The FINRA (Financial Industry Regulatory Authority) Rules are a set of industry requirements detailing the need for financial and securities firms to develop, implement, and maintain administrative, technical, and physical safeguards to protect the security, integrity, confidentiality, and timely retrieval of financial and account specific documentation.
Under FINRA, penalties for non-compliance have resulted in large fines, and the regulatory group has been raising these penalties even higher over time. Pershing LLC was fined $3 million for violating the Customer Protection rule and associated supervisory failures1 ; Morgan Stanley Smith Barney was fined $800,000 for failing to issue account statements and confirmations for numerous customer accounts and transactions.2 In addition, banking and securities firms can be expelled from FINRA membership and officers and employees can be barred from working in the securities industry.3
Under FINRA Rule 3190, the compliance burden is placed on the member financial or securities firm for any work or services for which they use a third-party service. This means that those firms will be very involved in evaluating and examining the qualifications and competencies of all of their service providers.
So, while the burden for compliance does not rest with you as a non-securities firm, an understanding of the FINRA Rules and how they apply to your business can create a significant business advantage in working with financial and securities firm customers. This is especially true for those anyone working in the document storage and retrieval space, as well as data backup and recovery.
|FINRA Requires...||SmartVault Responds...|
|Comprehensive written Information Security Program||To meet the FINRA requirements for security, your storage system must have reasonable controls to prevent and detect unauthorized creation of, additions to, alterations of or deletion of records. As part of the security controls in place at SmartVault, we have clearly documented processes and procedures for every aspect of our services and ensure that our staff understand and operate by those procedures.
|Clear systems documentation||SmartVault’s information security program is clearly documented, with supporting policies and procedures for all aspects of safeguarding your information, and it is reviewed on an annual basis to ensure it is still meeting the needs of the changing business landscape.|
|Technical Safeguards||Industry Standard SSL encryption for documents in transit – protecting your documents, passwords and interactions with SmartVault from eavesdropping|
|Granular access – ability to grant access to specific folders|
|Activity Logs – complete audit history of who accessed and/or modified documents stored in SmartVault|
|Document access via authenticated login – files are only accessible to users of the service (no anonymous sharing of files)|
|Physical Safeguards||Physical access to our data centers is strictly controlled. Only those employees and contractors with a demonstrated need are permitted access and that access is controlled through a series of technical controls such as badge readers on the doors, biometric locks on the data center and physically keyed or combination locks on cabinets and safes.
It is important to remember that FINRA compliance is a securities firm obligation, not a technical specification. So when we say that SmartVault supports a FINRA compliant workflow, what we mean is that our service gives you the tools that securities firms like yours need in order to work in a compliant fashion.
While we are not a FINRA compliance consulting firm, we are happy to assist you in getting pointed in the right direction. Feel free to contact us at email@example.com for more insight.
SmartVault adds value to your securities workflow by giving you the ability to store all of your files securely online, access documents when you need them, and safely share files with the right people. It’s easy for you to use with features specifically designed for banking and securities companies to automate workflow and meet compliance mandates.