FINRA Shares Practices Firms Use to Protect Customers From Online Account Takeover Attempts

Regulatory Notice 21-18

Summary

FINRA has received an increasing number of reports regarding customer account takeover (ATO) incidents, which involve bad actors using compromised customer information, such as login credentials (i.e., username and password), to gain unauthorized entry to customers’ online brokerage accounts.

To help firms prevent, detect and respond to such attacks, FINRA recently organized roundtable discussions with representatives from 20 firms of various sizes and business models to discuss their approaches to mitigating the risks from ATO attacks.

This Notice outlines the recent increase in ATO incidents; reiterates firms’ regulatory obligations to protect customer information; and discusses common challenges firms identified in safeguarding customer accounts against ATO attacks, as well as practices they find effective in mitigating risks from ATOs—including recent innovations—which firms may consider for their cybersecurity programs.

This Notice does not create new legal or regulatory requirements, or new interpretations of existing requirements. A firm’s cybersecurity program should be reasonably designed and tailored to the firm’s risk profile, business model and scale of operations. There should be no inference that FINRA requires firms to implement any specific practices described in this Notice.

Questions regarding this Notice should be directed to:

  • David Kelley, Director, Member Supervision Specialist Programs, at (816) 802-4729 or by email; or
  • Greg Markovich, Senior Principal Risk Specialist, Member Supervision, at (312) 899-4604 or by email.

View Full FINRA Notice Here:

FINRA Updates Private Placement Filer Form Pursuant to FINRA Rules 5122 and 5123

Regulatory Notice 21-10

Summary

FINRA has updated the form that members must use to file offering documents and information pursuant to FINRA Rules 5122 (Private Placements of Securities Issued by Members) and 5123 (Private Placements of Securities) (Filer Form). The updated Filer Form will be accessible in the FINRA Gateway beginning  May 22, 2021, and includes new and updated questions that will facilitate review of the filed material.1 Beginning on May 22, 2021, members will be required to complete the updated Filer Form for all new filings, as well as for new amendments to filings.

See Attachment A for a copy of the updated Filer Form. In addition, this Notice informs members about the information that may be requested during a FINRA examination concerning the member’s private placement business. See Attachment B for a copy of the “Unregistered Offering List” template.

Questions regarding this Notice may be directed to:

  • Minh Le, Director, Corporate Financing, at (240) 386-4638 or by email;
  • Janet Boysen, Manager, Corporate Financing, at (240) 386-5101 or by email; or
  • Kathryn Moore, Associate General Counsel, Office of General Counsel, at (202) 728-8200 or by email

View Full Notice Here:

Cybersecurity Alert: Measures to Consider as Firms Respond to the Coronavirus Pandemic (COVID-19)

Information Notice FINRA – 3/26/20

Summary:

As work processes adjust in response to COVID-19, firms and their associated persons should take appropriate measures to address increased vulnerability to cybersecurity attacks and to protect customer and firm data on firm and home networks, as well as devices.

This alert provides firms and associated persons with measures they may use to help strengthen their cybersecurity controls in areas where risks may increase in the current environment. In particular, FINRA understands the resource challenges that small firms may face, but hopes that the information included below may help them address possible cybersecurity issues associated with remote work.

However, this alert does not provide an exhaustive list of steps that firms and associated persons should consider. Further, the alert is not intended to express any legal position, and does not create any new legal requirements or change any existing regulatory obligations.

FINRA is committed to providing guidance, updates and other information to help stakeholders stay informed about the latest developments on FINRA’s COVID-19/Coronavirus Topic Page. New information will be posted on that webpage as it becomes available.

Questions concerning this Notice should be directed to:

Dave Kelley, Director, Member Supervision Specialist Programs, at (816) 802-4729.

View Full Notice Here:

FINRA: Small Firms Will Be Permitted To Spread Out Payment of the Annual Assessment

FINRA announced the below information:

FINRA recognizes the current economic turbulence the spread of COVID-19 has caused small firms, in particular. With that in mind, we are providing temporary relief for small firms with respect to 2020 Gross Income Statements and Personal Assessments (Annual Assessments).

