Regulatory Update for NFA and FINRA Member Firms — COVID-19

On March 11, 2020, the World Health Organization announced that the novel coronavirus disease (COVID-19) – which has been found in over 114 countries – is officially a pandemic.[1] Two days later, on March 13, 2020, the United States government declared a national emergency.[2] As financial institutions around the country work to protect the health of employees and implement Business Continuity/Disaster Relief Plans, both the NFA and FINRA issued guidance to member firms reminding them of applicable regulatory obligations—highlighting key considerations, including continued supervision of representatives working remotely and cybersecurity safeguards—and offering some regulatory relief. Yesterday, the CFTC provided market participants with temporary no-action relief from compliance with specific regulations that have become very difficult to comply with in light of the COVID-19 challenges. The best practice would be to communicate concerns with regulators.

NFA – Business Continuity Plans and Branch Office Relief

The NFA, in coordination with the CFTC, issued three Notices to Members regarding business continuity plans, temporary remote working locations, and reporting requirements. Recognizing that the industry was preparing for contingencies, including staff not being able to work from principal or back-up offices, in its first Notice, the NFA promised a practical approach to regulatory issues: “In the event that regulatory relief is necessary, NFA and CFTC staff intend to take a practical approach that will give Members appropriate flexibility in implementing contingency plans needed to continue to conduct business.”[3]

First, NFA encouraged member firms to review their business continuity plans to ensure they are current (including current lists of key employees with contact information) and include measures to address the coronavirus situation so they can operate effectively. NFA recommended providing employees with training on working from a remote location. Recognizing that member firms may be operating in uncharted territory in light of the pandemic, NFA encouraged member firms to inform it of concerns or needs for regulatory relief.[4]

Second, NFA reminded swap dealers of their regulatory reporting obligations, including the obligation to notify CFTC Staff if a swap dealer implements a teleworking plan or activates its business continuity plan.[5]

Third, NFA provided temporary relief from branch office requirements for member firms (other than swap dealers) to allow associated persons to work temporarily from home or other remote locations without a designated branch manager and at locations that have not been listed as branch offices on the member firms’ Form 7-R. NFA will not purse disciplinary actions against member firms provided that the firms implement alternative supervisory methods to adequately supervise the AP activities, document supervisory methods, and ensure recordkeeping requirements are met. Therefore, member firms that allow APs to telework should ensure that all such APs are working as part of a business continuity plan, their activities are being adequately supervised, and the procedures are being documented.[6] All written communications in connection with AP activities should be within member firm–approved applications and subject to supervision.

FINRA Offers Guidance to Member Firms on Remote Office/Telework Arrangements

On March 9, 2020, FINRA issued guidance for member firms concerning the implementation of their business continuity plans (which are required under FINRA Rule 4370) and provided regulatory relief from limited regulatory requirements.[7] FINRA has recommended that all member firms evaluate their business continuity plans to ensure they accommodate for the conditions arising from COVID-19, including remote or teleworking arrangements, transportation limitations, technology interruptions or slowdowns, and increased call volume from customers seeking access to funds.[8]

In light of COVID-19, member firms may permit the use of remote offices or teleworking arrangements, including working from home.[9] FINRA “is temporarily suspending the requirement to maintain updated Form U4 information regarding office of employment address for registered persons who temporarily relocate due to COVID-19. In addition, member firms are not required to submit branch office applications on Form BR for any newly opened temporary office locations or space-sharing arrangements established as a result of recent events.”[10]

Member firms must implement sufficient alternative means of supervising each associated person upon implementation of remote or teleworking arrangements.[11] Member firms must also be vigilant about cybersecurity during periods of temporary relocation and remote work or teleworking arrangements because the risk of cyberattacks increases during times of vulnerability. In this regard, member firms should: “(1) ensur[e] that virtual private networks (VPN) and other remote access systems are properly patched with available security updates; (2) check[] that system entitlements are current; (3) employ[] . . . multi-factor authentication for associated persons who access systems remotely; and (4) remind[] associated persons of cyber risks through education and other exercises that promote heightened vigilance.”[12]

In addition, member firms must notify FINRA promptly if the implementation of a BCP results in changes to a member firm’s emergency contact information. This may be accomplished via FINRA’s online Contact System.[13] Similarly, if the member firm relocates to a temporary office, it should notify its FINRA Risk Monitoring Analyst as soon as possible with the office address, the names and contact information of registered personnel who moved, the expected duration, and, if it is sharing space with another entity, the type of business in which the other entity is engaged.[14]

FINRA anticipates that scheduled on-site inspections of branch offices may have to be temporarily postponed.[15] FINRA understands that member firms may have difficulty making timely regulatory filings or responding to investigations or inquires. As a result, member firms needing extra time should contact their Risk Monitoring Analyst to discuss extensions.[16]

* * *

Mintz will continue to monitor regulatory developments in light of COVID-19 and will provide further updates. If you have any questions, please contact your attorney at Mintz or one of the authors. 
 

Endnotes

1 See https://www.npr.org/sections/goatsandsoda/2020/03/11/814474930/coronavirus-covid-19-is-now-officially-a-pandemic-who-says.

2 See https://www.whitehouse.gov/presidential-actions/proclamation-declaring-national-emergency-concerning-novel-coronavirus-disease-covid-19-outbreak/.

3 See NFA Notice to Members 1-20-10 (Mar. 4, 2020).

4 See NFA Notice to Members 1-20-10 (Mar. 4, 2020).

5 See NFA Notice to Members 1-20-11 (Mar. 12, 2020).

6 See NFA Notice to Members 1-20-12 (Mar. 13, 2020).

7 See FINRA Regulatory Notice 20-08 (Mar. 9, 2020).

8 Id.

9 Id.

10 Id.

11 Id.

12 Id.

13 See https://www.finra.org/filing-reporting/finra-contact-system.

14 See supra note 7.

15 Id.

16 Id.

Subscribe To Viewpoints