Blog: FINRA Publishes 2023 Report On Its Examination And Risk … – Mondaq

To print this article, all you need is to be registered or login on

New Topics and Material Highlight FINRA’s
Increased Focus on Market Integrity and Other Key Risk

On January 10, 2023, the Financial Industry Regulatory
Authority, Inc. (“FINRA”) published the 2023 Report on FINRA’s Examination and Risk
Monitoring Program
(the “Report”). FINRA highlights
several topics as key areas of risk for investors and the markets,
including mobile apps, complex products and options, order
handling/best execution, Regulation Best Interest (“Reg
BI”) and Form CRS, and cybersecurity. FINRA’s focus on
these topics in 2023 is expected given that each has been the
subject of regulatory initiatives of FINRA and the US Securities
and Exchange Commission (“SEC”) in the recent past. The
regulators’ focus on these topics is likely to intensify with
the continued fallout from the collapse of FTX and other market
participants, particularly with respect to those business practices
and products with extensive use by, or impact on, retail

Notably, the Report also adds several new topics relating to
Market Integrity, including with respect to fair pricing
obligations for fixed income securities, trade reporting and order
handling requirements for fractional shares, and certain aspects of
Regulation SHO. Additionally, the Report includes manipulative
trading as a new topic, which, together with existing topics on
cybersecurity/technology governance and anti-money laundering
(“AML”)/fraud/sanctions, is covered under a new Financial
Crimes section. Finally, FINRA adds new content on a wide range of
topics covered in previous years.

Below, we provide a brief overview of the Report’s new
topics, as well as the new material in previously covered

Selected Highlights

The Report identifies the following topics as key areas of risk
to investors and the markets.

  • Reg BI and Form CRS. FINRA’s reviews focus
    on, among other things, whether firms are making recommendations
    that adhere to Reg BI’s Care Obligation, identifying and
    addressing conflicts of interest, disclosing to retail customers
    all material facts related to conflicts of interest, and
    establishing and enforcing adequate written supervisory procedures
    (“WSPs”) (including the provision of effective staff
  • Consolidated Audit Trail (“CAT”).
    With respect to firms’ compliance with CAT reporting
    requirements, FINRA focuses on the timely submission of reportable
    events and corrections, reporting complete and accurate CAT
    records, and effectively supervising third-party vendors (including
    those responsible for CAT submissions and clock
  • Order Handling, Best Execution and Conflicts of
    . To assess firms’ compliance with best
    execution obligations under FINRA Rule 5310 and Rule 606 of
    Regulation NMS, FINRA evaluates whether firms are fully and
    promptly executing marketable customer orders, adequately
    conducting periodic “regular and rigorous reviews,” and
    disclosure of the terms of profit-sharing relationships
    (e.g., payment for order flow) with venues to which firms
    route orders. FINRA’s continued focus on order handling, best
    execution and conflicts of interest is consistent with the targeted
    regulatory efforts it has undertaken in recent years, including
    targeted reviews of the impact of the zero-commission model on
    firms’ order routing practices1 and the order
    handling practices of wholesale market makers. We expect
    FINRA’s focus on best execution and order handling to continue
    for the foreseeable future, particularly in light of the SEC’s
    recent rulemaking proposals to reshape the US equity markets and
    adopt a new best execution regulation.
  • Mobile Apps. FINRA emphasizes again, as it did
    in last year’s report, that mobile apps raise novel questions
    and potential concerns relating to customer protection. FINRA
    highlights that some mobile apps are not adequately distinguishing
    between products and services of the brokerdealer and those of
    affiliates and/or other third parties. Moreover, FINRA will monitor
    how mobile apps disclose and explain risks associated with
    higher-risk products and services. Last year, FINRA identified
    significant problems with some mobile apps’ communications with
    customers and firms’ supervision of activity on those apps
    (particularly with respect to controls around account openings).
    Mobile apps continue to be a focus of securities regulators, as we
    will further highlight below.
  • Cybersecurity. To enhance FINRA’s ability
    to proactively address cybersecurity threats, FINRA has established
    a new “Cyber and Analytics Unit,” which has separate
    teams for examining firms’ cybersecurity risk management
    programs, conducting investigations of cyber-related fraud, and
    investigating and examining crypto-asset activities. FINRA also has
    increased its outreach to firms regarding cybersecurity threats,
    including notifying them of websites or social media profiles which
    may be attempting to impersonate a firm or its personnel, or
    individuals purporting to be associated with the firm.
  • Complex Products and Options. FINRA is
    continuing its review of firms’ business practices with respect
    to complex products and options, including related communications
    and disclosures to customers. Last year, FINRA published a
    regulatory notice to remind firms of their current regulatory
    obligations regarding complex products and options2 and
    initiated a targeted exam of firms’ crypto asset retail
    communications.3 In December 2022, FINRA provided an
    update on its previous targeted exam on firms’ practices and
    controls related to the opening of options accounts and related
    areas, including account supervision, communications and

