Annual Entitlement User Accounts Certification Process
Some of the key responsibilities of an SAA are to ensure that access is appropriate and required as well as remove access for users who no longer need it—either because of changes in job duties or termination with the firm. One way to meet these responsibilities is to periodically review the firm's user accounts. The frequency of such reviews depends upon the size of an organization, user access requirements, staff turnover or security concerns. In addition to FINRA’s recommended periodic reviews, FINRA requires SAAs to complete an annual online user accounts certification process. This mandatory process enhances FINRA's overall program to protect the integrity and confidentiality of regulatory, proprietary and personal information maintained by FINRA.
Each year, FINRA designates a 30-day period during which SAAs of organizations with more than one user must certify their users’ access to comply with FINRA’s Entitlement User Accounts Certification Process.
This certification process ensures that:
If user accounts were not certified within the 30-day period, the capability to create, edit and clone accounts has been disabled for all administrators within the organization and will remain disabled until the SAA completes the certification process. In addition, action by the regulator may be taken to ensure compliance with the process.
For more information, refer to the Entitlement User Accounts Certification Process Quick Reference Guide and the FINRA Entitlement Program Frequently Asked Questions.