The Financial Industry Regulatory Authority (FINRA) is requesting that members submit information on their Mission Critical vendors through the FINRA Vendor Questionnaire. FINRA is requesting that all firms including RSA Exchange members submit their forms by December 29, 2023.
The goal of the Vendor Questionnaire is to gather key information on firms’ Mission Critical systems or vendors. That is, systems or third-party vendors that are vital to the firm’s operations, especially those who provide technology and infrastructure services.
FINRA defines Mission Critical systems or vendors as any system or vendor necessary to facilitate accurate processing of a firm’s securities business or any system required for the firm to operate.
This questionnaire is important to ensure that firms understand which vendors are critical, and their risk level to the well-being of the firm, and especially the firm’s clients.
Services provided by Mission Critical vendors are so essential to the firm that, if lapsed or discontinued, will have significant impact on the operations of the firm.
Vendors such as cybersecurity providers, IT infrastructure or system developers and network companies tend to fall into this category. It is crucial for firms to understand who their Mission Critical vendors are, who their High-Risk vendors are, if they are the same, and the firm’s reliance on them.
Although parallel, Mission Critical and High-Risk vendors are not always the same. However, in the finance and securities sectors, many vendors who provide critical services also carry high risk factors as they work heavily with private and financial data.
This is why it is important for firms to make sure that Mission Critical vendors meet the compliance requirements set forth by FINRA and other regulatory agencies.
Mission Critical v. Non-Critical
It is important for firms to determine if a vendor is critical or non-critical to the business, and even more so, if the vendor is critical and a high-risk vendor. This offers valuable information that senior management can apply towards strengthening their compliance programs.
You can determine if a vendor is critical by asking:
- What would be the impact on the firm’s operations if the vendor stopped servicing the firm?
- What would be the impact on clients by the loss of this vendor?
- What level of risk does the firm, or its clients face if the vendor proves unreliable?
If the answer to any of the above is ‘Significant’, the vendor is a Mission Critical vendor.
As a reminder, firms are required to submit the FINRA Vendor Questionnaire by December 29, 2023 and can do so via the FINRA Gateway.
Jacko Law Group/Core Compliance strongly suggests that firms work on classifying their vendors into Mission Critical and Non-Critical and try to discern if a Mission Critical vendor is high risk or not. In addition to providing accurate information for the FINRA Vendor Questionnaire, firms can use that information to further strengthen their compliance programs.
If you would like assistance with classifying your Critical vendors, please schedule a call with a member of our team HERE.
If you have any questions regarding the FINRA Vendor Questionnaire, you can contact the FINRA Support Center at (800)321-6273 or email customersupport@finra.org.
For other compliance matters, we invite you to contact us at (619)298-2880 / (619)278-0020.