When was the last time you had your FINRA compliance assed by someone who doesn’t work for you?
This is extremely important for organizations like yours – FINRA regulates trading in equities, corporate bonds, securities futures, and options. All firms dealing in securities that are not regulated by another SRO, such as by the Municipal Securities Rulemaking Board (MSRB), are required to be member firms of the FINRA.
If you’re not totally compliant, you’re at serious risk – that’s why it’s smart to have one of your local IT companies in San Francisco check for you.
At its most fundamental level, FINRA requires that:
How is this verified?
FINRA relies on CARDS (the Comprehensive Automated Risk Data System), which compiles trading data from approximately 4,000 brokerages and their subsequent 110 million investor accounts. This system automates the collection of this data and analyses it to identify instances of fraud.
That means that you don’t even need to draw the attention of someone in FINRA – your data is enough to incriminate you. That’s why there’s such a small margin of error when it comes to FINRA compliance.
And if you’re found noncompliant, the consequences can be very severe…
Given the scale of business that FINRA overlooks, when they discover instances of fraud and noncompliance, fines can be extremely expensive. Just in 2019, FINRA levied a series of fines against major firms for a range of different noncompliance issues:
If you’re unsure about your compliance, make sure to at least start with these five key steps:
1. Stay Up To Date On FINRA & SEC Guidance Changes
FINRA & SEC periodically release guidance letters that bring awareness to investment firms regarding cybersecurity practices, and the retention and transmission of data. These letters are typically precursors to final regulations, so you have to be careful and make sure you are keeping up with them.
2. Perform Regular Network Assessments
Regulators want to know if you’ve assessed your IT network to make sure it promotes compliance. You need to make sure that you, or whatever third parties you’re working with, have the capabilities to identify and manage the risk of data breaches and protect your investors’ confidential information.
3. Secure Your Data & Transmissions
Securing the digital communication between employees and your clients such as financial transactions, statements, and reconciliations are vital. Regulators want to know how your firm captures, retains and secures business communication between you and your investors, and who’s in charge of the actual supervision and monitoring.
4. Monitor The Security Of Your Digital Information
Do you have the knowledge to make sure your data is secure? This is an area where confidence is key. Regulators want to know how you protect your clients’ data both in storage and in transit.
5. Implement A Cybersecurity Policy
How often is your cybersecurity policy reviewed, updated, and reported on for accuracy with applicable regulations? Does your written policy align with the actual way you supervise the security of digital information? What corrective-action measures are in place for infractions?
Your cybersecurity policy should act as a framework for protecting IT assets. It should be clear and define:
Establishing a formalized cybersecurity policy can reduce the risk of unsanctioned or potentially damaging inbound/ outbound communications, and instances that may draw unwanted attention to your firm from regulators.
However, no matter if you’re confident in your compliance or not, you should make sure to regularly double-check – the best way to do so is with help from one of your local IT companies in San Francisco.
On Time Tech will audit your FINRA compliance to make sure you’re not overlooking anything and risking severe fines. In the course of our audit, we’ll make sure that…
At a certain point, you and your team will be too close to the subject to see what actually needs to be done. Does that make sense? You can’t risk assuming you’re fully compliant, just because it seems that way to you or your staff. Get a second opinion from On Time Tech.
Like this article? Check out the following blogs to learn more:
My philosophy when starting OTT was I wanted to create a place that I would want to work at (fun and friendly.) Where there was no corporate politics and we could just do our job fixing things and helping people. We can help people with their technology and not be arrogant or condescending to people. We can actually make a difference in peoples lives and not just say it but do it.