FINRA compliance is an inescapable requirement for brokerage firms and other securities industry participants in the United States, similar perhaps in the way that death and taxes are inescapable certainties in life. Managed IT services for financial institutions can help reduce the burden of FINRA compliance and here is how!
That's the Financial Industry Regulatory Authority (FINRA), and while the IRS and the Grim Reaper wield their sovereignty over the first two inescapable certainties (and it isn't always clear which agency is more powerful) FINRA pursues its own remit with equal determination.
All firms and their employees need to be registered with FINRA if they deal in securities.
The agency was created to protect investors and keep them informed, detect fraud and malpractice, monitor equities markets, and preserve their integrity.
FINRA is an SRO or self-regulatory organization, a non-profit, non-governmental entity authorized by the US Congress “...to protect America’s investors by making sure that the broker-dealer industry operates fairly and honestly.”
FINRA has been granted some regulatory power over the financial securities industry and the New York Stock Exchange, and it has both the will and the resources to be as inevitable as mortality and taxation. FINRA has the power to police compliance with its rules and to punish any brokerage firms that break them.
So, FINRA are the good guys, but if you don't achieve compliance with FINRA rules they can really put you through the wringer.
Compliance with FINRA means working within its many rules.
FINRA regulates over 4,200 brokerage firms, which between them employ around 63,000 brokers. FINRA rules stipulate that all financial brokers need to be registered, licensed, qualified, and meet their continuing education requirements, and FINRA's financial examiners go out in person every day to carry out inspections, making sure that every broker and all brokerage firms are consistently following them.
Examiners concentrate their attention on those areas that pose the greatest financial risks to investors and the markets, and to that end, they are aggressively thorough (imagine a member of the Spanish Inquisition who also happens to be a forensic accountant and you won't be far off).
FINRA examiners investigate complaints and suspicious activity, and they also check the claims made in almost a hundred thousand broker advertisements and communications each year to ensure that financial information is properly presented and does not mislead investors.
Note that meeting compliance regulations, including FINRA, can definitely up your cybersecurity game, but don't forget to remember that there is a difference between compliance and security!
In 2014 FINRA carried out 1,397 disciplinary actions against brokerage firms and brokers, levied fines worth $134 million, and secured restitution payments of $32.3 million.
Fines rose to $173.8 million in 2015, and in 2017 a single firm, Red River Securities was hit with a $24.6 million penalty, although perhaps it could have been worse because FINRA also has the power to expel brokerage firms and suspend and bar brokers, making it illegal under federal law for them to sell securities.
As FINRA operates a trusted background checking tool - Brokercheck.finra.org - it pays to stick to the rules and avoid being listed as barred, suspended, or fined, and managed IT services can help.
It isn't hard to understand why so many FINRA compliance rules focus on IT. Technology is crucial to delivering modern financial services, and with businesses trying to juggle the twin demands of getting their tech infrastructure right and achieving compliance with the rules of numerous governing bodies as well as FINRA, many of them choose to outsource IT provision to a specialist service provider.
Even if brokers and brokerage firms have been trying hard to do everything right from day one, achieving FINRA compliance and navigating FINRA audits can be tricky and stressful. Offloading some of your responsibilities to a managed IT services provider can help brokerage firms like yours achieve a higher level of FINRA compliance while simultaneously reducing grey hairs and headaches.
FINRA itself relies on IT to help it obtain and analyze a staggering 30-75 billion financial transactions every day. It also issues rules and best practice guidance on IT topics like data security, retention of emails and other records, encryption, data discovery, and data recovery, to name just a few. FINRA maintains this focus because user data is so attractive to criminals.
Financial services have been under sustained assault from the criminal element for some time, with data breaches increasing by 480% between 2017 and 2018. Cybercrime now costs the financial services industry more than any other, and that's a trend that FINRA compliance was designed to fight.
But FINRA rules are ever-evolving, as criminals constantly look for new weak points in systems, so you have to ask yourself if you have the time and expertise to keep on meeting the compliance requirements that this arms race will always be changing.
A managed IT service provider with FINRA consulting experience can either provide the elements that brokerage firms need or advise them on what to do to achieve compliance with FINRA rules.
Here are some examples:
FINRA wants you to create this by talking to key internal stakeholders from all relevant departments so that their broad perspective gives you an effective working document. It should cover how you will escalate cybersecurity threats and outlines your risk management policies, processes, and structures. It shouldn't be static though. FINRA wants it to evolve because threats are always evolving, so you'll need to update your risk assessments periodically to “...identify and analyze potential dangers or risks to a firm’s business”.
FINRA thinks you're best off with a 'safe within a safe within a safe' approach to protecting your data. The more secure layers you can put between your systems and attackers, the harder it is for them to breach them.
FINRA rules require you to limit access to key information. Secure employee's devices and only let them access what the business needs them to.
FINRA rules favor SHA-256 data encryption which makes stolen or intercepted information unreadable to everyone except the intended receiver and it can also tell you who changed it or accessed it last, too.
WORM stands for ‘Write Once Read Many’, and FINRA compliance rules means you need to preserve messages between members, brokers, and dealers securely in a non-rewriteable, non-erasable format.
Penetration testing simulates attacks to uncover security weaknesses, highlight their consequences to the business, and reveal how effective your response strategy is.
Brokerage firms that switch to paperless document management don't just achieve greater efficiency, they make FINRA compliance audits go more smoothly too.
Managed IT services help to make FINRA compliance less of a burden for brokerage firms and other securities industry participants. Get in touch with us today and discover how we can help make inescapable certainties more manageable.