User Accounts Certification Process for Non-SAA Organizations
The information on this page only applies to organizations without Super Account Administrators (SAAs). See the User Accounts Certification Process for Super Account Administrators (SAA) page for information about the certification process for broker-dealers, funding portals, investment advisers and US-based regulators.
When is the 2023 User Accounts Certification Period?
The 2023 User Accounts Entitlement Certification Period is September 11 – November 13. During this period, a Certification Representative (CRep) for each organization must certify that accounts with access to applications on the FINRA Entitlement Platform are valid and users are entitled only to the entitlements (privileges) necessary to perform their current job responsibilities.
What is the Annual User Accounts Certification Process?
FINRA designates a period every year during which organizations must review and certify all user accounts with access to applications on the FINRA Entitlement Platform. This online user accounts certification process enables organizations without Super Account Administrators (SAAs) to designate a Certification Representative (CRep). CReps are required to review and certify all accounts.
To designate a CRep, complete the online FINRA Entitlement Program Certification Representative (CRep) Designation Form.
Designate Your Organization's Certification Representative (CRep)
Organizations with Account Administrators (AAs) must designate an AA as their Certification Representative (CRep) before the Certification Period begins. A CRep is responsible for, and authorized to, review, verify and certify all accounts. An organization may only have one CRep, and only the CRep is provided entitlement to certify on behalf of the organization.
To designate or replace your CRep, complete the FINRA Entitlement Program Certification Representative (CRep) Designation Form. The form must be signed and submitted by an Authorized Signatory. All accounts will be disabled if an organization fails to designate a Certification Representative (CRep), which is required for Certification.
Organizations that do not have a CRep designated with FINRA before the Certification Period begins will not be able to certify. This will result in follow up for noncompliance as certification is mandatory.
Why Does FINRA Require the Annual Entitlement Certification?
FINRA recommends that every organization perform periodic access reviews to ensure that individuals have the appropriate level of entitlement required to perform their job responsibilities or remove access if no longer required. In addition to this recommendation, FINRA requires CReps to complete the annual certification for all user accounts.
What Should Certification Representatives (CRep) Look for While Performing the Annual Entitlement Certification?
CReps need to confirm that access to applications on the FINRA Entitlement Platform adheres to the following best practices:
- each individual has a continuing need to access application(s) accessed through the FINRA Entitlement Program on the organization's behalf;
- each individual is entitled only to the applications and privileges needed to perform current job responsibilities;
- access to sensitive data (e.g., Social Security number (SSN), Criminal History Record Information (CHRI)) is only given to those who require it; and
- accounts are modified or deleted in a timely fashion when individuals no longer require access.
This mandatory process enhances the protection, integrity and confidentiality of regulatory, proprietary and personal information maintained by FINRA.
Are There Consequences for Organizations That Do Not Complete the Certification?
The following actions will occur if an organization fails to certify within the designated period:
- Organizations With Account Administrators: The capability to create accounts, edit and import entitlements to accounts will be disabled for all account administrators within the organization after the certification due date. Administrator functions will remain disabled until the CRep completes the certification process. Finally, failure to comply with certification will result in all accounts associated with the organization to be disabled until certification is completed. If all organization's accounts are disabled, the CRep must work with the FINRA Entitlement Group to complete the certification and regain full system functionality. For security purposes, administrators may continue to delete or disable accounts.
- Organizations Without Account Administrators : All accounts will be disabled within the organization after the certification due date and will remain disabled until the CRep completes the certification process. If all organization's accounts are disabled, the CRep must work with the FINRA Entitlement Group to complete the certification and regain full system functionality.
Contact the FINRA Support Center at (301) 590-6500.