FINRA

Introduction

Payment cards need PCI DSS standard for security, but apart from it, there are other financial services like share market, stocks, bonds, etc. require security. So, for this, security experts designed FINRA, i.e., Financial Industry Regulatory Authority, for investor protection in finance and market integrity regarding effective and efficient broker's dealer's regulations. It is a non-governmental organization that regulates broker-dealers and protects investors.

FINRA sustains some rules and regulations for the financial market and educates investors that affect both sides of security transactions. More than 3600 employees work in FINRA to detect fraud and discipline wrong doors. According to the survey, more than 37 million transactions were processed by FINRA each day to monitor the U.S markets.

FINRA History

FINRA is the result of the consolidation of the member regulation, arbitrary operations, and enforcement of the New York Stock Exchange, NASD, and NYSE regulations. On 26 July 2007, this merger was approved by the SEC – Securities and Exchange Commission of the United States and named FINRA. Before understanding FINRA, learn about NASD – National Association of Securities Dealers (founded in 1939 to prevent stock exchange abuse.

Predecessors: NASD – National Association of Securities Dealers

Founded on: 30 July 2007

Headquarters: Washington D.C., United States

1934: When in 1929, the stock market crashed. To fight against such a crisis, the Security Exchange Act of 1934 established the SEC to protect investors.

1938: The establishment of NASD- National Association of Security Dealers as a private regulatory body occurs under the Maloney Act amendments to the Securities Exchange of 1934.

2007: The merger of NASD and NYSE, approved by SEC, gave birth to FINRA.

Certification/ Licence process by FINRA – This is required by the broker-dealer's employees that handle the client. FINRA provides them a license for conducting business by passing one of its “Series” exams.   Here's the list of FINRA series exams:

1.  Series 6 Licence
2.  Series 7 Licence
3.  Series 65 License
4.  Series 57 License
5.  Series 24 License
6. Series 99
7. Series 87 and series 86
8. Series 79
9. Series 66
10. Series 63
11. Series 26
12. Series 9 and Series 10
13. Series 3

Needs of FINRA

FINRA standard is utilized for various purposes in the market:

• This standard is utilized to educate investors
• This protects the investors by providing the following securities:
  • It ensures that all the investment products a registered broker sells should be tested and qualified.
  • It enforces and sets certain guidelines regarding financial advertisements that should be truthful and not mislead the public.
  • It ensures that sold security products to investors are suitable for their needs.
  • It provides security to investors regarding the product, as investors receive potential risk and complete disclosure of historical returns for a product before investing.

• It promotes transparency in the market.
• It governs the activities of broker-dealers with brokers by enforcing and writing rules regarding this.
• It timely examines the companies with certain rules for compliance

Note: The vigilance department surveyed in 2016, where many disciplinary actions were taken against registered firms and brokers, and millions were fined in restitution to the harmed investors. Fraud and insider cases were registered or referred to other agencies for prosecution and litigation.

Benefits of FINRA

Let's learn some of the benefits of FINRA.

• Way of discouraging fraud among financial institutions.
• Ensure security to the investors and public in investing.
• Give confidence to the investors that both markets and institutions are beneficial to both sides.
• Investors are ensured of not experiencing any fraud or fewer chances of fraud.
• Institutions have the advantage of competing fairly with other firms, and their service demand can be increased.
• FINRA's exam for license ensures that whosoever licensed to sell securities to investors has much more knowledge of financial products than the basic ones.
• Enforcement branch act as a reviewer of the market transaction to guarantee transaction genuinity.
• Investors' education website is helpful for investors in terms of investing as it allows them to review the histories of potential financial advisors.

Drawbacks of FINRA

Some of the drawbacks of  FINRA are:

• Presence of FINRA detractors in the market who still believe that the existing bureaucracy goes too far. They said there is no need for a financial advisor in the market who advises clients on stock market/investments. No need to understand broker-dealer regulations and life insurance policy features.
• Less believe in financial institutions (they are not fully trustworthy without a government regulatory authority).
• Believe FINRA is limited and can't go too far.

Despite all drawbacks, it is noticed that among a few countries, U.S investors can involve and invest in anyone registered firm without worrying about fraud.

FINRA versus the SEC

FINRA and the SEC have similar functions but are different in terms of responsibilities, such as:

FINRA has to take responsibility for normal public involvement in the share/ financial market with all the responsibilities of overseeing broker-dealers. It's FINRA's responsibility to educate investors through the available tools and educational resources on its website and with BrokerCheck.

The SEC also plays the role of educating investors through its Investor.gov website, but this responsibility is secondary as it does to enforcing security laws. SEC monitors and regulates the entire industry by regulating the filings of security issuers and handling securities listing.

	FINRA	SEC
Type	It is a private self-regulatory organization	It is a government agency
Main focus	Handles the regulations of  brokers and brokerage firms	Handles the regulations of market and individual securities
Public protection	It address and field customer complaint regarding brokers-dealers	It states that information regarding publicly available securities is accurate and true.
Other duties	It provides registration to brokers firm & broker firms. It allows and handles administer examinations	When securities law violations happen, the SEC takes legal action against the lawbreaker.

