Annual Entitlement User Accounts Certification Process

One of the responsibilities of an SAA is to periodically review the firm's user accounts and certify on behalf of the firm that all designated users are properly entitled. While FINRA encourages administrators to review user accounts periodically throughout the year, the mandatory annual online user accounts certification process enhances FINRA's overall program to protect the integrity and confidentiality of regulatory, proprietary and personal information maintained by FINRA.

 

Each year, FINRA designates a 30-day period during which SAAs of organizations with more than one user must certify their users’ access to comply with FINRA’s Entitlement User Accounts Certification Process. For 2014, the 30-day certification period ran from January 13 – February 12, 2014.

 

This certification process ensures that:

 

  • Each user has a continuing need to access FINRA application(s) on the organization's behalf;
  • Each user is entitled only to the applications and privileges needed to perform current job responsibilities; and
  • Only those users who require access to sensitive data (e.g., Criminal History Record Information (CHRI), Social Security or tax identification numbers, dates of birth) are given access to this type of data. Otherwise, access must be removed. 

 

If user accounts were not certified within the 30-day period, the capability to create, edit and clone accounts has been disabled for all administrators within the organization and will remain disabled until the SAA completes the certification process. In addition, action by the regulator may be taken to ensure compliance with the process.

 

For more information, refer to the Entitlement User Accounts Certification Process Quick Reference Guide and the FINRA Entitlement Program Frequently Asked Questions.

 

Last Updated: 2/11/2014