logo 2

The Practice Of Law Is A Relationship Business

What types of regulations should my firm follow when using the cloud?

by | May 30, 2022 | FINRA, Securities Litigation

Business leaders can take advantage of a number of opportunities when using cloud computing models. This is true for many types of enterprises, including broker-dealer firms — and the Financial Industry Regulatory Authority (FINRA) has taken notice. The organization recently reviewed more than 40 broker-dealer firms to determine how the use of cloud services impacts the securities industry.

What did FINRA find?

The Head of the Office of Financial Innovation notes that many firms use software as a service (SaaS) products to help manage human resources and financial accounting tasks. They also found firms used these tools best when first putting enhanced securities protocols and new governance measures in place to better ensure use of these products did not result in a violation of applicable regulations.

What are the concerns when it comes to potential regulatory violations and cloud service use?

One of the most important regulatory factors to keep in mind when using the cloud is cybersecurity. Many cloud-based systems have a high level of cybersecurity in place, but it is important to also make sure your firm’s systems are configured to offer the necessary security when using these systems. Your firm may need to update policies if the new system results in a change to how the firm collects client information.

Additional factors to consider include:

  • Compliance when using a vendor. Firms may choose to outsource or use a vendor for certain services. The firm is still responsible for compliance with all applicable regulations including FINRA rules and securities laws.
  • Update continuity plans. The firm will need to revisit its continuity plans if use of these services results in any notable changes. Pay close attention to emergency or business disruption response.
  • Keep records up to date. Use of recordkeeping services may trigger certain obligations. Make sure your practices are still in compliance with applicable rules and regulations to avoid allegations of a violation.

Overall, the organization acknowledges that use of these services will continue to grow but cautions broker-dealers to review their practices and ensure use of these products does not run afoul of applicable rules and regulations.

FINRAWhat types of regulations should my firm follow when using the cloud?