FINRA Compliance

FINRA is the Financial Industry Regulatory Authority, an organization that provides oversight to brokerage firms and exchange markets.

What is it?

FINRA was established in 2007 by the merging of the National Association of Securities Dealers and the regulatory arm of the New York Stock Exchange.

Who oversees it?

The Securities and Exchange Commission.

Who does it apply to?

Organizations involved in the sale of financial securities.

How does it impact IT professionals?

Email archiving and retention plays a large part in the SEC and FINRA rule requirements. IT professionals may be called upon to implement and maintain an email archiving solution for clients who are subject to SEC and FINRA rules.

What do your clients need to be FINRA compliant?

FINRA 3110

Each firm must preserve accounts, records, and correspondence in adherence to applicable laws, SEC rules, and FINRA rules and regulations.

FINRA 3010

Each firm must maintain a system to supervise transactions and correspondence with their users. Firms should establish a supervisory system with written procedures that govern the regular review of incoming and outgoing electronic correspondence.

SEC 17a-3-4

Each firm must maintain a written, enforceable data retention policy, including searchable indexes of data stored. Data must furthermore by securely stored offsite in tamper-proof storage media.

What are the dangers of not being FINRA compliant?

  • Initial fines of up to $100,000
  • Additional monetary sanctions from $5000 to several millions of dollars
  • Suspension
  • Individual ban
  • Firm expulsion

Visit here for a full description of FINRA’s violation sanctions.

Event and Audit Log Retention Requirements

In order to maintain FINRA compliance, event and audit logs must be retained for a period of six years. However, the SEC recommends keeping event and audit logs, as well as client files, indefinitely.

FINRA Compliance Services at a Glance

In order to maintain compliance with the FINRA rules and regulations, firms are required to maintain a searchable record of all electronic correspondence as well as a comprehensive Information Security Policy that proves that all applicable steps have been taken to protect sensitive data on the network.

MSPs can best assist their clients in achieving FINRA compliance by offering a comprehensive email archiving solution and developing a tailored Information Security Policy for their clients and assisting them in implementing the written policy.

Related Articles: