Blog: 2023 Report On FINRA’s Examination And Risk Monitoring Program … – Mondaq

To print this article, all you need is to be registered or login on


On January 10, 2023, the Financial Industry Regulatory Authority
(“FINRA”) issued its 2023 Report on FINRA’s
Examination and Risk Monitoring Program (the
“Report”).1 The Report, which is a more
comprehensive version of FINRA’s former “Risk
Monitoring and Exam Priorities Letter” it published in prior
years, provides insights and observations on key regulatory topics.
Specifically, FINRA (i) identifies the relevant rule(s), (ii)
highlights key considerations for member firms’ compliance
programs, (iii) summarizes noteworthy findings or observations from
recent oversight activities, (iv) outlines effective practices that
FINRA observed through its oversight activities, and (v) provides
reference to resources that may be helpful to member firms in
reviewing their supervisory procedures and controls with respect to
these topics.2 In addition, FINRA’s podcast
“2023’s Must-Read, Report on FINRA’s Examination
and Risk Monitoring
Program”3 (“Podcast”) provides a
helpful overview and focus to some of the principal findings in the

The Report serves as a valuable tool for firms to perform a risk
assessment, identify potential gaps in their existing compliance
programs, and improve their supervisory procedures and controls as
the Report is often thought of as a roadmap for potential future
enforcement interests.

The following section provides an overview of four new
priorities, and certain continuing priorities, that FINRA
highlighted in the Report.

We are currently advising firms on their existing compliance
programs and the guidance set forth in the Report, and would be
happy to discuss any questions you may have.

New and Continuing Priorities

FINRA’s newly identified priorities for 2023 are:

  • Manipulative Trading: Manipulative trading,
    together with Cybersecurity and Technology Governance and
    Anti-Money Laundering, Fraud and Sanctions, is captured in a
    section entitled, “Financial Crimes”. According to
    FINRA, the addition of this section was to underscore its increased
    focus on protecting investors and safeguarding market integrity
    against these threats. With respect to manipulative trading,
    FINRA’s findings principally centered on firms’ failure
    to (i) implement adequate written supervisory procedures to
    identify firm personnel to monitor manipulative conduct, (ii)
    establish escalation processes, (iii) implement surveillance
    controls to capture manipulative trading, and (iv) monitor customer
    activity to identify patterns of potential manipulation.
  • Fixed Income and Fair Pricing: FINRA
    highlighted that firms incorrectly determined the prevailing market
    price, had outdated mark-up/mark-down grids, and failed to
    implement reasonable supervision for establishing fair pricing in
    fixed income securities.
  • Fractional Shares—Reporting and Order
    : FINRA generally found that firms failed to
    report, or report in a timely manner, fractional share orders,
    routes, and trades to trade reporting facilities (e.g.,
    ORF or CAT), and to implement adequate supervisory procedures or
    controls to ensure effective reporting practices and advised that
    firms should refer to FINRA’s guidance on fractional share
    executions, including CAT and trade reporting FAQs.
  • Regulation SHO—Bona Fide Marking Making
    Exemptions and Reuse of Locates for Intraday Buy-to-Cover
    : FINRA observed that firms relied on Regulation
    SHO’s bona fide market making exceptions with respect to
    proprietary trading activity that is not eligible for such
    exceptions and did not comply with the guidance set forth under
    Question 4.4 of the SEC’s Reg SHO FAQ with respect to reuse
    of locates to short sales of threshold or hard to borrow
    securities. FINRA provided examples of how firms should establish
    supervisory systems and appropriate policies and procedures to
    comply with the same.

FINRA also emphasized continuing priorities in its Report (and
has provided additional insight about its concerns in its Podcast)
that, in its view, present evolving risks worth highlighting:

  • Anti-Money Laundering (“AML”): One
    of FINRA’s principal concerns with respect to AML compliance
    is new account fraud where accounts are opened using stolen or
    synthetic identities, which are used for a range of suspicious or
    illicit activities, including, for example, fraudulent account
    transfers to ACATS, the Automated Customer Account Transfer
    Service. The Report covers FINRA’s findings regarding this
    threat and discusses examples of effective practices firms are
    employing to mitigate it. The Report also identifies manipulative
    trading of small cap IPOs and sanctions evasions as emerging risk
  • Regulation Best Interest (“Reg BI”) and
    Form CRS
    : Reg BI and Form CRS remain areas of focus across
    FINRA’s regulatory operations programs. FINRA’s
    observations generally concern firms making recommendations that
    adhere to Reg BI’s Care Obligation, identifying and
    addressing conflicts of interest, disclosure to retail customers of
    material facts as they relate to conflicts of interest,
    establishing and enforcing adequate written supervisory procedures,
    including the provision of effective staff training, and filing,
    delivering, and tracking accurate Forms CRS. FINRA advised that it
    will focus on (i) the intersection of Reg BI and complex products,
    particularly with respect to reasonable alternatives to a new
    product, (ii) whether a brokerage or fee-based product or other
    account types are in the best interest of the client and
    documenting that decision, and (iii) how firms determine what is a
    recommendation and the accuracy of such determination.
  • Cybersecurity: FINRA’s Cyber and
    Analytics Unit team examines member firms’ cybersecurity risk
    management through reviews of their controls. FINRA highlights
    instances where firms did not have reasonably designed procedures
    to investigate cyber events and whether a suspicious activity
    report (“SAR”) filing should be made, emphasizing that
    many cyber threats should be strongly considered for filing an SAR.
    The Report also provides an update on effective cyber securities
    practices, including specific risks associated with ransomware. It
    also addresses managing the risks associated with firms’
    critical vendors or third-party providers.
  • Complex Products and Options: FINRA confirmed
    that it will continue to review firms’ communications and
    disclosures made to customers in relation to complex products.
    FINRA advised that firms should review Regulatory Notice 22-08
    regarding their compliance obligations for complex products and
    options. FINRA advised that it will share its results from its
    targeted exam of firms’ crypto asset retail communications
    that it announced in November 2022, which evaluated whether these
    communications contained false or misleading statements or claims,
    misrepresented the extent to which the federal securities laws or
    FINRA rules apply to a crypto asset product or service, or failed
    to balance the benefits of crypto asset products with their
    associated investment risks.
  • Consolidated Audit Trail (“CAT”):
    FINRA continues to evaluate member firms that receive or originate
    orders in National Market System (“NMS”) stocks,
    over-the-counter equity securities, and listed options for
    compliance with Securities Exchange Act of 1934, as amended
    (“Exchange Act”) Rule 613 and the CAT NMS Plan FINRA
    Rule 6800 Series (Consolidated Audit Trail Compliance Rule). As a
    general matter, FINRA’s review centers on timely submission
    of reportable events and corrections, reporting complete and
    accurate CAT records, and effectively supervising third-party
    vendors, including those responsible for CAT submissions and clock
  • Order Handling, Best Execution, and Conflicts of
    : With respect to these compliance obligations,
    FINRA continues to evaluate whether firms are fully and promptly
    executing marketable customer orders, adequately conducting
    periodic “regular and rigorous reviews,” and clearly
    and completely disclosing the specific terms of any profit-sharing
    relationships—such as payment for order flow with venues to
    which they route orders. FINRA also expressed that firms are not
    publishing accurate quarterly reporting reports under Rule 606. The
    Report includes findings and observations from FINRA’s
    targeted exam in 2020 that evaluated the impact that not charging
    commissions has or will have on member firms’ order-routing
    practices and decisions, and other aspects of member firms’
    business, and its targeted reviews of wholesale market makers
    concerning their order handling practices for customer orders they
    receive from other broker-dealers.
  • Mobile Apps: Among FINRA’s concerns with
    respect to mobile apps are whether they encourage retail investors
    to engage in trading activities and strategies that may not be
    consistent with their investment goals or risk tolerance, and how
    the apps’ interface designs and functionality, could
    influence investor behavior. FINRA observed that mobile apps were
    not adequately distinguishing between the products and services of
    the broker-dealer and those of affiliates or other third parties
    such as transactions. For example, firms did not always make it
    clear that it was their crypto asset affiliate or the third party
    that was offering the crypto assets and not the broker-dealer.
    FINRA noted that this lack of clarity may raise client confusion
    about whether a product is protected under SIPC, under FDIC, or not
    protected at all. FINRA also continues to monitor whether mobile
    apps disclose and explain risks of higher-risk products or services
    such as the certain option and margin lending activities.
  • Books and Records: FINRA reminded firms that
    compliance with their books and recordkeeping requirements continue
    to be a focus of FINRA’s review. FINRA also noted the
    SEC’s recent amendments to Exchange Act Rule 17a-4 that
    modernize electronic recordkeeping obligations for broker-dealers,
    which include an audit-trail alternative to the existing
    requirement that firms preserve electronic records exclusively in a
    non-rewritable, non-erasable format. FINRA reminded firms that the
    amendments modify the language of the required undertakings under
    Exchange Act Rule 17a-4(f) and, for this reason, the firms will
    need to file new undertaking letters that include the new language
    before May 3, 2023, the compliance date.
  • Off-Channel Communications: As part of
    firms’ books and recordkeeping obligations noted above, FINRA
    advised that it will focus on firms’ supervisory procedures
    governing off-channel communications, including the steps firms
    have taken to address the issue, the types of compliant
    technologies firms have incorporated to ensure employees can text
    in a compliant manner, and whether all appropriate firm personnel
    are provided with this technology, and the adequacy of firms’
    training programs in connection with the same. FINRA will also
    examine whether texts are fully ingested into a firms’
    system, in the manner of emails, and whether those texts are
    surveilled and supervised in the same manner as other electronic
    communications. In this regard, FINRA will review firms’
    policies and procedures, their annual compliance questionnaire
    process, and whether there are adequate consequences for employees
    who are not fulfilling their obligations to communicate in a
    compliant manner.
  • Funding Portals: FINRA observed that during
    certain exams, there were instances where the funding portals did
    not deny access to their platforms to issuers where there were
    clear red flags suggesting the potential for fraud. Examples of
    this “red flag” behavior included issuers not providing
    all the required disclosures or otherwise making obviously
    misleading or exaggerated statements. FINRA also observed that some
    funding portals were making recommendations or offering investment
    advice, which is prohibited under the JOBS Act and Regulation
    Crowdfunding. In addition, certain funding portals didn’t
    ensure that investor funds were being returned promptly if an
    offering was, for example, not successfully completed or if the
    return of funds is otherwise required by Regulation
  • Liquidity Risk Management: FINRA reminded
    firms that liquidity management is an essential element of their
    financial responsibility. FINRA emphasized that firms were not
    making provision for reasonable clearing deposit stress amounts in
    their stress tests and that clearing deposit stress tests were
    sometimes based on information that didn’t accurately reflect
    the business operations of the firm. Concern was also expressed
    that firms were not developing liquidity contingency plans to
    operate in a stressed environment, including, for example, the
    process for accessing liquidity and standards on how liquidity
    funding will be used if there is a triggering event.
  • Environmental, Social, and Governance
    (“ESG”) in Communications with the Public
    FINRA referred to ESG in the Report when discussing firms’
    regulatory obligations with respect to communications with the
    public. FINRA discovered that some firms’ ESG communications
    discussed misleading rankings, ratings or awards, and included
    claims about funds that were “inconsistent with or
    unsupported by” offering documents. Accordingly, FINRA said
    that firms need to be “[i]mplementing and maintaining
    reasonably designed procedures for communications promoting ESG
    factors,” including “by prominently describing the
    risks associated with ESG funds.”
  • Private Placements: FINRA observed that firms
    have failed to maintain procedures and supervisory processes to
    perform sufficient due diligence where required, maintain adequate
    due diligence files evidencing such reviews, or comply with the
    private placement filing requirements set forth under FINRA Rules
    5122 and 5123.

FINRA expects that member firms will consider the priorities in
the Report as they develop and assess their compliance,
supervisory, and risk management programs. In addition, member
firms may find it useful to revisit the specific rules and related
guidance noted in the Report as a reference to ensure that their
policies and procedures are current as to any recent

While potential enforcement risks vary for every firm and are
fact-and-circumstance-specific, this Report can be used as part of
firms’ strategic efforts to manage their compliance risks and
potentially minimize the risk of enforcement action.

As noted above, we are currently advising firms on their
existing compliance programs in respect of the guidance set forth
in the Report. We are happy to discuss any questions you may


1 FINRA, 2023 Report on FINRA’s Examination and Risk
Monitoring Program (Jan. 10).

2 It should be noted that Appendix A of the Report
summarizes practices firms have implemented in response to prior
FINRA publications, such as Exam Findings Reports, Priorities
Letters and Reports on FINRA’s Examination and Risk Monitoring
Program to enhance their compliance programs, which FINRA
encourages firms to consider.

3 FINRA, 2023 Must-Read, Report on FINRA’s
Examination and Risk Monitoring Program (Jan. 10).

The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.

POPULAR ARTICLES ON: Finance and Banking from United States

Alternative Investment Funds Comparative Guide

Travers Thorp Alberga

Alternative Investment Funds Comparative Guide for the jurisdiction of Cayman Islands, check out our comparative guides section to compare across multiple countries

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s