Financial Compliance

Financial Compliance


FINRA regulation plays a critical role in America’s financial system—by enforcing high ethical standards, bringing the necessary resources and expertise to regulation and enhancing investor safeguards and market integrity—all at no cost to taxpayers.

Every investor in America relies on one thing: fair financial markets. That’s why FINRA works every day to ensure that:

  • every investor receives the basic protections they deserve;
  • anyone who sells a securities product has been tested, qualified and licensed;
  • every securities product advertisement used is truthful, and not misleading;
  • any securities product sold to an investor is suitable for that investor’s needs; and
  • investors receive complete disclosure about the investment product before purchase.


  • FINRA Oversight
    • Deter Misconduct By Enforcing The Rules – FINRA’s mission is to safeguard the investing public against fraud and bad practices. They pursue that mission by writing and enforcing rules and regulations for every single brokerage firm and broker in the United States, and by examining broker-dealers for compliance with our own rules, federal securities laws and rules of the Municipal Securities Rule-making Board. All brokers must be licensed and registered by FINRA, pass our qualification exams and satisfy continuing education requirements.
    • Discipline those who break the rules – they have the experts, technology and authority to respond quickly to wrongdoing. If brokers break the rules, we can fine, suspend or bar them from the industry.
    • Detect and prevent wrongdoing in the U.S. markets – FINRA uses technology powerful enough to look across markets and detect potential abuses. Using a variety of data gathering techniques, we work to detect insider trading and any strategies firms or individuals use to gain an unfair advantage.
    • Educate and Inform Investors – FINRA believes an essential component to investor protection is investor education. We provide investors with tools and resources that can help them make wise financial decisions.
    • Resolve Securities Disputes -When problems between brokers and investors occur, we administer the largest forum specifically designed to resolve securities-related disputes between and among investors, securities firms and individual brokers.

FINRA Rule 3120

  • FINRA Rule 3120 outlines the requirement for broker/dealers to, ‘establish, maintain and enforce a system of supervisory control policies and procedures that (1) test and verify that the firm’s supervisory procedures are reasonably designed with respect to the firm’s and its associated persons’ activities to achieve compliance with applicable securities laws and regulations and FINRA rules, and (2) where necessary, create additional or amended supervisory procedures.
    • A large financial institution needs to develop policies and procedures for Rule 3120 compliance but also  incorporate appropriate policies regarding conduct (i.e. rules regarding profanity), intellectual property (i.e. proprietary software code and algorithms), material non-public information (“MNPI”) (i.e. M&A discussions, financial reports) and, lastly, financial and personal identifiable information (“PII”) (i.e. credit card or SSN# information).
    • The primary value of this third generation supervision system is that all the compliance platforms are integrated.  Rather than communicate one policy (“DLP”) to IT to build a script and another (messaging analytics) to export to a third party, all may be created and managed within a single set of administrative compliance controls.
    • As these systems emerge, financial institutions have commenced developing more complex Rule 3120 policies and procedures in parallel.  Using system integrating DLP, word/phrase monitoring and deep analytics, financial institutions can confidently represent to senior management not only effective supervisory procedures and training initiatives, but also disclose recommended changes that indicate proactive compliance monitoring of risk in business areas such as trading, investment banking, anti-fraud and non-compliant sales practices, and anti-money laundering.
    • Reviewing and adopting these policies and systems conforms with FINRA’s continued emphasis on creating a ‘culture of compliance’ and combining all three types of supervision builds the ‘policies and procedures activities to achieve compliance with applicable securities laws and regulations and FINRA rules’


  • Family Education and Rights and Privacy Act -FERPA gives parents access to their child’s education records, an opportunity to seek to have the records amended, and some control over the disclosure of information from the records. With several exceptions, schools must have a student’s consent prior to the disclosure of education records after that student is 18 years old. The law applies only to educational agencies and institutions that receive funding under a program administered by the U.S. Department of Education.

SEC Rules 17(a)(3) and 17(a)(4)

  • SEC Rule 17(a)(3) -is a regulation issued by the U.S Securities and Exchange Commission (SEC), in line with the bodies’ regulatory authority, generally outlines requirements and standards of retention, management, and making available of data pursuant to transactions and trading in the Financial and Exchange sector – with special provisions for business-related electronic correspondence. It is a well-known industry and federal fact that investors have a duty and obligation to conduct strict record management standards in their transactions of securities, including copies of blotters, account statements, trade confirmations, cancelled checks and more.
  • This heavily regulated area covers the archiving and records management of not only every securities transaction made by exchange members, brokers and dealers – but also down to the requirement of archiving communications with the public by SEC members.
  • SEC Rule 17(a)(4) -is a regulation issued by the U.S. Securities and Exchange Commission pursuant to its regulatory authority under the US Securities Exchange Act of 1934 (Known simply as the “Exchange Act”) which outlines requirements for data retention, indexing, and accessibility for companies which deal in the trade or brokering of financial securities such as stocks, bonds, and futures. According to the rule, records of numerous types of transactions must be retained and indexed on indelible media with immediate accessibility for a period of two years, and with non-immediate access for a period of at least six years. Duplicate records must also be kept within the same time frame at an off-site location.

PCI Compliance

  • The Payment Card Industry (PCI) Data Security Standard is an information security standard for organizations that handle cardholder information for the major debit, credit, prepaid, e-purse, ATM, and POS cards. The Payment Card Industry Security Standards Council, which created the PCI standard, did so to increase controls around cardholder data to reduce credit card fraud via its exposure. Increasingly, merchants, financial institutions, and service providers are finding they need to be PCI compliant. SSAE 16 Professionals provides the solutions to your PCI compliance needs.


Regulatory Compliance