Annual Entitlement User Accounts Certification Process

One of the responsibilities of an SAA is to periodically review the firm's user accounts and certify on behalf of the firm that all designated users are properly entitled. While FINRA encourages administrators to review user accounts periodically throughout the year, the mandatory annual online user accounts certification process enhances FINRA's overall program to protect the integrity and confidentiality of regulatory, proprietary and personal information maintained by FINRA.

 

Each year, FINRA designates a 30-day period during which SAAs of organizations with more than one user must certify their users’ access to comply with FINRA’s Entitlement User Accounts Certification Process. For 2013, the 30-day certification period ran from January 14 – February 13, 2013.

 

This certification process ensures that:

 

• Each user has a continuing need to access FINRA application(s) on the organization's behalf;
• Each user is entitled only to the applications and privileges needed to perform current job responsibilities; and
• Only those users who require access to sensitive data (e.g., Criminal History Record Information (CHRI), Social Security or tax identification numbers, dates of birth) are given access to this type of data. Otherwise, access must be removed. 

 

If user accounts are not certified by the due date, the capability to create, edit and clone accounts is disabled for all administrators within the organization and will remain disabled until the SAA completes the certification process. In addition, action by the regulator may be taken to ensure compliance with the process.
 
For more information, refer to the Entitlement User Accounts Certification Process Quick Reference Guide and the FINRA Entitlement Program Frequently Asked Questions.