The Impact to Compliance and Risk Management
FINRA announced its priorities for the year, which will drive examination and regulatory programs and significantly impact market participants focused on compliance, supervision and risk management. This article by Venable attorneys discusses FINRA’s focus on five specific areas.
In January, FINRA released its annual Regulatory and Examinations Priorities Letter. As with prior editions, the letter highlights the areas of risk and concern that will drive FINRA’s examination and regulatory programs. The backdrop, as with prior FINRA letters, is to assist firms in strengthening their compliance, supervision and risk management internal controls. In 2017, FINRA’s priorities will include a focus on five specific areas:
- High-risk and Recidivist Brokers
- Sales Practices
- Financial Risks
- Operational Risks
- Market Integrity
In this alert, we provide an overview of some of the most significant issues addressed in FINRA’s letter. Of course, FINRA continually assesses the market and is likely to identify additional areas of concern throughout the course of the year. FINRA also plans to initiate electronic, off-site reviews in 2017, which will allow FINRA to review selected areas by making targeted and limited information requests to firms and analyzing responses off-site. Firms should continue to monitor FINRA’s website for developments and update their practices as needed to address changes in regulatory risk.
High-Risk and Recidivist Brokers
The first area of priority FINRA identified is the hiring and monitoring of high-risk and recidivist brokers. In particular, FINRA will be devoting attention to firms’ supervisory and compliance controls in this area and is strengthening its approach to high-risk and recidivist brokers in several ways:
- Examination Unit – FINRA’s dedicated group of examiners will identify brokers who may pose a high risk to investors and will review the brokers’ interactions with customers and their compliance with rules.
- Supervisory Procedures – FINRA will review firms’ procedures for hiring or retaining statutorily disqualified and recidivist brokers, examine firms’ due diligence on such individuals and monitor for the timely submission of U4 and U5 disclosures.
- Branch Offices – FINRA will evaluate firms’ inspection programs and supervisory systems for branch and nonbranch office locations, including the supervision of account activity, advertising, websites, social media and communications with customers.
In selecting the broad category of sales practices as a 2017 priority, FINRA makes clear that investor protection lies at the heart of its mission and remains a top priority. In particular, FINRA will focus on the following areas:
- Senior Investors – FINRA will assess firms’ controls to protect senior investors from improper advice, fraud and other abuses, including microcap (penny stock) fraud schemes targeting the elderly and ill-advised purchasing of speculative or complex products that are unsuitable for a particular investor’s profile.
- Product Suitability and Concentration – FINRA will examine firms’ product vetting processes, supervisory systems and controls and suitability reviews. FINRA advises that training should cover the risks and objectives with respect to products sold and that controls should be in place to avoid excessive concentration of particular types of products in customer accounts. By way of example, FINRA notes that certain exchange-traded products (ETPs), real estate investment trusts (REITs) and unlisted business development corporations (BDCs) have raised frequent concerns, including high commissions and fees, illiquidity and material credit risks.
- Excessive and Short-term Trading of Long-term Products – FINRA will focus on firms’ monitoring of such recommendations, given that this kind of trading can be detrimental to clients who may experience diminished investment returns, increased costs and missed dividend payments.
- Outside Activities and Private Securities Transactions – FINRA will evaluate firms’ procedures to review registered persons’ written notifications of proposed outside business activities, their consideration of whether the proposed business might compromise responsibilities owed to firm clients and their ongoing supervision of associated persons’ approved private securities transactions for compensation.
- Social Media and Electronic Communications Retention and Supervision – FINRA will assess firms’ compliance with their obligations to capture and maintain all business-related communications, regardless of the devices or networks used, in order to review them for inappropriate business conduct.
FINRA’s focus on financial risks, drawing on its findings from assessments performed in recent years, will encompass three main areas:
- Liquidity Risk – FINRA will review firms’ funding and liquidity plans, assessing whether firms adequately evaluate their liquidity needs related to market-wide and idiosyncratic stresses, develop contingency plans so that they have sufficient liquidity to endure those stresses and conduct stress tests and other reviews to gauge the effectiveness of their contingency plans.
- Financial Risk Management – FINRA will review firms’ responses to stress scenarios that affect the firm’s market, credit and liquidity risks and will assess firms’ risk management practices in such areas as readiness, communication plans, risk metrics, triggers and contingencies.
- Credit Risk Policies, Procedures and Risk Limit Determinations – FINRA will assess firms’ written risk policies, procedures, risk limit setting processes and their establishment and monitoring with respect to the requirements of Rule 4210, which was amended in 2016 to establish margin requirements for covered agency transactions.
