Super Account Administrators have become essential contributors to cybersecurity at FINRA regulated firms.
To combat hacking and exposure of vital financial information to unauthorized third parties, the Financial Regulatory Authority (FINRA) has implemented the FINRA Entitlement Program, which “provides a secure way for firms to access many of the web-based applications, materials, and services they use with a single user ID and password.” In other words, the Program designates an individual who takes responsibility for secure access to financial information.
What Does A SSA Do?
As part of the FINRA Entitlement Program, brokerage firms must appoint a single Super Account Administrator (SSA) and provide the name and contact information for that individual to FINRA. In addition, an Authorized Signatory and an SSA must be designated with FINRA in order to access FINRA’s electronic services under the Entitlement Program.
FINRA defines a Super Account Administrator as an entitled administrator for all applications covered under the FINRA Entitlement Program that are available to that organization and, in turn, protects a trade account by:
- Creating, editing, and deleting accounts for Account Administrators and users at an organization.
- Monitoring and reviewing accounts to ensure proper access.
Ensuring that users adhere to FINRA’s security procedures and related terms and conditions.
- Requiring a user to update their security questions if a user experiences an account lockout due to multiple incorrect responses to a security question or a user’s security questions have been compromised.
- Completing the Entitlement User Accounts Certification Process when prompted
Super Account Administrator Requirements
The SSA must be officially designated with FINRA by either filling out a New Organization SSA Form or the Update/Change SSA Form. It is essential to note that a person cannot be registered as both an Authorized Signatory and an SSA.
How to Establish An SSA For The First Time
This form registers the designated individual as the SSA for the Organization with FINRA and establishes that the SSA has administrative privileges for all systems within the organization.
How to Change the Designated Super Account Administrator
Once the organization has chosen its new SSA, the organization’s Authorized Signatory must request the Update/Change SSA Form from FINRA and then submit it. The electronic version of the Update/ Change SSA form does not exist and may not be completed online and must only be requested from FINRA by the organization’s Authorized Signatory.
The organization must also ensure that the SSA and Authorized Signatory are different people.
It is important that management understands the role of an SSA within their organization and carefully chooses the individual for designation with FINRA.
Organizations must also be careful to keep accurate paperwork on file with FINRA and update records as quickly as possible when a change is needed so that the firm can continue to access FINRA’s electronic services.