FINRA publishes 2020 risk monitoring and examination priorities

Blue lights

Financial Services Alert

By:

On January 9, on the heels of the SEC’s January 7 publication of the Office of Compliance and Inspections (OCIE) 2020 Examination Priorities (see our recent client alert), the Financial Industry Regulatory Authority (FINRA) released its 2020 Risk Monitoring and Examination Priorities Letter (the Priorities Letter), describing the areas on which FINRA intends to focus its risk monitoring, surveillance and examination programs in 2020. The Priorities Letter introduces significant new areas of emphasis for the coming year and summarizes other still-relevant areas discussed in previous letters. While in past years the SEC and FINRA have sometimes emphasized different areas, in 2020 there is a substantial degree of overlap between the two lists.

In his cover letter to the Priorities Letter, FINRA President and CEO Robert Cook noted that in 2020 FINRA integrated three examination programs into a single framework to better direct and align its resources to the risk profiles and business models of FINRA’s member firms. He explained that firms have been grouped into one of five business models – Retail, Capital Markets, Carrying and Clearing, Trading and Execution, and Diversified – with several sub-groups to better organize coverage of firms with similar activities. Moreover, FINRA will assign each firm a senior leader who will act as a single point of accountability with ultimate responsibility for ongoing risk monitoring, risk assessment, planning and scoping of examinations, which will be tailored to the risks of the particular firm's activities.

President Cook noted FINRA’s annual Report on FINRA Examination Findings and Observations (the Report), issued on October 16, 2019, which set forth a number of noteworthy examination findings, provided suggestions for control improvements by broker-dealers, and described effective compliance and supervisory practices that FINRA observed when performing examinations. Areas of focus in the Report included:

 

  • deficient supervision and written supervisory procedures
  • inadequate suitability procedures including inadequate supervision of recommendations, changes to customer account information and trading activity
  • weaknesses in digital communications compliance, including use of prohibited text, messaging, social media and other applications for business-related communications, and a lack of processes to identify and respond to red flags indicating such use
  • inadequate anti-money laundering (AML) procedures, including overreliance on clearing firms for monitoring and suspicious activity reporting
  • deficient business continuity plans
  • improper markup and markdown practices with respect to fixed income securities
  • insufficient best execution procedures
  • insufficient controls and procedures for direct market access arrangements governed by SEC Rule 15c3-5
  • weaknesses in short sale compliance, with respect to order marking, locate procedures, and closing-out fails to deliver

Each of these focus areas is included in the Priorities Letter.

SALES PRACTICE AND SUPERVISION

FINRA will be looking at broker-dealers’ sales practice obligations include those relating to complex products, variable annuities, private placements, fixed income mark-up/mark-down disclosures. FINRA will also review activities of registered representatives acting in positions of trust or authority and activities relating to senior investors. In addition, FINRA will review the following areas:

Regulation Best Interest (Reg. BI) and Form CRS. On June 5, 2019, the Securities and Exchange Commission (SEC) adopted Reg. BI, which establishes a “best interest” standard of conduct for broker-dealers and associated persons when they make a recommendation to a retail customer of a securities transaction or investment strategy involving securities, including recommendations of types of accounts.1 The SEC also adopted rules and forms that require broker-dealers to provide a relationship summary (Form CRS) to retail investors. The compliance date is June 30 of this year.

In the first part of 2020, FINRA will review firms’ preparedness for Reg. BI to develop an understanding of implementation challenges that firms are facing.  After the compliance date, FINRA will examine for compliance with Reg. BI and Form CRS requirements, coordinating with the SEC to ensure consistency in Reg. BI/Form CRS exams.  In performing these exams, FINRA will review:

  • Procedures to assess recommendations under a best interest standard, and related training
  • Whether a best interest standard is applied to account type recommendations
  • For firms providing account monitoring, whether the best interest standard is applied to both explicit and implicit hold recommendations
  • Whether the elements of care, skill and costs are considered when making recommendations to retail customers
  • Whether the firm and its associated persons consider reasonably available alternatives when making recommendations
  • Protections against excessive trading, whether or not the firm controls the account
  • Whether there are policies and procedures to provide required disclosures
  • Whether there are appropriate conflict of interest policies and procedures
  • Whether there are adequate Form CRS policies and procedures

