FINRA Examination Priorities for 2021
On February 1, 2021, the Financial Industry Regulatory Authority (“FINRA”) published its 2021 priorities (the “FINRA Report”). The FINRA Report furnishes FINRA member firms with a non-exhaustive list of areas that FINRA plans to prioritize in 2021 as part of its examinations. The FINRA Report replaces two of FINRA’s prior publications: FINRA’s 2020 Report on FINRA Examination Findings and Observations and its Risk Monitoring and Examination Priorities Letter. The latest FINRA Report identifies the applicable rule and key related considerations for member firm compliance programs, summarizes noteworthy findings from recent examinations, outlines effective practices that FINRA observed during its oversight, and provides additional resources that may be helpful to member firms in fulfilling their compliance obligations.
The FINRA Report addresses regulatory areas organized into four categories: Firm Operations, Communications and Sales, Market Integrity and Financial Management. Additionally, the FINRA Report provides a roadmap for FINRA member firms to use to prepare for examinations and to review and assess compliance and supervisory procedures related to business practices, compliance, and operations. For each regulatory obligation discussed, the FINRA Report identifies the applicable rule and key related considerations for member firm compliance programs, summarizes noteworthy findings from recent examinations and outlines effective practices that FINRA observed during its oversight, and provides additional resources that may be helpful to member firms.
Regarding Firm Operations, the FINRA Report addresses risks in the following areas:
- Cybersecurity and Technology Governance;
- Outside Business Activities;
- Books and Records;
- Regulatory Events Reporting: and
- Fixed Income Markup Disclosure.
The FINRA Report notes that many firms employed inadequate AML transaction monitoring and failed to account for AML risks relating to cash management accounts, which led to issues in monitoring, investigating, and reporting suspicious activities related to money movement. Investments in issuers based in restricted markets, microcap and penny stocks, and special-purpose acquisition companies (“SPACs”) were identified as emerging AML or financial crime risks.
FINRA indicates that member firms should bolster their customer identification programs by confirming customers’ identification using multiple methods. In addition, member firms were urged to increase their focus on testing AML procedures and provide appropriate training to their AML personnel. FINRA also observed that some introducing firms improperly relied on their clearing firms for transaction monitoring and suspicious activity reporting; FINRA asserts that introducing firms should ensure that they have a complete understanding regarding which responsibilities have been allocated to their clearing firms and should establish policies and procedures to comply with those obligations that remain with the introducing firm. Moreover, FINRA reminded member firms to remain current on their compliance with the Financial Crimes Enforcement Network’s (“FinCEN”) Customer Due Diligence rule, which requires firms to identify beneficial owners, understand the nature and purpose of customer accounts, and identify and report suspicious transactions. The FINRA Report also indicates that the recently passed Anti-Money Laundering Act of 2020 may trigger material changes to current FINRA rules and/or additional rules regarding AML compliance.
The FINRA Report asserts that as member firms continue to manage their operations remotely, FINRA has observed increased numbers of cybersecurity and technology related incidents, including systemwide outages, email and account takeovers, fraudulent wire requests, imposter websites, and ransomware. The FINRA Report suggests that member firms put additional resources into collaborating across technology, risk, compliance, fraud, and internal investigations/conduct departments to assess key risk areas, monitor access and entitlements, and investigate potential violations of firm rules or policies regarding data access by firm personnel or outside vendors. The FINRA Report also indicates that SEC Regulation S-P Rule 30 (which requires written policies and procedures to safeguard customer records and information, and FINRA rule 4730 (“Business Continuity Plans and Emergency Contact Information”) will remain a focus of FINRA’s examinations in 2021. Moreover, FINRA notes that it remains concerned about increased risks for member firms that do not implement practices for addressing phishing emails or requiring multi-factor authentication for accessing non-public information.
The FINRA Report also highlights risks in connection with obligations to disclose OBAs and PSTs. The FINRA Report recommends providing registered representatives and other associated persons with open-ended questionnaires regarding their new or previously disclosed OBAs and PSTs, conducting thorough, periodic reviews to ensure that OBAs and PSTs have been disclosed, monitoring performance, production, and lifestyle to look for indications that a registered representative or other associated person is involved in an undisclosed or prohibited OBA or PST, and conducting periodic training on OBAs and PSTs. FINRA suggests that firms create checklists with a list of considerations to confirm whether digital asset activities would be considered OBAs or PSTs, including reviewing private placement memoranda or other materials and analyzing the underlying products and investment vehicle structures. The FINRA Report also identifies the federal Paycheck Protection Program (“PPP”) as a source of emerging risks in this area, noting that some member firms’ registered representatives had received loans pursuant to the PPP for OBAs that had not been disclosed to their firms. FINRA encouraged firms to conduct thorough reviews of publicly available data in supervising OBAs, noting that some financial advisers have obtained Paycheck Protection Program loans for undisclosed outside business activities and that this information could be identified through public records.
