Be Structured is Your Managed Service Provider That Can Support Your Business Through a FINRA Audit
What is a FINRA Audit? FINRA Audit Support
Is there a chance that your business will be facing a FINRA audit this year? Considering the Financial Industry Regulatory Authority, or FINRA, conducts more than 1500 audits annually, you could be. If you are not compliant with the rules set forth by FINRA, you could face the disciplinary action that comes with non-compliance. Turn to the Los Angeles IT technicians here at Be Structured Technology Group and let us be your FINRA audit support specialists. We understand what all goes into FINRA compliance and can help make sure your company has all of the correct policies and procedures in place to ensure that if you are ever audited or going through an annual audit, you have nothing to worry about.
Be Structured is not a FINRA auditing firm, but our clients often need IT support and changes to their IT infrastructure when going through a FINRA audit. We have several FINRA regulated clients and are familiar with the requirements, and can help you get through quickly and easily.
What is FINRA?
FINRA is a crucial part of the financial system in America because they ensure the integrity of brokers and firms during financial transactions. They work under the direct supervision of the SEC or Securities and Exchange Commission. FINRA has some key responsibilities, including:
- Writing and enforcing the rules that govern how ethically registered brokers and broker-dealer firms operate.
- Looking over each firm to ensure compliance with the rules that were written.
- Encouraging transparency within the financial markets.
- Educating anyone that has invested in the industry.
These efforts are put in place to help protect the public from issues like bad practices and fraud. Unfortunately, many people are taken advantage of annually, and FINRA is there to lower those numbers, ideally stopping them in the future. When FINRA finds out about an unethical broker or firm, they step in and do what they can to help. In some cases, they can work with the authorities to help charge these people with fraud and help restore some financial stability to some people’s lives. As an example of how FINRA works, as of 2018, they were able to:
- Levy over $60 million in fines.
- Refer nearly 1,000 cases directly to the SEC and similar agencies for prosecution.
- Carry out more than 900 actions to discipline registered firms and brokers that practiced unethical behavior.
- Order that more than $25 million be returned to defrauded investors.
If FINRA believes that you are a registered broker or firm that is not being ethical with how you treat clients, or they believe that you are not protecting the data of your transactions or clients, they can come through and audit you. In this case, you need to make sure you and your business are totally compliant not to face additional problems once the audit is complete. Depending on how businesses operate and how well they keep up with compliance, the firm or broker can face an audit or get a cycle examination. This can happen every year, every two years, every three years, or even every four years. The more compliant a firm or broker is, the less likely FINRA is to audit them.
The Importance of Data Protection
When anyone works with sensitive financial transactions, there is sensitive data that needs protection. This is part of the process and often gets overlooked when it comes to the scope of FINRA compliance. When talking about making sure the data from these transactions remain safe, there are several aspects to accomplishing this goal.
- First, the threats must be identified and assessed to determine their scope.
- Second, steps must be taken to ensure outside intrusions are stopped before any asset is accessed.
- Third, a detection system must be put in place that notifies administrators when any part of their system or asset has been improperly accessed or potentially compromised.
- Fourth, a plan needs to be created about how any compromise or intrusion is responded to.
- Finally, a plan needs to be put in place that helps with the recovery of stolen, lost, or otherwise unavailable assets for the corporation.
There need to be specific protocols set up with each brokerage or firm to ensure that all data is kept as safe as possible. Each branch needs to have its own set of safety protocols to cover all data from investors and all financial transactions. This should involve procedures for the supervisory regulations, plus formal oversight procedures that each office must follow. There should also be a working inventory that lists all assets from hardware and software, plus all data included should any cyber-attack happen. The protection of the data is nearly as important as making sure each transaction is ethical and in the client’s best interest. That is why these steps must all be in place.
A FINRA Investigation Precedes an Audit
When someone notifies FINRA of a potential problem, the first step is done through the gateway portal that the firm or broker has with FINRA. This involves the investigator going through the documents on the site and all cybersecurity programs the location has. Plus, a team will show up and perform an on-site investigation to look at the complaints, any possible breaches, and what types of training the employee has received regarding cybersecurity protocols. The firm or broker will be notified up to 60 days before the arrival, and it details the process for the investigation. If you are the broker or the firm’s head, you will receive specific details as to when documentation from you is required to be handed in. The documentation that you must send before the team arrives on-site allows for FINRA to have an effective strategy for evaluating the activities of the firm or broker.
