Wednesday, December 23, 2020
ACA ALERT: PANDEMIC-RELATED BUSINESS CONTINUITY PLANNING, GUIDANCE, AND REGULATORY RELIEF

The Financial Industry Regulatory Authority (“FINRA”) issued Regulatory Notice 20-08 (“RN 20-08”) on March 9, 2020 reminding firms that they should review their pandemic-related business continuity planning.
This review should include assessing whether their business continuity plans (“BCPs”) are flexible enough to address the impact of potential pandemic-related situations to their businesses. FINRA also encourages firms to review their BCPs regarding issues such as pandemic preparedness procedures, staff absenteeism, remote office use or telework arrangements, travel or transportation limitations, and technology interruptions or slowdowns. In addition, FINRA encourages firms to review their emergency contacts to ensure that it can communicate with them, if needed.

FINRA GUIDANCE

FINRA’s RN 20-08 offers suggestions about how to handle the following activities during the current coronavirus (COVID-19) pandemic.

Remote Offices or Telework Arrangements

FINRA indicates that firms may consider implementing remote office and/or telework arrangements for their employees. This would include working from home or at a backup or recovery location. Please note that FINRA expects such firms to establish a reasonable process to supervise the activities of each associated person while they work from an alternative or remote location. FINRA also indicates that scheduled on-site branch office inspections may need to be postponed temporarily because of the pandemic. FINRA understands that firms may need to reevaluate how they will complete their annual inspection obligation in 2020 depending on the length and severity of the pandemic.

Communicating with Customers

FINRA encourages firms to review their BCPs in relation to how they can communicate with customers during the pandemic. Firms should also confirm that customers continue to have access to funds and securities.

RN 20-08 provides a remedy for cases in which registered representatives cannot service their customers. FINRA-regulated firms should consider promptly placing a notice on their websites to let affected customers know who they can contact about trade executions, their accounts, and their access to funds or securities. In addition, FINRA reminds firms to consider implementing supervisory controls to mitigate any potential risks associated with their “reduced ability to communicate with customers, their inability to rely on mail delivery, or other disruptions to their existing controls over communications with customers.” 

Regulatory Filings and Responses to FINRA Inquiries, Matters, and Investigations

FINRA reminds firms needing extra time to respond to open inquiries, investigations, or upcoming filings to contact their Risk Monitoring Analysts or the relevant FINRA department regarding extensions. Please also note that FINRA might waive late fees that could be incurred, depending on the member firm’s circumstances. 

Qualification Examinations and Regulatory Element Continuing Education

Firms should contact FINRA if any of their associated persons affected by the pandemic have qualification examination or continuing education windows that are due to expire.

Updates for Form U4 and Form BR

FINRA indicates that it is temporarily suspending the requirement to update the Form U4 office with the employment address information for registered persons who have temporarily relocated due to COVID-19. In addition, FINRA does not require firms to submit branch office applications on Form BR for those temporary office locations that are opened, or space-sharing arrangements established as a result of the pandemic.

Cybersecurity Controls

FINRA recognizes that firms are understandably focused on continuing business operations while ensuring the health and safety of individuals. However, firms should still ensure their surveillance against cyber threats also continue. Steps should be taken to reduce the risk of cyber events based on how the firm has decided to operate during the pandemic.  
FINRA suggests that such steps may include:

  • Ensure virtual private networks (VPNs) and other remote access systems are appropriately patched with available security updates
  • Check that system entitlements are up to date
  • Employ multi-factor authentication for the firm’s associated persons who access systems remotely
  • Remind the firm’s associated persons of potential cyber risks through training and compliance alerts that would promote heightened vigilance

FINRA also issued Information Notice – 3/26/20 on March 26, 2020 providing firms and associated persons with measures to help strengthen cybersecurity controls in the following areas where risks may increase in the current environment:  

Measures for Associated Persons

  • Office and Home Networks
  • Computers and Mobile Devices
  • Common Attacks
  • Incident Response

Measures for Firms

  • Network Security Controls
  • Training and Awareness

FAQs

Along with RN 20-08, FINRA issued guidance in the form of Frequently Asked Questions (“FAQs”) that discusses the regulatory relief firms can seek in response to the COVID-19 pandemic. The FAQs include helpful information about the temporary relief from rules and requirements being provided in the following areas:

ACA COMPLIANCE GROUP

Logotipo do Compliasset

Somos o software de gestão de Compliance regulatório, Integridade e Privacidade líder no mercado de capitais.


Canal de Denúncias

Denuncie Irregularidades

Canal de LGPD para os titulares de dados que a Compliasset controla

Faça um pedido

Fique por perto

Histórias de inovação na área de Compliance. Os casos que apresentamos aqui são contados por pessoas que estão no dia-a-dia do Compliance das mais variadas organizações.

Debates com referências do mundo jurídico e de Compliance. Um papo dinâmico conduzido por Nicole Dyskant com foco em inovações, desafios e insights.

Histórias de inovação na área de Compliance. Os casos que apresentamos aqui são contados por pessoas que estão no dia-a-dia do Compliance das mais variadas organizações.

Debates com referências do mundo jurídico e de Compliance. Um papo dinâmico conduzido por Nicole Dyskant com foco em inovações, desafios e insights.



Compliasset Software e Soluções Digitais Ltda. Todos os direitos reservados