FINRA also notes that many firms have not performed due diligence to verify their vendors’ ability to comply with books and records requirements. FINRA suggests that firms review their vendor contracts and test the capabilities of each of their vendors. Further, on the topic of regulatory events reporting, FINRA asserts that the associated persons of many firms have failed to report complaints or other events to their firms’ compliance departments. To address these issues, the FINRA Report suggests that firms use email surveillance techniques and review publicly available information to identify relevant issues. The FINRA Report recommends reviewing vendor contracts and agreements to assess compliance capabilities, including the requirement that electronic storage media (“ESM”) be maintained in a non-rewriteable and non-erasable format and that representations and attestations be provided to FINRA in accordance with Exchange Act Rule 17a-4(f).
Communications and Sales
Regarding Communications and Sales, the FINRA Report addresses Regulation BI (“Reg BI”) and Form CRS; Communications with the Public; Private Placements; and Variable Annuities. The FINRA Report emphasizes members obligations under Reg BI and Form CRS. The FINRA Report reminds members that Reg BI establishes a “best interest” standard of conduct for broker-dealers and associated persons when they make recommendations of securities transactions or investment strategies involving securities to retail customers who use those recommendations for personal, family, or household purposes. FINRA also reminded members that they must provide a brief “relationship summary” on Form CRS if they provide services to retail investors. Moreover, the FINRA Report states that in its recent exams, FINRA has found many instances of firms making misrepresentations related to cash management accounts and digital assets. FINRA advised firms to implement comprehensive procedures for their communications, including with respect to certain products such as digital assets.
Regarding private placements, FINRA has found that many firms have participated in offerings without performing the necessary due diligence, and the FINRA Report suggests that firms create private placement checklists and perform independent research on the material aspects of each private placement offering, including procedures to determine compliance with FINRA Rules 5122 and 5123, which could trigger filings with FINRA. In addition, FINRA notes that firms should evaluate whether participating in certain offerings, such as Regulation A offerings or SPACs, could require the firm to file a continuing membership application with FINRA and obtain its pre approval. FINRA will also focus on app-based platforms with interactive or “gamelike” features that are intended to influence customers and the appropriateness of the activity that they are approving clients to undertake through those platforms.
FINRA suggests that member firms conduct a “holistic review” of variable annuity buyout offers, level registered representatives’ compensation for buyout offers in order to mitigate conflicts of interest, strengthen disclosures, and conduct additional post-transaction review. To bolster compliance with regulatory obligations associated with variable annuity exchanges, the FINRA Report recommends several measures including the use of automated surveillance tools, standardized review thresholds, and data integrity measures.
Regarding Market Integrity, the FINRA Report addresses the Consolidated Audit Trail (“CAT”); Best Execution; Large-Trader Reporting; Market Access; and the Vendor Display Rule. The FINRA Report lists several relevant factors for member firms to consider in connection with compliance with rules regarding CAT, including whether a member firm’s relevant written supervisory procedures identify the individual responsible for the review of CAT reporting; describe specifically the type of review(s) that will be conducted; and specify how often the review(s) will be conducted and evidenced. The FINRA Report also asserts that FINRA has observed firms inadequately tracking and reviewing execution quality in markets where orders are executed versus competing market execution quality, performance of certain order types, and certain metrics such as speed of execution and price improvement. Moreover, FINRA has observed member firms providing inadequate Rule 606 disclosures.
FINRA indicated that to bolster member firms’ compliance with the best execution and interpositioning rules, firms were urged to use exception and surveillance reports, review how payment for order flow (“PFOF”) affects the order-routing process, conduct regular and rigorous reviews of execution quality on at least a quarterly basis, and implement continuous updates to written supervisory procedures and best execution analysis. The FINRA Report also notes that, as part of FINRA’s 2020 targeted review of member firms’ decisions to move to “zero-commission trading,” FINRA is evaluating whether these models adversely affected member firms’ compliance with their best execution obligations, how member firms used other practices (such as receipt of compensation from executing market centers for customer order flow) to potentially offset lost commission revenue, and whether member firms prominently communicated the limitations and restrictions of the zero-commission model and other fees charged to customers.
