The Financial Industry Regulatory Authority is reminding broker-dealers of their obligations to have business continuity and disaster recovery plans in place in a just-released Regulatory Notice.
Reg Notice 19-15 consolidates FINRA’s designation criteria for BDs that must have such plans, as previously announced in Notices 15-43 and 18-09, without change.
As required by SEC Regulation Systems Compliance and Integrity, or Regulation SCI, FINRA in 2015 adopted Rule 4380 requiring BD participation in business continuity and disaster recovery testing.
Reg SCI authorizes FINRA to designate firms that must participate in FINRA’s annual BC/DR test based on established standards, which FINRA first published in Regulatory Notice 15-43 and updated in Regulatory Notice 18-09.
Reg SCI requires that FINRA, as an SCI entity, establish, maintain and enforce written policies and procedures that address, among other things, “[b]usiness continuity and disaster recovery plans that include maintaining backup and recovery capabilities sufficiently resilient and geographically diverse.”
Each SCI entity under Reg SCI, including FINRA, is to also designate firms that must participate in the testing of the entity’s BC/DR plans.
Under FINRA Rule 4380, designated firms would be required to fulfill, within the time frames established by FINRA, certain testing requirements that FINRA determines are necessary and appropriate.
The requirements could include bringing up their systems on the designated testing day and processing test scripts to simulate trading activity, and to satisfy related reporting requirements, reporting the firm’s testing results so that FINRA may evaluate the efficacy of the test and, correspondingly, its BC/DR plan.
Market participants may also wish to participate voluntarily in FINRA’s annual BC/DR test.
“Certain system participants may wish to test their backup capabilities even if they do not exceed the system’s threshold cutoff,” FINRA states. “Additionally, third-party service providers, like service bureaus that transmit information to FINRA systems on behalf of FINRA member firms, may also wish to ensure their ability to function in FINRA’s backup environment, even though the service providers may not be subject to Rule 4380.”
FINRA in February said it was seeking feedback on its Business Continuity Rule 4370, including if firms have activated their business continuity plans and whether the costs of creating, maintaining or updating such a plan outweigh the benefits.
As part of its ongoing retrospective review of its rules, FINRA states in Regulatory Notice 19-06 that the rule requires broker-dealers “to create, maintain, annually review and update upon any material change a written business continuity plan identifying procedures relating to an emergency or significant business disruption.”
— Check out FINRA E-Signatures Rule Gets SEC Nod on ThinkAdvisor.