// Add the new slick-theme.css if you want the default styling
In light of the fact that many member firms are
increasingly using third-party vendors to perform a variety of core business
functions, FINRA recently published Regulatory Notice 21-29, “FINRA Reminds
Firms of their Supervisory Obligations Related to Outsourcing to Third-Party
Vendors.”
Regulatory Notice 21-29 reminds member firms of their
obligation to establish and maintain a supervisory system for all activities,
including those performed by third-party vendors. The Notice also addressed common
compliance deficiencies arising from the use of third-party vendors by member
firms. For instance, in the past, many firms have failed to document or
implement procedures to manage the onboarding and offboarding of third-party
vendors, including defining how to dispose of customer non-public information. Many
firms also failed to perform sufficient supervisory oversight of vendor application
and technology changes such as upgrades, modifications to or integration of
member firm or vendor systems.
Regulatory Notice 21-29 also provided guidance on factors
that should impact a member firms’ decision to outsource to a third-party
vendor. According to FINRA, a decision to outsource an activity or function may
depend, in part, on whether the firm has an adequate process to make that
determination and then to supervise that outsourced activity or function.
Moreover, once a member firm decides to outsource an activity, it may further
consider whether a vendor’s financial condition, experience and reputation;
familiarity with regulatory requirements, fee structure and incentives; the
background of the vendor’s principals, risk management programs, information
security controls, and resilience.
We encourage our broker dealer clients to review Regulatory Notice 21-29 and to take prompt steps
to ensure their policies, procedures, and practices reflect regulatory expectations
addressed in the notice.