Compliance Vendor Directory Frequently Asked Questions (FAQ)
- What is the Compliance Vendor Directory (CVD)?
- The CVD is a new resource FINRA developed to help firms locate and assess vendors that provide compliance-related offerings.
- When was the CVD launched?
- The CVD went live mid-May 2017.
- Where will the CVD be located?
- The CVD home page will be located at: http://www.finra.org/industry/cvd.
Vendors can access the CVD application form and submit it to FINRA to have their offering(s) listed in the CVD.
Firms can access the CVD after logging in to the home page of the FINRA Firm Gateway. If you do not have Firm Gateway credentials, see your firm Super Account Administrator (SAA) to get a Firm Gateway account created.
- Can both firms and vendors view the vendors’ offerings in the CVD?
- Firms can search the directory after logging in to the home page of the Firm Gateway.
Vendors can submit a CVD Application form to be listed in the CVD; however, vendors will not have access to view the directory. Vendors can request a copy of their compliance listing in the directory by sending an email to FINRA Member Relations and Education.
- Will using a vendor listed in the CVD ensure a firm complies with FINRA rules and regulations?
- No. Using a CVD vendor does not ensure a firm’s compliance with FINRA rules or other regulations or laws. The vendor tools and services included in CVD are provided solely as a convenience to firms. FINRA reviews the CVD Application form only for grammar, spelling, and excessive marketing language and does not ensure the accuracy or completeness of vendor responses.
FINRA does not endorse the products listed in the CVD and firms are not obligated to use them. FINRA strongly suggests that firms perform their own due diligence-including technical and financial reviews-before making any vendor decisions.
In addition, FINRA reminds firms that while certain tasks can be performed by a third-party provider, the responsibility to supervise these activities for compliance with applicable federal securities laws and regulations, as well as self-regulatory organization rules, remains with the firm. FINRA will review firms' due diligence and risk assessment of providers of outsourced services and their supervision of those services (See NASD Notice to Members 05-48).
- What information on each vendor is included in the CVD?
- The CVD lists each vendor’s:
- company profile and contact information;
- information security vendor self-attestation; and
- Compliance offering(s), with a description of each.
- What compliance offerings will be available when the directory is first published?
- The CVD features nine categories of compliance offerings:
- Compliance Consulting: Vendors in this category offer tools and customized solutions to support firms' compliance programs. Solutions may include training, testing, certifications, risk assessments and other offerings to help firms comply with rules and regulations.
- Cybersecurity: Vendors in this category help firms manage and reduce cybersecurity risk. The vendors’ offerings are presented in the context of the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF), enabling firms to target their most critical cybersecurity risk gaps. The NIST CSF defines the following functional areas: Identify, Protect, Detect, Respond, and Recover.
- Data Management: Vendors in this category provide services and software that facilitate compliant storage, maintenance, and sharing of data. Many vendors provide audit, compliance and surveillance functions encompassing several broker-dealer operations, including trading, certifications, conflict management, broker and client onboarding and regulatory reporting.
- Email & Social Media Archive: Vendors in this category help firms manage and review/supervise email archive and social media archive interactions to comply with SEC and FINRA regulations. Offerings in this area include compliance, legal holds, early case assessments, eDiscovery, and other supporting features.
- Exam Prep & Firm Continuing Education (CE): Vendors in this category assist firms with obtaining and maintaining required registrations for persons at various roles at a firm. These services include but are not limited to preparing staff to sit for qualification exams and providing Firm Element continuing education.
- Insurance Brokers: Vendors in this category include insurance brokers who are third-party providers of insurance products. Many vendors offer insurance products such as Fidelity Bonds, Errors and Omissions, Directors and Officers, Cybersecurity, Employment Practices Liability, and other offerings.
- Monitoring: Vendors in this category provide monitoring tools and solutions to help firms comply with rules and regulations. Solutions may include monitoring of employees, devices, activities, third-party vendors, disclosure, and social offerings
- PCAOB Registered Accountants: Vendors in this category include accountants registered with the Public Company Accounting Oversight Board (PCAOB).
- Registration Services: Vendors in this category assist firms in completing the registration process while staying compliant with FINRA rules and regulations. These services include but are not limited to electronic batch filing to and downloading reports from Web CRD through Web EFT, and utilizing Electronic Fingerprint Processing (EFP) services.
- How many categories of compliance offerings can a vendor select?
- Vendors can select up to two categories of compliance offerings under which they would like to be listed.
- Will additional compliance offering categories be added?
- As additional compliance offerings are determined, they may be added to the CVD.
- Can a vendor be removed from the CVD?
- Yes. FINRA reserves the right to temporarily or permanently remove a vendor from the CVD for any reason including if FINRA determines that the vendor is displaying inaccurate, misleading or incomplete information.
- Do vendors have to pay to participate in the CVD?
- No. FINRA provides the CVD program free of charge to firms and vendors.
- Can vendors promote/market their participation in the Compliance Vendor Directory?
- Yes, based on the following guidelines: Vendor agrees that it will not use the names “FINRA” or “Financial Industry Regulatory Authority” or any other FINRA company name or division name, logo or trademark in any advertising, marketing, or online, social or promotional media without the prior written consent of FINRA. Vendor may, however, list the following approved language on their online and promotional materials:
[Vendor Name] is listed in the FINRA Compliance Vendor Directory.
Note: Your participation in the CVD is based on your compliance with the above stated guidelines. Your failure to follow these guidelines will result in termination of your participation in this program.
- For questions about a specific compliance offering, who should firms contact?
- Firms should contact the vendor using the contact information provided in the CVD.
- For questions about the Compliance Vendor Directory, whom should firms or vendors contact?
- Contact the FINRA Call Center at (301) 590-6500 or email FINRA Member Relations and Education.