Client Alert: COVID-19 – FINRA Provides Guidance on Pandemic-Related Business Continuity Planning - 13 March 2020
FINRA reminds member firms to consider creating a pandemic-related business continuity plan (BCP).
Regulatory Notice 20-08, issued by FINRA, provides guidance and regulatory relief to member firms for some requirements, with the caveat that as the threat of the virus decreases, "member firms should expect to return to meeting any regulatory obligations for which relief has been provided."
Rule 4370. The rule "requires a member firm to create, maintain, review at least annually and update upon any material change, a BCP identifying procedures relating to an emergency or significant business disruption." According to the notice, BCPs should be "reasonably designed to enable a member firm to meet its existing obligations to customers and address existing relationships with other broker-dealers and counterparties." Risk analysis is to be conducted by each member firm to "determine where critical impact points and exposures exist within the firm and with its counterparties and suppliers." The rule also requires each firm to provide an update to FINRA with emergency contact information of two designated individuals.
Pandemic preparedness. FINRA has discussed the challenges presented by the current pandemic, and member firms are encouraged to contact FINRA to discuss the activation of their BCPs as well as any issues they may be facing.
Mitigation. The notice addresses the efforts to mitigate the impacts of the pandemic and suggests that, when possible, a member firm may "consider employing methods such as social distancing, travel restrictions, revised sick leave policies, special pandemic leave time, or specialized seating plans for densely populated floors or buildings."
FINRA also encourages remote offices or telework arrangements and acknowledges that in this scenario, member firms may need to implement other ways to supervise associated persons. In that event, FINRA expects member firms to "establish and maintain a supervisory system that is reasonably designed to supervise the activities of each associated person while working from an alternative or remote location during the pandemic."
Cybersecurity. Remote offices and telework create increased risk of cyber-attacks so FINRA reminds member firms to stay vigilant and take steps to reduce the risk, some of which may include: (1) ensuring that virtual private networks (VPN) and other remote access systems are properly patched with available security updates; (2) checking that system entitlements are current; (3) employing the use of multi-factor authentication for associated persons who access systems remotely; and (4) reminding associated persons of cyber risks through education and other exercises that promote heightened vigilance.
Additional guidance. FINRA is also temporarily "suspending the requirement to maintain updated Form U4 information regarding office of employment address for registered persons who temporarily relocate due to COVID-19," and notes that firms should use best efforts to provide written notification of relocation of personnel to temporary locations.
FINRA encourages member firms to "review their BCPs regarding communicating with customers and ensuring customer access to funds and securities during a significant business disruption," and reminds firms that they are required to provide emergency contact information in accordance with Rule 4370.
Affected persons who have any qualifications examination or continuing education that is due to expire should contact FINRA.
An emergency declaration in a specified area due to the pandemic may result in some persons volunteering or being called into active military duty and, in that event, FINRA Rule 1210 "provides specific relief to persons registered with FINRA who volunteer or are called into active military duty."
© 2020 CCH Incorporated and its affiliates and licensors. All rights reserved.