Another area of priority for FINRA this year will be operational risks, which can be divided into several categories:
- Cybersecurity – In what continues to be one of the most significant risks for firms, FINRA will assess programs to mitigate cybersecurity threats, monitor and protect data and, where appropriate, implement controls to manage vendor relationships and sensitive firm information to which vendors have access. Specific concerns for FINRA include deficient cybersecurity controls at branch and independent contractor branch offices, as well as failure to preserve certain records in non-rewritable, non-erasable (WORM) format.
- Supervisory Controls Testing – FINRA considers regular testing of firms’ internal supervisory controls as critical to identifying and mitigating gaps that can lead to systemic control breakdowns, including record-retention omissions, inaccurate data reporting and failures to deliver requisite disclosures or other documents to clients.
- Customer Protection/Segregation of Client Assets – FINRA will evaluate whether firms have implemented adequate controls and supervision to protect customer assets, such as whether firms include customer securities positions and money balances on multiple platforms in the reserve formula and in control calculations. FINRA will also be looking for documentation demonstrating that securities are held free of liens and encumbrances, especially for alternative investment products in customer retirement accounts. And FINRA will be reviewing the mechanisms used by firms to identify, approve or disapprove transactions that are conducted primarily to reduce the reserve or segregation requirements under the financial responsibility rules.
- Regulation SHO – Close Out and Easy to Borrow – FINRA will focus on the locate process to ensure firms have reasonable grounds to believe securities are available for borrowing prior to accepting a short sale. FINRA will also assess firms’ preparation and use of the easy-to-borrow list and advises firms to monitor their close-out processes in compliance with Rule 204 of Regulation SHO.
- Anti-Money Laundering and Suspicious Activity Monitoring – FINRA will focus on shortcomings in AML programs, including gaps in firms’ automated trading and money movement surveillance systems, poorly set parameters that do not capture problematic behavior and weaknesses in systems monitoring foreign money transactions. A firm’s general trading surveillance must include alerts tailored to the firm’s AML red flags.
- Municipal Adviser Registration – When applicable, FINRA will assess whether firms are registering correctly with both the SEC and Municipal Securities Rulemaking Board (MSRB) and that they are properly updating their registration information as it changes.
A final area of focus for FINRA, market integrity, comprises the following specific issues:
- Manipulation – Detecting and deterring manipulation remains a critical priority for FINRA, and it will continue to enhance its surveillance program and provide firms with tools to do the same. These enhancements include:
- Amended Order Audit Trail System (OATS) rules to require alternative trading systems (ATSs) to submit broader order book activity to OATS.
- Monitoring of whether market participants are trading in a potentially manipulative manner.
- Expanded surveillance for cross-product manipulation of trading in ETPs and related securities and for improper trading strategies directed at ETPs.
- The introduction of Cross Market Equity Supervision Report Cards for layering and spoofing activity as a compliance tool that will complement firms’ supervisory systems and procedures to detect and deter manipulative conduct.
- Best Execution – FINRA advises firms to remember their best execution obligations when they receive, handle, route or execute customer orders in equities, options and fixed income securities and to consider how the automation of markets and advances in trading technology and communications affect their order-handling decisions.
- Audit Trail Reporting Early Remediation Initiative and Expansion – FINRA expects firms to use its alerts regarding potential equity audit trail issues and to address systems issues promptly, potentially avoiding formal investigations.
Other market integrity areas of focus include:
- the continuation of the Tick Size Pilot,
- compliance with the Market Access Rule and review of associated market access controls,
- reviewing ATS disclosures to customers and a pilot trading examination program to explore targeted examinations of smaller firms with low trading volume and
- enhancement of FINRA’s fixed income securities surveillance program to detect manipulation-based patterns, such as wash sales and interpositioning.
In 2017, the common thread running through FINRA’s priorities is a focus on “blocking and tackling” issues of compliance, supervision and risk management. In particular, newly featured topics such as “High-Risk and Recidivist Brokers,” “Excessive and Short-term Trading of Long-term Products” and “Social Media and Electronic Communications Retention and Supervision” merit review and attention. FINRA will continue to provide additional guidance throughout the year on these and other topics, and we can expect the release of several new compliance tools and resources, including the publication of a summary report outlining key examination findings and the introduction of a “compliance calendar” and a “directory of compliance service providers.” Firms should monitor FINRA’s website (www.finra.org), conferences, Regulatory Notices, alerts and Weekly Update emails for timely information and guidance.