As soon as someone from the FINRA team shows up, they will request an office tour. Once the tour is complete, they will set up meetings with the leaders of compliance within the business and the people who lead the business directly. There may also be meetings with the different security personnel to see what controls are in place protecting the data and systems within the business. Most teams will also ask to see the asset inventory created to keep track of all systems and data in case of a cyberthreat, along with the log of how often the inventory is updated. There will also be requests for additional documents and proof of compliance at this time in most instances. Your firm needs to ensure that all communication is prompt and efficient to help ensure the quickest possible resolution to the audit process. Weekly meetings are to be expected during this process so that as issues arise, they can be remedied, and adjustments can be made.
FINRA Exit Meeting
When the audit nears its end, the FINRA team will hold an exit meeting to discuss the areas of concern and hand over recommendations to correct any issues discovered during the audit process. There will also be an exit meeting report for you to look over and respond to. Each item will be discussed, and you will need to have responses to each item in the report. This can be a difficult situation and should not be entered into without the help of a Los Angeles-based FINRA audit IT support team by your side.
You need to make sure that you go over the full examination report following the exit meeting. This report will be given to the CEO of the firm. If you provided exception documentation to the exit meeting report, the responses would be in this examination report. However, if there were no exceptions, the exam will be over. Each exception mentioned in this report needs to be responded to before the final treatment is set forth. It could be that FINRA decides that the firm or brokerage needs no additional action, it could be cautionary action, or it could be that a referral to law enforcement is the result. A lot depends on the issues that started the investigation, the communication during the investigation, and the changes made due to the investigation.
The Stress of FINRA Investigations
If your brokerage firm is not compliant with the rules set forth by FINRA, you are going to have trouble with them eventually. It is not a matter of if, but a matter of when. You need to always act in the best interest of your investors and make sure that each transaction is ethical Plus, you need to make sure that your firm has the right protection procedures in place. However, there are times where it may be a matter of a disgruntled investor and not an actual issue where the firm or broker did anything wrong. The only way to know what will be found at the end of an investigation is to go through it. Just understand that the process is going to be stressful. To reduce your stress, make sure you are compliant from the start and support going through the process. Having a Los Angeles cybersecurity firm that can respond for you and submit all required documentation on your behalf can exponentially decrease the investigation’s stress.
Where Did FINRA Come From?
Back in 2007, many different private organizations that regulate financial dealings went to the SEC and asked for approval to make their own organization. This included members of the National Association of Securities Dealers and members of the New York Stock Exchange. The SEC approved and FINRA was born.
FINRA has forms that nearly all financial personnel are supposed to file each year. This includes CPAs, firms, brokers, and more. These forms must have been completed within 60 days or less from when the fiscal year ends. FINRA, from there, will take a look at the basic transactions that the professional did during that year and examine the income levels. This can include:
- The money that went to the broker-dealer or the firm as income.
- How much money was paid out during that fiscal year.
- Where the money went.
- Tracking evidence of the money to ensure there was no theft of money along the way.
- Checking how suitable the investments that were made were for the clients’ served.
- If there was any additional education for personnel of the firm.
- How the company advertised and who their target audience was during that time.
This is a normal exam that happens every year. This is not the same as one of the surprise FINRA exams or audits akin to an audit done by the state or the SEC. The point of audits is to make sure everything matches between filings and reality, plus make sure that the investments being made make sense according to who they are being invested for.
Since the rules of compliance change so regularly, it may be the best option to consider using computer software that tracks all of the information for the firm or broker. However, that is an individual decision. What matters is that steps are being taken to keep all information used for these investments safe and out of the prying hands of hackers. It needs to be a conscious effort to make investments ethically, plus keep that personal information safe. If this is not followed, chances are a FINRA audit will follow.
