News
Annual Certified Audit Information
1. Regulatory Notice 21-05: Certain broker/dealers who submit the annual certified audit through the EDGAR system may be eligible for a 30-day submission extension. More information regarding the Regulatory Notice 21-05 can be found at www.finra.org/rules-guidance/notices/21-05
2. Facing Page – Form X-17A-5: Only the PFO/FinOp or a registered principal are permitted to sign. More information regarding Form X-17A-5 can be found at https://www.sec.gov/files/formx-17a-5_3.pdf
3. Exemption Provision Assertion: AICPA exemption report examples can be found at AICPA.
4. Broker Dealer Annual Audited Financial Statement Compliance Checklist.
5. Commitments & Contingencies – Sample below (if none to report in the audited year):
“As of December 31, 20xx, the Company had no commitment, contingency or guarantee that might result in a loss or a future obligation, as well as any claim of which the firm was aware that might be asserted against it as of the audit opinion date.”
Note: The information provided is a generic guide. Please contact your CPA or TAA for the specific filing requirements for your firm.
FINRA Shares Practices Firms Use to Protect Customers From Online Account Takeover Attempts
Regulatory Notice 21-18
Summary
FINRA has received an increasing number of reports regarding customer account takeover (ATO) incidents, which involve bad actors using compromised customer information, such as login credentials (i.e., username and password), to gain unauthorized entry to customers’ online brokerage accounts.
To help firms prevent, detect and respond to such attacks, FINRA recently organized roundtable discussions with representatives from 20 firms of various sizes and business models to discuss their approaches to mitigating the risks from ATO attacks.
This Notice outlines the recent increase in ATO incidents; reiterates firms’ regulatory obligations to protect customer information; and discusses common challenges firms identified in safeguarding customer accounts against ATO attacks, as well as practices they find effective in mitigating risks from ATOs—including recent innovations—which firms may consider for their cybersecurity programs.
This Notice does not create new legal or regulatory requirements, or new interpretations of existing requirements. A firm’s cybersecurity program should be reasonably designed and tailored to the firm’s risk profile, business model and scale of operations. There should be no inference that FINRA requires firms to implement any specific practices described in this Notice.
Questions regarding this Notice should be directed to:
FINRA Updates Private Placement Filer Form Pursuant to FINRA Rules 5122 and 5123
Regulatory Notice 21-10
Summary
FINRA has updated the form that members must use to file offering documents and information pursuant to FINRA Rules 5122 (Private Placements of Securities Issued by Members) and 5123 (Private Placements of Securities) (Filer Form). The updated Filer Form will be accessible in the FINRA Gateway beginning May 22, 2021, and includes new and updated questions that will facilitate review of the filed material.1 Beginning on May 22, 2021, members will be required to complete the updated Filer Form for all new filings, as well as for new amendments to filings.
See Attachment A for a copy of the updated Filer Form. In addition, this Notice informs members about the information that may be requested during a FINRA examination concerning the member’s private placement business. See Attachment B for a copy of the “Unregistered Offering List” template.
Questions regarding this Notice may be directed to:
FINRA Seeks Comment on Lessons From the COVID-19 Pandemic
Regulatory Notice 20-42
Comment Period Expires: February 16, 2021
Summary:
In response to the coronavirus (COVID-19) pandemic, member firms have made rapid and unprecedented changes to their business operations in order to prioritize the health and safety of firm personnel and investors, while maintaining the public’s access to capital markets. These changes include widespread use of remote offices and alternative work arrangements and new and expanded methods of engaging with personnel and investors. Member firms have also used new methods of engaging with FINRA and other regulators and complying with regulatory requirements. For its part, FINRA has taken numerous steps to assist member firms, firm personnel and investors as they navigate the effects of the COVID-19 pandemic.
FINRA welcomes feedback on lessons learned from stakeholders’ experiences during the pandemic, including the impact of changes made to member firms’ operations and business models, and the effectiveness of business continuity planning. FINRA further requests comment on whether it should consider changes to its rules, operations or administrative processes to address lessons learned during the pandemic or to address anticipated long-term impacts of the pandemic on member firms and investors.
