To print this article, all you need is to be registered or login on Mondaq.com.
Introduction
On January 10, 2023, the Financial Industry Regulatory Authority
(“FINRA”) issued its 2023 Report on FINRA’s
Examination and Risk Monitoring Program (the
“Report”).1 The Report, which is a more
comprehensive version of FINRA’s former “Risk
Monitoring and Exam Priorities Letter” it published in prior
years, provides insights and observations on key regulatory topics.
Specifically, FINRA (i) identifies the relevant rule(s), (ii)
highlights key considerations for member firms’ compliance
programs, (iii) summarizes noteworthy findings or observations from
recent oversight activities, (iv) outlines effective practices that
FINRA observed through its oversight activities, and (v) provides
reference to resources that may be helpful to member firms in
reviewing their supervisory procedures and controls with respect to
these topics.2 In addition, FINRA’s podcast
“2023’s Must-Read, Report on FINRA’s Examination
and Risk Monitoring
Program”3 (“Podcast”) provides a
helpful overview and focus to some of the principal findings in the
Report.
The Report serves as a valuable tool for firms to perform a risk
assessment, identify potential gaps in their existing compliance
programs, and improve their supervisory procedures and controls as
the Report is often thought of as a roadmap for potential future
enforcement interests.
The following section provides an overview of four new
priorities, and certain continuing priorities, that FINRA
highlighted in the Report.
We are currently advising firms on their existing compliance
programs and the guidance set forth in the Report, and would be
happy to discuss any questions you may have.
New and Continuing Priorities
FINRA’s newly identified priorities for 2023 are:
- Manipulative Trading: Manipulative trading,
together with Cybersecurity and Technology Governance and
Anti-Money Laundering, Fraud and Sanctions, is captured in a
section entitled, “Financial Crimes”. According to
FINRA, the addition of this section was to underscore its increased
focus on protecting investors and safeguarding market integrity
against these threats. With respect to manipulative trading,
FINRA’s findings principally centered on firms’ failure
to (i) implement adequate written supervisory procedures to
identify firm personnel to monitor manipulative conduct, (ii)
establish escalation processes, (iii) implement surveillance
controls to capture manipulative trading, and (iv) monitor customer
activity to identify patterns of potential manipulation. - Fixed Income and Fair Pricing: FINRA
highlighted that firms incorrectly determined the prevailing market
price, had outdated mark-up/mark-down grids, and failed to
implement reasonable supervision for establishing fair pricing in
fixed income securities. - Fractional Shares—Reporting and Order
Handling: FINRA generally found that firms failed to
report, or report in a timely manner, fractional share orders,
routes, and trades to trade reporting facilities (e.g.,
ORF or CAT), and to implement adequate supervisory procedures or
controls to ensure effective reporting practices and advised that
firms should refer to FINRA’s guidance on fractional share
executions, including CAT and trade reporting FAQs. - Regulation SHO—Bona Fide Marking Making
Exemptions and Reuse of Locates for Intraday Buy-to-Cover
Trades: FINRA observed that firms relied on Regulation
SHO’s bona fide market making exceptions with respect to
proprietary trading activity that is not eligible for such
exceptions and did not comply with the guidance set forth under
Question 4.4 of the SEC’s Reg SHO FAQ with respect to reuse
of locates to short sales of threshold or hard to borrow
securities. FINRA provided examples of how firms should establish
supervisory systems and appropriate policies and procedures to
comply with the same.
FINRA also emphasized continuing priorities in its Report (and
has provided additional insight about its concerns in its Podcast)
that, in its view, present evolving risks worth highlighting:
- Anti-Money Laundering (“AML”): One
of FINRA’s principal concerns with respect to AML compliance
is new account fraud where accounts are opened using stolen or
synthetic identities, which are used for a range of suspicious or
illicit activities, including, for example, fraudulent account
transfers to ACATS, the Automated Customer Account Transfer
Service. The Report covers FINRA’s findings regarding this
threat and discusses examples of effective practices firms are
employing to mitigate it. The Report also identifies manipulative
trading of small cap IPOs and sanctions evasions as emerging risk
areas. - Regulation Best Interest (“Reg BI”) and
Form CRS: Reg BI and Form CRS remain areas of focus across
FINRA’s regulatory operations programs. FINRA’s
observations generally concern firms making recommendations that
adhere to Reg BI’s Care Obligation, identifying and
addressing conflicts of interest, disclosure to retail customers of
material facts as they relate to conflicts of interest,
establishing and enforcing adequate written supervisory procedures,
including the provision of effective staff training, and filing,
delivering, and tracking accurate Forms CRS. FINRA advised that it
will focus on (i) the intersection of Reg BI and complex products,
particularly with respect to reasonable alternatives to a new
product, (ii) whether a brokerage or fee-based product or other
account types are in the best interest of the client and
documenting that decision, and (iii) how firms determine what is a
recommendation and the accuracy of such determination. - Cybersecurity: FINRA’s Cyber and
Analytics Unit team examines member firms’ cybersecurity risk
management through reviews of their controls. FINRA highlights
instances where firms did not have reasonably designed procedures
to investigate cyber events and whether a suspicious activity
report (“SAR”) filing should be made, emphasizing that
many cyber threats should be strongly considered for filing an SAR.
The Report also provides an update on effective cyber securities
practices, including specific risks associated with ransomware. It
also addresses managing the risks associated with firms’
critical vendors or third-party providers. - Complex Products and Options: FINRA confirmed
that it will continue to review firms’ communications and
disclosures made to customers in relation to complex products.
FINRA advised that firms should review Regulatory Notice 22-08
regarding their compliance obligations for complex products and
options. FINRA advised that it will share its results from its
targeted exam of firms’ crypto asset retail communications
that it announced in November 2022, which evaluated whether these
communications contained false or misleading statements or claims,
misrepresented the extent to which the federal securities laws or
FINRA rules apply to a crypto asset product or service, or failed
to balance the benefits of crypto asset products with their
associated investment risks. - Consolidated Audit Trail (“CAT”):
FINRA continues to evaluate member firms that receive or originate
orders in National Market System (“NMS”) stocks,
over-the-counter equity securities, and listed options for
compliance with Securities Exchange Act of 1934, as amended
(“Exchange Act”) Rule 613 and the CAT NMS Plan FINRA
Rule 6800 Series (Consolidated Audit Trail Compliance Rule). As a
general matter, FINRA’s review centers on timely submission
of reportable events and corrections, reporting complete and
accurate CAT records, and effectively supervising third-party
vendors, including those responsible for CAT submissions and clock
synchronization. - Order Handling, Best Execution, and Conflicts of
Interest: With respect to these compliance obligations,
FINRA continues to evaluate whether firms are fully and promptly
executing marketable customer orders, adequately conducting
periodic “regular and rigorous reviews,” and clearly
and completely disclosing the specific terms of any profit-sharing
relationships—such as payment for order flow with venues to
which they route orders. FINRA also expressed that firms are not
publishing accurate quarterly reporting reports under Rule 606. The
Report includes findings and observations from FINRA’s
targeted exam in 2020 that evaluated the impact that not charging
commissions has or will have on member firms’ order-routing
practices and decisions, and other aspects of member firms’
business, and its targeted reviews of wholesale market makers
concerning their order handling practices for customer orders they
receive from other broker-dealers. - Mobile Apps: Among FINRA’s concerns with
respect to mobile apps are whether they encourage retail investors
to engage in trading activities and strategies that may not be
consistent with their investment goals or risk tolerance, and how
the apps’ interface designs and functionality, could
influence investor behavior. FINRA observed that mobile apps were
not adequately distinguishing between the products and services of
the broker-dealer and those of affiliates or other third parties
such as transactions. For example, firms did not always make it
clear that it was their crypto asset affiliate or the third party
that was offering the crypto assets and not the broker-dealer.
