The Financial Industry Regulatory Authority is seeking feedback on its Business Continuity Rule 4370, including if firms have activated their business continuity plans and whether the costs of creating, maintaining or updating such a plan outweigh the benefits.
As part of its ongoing retrospective review of its rules, FINRA states in Regulatory Notice 19-06, that the rule requires broker-dealers “to create, maintain, annually review and update upon any material change a written business continuity plan identifying procedures relating to an emergency or significant business disruption.”
While broker-dealers must assess risks to their specific firm, significant business disruptions for purposes of business continuity planning may include, among other things, natural disasters, pandemics, terrorist attacks and cyber events, FINRA states.
Broker-dealers that “heavily leverage technology for their business systems and infrastructure may have an increased risk of significant business disruptions associated with cyber events and technology-related disruptions,” FINRA said.
Rule 4370 is the successor rule to the National Association of Securities Dealers’ Business Continuity Rule 3510 and Emergency Contract Information Rule 3520.