The Financial Industry Regulatory Authority, Inc. (“FINRA”) recently issued its 2021 Report on FINRA’s Risk Monitoring and Examination Activities (the “Report”). A copy of the Report is available at https://www.finra.org/sites/default/files/2021-02/2021-report-finras-examination-risk-monitoring-program.pdf. The Report replaces two of FINRA’s prior publications: (1) the Report on FINRA Examination Findings and Observations, which provided an analysis of prior examination results; and (2) the Risk Monitoring and Examination Priorities Letter, which highlighted areas FINRA planned to review in the coming year.
The new Report is designed to assist FINRA member firms’ compliance programs by providing annual insights from FINRA’s ongoing regulatory operations. For selected regulatory obligations highlighted in the Report, it: (a) identifies the applicable rule and key related considerations for broker-dealer compliance programs; (b) summarizes noteworthy findings from recent FINRA examinations and outlines effective practices; and (c) provides additional resources that may be helpful to member firms. Many of the areas addressed in the Report represent ongoing core compliance responsibilities that are reviewed as part of FINRA’s risk-based examination program each year. Firms are advised to review their policies, procedures, and business activities in light of the Report.
The Report contains several highlighted areas of general application as well as addresses several regulatory key topics for four categories: (1) Firm Operations; (2) Communications and Sales; (3) Market Integrity; and (4) Financial Management.
Key Areas of General Application
- Regulation Best Interest (“Reg BI”) and Form CRS – FINRA will effect a more comprehensive review of whether member firms have established and implemented policies, procedures, and a system of supervision reasonably designed to comply with Reg BI and Form CRS with a focus on processes, practices, and conduct that may cause customer harm.
- Consolidated Audit Trail (“CAT”) – As FINRA noted in Regulatory Notice 20‑31, all member firms that receive or originate orders in National Market System (“NMS”) stocks, over-the-counter (“OTC”) equity securities, or listed options must report to CAT. All proprietary trading activity, including market making activity, is subject to CAT reporting with no exclusions or exemptions for size or type of firm or type of trading activity.
- Cybersecurity – FINRA reminds firms in the Report that it reviews cybersecurity programs for design and tailoring to a firm’s risk profile, business model, scale of operations, and compliance with business continuity plan requirements, and to Regulation S‑P Rule 30, which requires member firms to have policies and procedures addressing the protection of customer records and information, especially in the current climate which gives rise to an increase in remote work and virtual client interactions, combined with an increase in cyber-related crimes.
- Communications with the Public – FINRA continues to evaluate member firms for compliance with Rule 2210, with an increasing focus on communications relating to (a) certain new products, (b) new digital communication channels, including the use of app-based platforms with interactive or “game-like” features that are intended to influence customers, their related forms of marketing, and the appropriateness of the activity that they are approving clients to undertake through those platforms, and (c) the provision of cash management services that sweep customer cash into affiliate or partner banks or money market funds.
- Best Execution – To evaluate the impact that not charging commissions has or will have on member firms’ order-routing practices and decisions, and other aspects of member firms’ business, FINRA will continue to focus on potential conflicts of interest in order-routing decisions, appropriate policies and procedures for different order and security types, and the sufficiency of member firms’ reviews of execution quality, as well as on a targeted review of member firms that do not charge commissions for customer transactions. This focus is likely a direct result of the Robinhood Financial action in December 2019 found here at https://www.finra.org/media-center/newsreleases/2019/finra-fines-robinhood-financial-llc-125-million-best-execution.
- Variable Annuities – FINRA will continue to evaluate member firms’ variable annuity exchanges under Rule 2330 and, when applicable, Reg BI, especially firm training, and disclosures to customers who were impacted by the October 2018 announcement by Ohio National Financial Services stating it will terminate servicing agreements, cancel certain trail commissions for registered representatives, and provide buyout offers to its variable annuity customers.
Within member firm operations, the Report identifies regulatory obligations and related considerations as well as examination findings, emerging risks, and effective practices in the following areas:
- Anti-money laundering (compliance with Bank Secrecy Act and Rule 3310 requirements);
- Cybersecurity and technology governance;
- Monitoring and reporting outside business activities and private securities transactions;
- Books and records obligations, highlighting the use of cloud service providers and compliance with SEC Rule 17a‑4(f)(2);
- Regulatory event reporting issues, including firms not conducting regular surveillance for unreported events; and
- Fixed-income mark-up disclosures failing to be expressed as both a total dollar amount for the transaction and a percentage of prevailing market price.
Within the Firm Operations section, FINRA noted these emerging risks that should be addressed by member firms:
- Fraud, financial crimes, and other problematic practices involving microcap and penny stock activity transacted in omnibus accounts maintained for foreign financial institutions and foreign affiliates of U.S. broker-dealers;
- Data breaches and increased risks for firms that do not implement practices to address phishing emails or require multi-factor authentication for accessing non-public information; and
- Registered representatives who received a PPP loan for an outside business activity that had not been disclosed to their firms and may have required an update to their Form U4.
As part of the Report, additional resources are listed and hyperlinks provided to applicable FINRA Regulatory Notices, Notices to Members, and previous FINRA reports to allow member firms to conduct a detailed review of their policies, business practices, and supervisory systems in these highlighted and other operational areas.
Communications and Sales
In the Communications and Sales section of the Report, FINRA provides detail on its preliminary findings and considerations with respect to the June 30, 2020, implementation of Reg BI’s “best interest” standard of conduct for broker-dealers and associated persons, the contents and distribution of Form CRS, and policies and procedures differentiating between the application of Reg BI to “retail investors” versus the suitability obligation owed to non-retail investors under Rule 2111.
There will be a continued focus on compliance with communications with the public (Rule 2210) with an emphasis on:
- Whether a firm’s digital communication policy addresses all permitted and prohibited digital communication channels and features available to its customers and associated persons;
- Whether a firm provides a fair and balanced presentation in marketing materials and retail communications, including addressing risks presented by digital asset investments; and
- If communications regarding cash management programs fairly disclose the program’s features, risks, and any conflicts of interest.
FINRA will also continue its emphasis on private placements, reviewing a member firm’s due diligence procedures (including reliance on third-party reports), suitability/best interests analysis, and timeliness and contents of required filings under Rule 5122 and Rule 5123.
Compliance with a firm’s variable annuities responsibilities under Rule 2330, especially with respect to buyouts, unsuitable exchanges, and source of funds review, will also continue as in recent years.
In its review of the Consolidated Audit Trail requirements, FINRA will review reporting to the CAT, clock synchronization, time stamps, connectivity and data transmission, development and testing, recordkeeping, the timeliness, accuracy, and completeness of data, and compliance dates. The review will also assess a firm’s written supervisory procedures (“WSPs”) which, at a minimum, must (1) identify the individual, by name or title, responsible for the review of CAT reporting; (2) describe specifically what type of review will be conducted of the data posted on the CAT Reporter Portal; (3) specify how often the review will be conducted; and (4) describe how the review will be evidenced.
The execution quality of customer orders must be tested by a firm under Rule 5310 and, where “regular and rigorous” reviews are used instead of order-by-order reviews, the reviews must be performed, and documented, at a minimum on a quarterly basis and on a security-by-security, type‑of‑order basis (e.g., limit order, market order, and market on open order). If, during the course of a best execution review, a firm identifies material differences in execution quality among the markets that trade the securities under review, FINRA directs that the firm either modify its routing arrangements or justify, in writing, why it is not doing so.
Firms that provide market access to customers will be reviewed to determine if they have implemented reasonably designed risk-management controls and WSPs to manage the financial, regulatory, or other risks associated with this business activity.
In connection with the net capital requirements under SEC Rule 15c3‑1, FINRA directs firms to pay special attention to the correct classification of assets and identification and aging of failed-to-deliver contracts, taking applicable net capital charges and applying deductions to their net capital calculation. In addition, FINRA will continue to review the methodology and accompanying documentation for allocating specific broker‑dealer costs to firms or any affiliate under an expense sharing agreement.
FINRA will review firms’ liquidity risk management practices as required by SEC Rule 17a‑3(a)(23) based upon a firm’s current business activities, including establishing governance around liquidity management, determining who is responsible for monitoring the firm’s liquidity position, how often that position is monitored, how frequently the monitoring parties meet as a group, and creating and stress testing the firm’s liquidity management plan.
As part of a firm’s credit risk management, FINRA will review whether a firm is accurately capturing its credit risk exposure, maintaining approval and documented processes for increases or other changes to credit limits, and monitoring exposure to any affiliated counterparties for the possible impact on firm capital.
Adherence to the Customer Protection Rule (SEC Rule 15c3‑3) will continue to be a focus and, if a member firm claims an exemption from the Rule, FINRA will review whether the firm implements consistent processes for forwarding customer checks to its clearing firm and maintains accurate records to demonstrate that checks were forwarded in a timely manner. Additionally, if a firm is engaging in digital asset transactions, it must demonstrate the controls and procedures it has established to support facilitation of such transactions.
Firms should consider the FINRA areas of focus as they conduct their annual reviews of WSPs and business activities, especially when introducing a new product, business line, or compliance tool to their existing business. The Report contains a number of helpful resources, guidance, and practice suggestions in order to maintain a compliance program that will withstand regulatory scrutiny.