The FINRA Entitlement Program provides authorized users a secure means to access participating applications with a single user ID and password. Once an investment adviser (IA) firm completes the entitlement process, it will obtain access to the IARD system in order to register or file as an exempt reporting adviser via this secure system.
The Entitlement Program requires that each firm designate a Super Account Administrator (SAA), who will have the authority to create, modify and delete account administrator and user accounts for most FINRA applications.
One of the responsibilities of a SAA is to ensure that users in their organization are properly entitled to applications in the FINRA Entitlement Program and the sensitive data that these applications may contain. While FINRA encourages administrators to review user accounts periodically throughout the year, FINRA is launching an annual user accounts certification process to enhance this review process. During the fourth quarter of each year, SAAs in organizations with more than one user will be required to complete an online certification process to ensure that:
- User accounts are “active” – any accounts that no longer require access should be removed;
- Users have only those application privileges they need to perform current job responsibilities – privileges should be removed/added as needed to match job functions; and
- Only those users who require access to sensitive data (e.g., Criminal History Record Information (CHRI), Social Security or tax identification numbers, dates of birth) are given access to this type of data – access must be removed for users who do not require it.
In November 2011, SAAs in organizations with more than one user will receive an email notifying them that the 30-day certification period is underway. The email will include a link that will enable the SAAs to initiate the certification process. Organizations will also be able to begin the process by clicking on a User Accounts Certification link that will be visible on the Account Management home page on the start date of the certification period. If user accounts are not certified within the 30-day certification period, the capability to create, edit and clone accounts will be disabled for all Administrators within the firm and will remain disabled until the firm completes the certification process.