Although the financial industry has had a number of ups and downs in the past few years, it remains a strong area of opportunity for IT channel companies. The institutions that manage money for other businesses and individuals have the same technology and operational challenges as any other organization. That’s why they frequently rely on solution providers to address and manage part, if not all of their business infrastructure.
The U.S. segment of the financial industry includes more than 4,000 brokerage firms with approximately 160,000 branch offices and almost 636,000 registered securities representatives. As more investments become local, with people increasingly more comfortable working with a representative who lives and works in their own community, those branches aren’t relegated solely to the major population centers anymore. Many older (and younger) investors want access to someone they trust to help them develop and manage individual retirement and savings plans, so having an office on Main Street U.S.A. is quickly becoming the norm.
That national trend presents a significant opportunity for solution providers—whether supporting part of a financial firm’s infrastructure to managing the IT systems for the branch down the street. In addition to the standard business applications, each office relies heavily on a safe and secure network to transmit confidential customer information and other private communications. Financial firms also are required to comply with a multitude of government and industry regulations. That means they need a solution provider who not only they can trust, but also has the skills and knowledge to properly address myriad compliance concerns.
So, while you don’t have to be a Wall Street insider to support financial sector businesses, a good understanding of the regulations and security best practices is an essential factor in ensuring long-term success. One of the most onerous industry compliance concerns is addressing the rules imposed by the Financial Industry Regulatory Authority (FINRA), the largest independent regulator for all securities firms that operate in the United States. The agency sets high industry access and security standards to ensure that regulators and investors can obtain the information they need when they need it, while properly protecting the company’s infrastructure and confidential data. Every banking institution and securities dealer not regulated by another self-regulatory organization (SRO), such as the Municipal Securities Rulemaking Board (MSRB), is required to adhere to FINRA.
For solution providers who support these institutions, the authority’s rules establish a baseline of recommended procedures and prescribed methods for each firm to follow. With a solid understanding of these rules and suggestions, they can design and implement the proper systems that will not only fulfill the obligations of their clients, but minimize the liabilities associated with non-compliance.
Solution Provider Responsibilities
FINRA Rule 3190 establishes the role of third-party organizations, stating that “The firm cannot delegate its responsibilities for, or control over, any outsourced functions or activities.” Contracts and SLAs must be designed to ensure applicable securities laws and regulations are followed, regardless of who completes the tasks. Solution providers have a responsibility not only to follow the measures prescribed by these rules, but also to properly communicate and document the steps they’ve taken with their financial services customers.
A major part of the FINRA rules address data backup and recovery, mandating that electronic records be kept in a separate location from the original copies. Each firm must properly archive, backup and retrieve a multitude of documents and financial information over the course of the business’s lifespan. Books, records, databases, email, voice recording and other communications (such as instant messages and texts from all devices) must be backed up and stored in a remote, secondary location.
Solution providers who support financial institutions must deliver solutions that adhere to FINRA’s rigorous compliance rules, including:
- Remote backup software (online or cloud) to replicate and store the records financial firms need to fulfill 17a-3 requirements.
- Electronic record archiving for long-term retention (to meet the requirements of rule 17a-4).
- A disaster recovery module. FINRA/NASD 3510 requires a DR plan with periodic audits.
- Configuration services. Scheduling of backups and implementing retention policies.
- Compliance consultation and documentation services.
- Managed services and onsite support to ensure proper system performance.
While the design and implementation process shouldn’t be complicated for a properly prepared solution provider, FINRA compliance requires they pay close attention to the specific records requirements. They must follow particular guidelines when creating and maintaining files, with each document or file archived for a prescribed length of time. These details can be found in a comprehensive whitepaper on FINRA compliance for solution providers, which can be downloaded at no charge. Download the whitepaper.
Ted Roller is VP of channel development Intronis, the cloud backup specialist. Monthly guest blogs such as this one are part of The VAR Guy’s annual platinum sponsorship program. Read the archived Intronis guest blogs here.