FINRA Rule 4370 requires firms of all sizes to be prepared for business disruptions by maintaining a business continuity plan. After conducting a “Pandemic Review” of the rule, which included extensive feedback from internal and external stakeholders, FINRA decided to keep the rule as is. A majority of the feedback received indicated that Rule 4370 works well due to its “flexible, non-prescriptive, risk-based approach.” Some, on the other hand, mentioned that additional guidance on effective practices would be helpful. The following is a breakdown of FINRA’s Business Continuity Rule.
The plan must consist of written procedures designed to enable the firm to meet its obligations to customers in the event of an emergency or business disruption. Additionally, it must address the firm’s relationships with other broker-dealers and counterparties. The following must also be addressed (may be tailored to the size and needs of a firm):
- Updates to the BCP of any change to the firm’s operations, structure, or location
- Data backup & recovery, mission critical systems
- Financial and operational assessments
- Alternate communications with customers, employees, and the firm
- Designated member of senior management responsible for approval and annual review
- Regulatory reporting and communication with regulators
- Disclosure to customers of how the BCP will deal with potential, future events
- Provision of two emergency contacts to FINRA, one of which is senior management