Firm Operations

Business Continuity Planning

Business Continuity Planning

Business continuity remains a priority for firms and their associated persons. It is important that firms maintain adequate business continuity and contingency plans and ensure that employees are aware of and understand these plans.

• FINRA Topic Page: Business Continuity Planning

• FINRA Small Firm Business Continuity Planning Template

Anti-Money Laundering

U.S Imposes Sanctions on Russian Entities and Individuals

The U.S. government has imposed sanctions in response to Russia’s actions in Ukraine. FINRA is issuing this Notice to provide member firms with information about these recent actions. FINRA encourages member firms to continue to monitor the Department of Treasury’s Office of Foreign Asset Control (OFAC) website for relevant information.

• FINRA Regulatory Notice 22-06 (February 25, 2022): FINRA Alerts Firms to Sanctions


AML Act of 2020 First Priorities Issued

FinCEN has issued the first government-wide priorities for AML and CFT, which was mandated by the AML Act of 2020. FinCEN also issued a statement to provide covered non-bank financial institutions, including broker-dealers, with guidance on how to approach the AML/CFT Priorities. FINRA is issuing this Notice to inform member firms of the AML/CFT Priorities and the Statement, and to encourage member firms to consider how to incorporate the AML/CFT Priorities into their risk-based AML compliance programs.

• FINRA Regulatory Notice 21-36 (October 8, 2021): FINRA Encourages Firms to Consider How to Incorporate the Government-wide AML and CFT Priorities into their AML Programs


FINRA Alerts Firms to “Log4Shell” Vulnerability in Apache Log4j Software

FINRA is alerting firms to a recently identified vulnerability in Apache Log4J software, which is an open-source, Java-based logging utility widely used by enterprise applications and cloud services. The “Log4Shell” vulnerability presents risk for member firms because they may be using this software in internal applications, or the software may be embedded in third-party software packages. In addition, many applications written in Java are potentially vulnerable.

• FINRA Regulatory Notice 21-42 (December 14, 2021): FINRA Alerts Firms to “Log4Shell” Vulnerability in Apache Log4j Software


Vendor Management and Outsourcing

FINRA is publishing this Notice to remind member firms of their obligation to establish and maintain a supervisory system, including written supervisory procedures, for any activities or functions performed by third-party vendors that are reasonably designed to achieve compliance with applicable securities laws and regulations and with applicable FINRA rules. This Notice reiterates applicable regulatory obligations, summarizes recent trends in examination findings, observations and disciplinary actions; and provides questions member firms may consider when evaluating their systems, procedures and controls relating to Vendor management.

• FINRA Regulatory Notice 21-29 (August 13, 2021): FINRA Reminds Firms of their Supervisory Obligations
Related to Outsourcing to Third-Party Vendors


Digital Assets

For the past several years, FINRA has encouraged firms to keep their risk monitoring analyst informed if the firm, or its associated persons or affiliates, engaged, or intended to engage, in activities related to digital assets, including digital assets that are non-securities. FINRA appreciates members’ cooperation with this request and is encouraging firms to continue to keep their risk monitoring analyst abreast of their activities related to digital assets on an ongoing basis.

• FINRA Regulatory Notice 21-25 (July 8, 2021): FINRA Continues to Encourage Firms to Notify FINRA if
They Engage in Activities Related to Digital Assets


SEC Investor Bulletin

The SEC’s Office of Investor Education and Advocacy issued this Investor Bulletin to help investors protect their online investment accounts from fraud. As with all web-based accounts, investors should take precautions to help ensure that their online investment accounts remain secure. These online security tips can help.

• SEC Investor Bulletin: Protecting Your Online Accounts from Fraud (July 1, 2021)


FINRA Cybersecurity Topic Page

Given the evolving nature, increasing frequency, and sophistication of cybersecurity attacks – as well as the potential for harm to investors, firms, and the markets – cybersecurity practices are a key focus for FINRA. Visit the link below for more information on related rules, notices, guidance, news and investor education

• FINRA Topic Page:  Cybersecurity

Senior Investors

Senior Investors

FINRA has adopted amendments to Rule 2165 (Financial Exploitation of Specified Adults) to permit member firms to: (1) place a hold on a securities transaction (in addition to the already-permitted hold on a disbursement of funds or securities) where there is a reasonable belief of financial exploitation; and (2) extend a temporary hold on a disbursement or transaction for an additional 30 business days, beyond the current maximum of 25 business days (for a total of 55 business days), if the member firm has reported the matter to a state regulator or agency, or a court of competent jurisdiction. The amendments to Rule 2165 have an effective date of March 17, 2022.

• FINRA Regulatory Notice 22-05 (February 15, 2022): FINRA Adopts Amendments to FINRA Rule 2165


NASAA Model Act to Protect Seniors and Vulnerable Adults

In a significant step toward providing much needed protection for seniors and vulnerable adults, NASAA announced that its membership has voted to adopt a model act designed to protect vulnerable adults from financial exploitation. The model, entitled “An Act to Protect Vulnerable Adults from Financial Exploitation,” provides new tools to help detect and prevent financial exploitation of vulnerable adults.

• NASAA Model Statute to Protect Vulnerable Adults