. And so, it's critical that they proactively share that intelligence with FINRA and specifically within FINRA either with the Financial Intelligence Unit or their Risk Monitoring counterparts. And there are two reasons for doing this. One, that intelligence is critical to FINRA being able to further analyze the threat and mitigate threat. And two, FINRA is uniquely situated to be able to distribute that intelligence to our membership, to other regulators, to law enforcement agencies, to better protect investors and firms.

Moreover, we're looking for other ways to partner with our member firms, to share intelligence with our member firms and help them understand the threat landscape. And so, for instance, CII and the FBI have teamed up to host a Regional Cyber Threat Briefings series, where FINRA connects our member firms with the local FBI office in that region, and we hold a briefing where, one, we hear directly from the local FBI office about the latest threat intelligence, and two, we help develop connections between our member firms and the FBI and in FINRA's CAU. And the key there is it's not a matter of if but when our member firms are going to be the victim of a cyberattack. And it's really critical that they understand the threat landscape and that they have the contacts both with the FBI and within FINRA to help them address that threat.

22:11 - 22:47

Brita Bayatmakou: One last important platform in terms of information sharing is also our annual Cyber Conference, our Annual Conference that FINRA puts on, as well as other events throughout the year where we really try to engage with membership. We have office hours. This is an opportunity to share information on sometimes a more intimate level. So that's definitely one way. And I want to emphasize the point that Omer made that it's a team sport. We are in this together and if there's a point I can make here, it's everyone's responsibility to be aware and educate themselves. And we're here to partner with firms. And that really is a cornerstone of our program and what we're doing.

22:48- 3:23

Kaitlyn Kiernan: And we'll link to some of those resources in our show notes. And I'll also encourage you to follow FINRA on LinkedIn and Twitter. We also share all of these new alerts and Reg Notices there, as well as through emails to firms. So, you can keep tabs on these updates in a number of ways. Well, thank you both so much for sharing the overview of these changes and your new teams. Just to wrap up, I wanted to ask you both what you're most excited about when it comes to these changes and the opportunities for your teams in the months ahead.

23:24- 24:14

Omer Meisel: For me, having an opportunity to work for FINRA is something like a homecoming and coming full circle in my career. I owe a lot of my foundational securities investigative experience to FINRA when I was a young investigator and now having the opportunity to come back approximately 23 years later and to be able to lead CII, which is filled with talented, experienced, mission-driven employees, is extremely exciting and rewarding. And I think the direction that we are headed in, we are on the right path. We are laser focused on being ahead of the threat and identifying the threats as early as we can to mitigate them to protect our investors in the market. So, I think the future for CII is extremely, extremely exciting.

24:15- 25:30

Brita Bayatmakou: I also feel really fortunate to be sitting where I am within this organization. Technology has, of course, played a transformative role in financial services across the board. And when there's new developments in these spaces, there's always a criminal component that seems to expand their own toolbox and leverage developments in that space to perpetrate fraud and other crimes. But with the changes that we're implementing here at FINRA, it's also an opportunity for us to leverage our own technological solutions and shift philosophically in terms of coming at our work more proactively, leveraging and prioritizing the use of data and analytics, and really allowing that technology to drive our own intelligence and operations and try to get ourselves in the mindset of our adversary.

The last thing I'll say is it isn't all technology and technical. When we talk about these threats. There is a human on the other side of the scam or the phishing campaign. And while technology is a priority, we also are prioritizing people and we want to put the right people in place to combat this threat. So, on that note, I'm just going to make a quick plug that I am currently staffing up my teams and so, for those listening, please take a look at our career website to see what opportunities are going to be available very soon.

25:30 - 26:39

Kaitlyn Kiernan: After we heard about Omer's career progression, I think joining Brita's team sounds like a fantastic opportunity. You never know where it'll take you.

25:40 - 25:41

Omer Meisel: I agree.

25:42 - 26:16

Kaitlyn Kiernan: Well, that's it for this episode of FINRA Unscripted. Thank you, Omer and Brita for joining me to tell us about the new CII and CAU groups. I'm looking forward to hearing more about the great work coming out of your teams in the months ahead. For our listeners, if you don't already, you can subscribe to FINRA Unscripted, wherever you listen to podcasts. And if you have any thoughts on today's episode or ideas for future episodes, you can send us an email at FINRA Unscripted at FINRA dot org. Today's episode was produced by me and engineered by John Williams. Until next time.

26:16 - 26:22

Outro Music

26:22 - 26:49

Disclaimer: Please note FINRA podcasts are the sole property of FINRA, and the information provided is for informational and educational purposes only. The content of the podcast does not constitute any rule amendment or interpretation to such rules. Compliance with any recommended conduct presented does not mean that a firm or person has complied with the full extent of their obligations under FINRA rules, the rules of any other SRO or securities laws. This podcast is provided as-is. FINRA and its affiliates are not responsible for any human or mechanical errors or omissions. Parties may not reproduce these podcasts in any form without the express written consent of FINRA.

26:49 - 26:55

Music Fades Out

Public link

Please use the above public link if you want to share this noodl on another website.