What is FINRA?
The Financial Industry Regulatory Authority (FINRA) is a non-profit organization that has been authorized by Congress to establish and oversee rules governing the Broker-Dealer Industry serving American Investors. In short, much like the Securities and Exchange Commission (SEC), they are a stock market watchdog, although the SEC’s scope is much broader.
The National Association of Securities Dealers (NASD), founded in 1939, was the predecessor to FINRA, which was established as the NASD’s replacement in 2007.
Only a small portion of FINRA regulations address Cybersecurity requirements which are typically handled by a company’s in-house IT Support or a 3rd party Managed IT Services firm. Poll a few of the well-reputed members of the IT Support Los Angeles Community (in fact, the worldwide IT support community) about the measures needed for FINRA Cybersecurity compliance, and at least 80% will tell you that the standard measures they put in place for their clients already meet or surpass the data protection and backup requirements set by FINRA, HIPAA, PCI, CMMC and others. Only selective ‘tweaking’ is typically called for in some cases.
But this is only the Cybersecurity aspect. One cannot expect any IT services and support provider to attend to the intricacies of the entire vast securities trading environment – that would be like asking your podiatrist to perform open heart surgery. For the vast amount of compliance requirements set forth by FINRA, which cover everything from Variable Annuities to financial reporting, there is a need for a dedicated Compliance Officer – either in-house or from a specialized 3rd party consulting firm.
What does a compliance officer do?
A Compliance Officer (CO) is responsible for ensuring that a company meets all local, state, and federal penal laws and regulations, but the regulations set forth by agencies that oversee and regulate their particular industry.
Depending on the nature of your business, this is a big job – not something you just hand off to your HR manager to do when they have time. The main (but not all) duties a CO is responsible for:
- Monitoring all procedures and operations to ensure compliance.
- Conducting regular assessments to maintain consistency with rules and regulations.
- Training the staff in compliance measures, including ongoing legal changes.
- Managing information and maintaining an even flow that adheres to compliance policies.
- Acting as a liaison and contact person between department heads and senior management.
It is important to note that a Compliance Officer should operate independently of the company’s legal department in order to avoid conflicts of interest.
What are FINRA rules?
According to FINRA: “FINRA's rules and guidance strive to protect investors and ensure the integrity of today's rapidly evolving market. FINRA's rules and guidance strive to protect investors and ensure the integrity of today's rapidly evolving market. FINRA is here to help keep investors and their investments safe.
There are a LOT of rules – too many to list here. For a rundown, visit their own webpage ‘FINRA Rules’.
Regulatory Obligations
The intricacies of FINRA compliance can be complicated by the ever-changing technological influence on businesses today. According to FINRA:
“The SEC’s Regulation S-P Rule 30 requires firms to have written policies and procedures that are reasonably designed to safeguard customer records and information. FINRA Rule 4370 (Business Continuity Plans and Emergency Contact Information) also applies to denials of service and other interruptions to members’ operations. In addition to firms’ compliance with SEC regulations, FINRA reminds firms that cybersecurity remains one of the principal operational risks facing broker-dealers, and expects firms to develop reasonably designed cybersecurity programs and controls that are consistent with their risk profile, business model and scale of operations.
Technology-related problems, such as problems in firms’ change- and problem-management practices, can expose firms to operational failures that may compromise firms’ ability to comply with a range of rules and regulations, including FINRA Rules 4370 (Business Continuity Plans and Emergency Contact Information), 3110 (Supervision) and 4511 (General Requirements), as well as Securities Exchange Act of 1934 (Exchange Act) Rules 17a-3 and 17a-4.”
Any brokerage firm needs to insist that, upon the installation of new apps or software, their in-house IT Support Department or 3rd Party Managed IT Services Provider coordinate with their CO (Compliance Officer) to test for any ‘hiccups’ the new technology may cause in their compliance obligations.
Frequently Asked Questions
Who enforces FINRA rules?
As a government entity, The Securities and Exchange Commission (SEC) enforces to rules as well as any fines and penalties set by FINRA.
What is the difference between the SEC and FINRA?
The SEC is a government organization that protects investors and ensures the integrity of the securities market. FINRA is a non-government, non-profit entity which handles the licensing and regulation of broker-dealers. The SEC oversees FINRA, which is authorized to act on the rules and regulations of the SEC, which carries the weight of prosecution. The SEC is the first level of appeals for any actions levelled by FINRA at allegedly errant broker-dealers.
Who has to comply with FINRA?
Brokerage firms and their brokers who trade in securities markets like the stock exchange.
What happens if you violate FINRA?
A broker/dealer can face fines, suspensions and in severe cases of malicious misconduct, one can be barred from the brokerage industry.
How do I file a complaint against a broker?
FINRA’s website has a place to file a complaint on its website. They state that before filing a complaint, the complainant should first contact the subject brokerage firm. In their own words: “Immediately question your broker about any transaction that you do not understand or did not authorize with your broker. If you are not satisfied with your broker’s response, contact the firm’s branch manager or compliance department. If you lost money or there was an unauthorized trade made in your account, you should complain in writing. Retain copies of your letter and of all other related correspondence with the brokerage firm.”
Can FINRA send you to jail?
NO. As FINRA is not a government organization, it does not have the authority to send even the worst offenders to jail. But they know people who can.
How good is your Cybersecurity?
IT Support LA offers a FREE Network & Security Assessment, which typically uncovers inadequacies within network infrastructures (it is very rare that we see a bulletproof system). There are no strings, and we deliver you a comprehensive written report detailing the exact state of your network and Cybersecurity protections.
Simply fill in the form on this page or call us at: