The Financial Industry Regulatory Authority, Inc. (“FINRA”) recently issued its annual Regulatory Examination Priorities Letter. A copy of the letter is available here. While not an exhaustive list, FINRA will focus on the following issues and concerns in 2017:
- hiring and supervision of high-risk and recidivist representatives,
- sales practices regarding senior investors, new products, concentrated positions and short-term trading of long-term products such as unit investment trusts (“UITs”), mutual funds and variable annuities,
- assessing financial risks (liquidity, management and credit),
- review of outside business activities and private securities transactions of representatives,
- assessing operational risks, including the requirement of municipal advisor registration, and
- market integrity issues such as manipulation, best execution, market access and interpositioning.
Below are brief summaries of some of the more significant issues FINRA’s letter raises. FINRA member firms should review their policies, procedures and business activities in light of these examination priorities.
High-Risk and Recidivist Brokers
We note that a recent study found that of the 48% of disciplined financial advisors who leave their current positions following misconduct, 44% are able to find employment within the same year.1 FINRA’s 2017 priorities include a review of firms’ hiring and monitoring of high-risk and recidivist brokers, including whether firms establish appropriate supervisory and compliance controls for such persons, in three ways.
First, FINRA has recently established an examination unit dedicated to identifying and examining brokers who may pose a high risk to investors that will be tasked with rigorously reviewing these brokers’ interactions with customers, including their compliance with rules regarding suitability, know‑your‑customer, outside business activities, private securities transaction, commissions and fees.
Second, FINRA will review firms’ process for hiring and retaining statutorily disqualified and recidivist brokers. This will include reviewing firms’ supervisory procedures and due diligence for an assessment of whether firms have developed and implemented supervisory plans which are tailored to detect and prevent future misconduct by a broker based on past misconduct and regulatory disclosures.
Third, FINRA will continue to evaluate firms’ inspections of their branch offices as well as the supervisory systems for branch and non-branch office locations. FINRA’s focus will include the supervision of account activity; advertising and communications, including the potential use of unapproved email addresses for business; communications with customers, including through the use of social media, seminars, radio shows or podcasts; registered representatives’ websites; outside business activities; the use of consolidated account statements; and operation activities such as distribution of funds and changes of address or investment objectives.
FINRA will assess firms’ controls to protect senior investors from fraud, abuse and improper financial advice. FINRA will assess whether recommendations made to seniors to invest in speculative products to generate high yield were suitable given an investor’s profile and whether firms have appropriate supervisory mechanisms in place to detect and prevent problematic sales practices. FINRA also suggests a number of controls that firms can adopt to protect its senior clients from abuse.
Product Suitability and Concentration
FINRA will assess how firms conduct the required reasonable‑basis and customer-specific suitability reviews under Rule 2111. This may include firms’ product vetting process, supervisory systems and controls to review recommendations. Firms should ensure their supervision and training is sufficient when new products come to market or new features of existing products are introduced and that the registered representatives and compliance and supervisory staff understand the products sold. FINRA will also increase its focus on the controls firms use to monitor recommendations that could result in customers’ accounts having excess concentrations in a particular type of product, maturity or exposure to a particular industry sector.
Excessive and Short-term Trading of Long-term Products
Recent sanctions and other disciplinary procedures have illustrated instances of registered representatives recommending trading in long-term products on a short-term basis. In 2017, FINRA will evaluate firms’ ability to monitor short-term trading of long-term products such as variable annuities, mutual funds and UITs. After observing situations where registered representatives switch customers across products or through several investments to evade surveillance, FINRA urges firms to evaluate whether their supervisory systems can detect activity intended to evade automated surveillance or blotter reviews for excessive switching, commissions or other activity.
Outside Business Activities and Private Securities Transactions
FINRA will again focus on firms’ obligations with respect to their registered representatives’ outside business activities and private securities transactions while continuing to evaluate firms’ review and approval process of the representatives’ written notice of proposed activities as well as the supervision of ongoing, private securities transactions for compensation under Rule 3280(c).
Social Media and Electronic Communications Retention and Supervision
In light of the increasing importance of social media and electronic communication, FINRA will review firms’ compliance with supervisory and record-retention requirements in these areas. These obligations apply to business communications regardless of the medium or device used to communicate.
FINRA is continuing its emphasis on a firm’s self-evaluation of its financial risk profile.
In light of FINRA’s findings that many firms’ financial stress tests were non-existent or inadequate and funding contingency plans relied on committed secured and unsecured loan facilities, FINRA will examine and assess whether firms (a) adequately evaluate their liquidity needs related to market‑wide and idiosyncratic stresses, (b) develop contingency plans to meet those needs and (c) stress test and perform other reviews to gauge the effectiveness of those plans in light of Regulatory Notice 15-33.
Financial Risk Management
Based on FINRA’s discussions with larger firms, FINRA will ask a select group of firms to explain how they would react to specific stress scenarios that affect the firm’s market, credit and liquidity risks. However, no guidance is given as to which firms will face this line of questioning. FINRA will assess these firms’ risk management practices considering readiness, communication plans, risk metrics and triggers and contingencies.
Credit Risk Policies, Procedures and Risk Limit Determinations Under FINRA Rule 4210
FINRA will assess firms’ implementation of the obligations established in the first phase of the new amendments to Rule 4210 for covered agency transactions, which became effective December 15, 2016. FINRA will assess firms’ written risk policies, procedures, risk limit setting process and how firms establish and supervise compliance with the new requirements.
FINRA has established priorities on a number of operational‑related categories in 2017.