FINRA noted that this lack of clarity may raise client confusion
about whether a product is protected under SIPC, under FDIC, or not
protected at all. FINRA also continues to monitor whether mobile
apps disclose and explain risks of higher-risk products or services
such as the certain option and margin lending activities. - Books and Records: FINRA reminded firms that
compliance with their books and recordkeeping requirements continue
to be a focus of FINRA’s review. FINRA also noted the
SEC’s recent amendments to Exchange Act Rule 17a-4 that
modernize electronic recordkeeping obligations for broker-dealers,
which include an audit-trail alternative to the existing
requirement that firms preserve electronic records exclusively in a
non-rewritable, non-erasable format. FINRA reminded firms that the
amendments modify the language of the required undertakings under
Exchange Act Rule 17a-4(f) and, for this reason, the firms will
need to file new undertaking letters that include the new language
before May 3, 2023, the compliance date. - Off-Channel Communications: As part of
firms’ books and recordkeeping obligations noted above, FINRA
advised that it will focus on firms’ supervisory procedures
governing off-channel communications, including the steps firms
have taken to address the issue, the types of compliant
technologies firms have incorporated to ensure employees can text
in a compliant manner, and whether all appropriate firm personnel
are provided with this technology, and the adequacy of firms’
training programs in connection with the same. FINRA will also
examine whether texts are fully ingested into a firms’
system, in the manner of emails, and whether those texts are
surveilled and supervised in the same manner as other electronic
communications. In this regard, FINRA will review firms’
policies and procedures, their annual compliance questionnaire
process, and whether there are adequate consequences for employees
who are not fulfilling their obligations to communicate in a
compliant manner. - Funding Portals: FINRA observed that during
certain exams, there were instances where the funding portals did
not deny access to their platforms to issuers where there were
clear red flags suggesting the potential for fraud. Examples of
this “red flag” behavior included issuers not providing
all the required disclosures or otherwise making obviously
misleading or exaggerated statements. FINRA also observed that some
funding portals were making recommendations or offering investment
advice, which is prohibited under the JOBS Act and Regulation
Crowdfunding. In addition, certain funding portals didn’t
ensure that investor funds were being returned promptly if an
offering was, for example, not successfully completed or if the
return of funds is otherwise required by Regulation
Crowdfunding. - Liquidity Risk Management: FINRA reminded
firms that liquidity management is an essential element of their
financial responsibility. FINRA emphasized that firms were not
making provision for reasonable clearing deposit stress amounts in
their stress tests and that clearing deposit stress tests were
sometimes based on information that didn’t accurately reflect
the business operations of the firm. Concern was also expressed
that firms were not developing liquidity contingency plans to
operate in a stressed environment, including, for example, the
process for accessing liquidity and standards on how liquidity
funding will be used if there is a triggering event. - Environmental, Social, and Governance
(“ESG”) in Communications with the Public:
FINRA referred to ESG in the Report when discussing firms’
regulatory obligations with respect to communications with the
public. FINRA discovered that some firms’ ESG communications
discussed misleading rankings, ratings or awards, and included
claims about funds that were “inconsistent with or
unsupported by” offering documents. Accordingly, FINRA said
that firms need to be “[i]mplementing and maintaining
reasonably designed procedures for communications promoting ESG
factors,” including “by prominently describing the
risks associated with ESG funds.” - Private Placements: FINRA observed that firms
have failed to maintain procedures and supervisory processes to
perform sufficient due diligence where required, maintain adequate
due diligence files evidencing such reviews, or comply with the
private placement filing requirements set forth under FINRA Rules
5122 and 5123.
FINRA expects that member firms will consider the priorities in
the Report as they develop and assess their compliance,
supervisory, and risk management programs. In addition, member
firms may find it useful to revisit the specific rules and related
guidance noted in the Report as a reference to ensure that their
policies and procedures are current as to any recent
amendments.
While potential enforcement risks vary for every firm and are
fact-and-circumstance-specific, this Report can be used as part of
firms’ strategic efforts to manage their compliance risks and
potentially minimize the risk of enforcement action.
As noted above, we are currently advising firms on their
existing compliance programs in respect of the guidance set forth
in the Report. We are happy to discuss any questions you may
have.
Footnotes
1 FINRA, 2023 Report on FINRA’s Examination and Risk
Monitoring Program (Jan. 10).
2 It should be noted that Appendix A of the Report
summarizes practices firms have implemented in response to prior
FINRA publications, such as Exam Findings Reports, Priorities
Letters and Reports on FINRA’s Examination and Risk Monitoring
Program to enhance their compliance programs, which FINRA
encourages firms to consider.
3 FINRA, 2023 Must-Read, Report on FINRA’s
Examination and Risk Monitoring Program (Jan. 10).
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
POPULAR ARTICLES ON: Finance and Banking from United States
Travers Thorp Alberga
Alternative Investment Funds Comparative Guide for the jurisdiction of Cayman Islands, check out our comparative guides section to compare across multiple countries
postbrexitcompliance.com 