Business Continuity Planning

FINRA requires firms to create and maintain written business continuity plans (BCPs) relating to an emergency or significant business disruption. Rule 4370—FINRA’s emergency preparedness rule — spells out the required BCP procedures. A firm’s BCP must be appropriate to the scale and scope of its business.

BCP procedures must be reasonably designed so the firm can meet its existing obligations to customers. A firm must disclose to its customers how its BCP addresses the possibility of a significant business disruption and how the firms plan to respond to events of varying scope. This BCP disclosure must be made in writing to customers when they open their account, posted on the firm’s website if they maintain one and mailed to customers upon request. The BCP also must be made available promptly to FINRA staff if requested.

What to Include in a Business Continuity Plan

FINRA Rule 4370 gives a firm flexibility in designing a BCP. It may be tailored to the size and needs of the firm, but at a minimum it must include the following elements:

  • Data backup and recovery (hard copy and electronic);
  • All mission critical systems;
  • Financial and operational assessments;
  • Alternate communications between customers and the firm, and between the firm and employees;
  • Alternate physical location of employees;
  • Critical business constituent, bank, and counterparty impact;
  • Regulatory reporting;
  • Communications with regulators; and
  • How the firm will assure customers’ prompt access to their funds and securities in the event that the firm determines that it is unable to continue its business.

A firm must address the elements to the extent applicable and necessary. If any of the elements is not applicable, the firm’s BCP must document the rationale for not including the element in its plan. If a firm relies on another entity for any one of the elements or any mission critical system, the firm's BCP must address this relationship.

Learn more of the required elements and procedures that must be included in your BCP.

Communicating with FINRA

Firms must provide FINRA with emergency contact information. In addition, if a firm is unable to contact FINRA during a significant business disruption through its usual contact, such as the District Office or direct dial number, please call FINRA’s Gateway Call Center at (301) 590-6500. This number will be rerouted in the event of a business disruption at FINRA’s primary call center, so that the firm will be able to reach an operator or receive recorded instructions. This information also will be posted on

In instances when data communications are disrupted, firms are responsible for retaining data until it can be transmitted to FINRA.

FINRA’s Business Continuity Plan

FINRA’s business continuity plan is updated and tested regularly, and it is provided to the SEC as part of its oversight of FINRA.

Titlesort descendingTypeDate
Rule 4370
FINRA's emergency preparedness rule requires firms to create and maintain business continuity plans (BCPs) appropriate to the scale and scope of their businesses, and to provide FINRA with emergency contact information.
The Disaster Recovery InstituteLink02-09-2015
Financial Services Sector Coordinating Council
Financial Services Sector Coordinating Council for Critical Infrastructure Protection & Homeland Security
Securities Industry and Financial Markets Association's Business Continuity Planning PageLink02-09-2015
Business Continuity PlansIndustry11-01-2012
FINRA’s Business Continuity Planning TemplatePodcast07-19-2010
Pandemic Preparedness- Part IIPodcast12-21-2009
Pandemic Preparedness- Part IPodcast11-23-2009
Regulatory Notice 09-60Notices10-15-2009
Regulatory Notice 09-59Notices10-12-2009
SR-FINRA-2009-036Rule Filing05-19-2009
Regulatory Notice 07-49Notices10-25-2007
Small Firm Emergency Partner ProgramPodcast10-16-2007
FINRA Announces Small Firm Emergency Partner ProgramNews Release10-11-2007
Notice to Members 06-74Notices12-29-2006
Notice to Members 06-31Notices06-28-2006
Notice to Members 05-57Notices09-02-2005
Notice to Members 04-37Notices05-05-2004
SR-NASD-2002-108Rule Filing08-07-2002
Notice to Members 02-23Notices04-10-2002
NASD Board Approves Disaster Recovery Business Continuity PlanNews Release03-21-2002
Small Firm Business Continuity Plan TemplateIndustry03-21-2002
FINRA's Business Continuity PlanIndustry03-21-2002
Small Firm Emergency Partner ProgramIndustry03-21-2002
Pandemic PreparednessIndustry03-21-2002