Communications with the public. FINRA will assess compliance with its communications with the public rules and related supervisory and recordkeeping requirements generally. FINRA will also pay special attention to:

  • Private placement retail communications. FINRA will review approval and distribution procedures and supervision relating to private placement securities, whether distributed online or through traditional channels, including whether the firm omits material information necessary to make the communications fair and not misleading; whether it balances promotional content with key risks specific to the issuer; whether communications contain false, misleading or promissory statements or claims; whether forecasts of issuer metrics are reasonable and accompanied by clear explanations; and whether communications contain prohibited predictions or projections of investment performance.
  • Communications via digital channels. When reviewing the use and supervision of digital communication channels such as texting, messaging, social media and/or collaboration applications, FINRA will consider whether there are processes to determine whether they should be captured, included in supervisory reviews, and stored in accordance with books and records requirements; whether the firm periodically tests systems to ensure communications are captured for review and retention; and whether supervisors know the “red flags” they should consider (e.g., customer complaints and use of unapproved email addresses) and follow up on such red flags.

Cash management and bank sweep programs. FINRA will evaluate compliance with applicable rules, considering whether the firm clearly communicates the nature of the sweep arrangement, the terms and alternatives; whether the firm has implied that a brokerage account is similar to or the same as a bank checking or savings account, or that brokerage accounts are insured by the FDIC; whether customer statements clearly disclose that sweep program deposits are obligations of the bank and not cash balances held by the broker-dealer; whether the firm has a documented process to perform reconciliations of customer balances held at the bank; and whether the firm includes in such programs customer balances not yet swept into the bank as customer credits in its reserve formula computation under SEC Rule 15c3-3. FINRA will also look at whether the firm has misrepresented or omitted material information concerning the amount of FDIC insurance coverage for deposits, the nature and structure of the accounts, the amount of time it may take for customer funds to reach bank accounts, and the risks of participating in such programs. FINRA will also review whether firms have filed a Rule 1017 continuing membership application when these programs result in a material change in business operations.

Sales of initial public offering (IPO) shares. FINRA is focused on compliance with FINRA Rules 5130 (Restrictions on the Purchase and Sale of Initial Equity Public Offerings) and 5131 (New Issue Allocations and Distributions). For IPO practices, FINRA will look at whether the firm has procedures to detect and address flipping; whether the firm, when acting as book-running lead manager, provides aggregate retail demand reports to issuer pricing committees and the firm’s method for calculating aggregate demand; how the firm develops and implements allocation methodologies; controls for preventing allocations to Rule 5130/5131 “restricted persons”; controls to detect and address potential “spinning”; and procedures for obtaining, recording and verifying customer information for individuals receiving IPO allocations.

Trading authorization. FINRA will assess whether firms have reasonably designed supervisory systems relating to trading authorizations, discretionary accounts and key transaction descriptors such as solicitation indicators. FINRA will determine whether they are reasonably designed to detect and address the exercise of discretion without written client authorization; how the firm surveils for red flags of unauthorized use of discretion; whether supervisors know the red flags that may indicate discretion is being exercised without written authorization and follow-up procedures when it is detected; and how the firm identifies trades marked “unsolicited” when they are actually solicited.