FINRA will continue to assess firms’ programs to mitigate cybersecurity threats, which FINRA states is “one of the most significant risks many firms face.” FINRA may review a firms’ methods for preventing data loss, including understanding their data, and its flow through the firm and to vendors. FINRA may assess the controls a firm uses to monitor and protect its data through loss prevention tools. In some instances, FINRA will review how firms handle their vendor relationships including controls to manage those relationships. FINRA may also examine firms’ controls to protect sensitive information from insider threats as the workplace evolves with more remote access and mobile employees. FINRA notes that the two areas they repeatedly find shortcomings in are cybersecurity controls at branch offices, particularly independent contractor branch offices, and controls related to passwords, encryption of data, use of portable storage devices, implementation of patches and virus protection, and physical security of assets and data.
Also of note is an analysis of vendor-provided email review and retention services that do not meet all of the requirements of Rule 17a-4(f) under the Securities Exchange Act of 1934 (“Exchange Act”), which has been the subject of recent enforcement actions.
Supervisory Controls Testing
FINRA will assess firms’ testing of their internal supervisory controls especially if there has been a recent change to the automated compliance systems or a change in the firm’s business model or services. FINRA reminds firms of their supervisory controls testing and chief executive officer certification obligations under FINRA Rules 3120 and 3130.
Customer Protection/Segregation of Client Assets
FINRA will evaluate whether firms have met the specific requirements of Exchange Act Rule 15c3-3 to protect customer assets. FINRA will test whether any special reserve bank agreements have the required no-lien language and will determine if transfers between special reserve bank accounts are made in a timely manner or if they create temporary shortfalls. FINRA will review whether sufficient documentation is being kept to show that securities are held free of liens and encumbrances. FINRA will also assess whether firms’ possession or control processes are sufficient to identify securities held in custody and to identify, and where applicable prevent, overrides of automated possession or control calculations. FINRA will also review for transactions by a firm with little or no economic substance designed to reduce reserve or segregation requirements.
Regulation SHO — Close Out and Easy to Borrow
FINRA will continue to assess firms’ compliance with Regulation SHO. FINRA will focus on the locate process in order to ensure firms have reasonable grounds to believe securities are available for borrowing prior to executing a short sale. FINRA will also assess firms’ preparation of the easy‑to‑borrow list as well and evaluate the adequacy of firms’ automated locate model.
Anti-Money Laundering and Suspicious Activity Monitoring
FINRA will continue to examine firms’ anti-money laundering programs, especially gaps in firms’ automated trading and money movement surveillance systems. FINRA will focus on firms’ controls around accounts held by nominee companies.
Municipal Advisor Registration
FINRA will assess whether firms that provide services to state and local governments that issue municipal securities but do not register as municipal advisors are properly applying the exemptions and exclusions to municipal advisor registration requirements and identifying all individuals who are engaged in municipal advisor activity and would be subject to registration on Form MA-I and the new Series 50 examination requirement.
There are some old and new concerns included in the 2017 priorities related to market integrity issues.
FINRA stresses the importance of members complying with the amended Order Audit Trail System (“OATS”) rule requiring alternative trading systems to submit broader order book activity to OATS. FINRA will closely monitor whether market participants are trading in a potentially manipulative manner. In addition, FINRA expects firms who have begun to receive Cross Market Equity Supervision Report Cards for layering and spoofing activity to review them as a supplement to their own reviews into potentially manipulative activity.
FINRA encourages firms to consider how automation of markets and advances in trading technology affect their order‑handling decisions and factor those changes into their review of the execution quality they provide customers in light of Regulatory Notice 15-46. FINRA also reminds firms of the importance of providing accurate payment for order flow disclosures.
Audit Trail Reporting Early Remediation Initiative and Expansion
FINRA plans to expand its Audit Trail Reporting Early Remediation initiative to other areas such as Regulation NMS trade-throughs and locked and crossed markets. FINRA expects firms to review and use these alerts to correct systems issues and potentially avoid formal investigations.
Tick Size Pilot
Data collection obligations of the Tick Size Pilot will continue in 2017. FINRA will review for compliance with the data requirements of the Tick Size Pilot, as well as compliance with its quoting and trading restrictions.
Market Access Rule
FINRA suggests firms consider incorporating certain practices into their market access controls including implementing, memorializing and monitoring pre-trade and post-trade controls; implementing procedures for the supervision, development, testing and employment of algorithmic trading, including code development or changes; and maintaining reasonable processes to monitor whether trading algorithms operate as intended, and processes to disable algorithms or systems that malfunction. FINRA also suggests firms consider the effective practices FINRA described in Regulatory Notice 15-09.
FINRA’s trading examination priorities include reviewing the adequacy of alternative trading systems’ disclosures to customers about how they operate, reviewing for potential conflicts of interest, and evaluating whether floor brokers and upstairs firms are handling manual options orders in a manner consistent with their best execution obligations. FINRA’s 2017 priorities include a pilot trading examination program that will help FINRA determine the value of conducting targeted examinations of smaller firms which have not previously been subject to review due to low volumes.
Fixed Income Securities Surveillance Program
FINRA will continue to expand its fixed income surveillance program and conduct investigations into problematic activity it detects. FINRA will continue to review firms’ written supervisory procedures to ensure they are reasonably designed to monitor non-bona fide trading. FINRA will also continue to review and investigate potential misrepresentations and misleading conduct by position and sales traders in securitized products. FINRA also will develop customer protection surveillance patterns focusing on compliance with rules applicable to U.S. Treasury securities which will become effective in July, 2017.
Firms should consider the FINRA priorities as they conduct their annual reviews of policies, procedures and business activities or when introducing a new product, business line or compliance tool to their existing business. Where firms observe deficiencies in their own practices, adjustments should be made before they find themselves the subject of a FINRA or Securities and Exchange Commission investigation, examination or enforcement action.