Compliance is meant to help keep investment markets stable and safe. That way, people from all over can feel confident investing and keeping the United States economy moving forward. However, if there is ever cause for an audit, the best thing for a brokerage firm or dealer-broker is to prove that they are doing everything legitimately and for the right reasons. What FINRA will want to look at includes:
- Whether or not the dealer-broker or the firm is properly licensed for day-to-day investment transactions. They will also want to see that personnel are being trained, educated, and registered to follow the best financial practices.
- What the day-to-day operations look like. FINRA agents will want to observe the daily activities and monitor the transactions that are going on. This helps decrease the potential risks to people’s investments.
- FINRA will want to ensure that any advertising the firm makes does not make unethical or untrue claims about returns. The information must be accurate, ethical, and properly explained.
- All practices are being done ethically. If there are any odd transactions, FINRA will want to look into any evidence that something unsavory is happening. This includes theft, money laundering, and even insider trading. FINRA wants to make sure that all transactions are upstanding and legitimate goals come along with the investments made.
Should any non-compliance issues arise during a FINRA audit, it is important to understand that aggressive action may be taken, depending on the infraction. This could include disciplinary actions, fines, suspensions, and even the barring of brokers for severe enough infractions. If there is a breach in compliance, the problem will be outlined and investigated. What happens from there depends on the outcome of the investigation.
Avoiding a FINRA Audit
If you want to avoid a FINRA audit for possible compliance issues, then there are certain things you can do to help. They include:
- Ensure you have supervisory control over all transactions with effective and transparent policies to keep all information accurate. This also makes sure there are no false claims or improper representations of what type of returns to expect.
- Know that audits are coming and prepare for them. Having proof that everything is on the up-and-up allows for FINRA to come in and see what is going on without as much stress or worry. Being compliant before any examination is key in helping it go right.
- Know what procedures and policies you must follow before starting, and making sure to follow them. This may seem like common sense, and to many, it is. However, it cannot be understated to make sure you do things properly from the start and keep them that way.
- Make sure you have proof of everyone’s qualifications. It is vital that only the right staff handle the information. If you want to stay in the good graces of FINRA, make sure to follow this rule: keep track of the qualifications of the staff you have in charge of transactions.
When You Need a Los Angeles MSSP to Help You With a FINRA Audit, Contact Be Structured
Protecting yourself before a FINRA audit hits is vital in coming out the other side unscathed. Make sure you have a Los Angeles security consulting firm to help you get ready and stay compliant if you want to help people with their investments. Know that you can keep your company safe by turning to the right professionals from the beginning. Be Structured is here to help. Contact us today, and let us help you be ready for the day when a FINRA audit comes your way.
Does Your Current IT Company Know How To Support You Through A FINRA Audit?
As a Managed Service Provider in Los Angeles, Be Structured Technology Group can support your business through the critical tasks needed for a successful FINRA Audit.
Cover Your Business With The FINRA Audit Support You Need
Are You At Risk For A Cyber Attack? Ninety-five percent of network security breaches are due to human error. Empowering your team with the knowledge and skills to identify cybersecurity threats is essential to keeping your network protected. After all, a team of cybersecurity experts can only protect your network so much; at a certain point, it’s up to your everyday users to sidestep threats before they cripple your network. When facing a FINRA Audit, these threats and systems you have in play are part of what keeps your business compliant to regulatory standards.
Comprehensive Cybersecurity Solutions
When you partner with Be Structured, we secure your network with a comprehensive cybersecurity platform that protects every level of your operations. Our approach includes the latest network security strategies like dark web scanning and phishing email training, all for one fixed monthly price. FINRA Audit Support is an additional service we reserve for our current client base in their time of need.
With Be Structured overseeing your larger cybersecurity needs and threats, you can be confident you’re staying ahead of the latest developments in the industry while preparing for the challenges of tomorrow. As part of our cybersecurity package, we also protect you from external threats such as data breaches and unauthorized access to your network while also guarding against internal threats with disaster recovery solutions.
Los Angeles IT Support
If you’re ready to take a more proactive approach to cybersecurity, you need a team of experts developing and overseeing your overarching security roadmap. Be Structured has the experience and skills to develop customized cybersecurity strategies around your unique operations. We’ll work with you to assess your team’s workflows from the inside out and keep you protected from internal and external threats. Get in touch with our team today to start exploring how much your cybersecurity platform can be doing to protect your bottom line and mission-critical data.