Annual Entitlement User Accounts Certification Process
What is the Annual Entitlement Certification Process?
FINRA designates a period every year during which in-scope SAAs must certify that a review of FINRA system access for all users and administrators within their organization has been completed. The 2020 certification period is April 20 – July 20. Please note that only the SAA can complete this certification on behalf of the organization.
Why Does FINRA Require the Annual Entitlement Certification?
FINRA recommends that every organization perform periodic system access reviews to ensure that individuals have the appropriate level of entitlement required to perform their job responsibilities or remove access if no longer required. In addition to this recommendation, FINRA requires SAAs to complete the annual certification if they manage other user(s) and/or administrator accounts.
What Should SAAs Look For While Performing the Annual Entitlement Certification?
SAAs should confirm that enterprise-wide access to FINRA systems adheres to the following best practices:
- each individual has a continuing need to access application(s) accessed through the FINRA Entitlement Program on the organization's behalf;
- each individual is entitled only to the applications and privileges needed to perform current job responsibilities;
- access to sensitive data (e.g., Criminal History Record Information (CHRI), Social Security or tax identification numbers, dates of birth) is only given to those who require it; and
- accounts are modified or deleted in a timely fashion when individuals no longer require access.
This mandatory process enhances FINRA's overall program to protect the integrity and confidentiality of regulatory, proprietary and personal information maintained by FINRA.
Note for Organizations That Only Maintain an SAA Account
Effective April 2020, organizations that do not have other users and/or administrators in addition to their SAA (often referred to as SAA-only organizations) will have the option to certify but are not required. FINRA and other regulators will not follow up, and the SAA's account will not be disabled for failure to certify.
Are There Consequences for Organizations That Do Not Complete the Certification?
The following actions will occur if an organization that is required to certify does not certify within the designated period:
- The capability to create, edit and clone accounts will be disabled for all administrators within the organization after the certification due date and will remain disabled until the SAA completes the certification process.
- Action by the regulator may be taken to ensure compliance with the process.
- Finally, failure to comply with certification will result in all accounts associated with the organization to be suspended until certification is completed—this action requires an SAA to work with the FINRA Entitlement Group to complete the certification and regain full system functionality.
The Entitlement Certification Quick Reference Guide provides detailed instructions, and the Certification Section of the Entitlement Frequently Asked Questions page contains answers to many common questions. A complete list of resources is located at the bottom of this page.
For Additional Assistance, Contact Us.
- Broker-dealer firms: (301) 869-6699
- Funding Portals: (301) 590-6500
- Investment adviser firms: (240) 386-4848