Questions regarding this Notice should be directed to:
- Jeanette Wingler, Associate General Counsel, Office of General Counsel (OGC), at (202) 728-8013;
- Emily Goebel, Assistant General Counsel, OGC, at (202) 728-8235; or
- Patricia Ledesma, Senior Economist, Office of the Chief Economist, at (202) 728-8461.
FINRA Alerts Firms to Phishing Email Requesting Them to Respond to Fraudulent FINRA Survey
Regulatory Notice 20-35
Summary:
FINRA warns member firms of a widespread, ongoing phishing campaign that involves fraudulent emails purporting to be from FINRA asking member firms to complete a survey (see sample below). The email was sent from the domain “@regulation-finra.org” and was preceded by “info” followed by a number, e.g., info5@regulation-finra.org. FINRA recommends that anyone who clicked on any link or image in the email immediately notify the appropriate individuals in their firm of the incident.
The domain of “regulation-finra.org” is not connected to FINRA and firms should delete all emails originating from this domain name.
FINRA has requested that the Internet domain registrar suspend services for “regulation-finra.org”.
FINRA reminds firms to verify the legitimacy of any suspicious email prior to responding to it, opening any attachments or clicking on any embedded links.
For more information, firms should review the resources provided on FINRA’s Cybersecurity Topic Page, including the Phishing section of our Report on Cybersecurity Practices -2018.
Questions regarding this Notice should be directed to Dave Kelley, Director, Member Supervision Specialist Programs, at (816) 802-4729 or by email.
FINRA Shares Practices Firms Implemented to Prepare for the LIBOR Phase-out
Regulatory Notice 20-26
Summary:
FINRA reminds firms to evaluate their exposure to LIBOR (formerly, the London Interbank Offered Rate), and review their preparedness to manage LIBOR’s phase-out. To understand how firms are preparing for that phase-out, FINRA surveyed a representative cross-section of member firms, including some firms with significant trading volume or positions in LIBOR-linked securities. This Notice provides a summary of the results of the survey.
Questions concerning this Notice should be directed to:
FINRA Encourages Firms to Notify FINRA if They Engage in Activities Related to Digital Assets
Regulatory Notice 20-23
Summary:
For the past two years, FINRA has encouraged firms to keep their Risk Monitoring Analyst (formerly known as a “Regulatory Coordinator”) informed if the firm, or its associated persons or affiliates, engaged, or intended to engage, in activities related to digital assets, including digital assets that are non-securities.1 FINRA appreciates members’ cooperation with this request and is encouraging firms to continue to keep their Risk Monitoring Analyst abreast of their activities related to digital assets until July 31, 2021.
Questions concerning this Notice may be directed to:
Steven Thornton Interviewed by Financial Advisor IQ
Steven Thornton was interviewed by Financial Advisor IQ regarding compliance deadlines for broker-dealers.
Cybersecurity Alert: Measures to Consider as Firms Respond to the Coronavirus Pandemic (COVID-19)
Information Notice FINRA – 3/26/20
Summary:
As work processes adjust in response to COVID-19, firms and their associated persons should take appropriate measures to address increased vulnerability to cybersecurity attacks and to protect customer and firm data on firm and home networks, as well as devices.
This alert provides firms and associated persons with measures they may use to help strengthen their cybersecurity controls in areas where risks may increase in the current environment. In particular, FINRA understands the resource challenges that small firms may face, but hopes that the information included below may help them address possible cybersecurity issues associated with remote work.
However, this alert does not provide an exhaustive list of steps that firms and associated persons should consider. Further, the alert is not intended to express any legal position, and does not create any new legal requirements or change any existing regulatory obligations.
FINRA is committed to providing guidance, updates and other information to help stakeholders stay informed about the latest developments on FINRA’s COVID-19/Coronavirus Topic Page. New information will be posted on that webpage as it becomes available.
Questions concerning this Notice should be directed to:
Dave Kelley, Director, Member Supervision Specialist Programs, at (816) 802-4729.