The FINRA (Financial Industry Regulatory Authority) rules are a set of industry requirements detailing the need for financial and securities firms to develop, implement, and maintain administrative, technical, and physical safeguards to protect the security, integrity, confidentiality, and timely retrieval of financial and account specific documentation.
Under FINRA Rule 3190, the compliance burden is placed on the member financial or securities firm for any work or services for which they use a third-party service. This means that those firms will be very involved in evaluating and examining the qualifications and competencies of all of their service providers.
So, while the burden for compliance does not rest with you as a non-securities firm, an understanding of the FINRA Rules and how they apply to your business can create a significant business advantage in working with financial and securities firm customers. This is especially true for those anyone working in the document storage and retrieval space, as well as data backup and recovery.
Under FINRA, penalties for non-compliance have resulted in large fines, and the regulatory group has been raising these penalties even higher over time. Pershing LLC was fined $3 million for violating the Customer Protection rule and associated supervisory failures1 ; Morgan Stanley Smith Barney was fined $800,000 for failing to issue account statements and confirmations for numerous customer accounts and transactions.2 In addition, banking and securities firms can be expelled from FINRA membership and officers and employees can be barred from working in the securities industry.3
As your trusted online document storage provider, SmartVault provides industry standard security measures such as encryption, authentication, access controls, and auditing to support compliance with FINRA rules for the financial services industry.
|Where FINRA requires:||SmartVault offers solutions:|
|Comprehensive written Information Security Program||To meet the FINRA requirements for security, your storage system must have reasonable controls to prevent and detect unauthorized creation of, additions to, alterations of or deletion of records. As part of the security controls in place at SmartVault, we have clearly documented processes and procedures for every aspect of our services and ensure that our staff understand and operate by those procedures.|
|Clear systems documentation||SmartVault’s information security program is clearly documented, with supporting policies and procedures for all aspects of safeguarding your information, and it is reviewed on an annual basis to ensure it is still meeting the needs of the changing business landscape.|
Industry Standard SSL encryption for documents in transit – protecting your documents, passwords and interactions with SmartVault from eavesdropping
|Physical Safeguards||Physical access to our data centers is strictly controlled. Only those employees and contractors with a demonstrated need are permitted access and that access is controlled through a series of technical controls such as badge readers on the doors, biometric locks on the data center and physically keyed or combination locks on cabinets and safes.|
While we are not a FINRA compliance consulting firm, we are happy to assist you in getting pointed in the right direction.