Generally, payment of Annual Assessments is due in full within 30 days of receipt or in four quarterly installments. In 2020, FINRA is permitting small firms—identified under the FINRA By-Laws as having no more than 150 registered persons—to treat 2020 Annual Assessments as billed as of August 1, 2020, rather than as due upon receipt in April. Further, small firms that choose to do so will be allowed to pay 50 percent of the amount due on September 1, 2020, and the remaining 50 percent on December 1, 2020. If a small firm does not submit payment within 30 days of receipt, FINRA will assume the firm has chosen to make payment to FINRA via the two September 1 and December 1 installments. In addition, small firms that exit FINRA membership before September 1, 2020, will not be expected to pay the Annual Assessment for this year.

Please review the related FAQ on FINRA’s COVID-19 page for more information, including guidance on how small firms should treat the deferred payments for net capital purposes.

Filing Extensions – Annual Reports and FOCUS Reports

Due to the coronavirus pandemic (COVID-19), FINRA is providing temporary relief for member firms from rules and requirements in the Frequently Asked Questions below. The relief provided does not extend beyond the identified rules and requirements. FINRA will continue to monitor the situation to determine whether additional guidance and relief may be appropriate. As coronavirus-related risks decrease, member firms should expect to return to meeting any regulatory obligations for which relief has been provided. When appropriate, FINRA will publish a Regulatory Notice announcing a termination date for the regulatory relief that will provide member firms with time to make necessary operational adjustments.

Read below updates from FINRA on Filing Extensions – Annual Reports and FOCUS Reports:

https://live-thornton2020.pantheonsite.io/wp-content/uploads/2020/03/2020-03-FINRA-FOCUS-and-Audit-due-dates.pdf

COVID-19 / Coronavirus

FINRA recognizes the significant impacts that the spread of coronavirus disease (COVID-19) may have on member firms, investors and other stakeholders. 

FINRA is committed to providing guidance, updates and other information to help stakeholders stay informed about the latest developments.  New information will be posted on the link below as it becomes available.

https://www.finra.org/rules-guidance/key-topics/covid-19

FINRA Requests Comments on Proposed Amendments to the Capital Acquisition Broker (CAB) Rules

Regulatory Notice 20-04

Summary:

FINRA’s CAB rules provide a simplified rulebook for broker-dealers that engage only in limited capital advisory, corporate restructuring and private placement activities. FINRA is requesting comment on proposed amendments to the CAB rules to make them more useful to CABs without reducing investor protection.

Questions regarding this Notice should be directed to: 

  • Joseph P. Savage, Vice President and Counsel, Office of Regulatory Analysis, at (240) 386-4534.

Questions regarding the Economic Impact Assessment in this Notice should be directed to: 

  • Meghan Burns, Associate Principal Analyst, Office of Chief Economist, at (202) 728-8062.

View Full Notice Here:

Heightened Terror Threat Risk

Information Notice – 1/23/20

Summary:

The United States Department of Homeland Security (DHS) has issued a bulletin under the National Terrorism Advisory System summarizing the heightened risk of potential cyber and physical attacks by Iran against the United States.1 This Notice outlines steps firms may consider taking to be prepared and respond to any cyber attacks and other business disruptions that may occur.

View Full Notice Here:

Final Statements for Broker-Dealers, Investment Adviser Firms, Agents and Investment Adviser Representatives, and Branches

Regulatory Notice 20-01

Summary:

FINRA is issuing this Notice to help firms review, reconcile and respond to their Final Statements in E-Bill as well as view the reports that are currently available in Web CRD/IARD for the annual registration renewal process. The payment deadline is January 17, 2020.

Please direct questions concerning this Notice to the FINRA Call Center at (301) 869-6699.

View Full Notice Here: