The Compliance and Regulatory Consulting practice summarizes announcements and priorities relating to FINRA from the fourth quarter of 2020.
FINRA Alerts Firms to Phishing Email Requesting Them to Respond to Fraudulent FINRA Survey
FINRA issued Regulatory Notice 20-35 to warn member firms of a widespread, ongoing phishing campaign that involves fraudulent emails from the domain “@regulation-finra.org” claiming to be from
FINRA asking member firms to complete a survey. FINRA recommends that anyone who clicked on any link or image in the email immediately notify the appropriate individuals in their firm of the incident.
FINRA reminds firms to verify the legitimacy of any suspicious email prior to responding to it, opening any attachments or clicking on any embedded links.
View a sample phishing email here.
Cyber Security Background: Authentication Methods
FINRA released an Information Notice on October 15, 2020 to highlight the importance of sound authentication techniques to protect investors’ and firms’ confidential information in light of 1) escalating threats to the most commonly used form of authentication (single factor or password-based authentication) and 2) firms responding to the COVID-19 pandemic with work arrangements that typically require registered representatives to log in to their networks from a remote location.
In addition to controlling access to proprietary firm systems, FINRA observed firms implementing two-factor authentication for access to third-party services that the firm uses. For example, some firms that use the Microsoft Office 365 cloud-based email platform implemented 2FA through the Microsoft Authenticator application on users’ mobile devices or by sending a dynamically generated PIN via SMS text.
FINRA Adopts Rule to Limit a Registered Person from Being Named a Customer’s Beneficiary or Holding a Position of Trust for or on Behalf of a Customer
According to Regulatory Notice 20-38, FINRA adopted a new rule to limit any associated person of a member firm who is registered with FINRA (each a “registered person”) from being named a beneficiary, executor or trustee, or from having power of attorney or similar position of trust for or on behalf of a customer. FINRA Rule 3241 (Registered Person Being Named a Customer’s Beneficiary or Holding a Position of Trust for a Customer) protects investors by requiring all member firms to affirmatively address registered persons being named beneficiaries or holding positions of trusts for customers. The rule requires the member firm with which the registered person is associated, upon receiving required written notice from the registered person, to review and approve or disapprove the registered person assuming such status or acting in such capacity. The rule does not apply where the customer is a member of the registered person’s “immediate family.” Rule 3241 becomes effective February 15, 2021.
Read more here.
Broker-Dealer, Investment Adviser Firm, Agent and Investment Adviser Representative and Branch Renewals for 2021
FINRA Regulatory Notice 20-39 provided key dates and background for the Broker-Dealer, Investment Adviser Firm, Agent and Investment Adviser Representative and Branch Renewals for 2021.
Read more here.