Concerning large trader reporting, the FINRA Report states that firms have simply failed to create procedures to address the relevant requirements, including timely filing of Form 13H. FINRA also reminds firms to review their procedures to ensure that the relevant requirements are addressed and to complete daily large-trader calculations to monitor for large-trader status. Market access is often a focus of FINRA exams. The FINRA Report states that recently, FINRA has found many firms using insufficient controls and limits in addition to overreliance on third-party vendor tools to effect the required financial controls. To account for these issues, FINRA suggests that member firms use rigorous testing of their controls and holistic supervision to monitor for potential manipulative trading patterns, among other things.
Regarding Financial Management, the FINRA Report covers Net Capital; Liquidity Management; Credit Risk Management; and Segregation of Assets and Customer Protection. The FINRA Report details various issues related to net capital, such as incorrect classification of assets (including receivables), liabilities, and revenue, in addition to incorrect capital charges for certain items and inaccurate recording of revenue and expenses. The FINRA Report suggests that firms develop more robust training programs and perform periodic assessments of their net capital treatment with respect to various items, including assets such as CD products, specifically, whether account agreements for CDs contain stipulations restricting withdrawals before maturity. FINRA notes that firms with expense sharing agreements should carefully review their allocation methodology and documentation to support their allocations.
FINRA’s observations regarding its examinations related to liquidity management are especially relevant considering recent pandemic-related market volatility. Notable findings from the FINRA Report include failures related to the refinement of liquidity management plans and stress tests to adapt to difficult market environments. FINRA’s recommendations include updating liquidity risk management practices, including stress tests, to consider a member firm’s current business activities, and creating a liquidity management plan that considers potential mismatches in duration between liquidity sources and uses, potential losses of counterparties, assumptions based on idiosyncratic and market-wide conditions, and early warning indicators and escalation procedures for risk limit breaches.
FINRA notes that firms should review their policies and procedures to ensure that they are reflecting moment-to-moment and open contractual commitment charges on firm commitment underwritings and that firms understand their role in an offering as “best efforts” or firm commitment. FINRA also asserts that member firms should review their policies and procedures to ensure compliance with Exchange Act Rule 17a-3(a)(23) to make and keep records documenting that they maintain adequate credit, market, and liquidity risk management controls. The FINRA Report asserts that many firms have implemented deficient processes related to credit risk management by performing no credit risk management reviews or by not monitoring exposure to affiliated counterparties. FINRA recommends that firms develop comprehensive controls to capture, measure, and manage relevant factors related to their credit risk. The FINRA Report also addresses failures with respect to remediating segregation deficits (in possession or control of customers’ fully paid securities or excess margin securities), including understanding the cause of the deficit and appropriate resolution and ensuring control locations are appropriately coded as “good” or non-good.
The FINRA Report notes that FINRA has observed that some firms have inadequate policies and procedures with respect to determining whether the firm is acting as custodian with respect to digital securities. FINRA also indicates that some firms that operate under an exemption from the customer protection rule do not transmit (in a timely manner) customer checks that they receive to their clearing firms. Moreover, FINRA has observed that some firms have inaccurate reserve formula calculations due to errors in coding arising from limited personnel training and staff turnover as well as from inadequate communication within the firm and gaps in reconciliation calculations. As such, FINRA states that member firms should ensure that the proper departments within each firm are coordinating appropriately and that the relevant personnel receive appropriate training.
Firms should carefully review the FINRA Report to ensure that their compliance programs and business activities comply with all applicable rules and regulations. Moreover, the FINRA Report contains several helpful resources, guidance, and practice suggestions in order to maintain a compliance program that will withstand regulatory scrutiny. Additionally, a firm needs to make sure that it has an effective compliance program with adequate resources, a knowledgeable and empowered CCO, a strong tone from the top and compliance’s active involvement in all aspects of the firm’s business activities. Lastly, FINRA’s priorities are by no means exhaustive, and actual examinations will include inquiries into a variety of other areas based upon changes in market conditions, regulations, and the firm’s history, operations, services, products offered, and other potential factors.
The following are key takeaways for firms to ensure that its compliance programs are meeting regulatory requirements and expectations. Firm should review these takeaways and, where gaps are identified, implement changes and/or updates to their compliance program that addresses these areas:
- Perform a thorough review of the FINRA’s priorities applicable to its business
- Conduct a gap analysis to evaluate how its compliance program and policies and procedures address potential issues identified in both reports to help prevent similar findings.
- Must have adequate compliance resources
- CCO is part of senior management and is empowered to make decisions, and set and enforce policies
- Ensure that it has qualified and trained staff to perform compliance duties and responsibilities
Who should we talk to if we have further questions?
If you would like further information concerning the matters discussed in this Legal Insight, please contact Robert Moreiro.