The Financial Industry Regulatory Authority is reminding broker-dealers of their obligations to have business continuity and disaster recovery plans in place in a just-released Regulatory Notice.
Reg Notice 19-15 consolidates FINRA’s designation criteria for BDs that must have such plans, as previously announced in Notices 15-43 and 18-09, without change.
As required by SEC Regulation Systems Compliance and Integrity, or Regulation SCI, FINRA in 2015 adopted Rule 4380 requiring BD participation in business continuity and disaster recovery testing.
Reg SCI authorizes FINRA to designate firms that must participate in FINRA’s annual BC/DR test based on established standards, which FINRA first published in Regulatory Notice 15-43 and updated in Regulatory Notice 18-09.
Reg SCI requires that FINRA, as an SCI entity, establish, maintain and enforce written policies and procedures that address, among other things, “[b]usiness continuity and disaster recovery plans that include maintaining backup and recovery capabilities sufficiently resilient and geographically diverse.”
Each SCI entity under Reg SCI, including FINRA, is to also designate firms that must participate in the testing of the entity’s BC/DR plans.
Under FINRA Rule 4380, designated firms would be required to fulfill, within the time frames established by FINRA, certain testing requirements that FINRA determines are necessary and appropriate.