Certification Representative (CRep) User Accounts Certification Process Quick Reference Guide
Section 1: Purpose of Guide
This User Guide is designed to assist Certification Representatives (CReps) who are responsible for completing their organization’s account certification, which is an annual requirement of the FINRA Entitlement User Account Certification Process. Organizations with CReps are those organizations that do not have a Super Account Administrator (SAA) and are not Broker-Dealer, Investment Adviser or Funding Portal Firms.
This Guide provides information on an organization’s responsibility in identifying and replacing a CRep and covers the CRep’s role and responsibilities. In addition, this Guide details how to navigate through Account Management feature on FINRA Gateway to validate, review and certify your organization’s accounts.
This Guide covers the following topics:
- 1.1 Organization’s Responsibilities for Certification
- 1.2 CRep Certification Roles and Responsibilities
- 1.3 How to Complete User Accounts Certification
- 1.4 Certification: Past Due
1.1: Organization’s Responsibilities for Certification
- The online FINRA Entitlement User Account Certification Process requires your organization to review, verify and certify all of your organization’s accounts with access to applications on the FINRA Entitlement Platform.
- Prior to being granted access to the FINRA Entitlement Platform, an organization is required to designate a CRep who is required to review and certify accounts each calendar year. An organization is also required to immediately designate a replacement CRep, when applicable.
- An organization is responsible for a CRep completing the Annual Entitlement User Accounts Certification Process when directed by FINRA and within the timeframe communicated by FINRA.
- During the Certification Period, each organization’s CRep must certify that authorized users are only entitled to those privileges necessary to perform their job responsibilities on the FINRA Entitlement Platform.
- An organization that fails to certify by the due date will have all accounts disabled. If accounts are disabled, the CRep is required to work with the FINRA Entitlement Group to have their account re-enabled to complete the certification process. Once the CRep certifies, all other organization accounts will be re-enabled.
1.2: CRep Certification Roles and Responsibilities
- Organizations with Administrators - CReps with administrator access need to delete accounts that are no longer required and/or update account privilege(s) based on current job responsibilities. Ensure that only users who require access to sensitive data (e.g., Social Security Numbers) are entitled. If the CRep realizes an Account Administrator no longer needs access and/or permission changes are required, the CRep must notify the FINRA Entitlement Group [email protected].
- Organizations without Administrators - CReps without administrator access need to notify the FINRA Entitlement Group at [email protected] of accounts that are no longer required and/or changes to specific account privileges based on current job responsibilities.
Timely certification of your organization's accounts is required to comply with the FINRA Entitlement Program requirements and for your organization to maintain access to FINRA applications.
Guidance on Reviewing Accounts
When reviewing accounts, consider the following:
- Confirm the user has a continuing need to access FINRA application(s) on the organization’s behalf.
- Verify each account is set with the appropriate level of entitlement to only the applications and privileges needed to perform current job responsibilities.
- Confirm the user’s current job responsibilities require access to sensitive data (e.g., Social Security Numbers).
- Export a copy of the Accounts Certification Report and email it to other individuals in your organization to confirm an users’ access if you are unsure of their current job responsibilities. (See Section 1.3 for more information on exporting.)
- Check the last login date to see when a user has last used their account. If the last login timeframe is longer than what would be reasonably expected for a user’s job responsibilities, determine if continued access is required by questioning the user or their manager.
- Delete an account or contact the FINRA Entitlement Group to delete an account when an individual no longer requires access per their job responsibilities, is not using their account, or for individuals who have separated from the organization.
1.3 How to Complete User Accounts Certification
Begin the certification process by accessing the Account Management System through the FINRA Gateway.
Step 1: As the CRep, select the Admin icon on the left navigation panel to view the FINRA Entitlement User Accounts Certification banner, which appears with the start of the Certification Period, and click Start Certification to begin.
Step 2: Review the FINRA User Account Certification instructions and proceed with your review of your organization’s accounts. Accounts will display in the Accounts Certification Report at the bottom of the screen.
Note: The Accounts Certification Report defaults to displaying the filtered list of all active user accounts in your organization. If you want to include Deleted accounts in your review, you will need to change the Deleted (Yes/No) Filter.
To customize/export report content, use the customizing tools located at the top right corner of the report template: Columns, Filter, Group and Export.
- Columns – choose which fields you want to display in the report.
- Filter – narrow your results by providing a value for any available field.
- Group – arrange the data into groups by choosing any available field as the ‘Group By’ field.
- Export – export your report to a .csv file with the final report criteria you have chosen.
