The Financial Industry Regulatory Authority is seeking feedback on its Business Continuity Rule 4370, including if firms have activated their business continuity plans and whether the costs of creating, maintaining or updating such a plan outweigh the benefits.
As part of its ongoing retrospective review of its rules, FINRA states in Regulatory Notice 19-06, that the rule requires broker-dealers “to create, maintain, annually review and update upon any material change a written business continuity plan identifying procedures relating to an emergency or significant business disruption.”
While broker-dealers must assess risks to their specific firm, significant business disruptions for purposes of business continuity planning may include, among other things, natural disasters, pandemics, terrorist attacks and cyber events, FINRA states.
Broker-dealers that “heavily leverage technology for their business systems and infrastructure may have an increased risk of significant business disruptions associated with cyber events and technology-related disruptions,” FINRA said.
Rule 4370 is the successor rule to the National Association of Securities Dealers’ Business Continuity Rule 3510 and Emergency Contract Information Rule 3520.
After the World Trade Center terrorist attack on Sept. 11, 2001, FINRA “closely studied the securities markets and industry’s recovery capability to assess whether any regulatory action would be needed to assure swift recovery in the event of any future significant business disruptions,” the regulator says.
As a result of that study, FINRA precursor NASD adopted in 2004 Rules 3510 and 3520 “to help ensure that member firms would be able to continue their business operations in the event of such disruptions.”
In 2009, FINRA adopted the rules, without substantive change, as Rule 4370 in the consolidated FINRA rulebook.
FINRA would like comments on by April 26 on such issues as broker-dealers’ challenges in implementing the rule; how they determine what may constitute a significant business disruption; to what extent the costs and benefits have a disproportionate impact on firms based on size and business model; and whether the rule has had negative consequences.
— Check out FINRA Updates Business Continuity, Disaster Recovery Guidance on ThinkAdvisor.