finra-logo-article-201403071505*750xx616-347-0-13Recent changes to FINRA (Financial Industry Regulatory Authority) regulations now stipulate that select member financial organizations must prepare for business continuity and have a disaster recovery (DR) plan in place.  As a result, businesses must implement a DR plan if they haven’t already.

Here’s a breakdown of the FINRA rules and how Disaster Recovery-as-a-Service (DRaaS) helps accomplish them economically and efficiently:

  1. Run Assessments

In order to determine which systems to protect, Rule 4370 states that firms should perform financial and operational assessments. A DRaaS provider can help you run these assessments and organize your applications into tiers of recovery for prioritized attention in a time of crisis.

  1. Keep Hard and Electronic Copies

Rule 4370 states that DR plans should maintain hard copy and electronic backups of all mission critical systems. DRaaS providers can make copies of both, and organize the data for quick and effective recovery.

  1. Recover to Diverse Geographic Locations

Also stipulated in Rule 4370, firms must include recovery capabilities that are geographically diverse. If you have multiple business locations, this might not be a problem. But for those who don’t, look for a DRaaS provider with datacenters in varied geographic locations, so your data is protected if a regional disaster strikes.

  1. Provide Written Correspondence

As part of Rule 4370, firms must provide written correspondence of a continuity plan to FINRA and all involved parties and clients. A DRaaS provider can help assemble a runbook – better yet, an in-depth playbook – ensuring clients and FINRA of optimum recovery capabilities.

  1. Plan Alternative Access and Communication

Rule 4370 states that firms must notify all involved parties of alternative communication methods should an event occur, and provide proof of prompt access to funds and securities for clients. The regulation doesn’t only apply to a firm’s communication with clients, but also employees – stating that the firm’s DR plan should note an alternative physical work location in case of a disruption. A runbook or playbook, created with a DRaaS provider, will assist you in laying out these details.

  1. Test Once Per Year

Rule 4380 states that DR plans should be tested at least once a year, and FINRA will designate participating member firms. Not only do you need a DR plan in place, you must also test it regularly to ensure it will work when needed. A DRaaS provider will assist you in running tests to ensure truly resilient recovery.


Implementing these changes can be difficult. Outsourcing your recovery needs to a DRaaS provider, like Bluelock, helps ensure confidence in a DR plan that works, especially if your firm doesn’t have the headcount or time to dedicate to this planning and testing in-house.

Look for a recovery provider who shows confidence in your business continuity plan and confirms it will be secure against any disaster. Bluelock’s DRaaS solutions have been tried and tested and our team is experienced in handling sensitive data with financial services clients. Bluelock’s playbook offers visibility of your recovery environment, which allows better articulation and reporting to FINRA and clients. But most importantly, it enables confidence in a plan that works when called upon. As an extension of your IT team, partnering with Bluelock allows your IT department to focus on valuable, more pressing business initiatives.

To read more about how Bluelock has helped other financial organizations, check out our case study.



Rule 4370:
Rule 4380 Regulatory Notice:
Blog Post

3 Quick Tips to Sharpen Your IT Disaster Recovery Strategy

Now that always-on business is a critical demand of the modern world, it’s no longer acceptable to rely on a less-than-effective DR strategy.

View Blog Post
Blog Post

4 Drivers to Transform Your IT Availability

A critical element to supporting IT availability is an effective IT disaster recovery (DR or IT-DR) strategy, but how do you select the best solutions to meet your company’s objectives?

View Blog Post
Blog Post

4 Ways Legal CIOs Can Lower Risk and Enable IT Transformation

Here are four key benefits of DRaaS that can empower IT transformation within your law firm.

View Blog Post