Step 3: To view the entitlements per account from the report template, click the ⌄ symbol in the Entitlements Column next to the number of entitlements. The list of entitlements with their access level will appear. Click the ⌃ symbol to hide the entitlements.
Step 4: To customize the report, click the Columns icon. A pop-up window will open with the list of All Columns and Selected Columns. To select a column, check the checkbox from the All Columns list and click the Apply button. To deselect a column, uncheck the checkbox from the Selected Columns list and click the Apply button.
Step 5: To narrow your search, click the Filter icon. This feature allows you to filter the report based on certain data criteria. For example, if you would like to view an Account Administrator (AA) account information on the report, filter by selecting “Y” for AA Equals and click the Apply Filter button. You can add additional filters by selecting the Add Filter Condition and apply the new filter when complete. Once you have completed applying all of your filters, click the Done button to view the updated report.
Step 6: To arrange the data into groups, click on the Group Icon. Choose the field(s) for how you want the data to be organized for your review. Once you have completed setting all Groups, click the Apply button.
Step 7: To export your report to a .csv file with the final report options you have chosen, click on the Export Icon. Select the type of exported report you want and click the Export button.
- Quick Export
- Advanced Export
Note: FINRA recommends that you certify your users on the same day you request the download to prevent having to perform a subsequent review of your users as the entitlement data may have changed since the download was requested.
Quick Export (default)
The Quick Export will display the data selected from the customization tools with only the count of individual Entitlements per account, not each individual Entitlement. You can use this report to cross check information from the report that has the privileges (specific entitlements) listed. Do not use the Quick Export as the only report to review an account as the specific entitlements are not listed.
Advanced Export
Only one sub-table, as shown below, can be exported when Advanced Export is selected.
- Report sub-table #1– Entitlements
- The export will display the data selected from the customization tools with a listing of all Entitlements.
- Report sub-table #2 – Org Identifiers
- The export will display the data selected from the customization tools with a listing of all Org Identifiers - TRACE MPID or EQUITY MPID. The Org Identifiers are only available for organizations with Account Administrators.
Step 8: Once export selections have been made, a message will display to click on View Downloads which will take you to the Reports landing page.
From the Reports landing page, there is a section for Exports Ready for Download in the right margin. Files that are being prepared for export will appear in grey text. When the file is ready to download, it will appear as a blue hyperlink.
Step 9: The file will download as a zip file. Click to unzip the file. If more than one file is ready for download, the files will be sorted by descending order with the newest file at the top of the list.
Step 10: Open Accounts Certification Report. Review account information and determine if any changes are required. Consider saving this report and share with other individuals within your organization to confirm individual’s entitlement, including access to applications, entitlements (privileges), and access to sensitive data are appropriate for job responsibilities and that the last login date indicates continued access is required.
Note: If your organization needs to send the exported report to the FINRA Entitlement Group, [email protected], to make changes before certifying, be sure to include the Org. ID in the email.
Step 11: Once you review, and verify information for all accounts, click Certify Users to complete certification for your organization.
Step 12: Review the Certification Statements and click I Agree to certify.
The system will display a Successfully Completed banner and you will receive a confirmation email. If you select, I Do Not Agree, you will not be able to certify.
Email Confirmation
1.4: Certification: Past Due
If an organization does not complete the certification process by the due date, the certification status will change to Past Due.
Consequences for Past Due
- For Organizations with Administrators - The capability to create accounts, edit and import entitlements to accounts will be disabled for all Account Administrators within the organization and will remain disabled until the CRep completes the certification process. In addition, failure to comply with certification will result in all accounts associated with the organization being disabled until certification is completed. If all organization’s accounts have been disabled, the CRep must work with the FINRA Entitlement Group to complete the certification and regain full system functionality for their organization. For security purposes, administrators may continue to delete or disable accounts.
- For Organizations without Administrators - All accounts will be disabled within the organization and will remain disabled until the CRep completes the certification process. The CRep must work with the FINRA Entitlement Group to complete the certification and regain full system functionality for their organization.
How to Certify Post Due Date
As the CRep, first contact the FINRA Entitlement Group to have your account re-enabled in order to access the system to certify.
Once your account is re-enabled, select the Admin icon in the left navigation panel, view the FINRA Entitlement User Accounts Certification Past Due banner and click Start Certification to begin.
(see Section1.3 How to Complete User Accounts Certification for step-by-step instructions).
Once you certify the organization’s accounts, all accounts and Account Management functions will be automatically restored.
Questions:
For CAT Reporting Agents, contact the FINRA CAT Helpdesk at (888) 696-3348