FINRA

Download PDF

Introduction

About the FINRA Rules

The FINRA (Financial Industry Regulatory Authority) Rules are a set of industry requirements detailing the need for financial and securities firms to develop, implement, and maintain administrative, technical, and physical safeguards to protect the security, integrity, confidentiality, and timely retrieval of financial and account specific documentation.

What You Don’t Know CAN Hurt You

Under FINRA, penalties for non-compliance have resulted in large fines, and the regulatory group has been raising these penalties even higher over time. Pershing LLC was fined $3 million for violating the Customer Protection rule and associated supervisory failures1 ; Morgan Stanley Smith Barney was fined $800,000 for failing to issue account statements and confirmations for numerous customer accounts and transactions.2 In addition, banking and securities firms can be expelled from FINRA membership and officers and employees can be barred from working in the securities industry.3

I’m not a securities firm. Does FINRA Apply to My Business?

Under FINRA Rule 3190, the compliance burden is placed on the member financial or securities firm for any work or services for which they use a third-party service. This means that those firms will be very involved in evaluating and examining the qualifications and competencies of all of their service providers.

So, while the burden for compliance does not rest with you as a non-securities firm, an understanding of the FINRA Rules and how they apply to your business can create a significant business advantage in working with financial and securities firm customers. This is especially true for those anyone working in the document storage and retrieval space, as well as data backup and recovery.

How does SmartVault Support You in Complying with FINRA?

FINRA Requires...SmartVault Responds...
Comprehensive written Information Security ProgramTo meet the FINRA requirements for security, your storage system must have reasonable controls to prevent and detect unauthorized creation of, additions to, alterations of or deletion of records. As part of the security controls in place at SmartVault, we have clearly documented processes and procedures for every aspect of our services and ensure that our staff understand and operate by those procedures.
Clear systems documentationSmartVault’s information security program is clearly documented, with supporting policies and procedures for all aspects of safeguarding your information, and it is reviewed on an annual basis to ensure it is still meeting the needs of the changing business landscape.
Technical SafeguardsIndustry Standard SSL encryption for documents in transit – protecting your documents, passwords and interactions with SmartVault from eavesdropping
Granular access – ability to grant access to specific folders
Activity Logs – complete audit history of who accessed and/or modified documents stored in SmartVault
Document access via authenticated login – files are only accessible to users of the service (no anonymous sharing of files)
Physical SafeguardsPhysical access to our data centers is strictly controlled. Only those employees and contractors with a demonstrated need are permitted access and that access is controlled through a series of technical controls such as badge readers on the doors, biometric locks on the data center and physically keyed or combination locks on cabinets and safes.

In Summary

It is important to remember that FINRA compliance is a securities firm obligation, not a technical specification. So when we say that SmartVault supports a FINRA compliant workflow, what we mean is that our service gives you the tools that securities firms like yours need in order to work in a compliant fashion.

While we are not a FINRA compliance consulting firm, we are happy to assist you in getting pointed in the right direction. Feel free to contact us at security@smartvault.com for more insight.

About SmartVault

SmartVault adds value to your securities workflow by giving you the ability to store all of your files securely online, access documents when you need them, and safely share files with the right people. It’s easy for you to use with features specifically designed for banking and securities companies to automate workflow and meet compliance mandates.

Footnotes

  1. FINRA Fines Pershing LLC $3 Million for Customer Protection Rule Violations and Supervisory Failures
  2. FINRA Fines Morgan Stanley $800,000 for Deficient Conflict of Interest Disclosures in Equity Research Reports and Public Appearances by Research Analysts
  3. FINRA News Releases