Topic Page

Business Continuity Planning

FINRA requires firms to create and maintain written business continuity plans (BCPs) relating to an emergency or significant business disruption. Rule 4370—FINRA's emergency preparedness rule — spells out the required BCP procedures. A firm's BCP must be appropriate to the scale and scope of its business.

BCP procedures must be reasonably designed so the firm can meet its existing obligations to customers. A firm must disclose to its customers how its BCP addresses the possibility of a significant business disruption and how the firms plan to respond to events of varying scope. This BCP disclosure must be made in writing to customers when they open their account, posted on the firm's website if they maintain one and mailed to customers upon request. The BCP also must be made available promptly to FINRA staff if requested.

What to Include in a Business Continuity Plan

FINRA Rule 4370 gives a firm flexibility in designing a BCP. It may be tailored to the size and needs of the firm, but at a minimum it must include the following elements:

  • Data backup and recovery (hard copy and electronic);
  • All mission critical systems;
  • Financial and operational assessments;
  • Alternate communications between customers and the firm, and between the firm and employees;
  • Alternate physical location of employees;
  • Critical business constituent, bank, and counterparty impact;
  • Regulatory reporting;
  • Communications with regulators; and
  • How the firm will assure customers' prompt access to their funds and securities in the event that the firm determines that it is unable to continue its business.

A firm must address the elements to the extent applicable and necessary. If any of the elements is not applicable, the firm's BCP must document the rationale for not including the element in its plan. If a firm relies on another entity for any one of the elements or any mission critical system, the firm's BCP must address this relationship.

FINRA provides the following optional tools to assist firms in in fulfilling their need to create and maintain business continuity plans (BCPs) and emergency contact person lists under FINRA Rule 4370.

Small Firm Emergency Partner Program

FINRA, in consultation with NASAA and an industry working group, developed the Small Firm Emergency Partner Program (SFEPP), a voluntary initiative that helps firms partner with each other in preparation for a potential business disruption. Should one occur, the affected firm can rely on its partner—a similar but distant firm—to temporarily service the affected firm's customers while it recovers. Once the affected firm has fully recovered, the support firm's access to the affected firm's customers will discontinue.

Communicating with FINRA

Firms must provide FINRA with emergency contact information. In addition, if a firm is unable to contact FINRA during a significant business disruption through its usual contact, such as the District Office or direct dial number, please call FINRA's Gateway Call Center at (301) 590-6500. This number will be rerouted in the event of a business disruption at FINRA's primary call center, so that the firm will be able to reach an operator or receive recorded instructions. This information also will be posted on 

In instances when data communications are disrupted, firms are responsible for retaining data until it can be transmitted to FINRA.

FINRA's Business Continuity Plan

FINRA's BCP specifies how we will respond to events that significantly disrupt our business and addresses safeguarding our employees and property; insuring data back up and recovery; restoring mission-critical systems as well as critical regulatory and operational activities; alternative communications with investors, member firms, associated persons, and other regulators; and assuring all of our constituents a prompt response to their needs. We plan to continue in business, transfer operations to alternate sites as needed, and maintain as much transparency to our constituents as possible during a disruption. FINRA's business continuity plan is updated and tested regularly, and it is provided to the SEC as part of its oversight of FINRA.

FINRA Waives Certain Trade Reporting and Compliance Engine (TRACE) Late Trade Reporting Fees in Connection With Hurricane Sandy
December 3, 2012
Guidance to Members Affected by Hurricane Sandy
October 30, 2012
Guidance for Firms Potentially Affected by Hurricane Isaac
August 28, 2012
SEC Approval and Effective Dates for New Consolidated FINRA Rules
October 15, 2009
FINRA Provides Guidance on Pandemic Preparedness
October 12, 2009
Guidance for Firms Affected by the California Wildfires
October 25, 2007
Member Business Continuity Experiences regarding Hurricanes Katrina and Rita
December 29, 2006
NASD Requests Comment on Regulatory Relief that Should Be Granted in Response to a Possible Pandemic or Other Major Business Disruption
June 28, 2006
Guidance to Members Affected by Hurricane Katrina
September 2, 2005
SEC Approves Rules Requiring Members to Create Business Continuity Plans and Provide Emergency Contact Information
May 5, 2004
The NASD Seeks Comment on Proposed Rules Relating to Member Firm Business Continuity Plans and Emergency Contact Information
April 10, 2002
Targeted Examination Letter
In coordination with the SEC and the CFTC, we are conducting a review of the impact of Hurricane Sandy on firms’ operations and their ability to conduct business at a time when business continuity plans were enacted.
November 1, 2012
This podcast describes FINRA's Business Continuity Planning (BCP) Template and details recent updates, including those that were made to reflect FINRA's BCP Rule.
July 19, 2010
The second podcast in a two-part series on pandemic preparedness offers suggestions for addressing the top three challenges firms expect during pandemics.
December 21, 2009
The first podcast in a two-part series on pandemic preparedness focuses on business continuity planning and results from a recent FINRA survey.
November 23, 2009
This podcast outlines a new, voluntary partnership program that helps firms provide service to their customers during an emergency.
October 16, 2007
Frequently asked questions about Business Continuity Planning