Core Topics

The Report addresses 24 regulatory topics organized into five
sections: Financial Crimes; Firm Operations; Communications and
Sales; Market Integrity; and Financial Management. We highlight
below the new topics for 2023 and certain of the new material that
FINRA added to previously covered topics.


The Financial Crimes section has been newly added and includes
discussion of cybersecurity, AML, fraud and sanctions, and
manipulative trading as topics. Cybersecurity and AML were
previously covered in the Firm Operations section of last
year’s report.

FINRA identifies numerous new
cybersecurity-related considerations, observations
and effective practices. In particular, FINRA adds a new section
regarding branch controls, which addresses, among other things,
branch-specific cybersecurity risks and registered
representatives’ use of personal devices for firm business.

With respect to AML, fraud and sanctions, FINRA
highlights several considerations relating to identity theft,
including identifying and responding to relevant identity theft
“red flags” in connection with account openings,
particularly for firms that offer account openings online or
through mobile apps. Additionally, FINRA identified the following
as emerging AML risk areas: (i) manipulative trading in small cap
initial public offerings (“IPOs”), in which FINRA has
observed significant unexplained price increases on the day of or
shortly after such IPOs;5 (ii) activity in customer
accounts that may relate to the evasion of Russian
sanctions;6 and (iii) fraudulent transfers of accounts
through the Automated Customer Account Transfer Service (referred
to by FINRA as ACATS fraud).7

With respect to manipulative trading, a new
topic in 2023, FINRA highlights several effective practices,
including maintaining and reviewing customer and proprietary data
to detect manipulative schemes, such as those that involve
correlated securities (e.g., stocks, exchange-traded
products and options) and monitoring activity occurring across
multiple platforms that also may involve related financial
instruments or multiple correlated products.


The Firm Operations section of the Report discusses outside
business activities (“OBAs”) and private securities
transactions (“PSTs”), books and records requirements,
regulatory events reporting under FINRA Rule 4530, firm short
positions and fails-to-receive in municipal securities,
“trusted contact persons” for purposes of FINRA Rule
4512(a)(1)(F), and funding portals and crowdfunding offerings.
Below, we discuss key takeaways from this section of the

FINRA encourages firms to monitor whether a previously approved
OBA has changed over time and potentially created
new conflicts or issues, or evolved into a PST
requiring firm approval, supervising and recording of compensation.
FINRA also encourages firms to consider providing training and
guidance to personnel regarding their potential engagement in OBAs
and PSTs during on-boarding and periodically thereafter.

