The Financial Industry Regulatory Authority ("FINRA") is a private, non-profit organization that is authorized under U.S. law to regulate and oversee the U.S. investment brokerage industry. It supplements and cooperates with the United States Securities and Exchange Commission to regulate the investment markets in the United States. It is likely that many cryptocurrency firms who are not currently FINRA members will become members either by choice or a result of broader FINRA jurisdiction.
Veriff is not a U.S. investment broker-dealer, so it is not a "member" subject to FINRA
oversight. But Veriff provides services that FINRA members can use to satisfy FINRA rules, and the relationship between a FINRA member and Veriff is governed by FINRA rules.
FINRA members are expected to maintain Anti-Money Laundering and Know Your Customer programs that comply with the United States Bank Secrecy Act and the U.S. PATRIOT Act. FINRA Rule 2090 requires member firms to use reasonable diligence when opening accounts to know the essential facts concerning the customer and the authority of each person acting on behalf of the customer.
Verifying the identity of an individual or persons acting on behalf of non-individual customers is one element of reasonable diligence. Veriff can provide this service to FINRA members.
As in other financial services sectors, relationships between FINRA members and their third party contractors are subject to FINRA rules. Member firms are expected to:
- Maintain vendor management programs that set standards for outside vendors;
- Understand the vendor relationship including the services provided, risks, and risk mitigation;
- Perform periodic monitoring and testing of the vendor.
Additionally, any data or records provided to or maintained by the third party vendor must be consistent with record keeping requirements applicable to the FINRA member firm.
Since Veriff is not a FINRA member, the obligation to follow FINRA rules governing third party service providers falls on the Veriff client that is a FINRA member. Veriff, however, can support the FINRA member client's efforts to comply with these rules.
First, the service agreement should clearly reflect the client's record keeping and data retention requirements that would apply to the Veriff service and Veriff should take steps to apply those requirements to the client's data. In addition, Veriff may support the client's efforts to comply with vendor management rules. Documentation demonstrating that the client has a complete understanding of the Veriff service, risks, and risk mitigation can be prepared. Regular client specific test results can also be provided.
Veriff offers a product and service that allows FINRA members to meet one element of their KYC due diligence requirements. In addition, Veriff offers support services that allow FINRA members to demonstrate their compliance with outsourcing rules.