Other services of  FINRA's

FINRA performs other services also like:

1. Regulate and oversee brokers. Once registered with FINRA, brokers must complete ongoing education requirements over the years. Brokers are subject to periodic audits, which check whether a firm and its employees conduct competent and honest business. If a broker is noncompliant, FINRA can bring disciplinary actions against the individual and the firm.
2. Address and receive customer’s complaint
   Customer complain regarding broker and brokerage firm is registered to FINRA and from their FINRA investigate it and try resolve in some time.
3. Resolutions services
   Rather FINRA will try to solve the customer complaint shortly. Still, if it evolves into legal actions, FINRA offers lawyers a forum for mediation and arbitration between brokers and customers (out-of-court settlement, an alternative to going to court).
4. The broker check database is maintained on brokers and firm
   FINRA provides a broker check tool to see whether the broker is registered or not. It holds all the information related to the broker or firm, including any history of disciplinary action.
5. Various tools and resources are offered for investors.
   FINRA offers various tools and resources for investors like online investing courses and a toll-free number to make the free call for understanding investments where the user/investor is not able to understand something in the statement or else user wants to know more about the hard sell, which is tried by a broker to make. FINRA website contains information regarding advanced investors, a wealth of personal finance and investing articles, and beginner calculators.
6. Survielle equity market
   FINRA is a camera that monitors market transaction and orders every day, which help in maintaining market integrity. Signs or patterns of market fraud or manipulation find through algorithms and artificial intelligence in FINRA. When something wrong is founded, it gets flagged to the FINRA enforcement team and sent to relevant parties who can solve it, like the SEC or the securities exchange itself.

Department of FINRA

Enforcement	Handles the actions taken against brokers in the market.
Legal department	The legal department of FINRA includes the corporate financing and dispute resolution departments and watch and construct rulemaking and corporate legal functions.
Board and External Relation	This department focus on government affairs, communication department, and investor education.
Member supervision	This department watches over and examines member firms.
Office of hearing officers	This department is designed for the officers of FINRA where department officer-related problems or issues are taken care of & disciplinary actions brought forward by the Enforcement Department.
Market Regulation Transparency Services	This department of FINRA confirms that the market is functioning with regulations and examine the firm to identify any potential market manipulations or fraud. This department works with SEC to check that firms remain compliant with federal securities law and exchange to surveille the market.
Technology	FINRA works due to built-in technology, and all technical issues are sorted in the technology department.

Cyber Security threats related to FINRA

FINRA is on the website and does all its functioning online; therefore, dealer-broker has to face some of the common cyber security threats such as:

• Imposter websites
  Fraudsters create forge websites or design websites that seem the same as the firm's registered representative's actual website for attaining customers' confidential information for financial frauds like fraudulent cryptocurrency transactions. Therefore FINRA discussed them in
  Information notice 4-29-19 → Imposter websites impacting member firms
  Regulatory notice 20-30 → Imposter websites are impacting registered representatives.   

• Phishing
  Various financial firms have discussed social engineering or phishing attacks with FINRA as they remain one of the most common cyber security threats. It’s a common cyber-attack experienced by most firms where employees get mail from the impersonated person or recipient created by fraudsters. When they reply to it bombard of emails happens. To tackle this type of cyber security threat, FINRA has published Information Notice 2-13-19 to alert the firm about this emerging phishing attack. According to the notice, FINRA warns firms against fraudulent phishing emails that target their members.

• Malware
  Malware attacks originate from phishing emails where users open an email sent by some recognizable and click the attachment or a link. These attacks damage and disable computer systems and access to data, computers, and networks. Malware attacks are most common in firms where the infection is not noticed for an extended period.

• Firm account takeover or compromise
  It’s simply taking hold of a customer's brokerage account by attackers. A firm employee's email account is hacked using malware, data breaches, and phishing attacks to obtain login credentials. These credentials are gained to execute unauthorized transactions in a firm's system, financial accounts, bank accounts, or credit cards.
• ACH transactions or fraudulent wires
  ACH transactions or fraudulent wires attacks were registered in FINRA when there was an increase in the fraudulent third-party wire requests and authorizations. Rather, most firms have verification procedures against such wire requests, but sometimes, firms don't have sufficient safeguards to prevent unauthorized wires. This attack is noticed in FINRA in its Regulatory notice 21-14, in which FINRA alerts all the firms to an increase in ACH "Instant Fund" abuse.

• ATO- Customer account takeover
  FINRA has recorded complaints regarding customer account takeover (ATO) incidents in which attackers compromised customer login information like user ID and password for gaining unauthorized entry to customer's online brokerage account. This cyber security threat is discussed in FINRA Regulatory notice 21-18, which shares practices firms use to protect customers from online account takeover attempts.

• Ransomware
  When attackers encrypt or lock user files from accessing and demand some ransom from the user in exchange for providing data access. FINRA registered that firms were targets of ransomware attacks where they must pay in Bitcoin or other digital currencies to attackers to gain access again.

• Distributed Denial of Services attack
  Firms make FINRA notice that they are experiencing DDoS attacks where cyber criminals/attackers make servers, systems, and network resources unavailable to users. This can be done by indefinitely or temporarily disrupting the services of a host connected to the network. Attackers also threaten the firms to pay the ransom; otherwise, they would initiate a DDOS attack.

• Vendor Breaches (“Supply chain Issue”)
  FINRA discusses this cyber security issue in Regulatory notice 21-29, which reminds firms of their supervisory obligations related to outsourcing to third-party vendors. FINRA expects that firms should develop vendor management system programs consistent with their business model, risk profile, and scale of operations. This is mandatory because if vendors supporting critical firms' operations are attacked by criminals, they become able to attain sensitive customer information or disrupt business operations.

Note: FINRA non-compliance can impact companies' "intellectual property" when customer data get leaked or exposed, it affects the company financially, reputation, etc. therefore, FINRA compliance is a necessity for financial companies.