With respect to books and records requirements
under SEC Rules 17a-3 and 17a-4 and FINRA Rules 3110(b)(4) and
4511, FINRA reminds firms that they must preserve originals of all
communications (e.g., emails, instant messages, test
messages, chat messages) received and sent relating to their
“business as such,” including through non-firm or
third-party digital communications channels used by personnel to
conduct firm business. Firms should consider whether their digital
communication policy addresses all permitted and prohibited digital
communication channels and features for customers and associated
persons. Firms also should consider whether they have processes and
procedures to monitor for new communications methods available to
customers and associated persons, and whether to establish reviews
for “red flags” that may indicate a registered
representative is communicating through an unapproved communication
channel. Following the SEC’s significant enforcement actions
against numerous firms in 2022 for “off-channel
communications” and related recordkeeping failures, FINRA will
likely focus on what firms are doing to address these issues and
what technology solutions firms are incorporating into their
operations to ensure compliance.

With respect to the SEC’s recent amendments to SEC Rule
17a-4, FINRA reminds firms which rely on SEC Rule 17a-4(f) to
preserve required records electronically to file with FINRA new
undertakings reflecting the amended language by May 3,


The Communications and Sales section of the Report includes Reg
BI and Form CRS, communications with the public, private placements
and variable annuities as topics. Below are certain highlights from
this section.

The Report contains a substantial amount of new material related
to the four component obligations of Reg BI: Care,
Conflict of Interest, Disclosure and Compliance. The Report
addresses several points related to complex or higher-risk products
e.g., firms should consider applying heightened
scrutiny in determining whether investments that are high-risk,
high-cost, complex or represent a high conflict of interest are in
a retail customer’s best interest.

FINRA adds new material in the Report regarding
communications with the public. FINRA discusses
its findings and concerns regarding certain aspects of firms’
communications through mobile apps and other digital communications
promoting crypto assets or Environmental, Social and Governance
(“ESG”) products. For example, FINRA highlights concerns
with the accuracy of information and the adequacy of disclosure on
mobile apps and in communications promoting crypto assets. FINRA
also highlights findings relating to the lack of adequate
disclosure on whether crypto assets or services are covered under
the federal securities laws or the Securities Investor Protection
Act of 1970. With respect to ESG factors, FINRA has observed firms
using fund communications that contain claims inconsistent with or
unsupported by the fund’s offering documents, or include
rankings, ratings or awards that lack a sound basis or are
unwarranted or misleading based on the criteria used or factors


The Market Integrity section of the Report discusses CAT
reporting obligations, best execution obligations, disclosure of
routing information, fair pricing obligations for fixed income
securities, reporting and order handling obligations for fractional
shares, and bona fide market making exemptions and reuse of
“locates” for intraday buy-to-cover trades under
Regulation SHO. Key takeaways from this section are discussed

The Report’s exam findings related to best
obligations focus on the requirement for firms
to conduct “regular and rigorous” reviews of the
execution quality of its customers’ orders. In relation to such
reviews, FINRA highlights as an effective practice considering the
potential execution quality available at various trading centers,
including those to which a firm does not send order flow; and being
prepared to explain and evidence the firm’s best execution
analysis on a “regular and rigorous” or orderby-order
basis, as applicable.

FINRA adds fair pricing obligations for fixed income
as a new topic in 2023. During exams, FINRA has
observed that firms incorrectly determine the prevailing market
price (“PMP”) pursuant to the requirements of FINRA Rule
2121 and Municipal Securities Rulemaking Board (“MSRB”)
Rule G-30, use outdated mark-up/mark-down grids and provide
unreasonable supervision by solely relying on grids or fixed
mark-up/mark-down thresholds (i.e., without performing a facts and
circumstances analysis as required by FINRA Rule 2121 and MSRB Rule
G-30). FINRA notes, as an effective practice, firms can compare
their mark-ups/mark-downs with industry data provided in the TRACE
and MSRB Markup/Mark-down Analysis Reports.

Also a new topic in the Report is reporting and order
handling obligations for fractional shares
. FINRA reminds
firms that trades in fractional share quantities must be reported
in accordance with FINRA traded reporting rules and related
guidance (which requires rounding quantities up to one if less than
one share and truncating the fractional quantity for transactions
that involve both a whole-share and fractional share quantity).
FINRA also reminds firms that they must comply with FINRA’s
order handling rules, including with respect to best execution
(FINRA Rule 5130), in handling and executing customer fractional
share orders.

Bona fide market making exemptions and reuse of locates
for intraday buy-to cover trades under Regulation SHO
is a
new topic this year. FINRA has observed firms failing to
distinguish bona fide market making activities from other
proprietary trading activity that is not eligible to rely on
Regulation SHO’s bona fide market making exception. FINRA also
has observed impermissible reuse of locates for intraday
buy-to-cover trades for a “hard to borrow” or a threshold


The Financial Management section of the Report discusses net
capital, liquidity risk management, credit risk management,
portfolio margin and intraday trading and segregation of assets and
customer protection.

As part of the new material relating to net
(SEC Rule 15c3-1), FINRA encourages firms to
consider how they assess the potential impact to net capital for
new, complex or atypical transactions. FINRA has observed firms
that apply incorrect capital charges for underwriting commitments,
including by not establishing and maintaining WSPs for calculating
and applying open commitment charges and failing to maintain an
accurate record or log of underwritings in which the firm is
involved. FINRA highlights as an effective practice establishing
WSPs for calculating and applying open contractual commitment
charges (as well as focusing on the product and proper haircut
percentage) and ensuring the firm’s role in the underwriting
(i.e., best efforts or firm commitment) is clear within the
underwriting agreement.


Firms should review the Report’s discussion of the new
topics and new material for previously covered topics to identify
potential gaps and areas for enhancement in their compliance
programs and supervisory controls. Moreover, firms should use the
Report in their preparation for regulatory exams and pay close
attention to emerging risk areas relevant to their particular
business operations and practices.


1. See FINRA Targeted Examination Letter on Zero
(February 2020).

2. See FINRA Regulatory Notice 22-08 (Complex Products
and Options)
(March 2022).

3. See FINRA Targeted Exam Letter: Crypto Asset
(August 2022).

4. See FINRA Update on Sweep: Option Account Opening,
Supervision and Related Areas
(December 2022). See our Legal Update.

5. See FINRA Regulatory Notice 22-25 (Heightened Threat
of Fraud)
(November 2022).

6. See FINRA Regulatory Notice 22-06 (U.S. Imposes
Sanctions on Russian Entities and Individuals)

7. See FINRA Regulatory Notice 22-21 (Heightened Threat
of Fraud)
(October 2022).

8. Our Legal Update regarding the SEC’s amendments to
SEC Rule 17a-4 is available here. In addition, in December 2022,
FINRA published a chart of significant changes to SEC Rule 17a-4,
available here.

Visit us at

Mayer Brown is a global legal services provider
comprising legal practices that are separate entities (the
“Mayer Brown Practices”). The Mayer Brown Practices are:
Mayer Brown LLP and Mayer Brown Europe – Brussels LLP, both limited
liability partnerships established in Illinois USA; Mayer Brown
International LLP, a limited liability partnership incorporated in
England and Wales (authorized and regulated by the Solicitors
Regulation Authority and registered in England and Wales number OC
303359); Mayer Brown, a SELAS established in France; Mayer Brown
JSM, a Hong Kong partnership and its associated entities in Asia;
and Tauil & Chequer Advogados, a Brazilian law partnership with
which Mayer Brown is associated. “Mayer Brown” and the
Mayer Brown logo are the trademarks of the Mayer Brown Practices in
their respective jurisdictions.

© Copyright 2020. The Mayer Brown Practices. All rights

Mayer Brown
article provides information and comments on legal
issues and developments of interest. The foregoing is not a
comprehensive treatment of the subject matter covered and is not
intended to provide legal advice. Readers should seek specific
legal advice before taking any action with respect to the matters
discussed herein.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s