|
| FINRA Rules | Notices | Rule Filings | Member Alerts | Publications & Guidance | Issue Center | Compliance Tools |
|
|
 |
 |
 |
 |
|
|
|
|
| |||||
Issue Center |
Updated: 05/25/04
Question: What is the purpose of the disclosure requirement in Rule 3510(e)?
Answer: The purpose of the disclosure requirement in Rule 3510(e) is to assist customers in making educated decisions about whether to place their funds and securities at a specific firm. The disclosure may state that the firm's BCP is subject to modification. Each firm is required to disclose to its customers how its BCP addresses the possibility of a future significant business disruption and how the firm plans to respond to events of varying scope.
Updated: 05/25/04 Question: Our firm is a market maker that deals solely with other firms, so we have no retail "customers." To whom, if anyone, should we disclose how our BCP addresses the possibility of a future significant business disruption and how we plan to respond to events of varying scope under Rule 3510?
Answer: As FINRA has stated, each firm's BCP must be tailored to meet its specific needs. This underlying principle also applies to disclosure of how a firm plans to address a significant business disruption. Therefore, although there is no obligation to disclose how your BCP addresses the possibility of a future significant business disruption to non-customers, a copy of the disclosure should be made available to any non-customer with which you do business so that these individuals and firms can determine for themselves the efficacy of the firm's BCP.
Updated: 05/25/04 Question: In what manner should our firm disclose to our customers a summary of how our Business Continuity Plan (BCP) addresses the possibility of a future significant business disruption and how we plan to respond under Rule 3510?
Answer: At a minimum, this disclosure must be made in writing to customers at account opening, posted on your Web site (if you have one), and mailed to customers upon request.
Updated: 05/25/04
Question: The New York Stock Exchange (NYSE) is the designated examining authority (DEA) for our firm. Under the NYSE's Business Continuity Plan (BCP) requirements, a senior officer of the firm may review and approve our BCP. Our technology person who is in charge of developing our BCP is not registered with FINRA. Do we still have to comply with the requirement that a registered principal review and approve our BCP under Rule 3510?
Answer: Yes. Rule 3510(d) requires each FINRA registered firm to designate a member of senior management who is also a registered principal to approve the firm's BCP and be responsible for conducting the annual review.
Updated: 05/25/04 Question: How often should our firm review its Business Continuity Plan (BCP), under Rule 3510?
Answer: Rule 3510 requires each firm to conduct an annual review of its BCP. In addition to an annual review, your firm must update its BCP in the event of any material change to your firm's operations, structure, business, or location.
Updated: 05-25-04 Question: Our firm's business consists primarily of selling variable insurance products. Although we sell the product, the customer needs to deal with the insurance company in question if there is a problem. How do we treat this situation in our BCP under Rule 3510?
Answer: A firm that sells variable insurance products cannot defer its regulatory and customer protection responsibilities to a third party. A firm may, however, tailor its BCP to the needs and business of the firm. In tailoring the plan, the firm must consider its customers' needs in the event of a significant business disruption, and plan accordingly. In the situation presented, the plan should, for instance, consider what the firm's primary responsibilities are, but also include information on the entities that customers would need to contact to access their assets and funds. The firm should also provide customers with any needed information regarding assets held away from the firm.
Updated: 05-25-04
Question: What kind of information should be disclosed to customers, as required by Rule 3510(e)? Answer: Rule 3510(e) does not require firms to disclose their entire BCPs to their customers. Under this rule, members are required only to summarize the manner in which their BCPs address the possibility of significant business disruptions. Firms are not required to disclose the specific location of any back-up facilities, any proprietary information contained in the BCP, or the parties with whom the firm has back-up arrangements.
Instead, the disclosure should address how the firm would react to events of varying scope. For example, the disclosure should: (1) Provide specific scenarios of varying severity (e.g., a firm-only business disruption, a disruption to a single building, a disruption to a business district, a city-wide disruption, and a regional disruption); (2) State whether it plans to continue business during that scenario and, if so, its planned recovery time; and (3) Provide general information on its intended response.
Updated: 05-25-04
Question: Our firm's business is done solely on an RVP/DVP basis. To whom should we disclose how our Business Continuity Plan (BCP) addresses the possibility of a future significant business disruption and how we plan to respond to events of varying scope under Rule 3510?
Answer: BCPs should be reasonably designed to enable a firm to meet its existing obligations to customers and address existing relationships with other broker-dealers and counterparties. To the extent a firm does not have any customers, it should disclose this information to the business constituents or other non-customers that rely on the firm as part of the overall transaction process.
Updated: 05-25-04
Question: Under Rule 3520, how do I register the names of my firm's two emergency contact persons?
Answer: This is done electronically through FINRA's Contact System (FCS) (formerly known as the NASD Member Firm Contact Questionnaire or NMFCQ).
Updated: 05-25-04
Question: My firm is a sole proprietorship. I am the sole registered principal, but I employ two registered representatives. I will register myself as the first emergency contact person, but who should be the second emergency contact person under Rule 3520?
Answer: The second emergency contact person should be one of the registered representatives at your firm.
Updated: 05-25-04
Question: How often should our firm update our emergency contact information under Rule 3520?
Answer: Rule 3520 requires each firm to promptly update its emergency contact information in the event of a material change. In addition, each firm must review and, if necessary, update its emergency contact information within 17 business days after the end of each calendar quarter. This update must include any change to the designation of the two emergency contact persons. Only the Executive Representative, or his or her written designee, may perform the review and update.
Updated: 05-25-04
Question: Our firm is a member of the Securities Investor Protection Corporation (SIPC). Won't SIPC take care of my customers, with respect to access to their funds and securities, in the event of a significant business disruption?
Answer: FINRA's BCP requirements do not conflict with SIPC rules or with a firm's obligation under such rules. Rule 3510(c)(9) requires firms' BCPs to state how the firm will assure customers prompt access to their funds and securities in the event that the firm determines that it is unable to continue its business. If you believe that SIPC rules might affect your response to this requirement, you should address it in your BCP. You cannot, however, rely on SIPC membership, by itself, to satisfy your obligations under Rule 3510(c)(9).
Updated: 05-25-04
Question: Would my firm be required to stay in business in the event of a significant business disruption?
Answer: No. However, under Rule 3510(c)(9), your BCP must address how you will assure customers' prompt access to their funds and securities in the event that you determine that your firm is unable to continue its business.
Updated: 07-27-04
Question: Where can I find information regarding EVault?
Answer: NASD Rule 3510 requires securities firms to create, review and maintain an up-to-date written business continuity plan (BCP).
Recognizing that not all firms have a secure, off-site facility to store and update their BCP, FINRA has arranged for EVault, a leading provider of network backup and recovery software and services, to provide this voluntary electronic repository service specifically designed for FINRA firms. |
||||||||||||
| |||||||||||||