MARKET INTEGRITY

FINRA will review for compliance with obligations relating to market manipulation, fixed income securities transaction reporting, short sales and short tenders.  FINRA will also continue to work with firms as they prepare for reporting pursuant to the Consolidated Audit Trail (CAT) requirements that take effect in April 2020, and look to see that firms are devoting appropriate resources to ensure accuracy in Order Audit Trail System (OATS) reporting. In addition, FINRA exams will focus on:

Direct market access controls. FINRA will assess compliance with the SEC’s Market Access Rule (Rule 15c3-5) and associated risks. FINRA will consider how firms manage and deploy technology changes for market access systems, and the controls used to monitor and respond to aberrant behavior by trading algorithms and market-wide events; procedures for making adjustments to credit limit thresholds for institutional customers; whether firms that use third-party vendor tools to comply with Market Access Rule obligations review whether the vendor can meet the rule’s requirements; and how the firm maintains direct and exclusive control of applicable thresholds.

Best execution. FINRA will look for reasonable diligence to determine that customer order flow is directed to the best market pursuant to Rule 5310.  FINRA will focus on:

  • Routing decisions. FINRA will look for potential conflicts of interest in order routing decisions, including the impact of zero-commission brokerage activity. FINRA also may review processes for handling customer orders, particularly in light of rebates and payments for order flow to the firm; how the firm incorporates enhanced order routing information in its best execution “regular and rigorous” reviews; whether zero-commission brokerage led to changes to the firm’s routing practices, execution quality, and/or regular and rigorous review policies; and, where relevant, zero-commission disclosures and advertisements.
  • Odd lots. FINRA has observed a significant increase in odd-lot activity and will therefore focus on firms’ odd-lot trading procedures.
  • Treasury securities. FINRA will assess the reasonableness of firms’ policies and procedures for best execution and fair pricing for US Treasury securities, in particular whether firms consider differences in these securities’ characteristics and liquidity.
  • Options. As a result of complaints received from customers, FINRA will expand its best execution surveillance for options orders.
  • Other areas of review
  • Whether firms engaged in fixed income and options trading have targeted controls for best execution obligations for such products
  • Whether a firm satisfies its best execution obligations with respect to extended trading hours
  • Whether a firm considers the risk of information leakage when assessing the execution quality of orders routed to a particular venue.

Disclosure of order routing information. Amended Rule 606 of SEC Regulation NMS bolsters the requirements for broker-dealers to publish reports on routing of held orders in NMS stocks and listed options. FINRA may consider whether the firm satisfies Rule 606’s requirements for reports; its policies and procedures to address the accuracy and timeliness of published reports; whether the firm has considered whether it should assess and analyze its use of third-party order routing and execution services; and whether the firm has considered how it will obtain necessary data from downstream venues to prepare reports.

Vendor display rule. FINRA will evaluate the adequacy of controls and supervisory systems for providing customers with the current consolidated NBBO, as required by the Rule 603 of Regulation NMS, including whether SIP or vendor information complies with all Rule 603 requirements.

FINANCIAL MANAGEMENT

In addition to continuing its evaluation of firms’ Customer Protection Rule and Net Capital Rule compliance programs, and firms’ financial risk management programs, FINRA will review the following areas:

Digital assets. FINRA has received an increasing number of New Member Applications and Continuing Member Applications (CMAs) from firms seeking to engage in digital asset-related activities, including private offerings of digital asset securities, secondary trading platforms, trades of products such as private funds investing in cryptocurrencies, and clearance and settlement of transactions related to digital assets (with or without custody).  FINRA will continue to work with the SEC to understand such business plans and determine how the securities laws apply, and when reviewing firm’s digital asset activities, will consider:

  • Whether a firm considering engaging in digital asset activities has filed a CMA
  • Whether a firm provides fair and balanced presentations in marketing materials and retail communications, including risks of digital asset investments, and doesn’t misrepresent the extent to which digital assets are regulated by FINRA or covered by the federal securities laws
  • Whether communications misleadingly imply that digital asset services offered through an affiliate are offered through and under the auspices of a broker-dealer
  • Whether firms have controls and procedures to support digital asset transactions.

Liquidity management. FINRA will review liquidity management practices, a critical control function, focusing on areas addressed in its guidance on liquidity risk management practices and those that could create challenges for clearing and carrying firms’ contingency funding plans. When reviewing liquidity management practices, FINRA may consider whether they include steps to address specific stress conditions and identify staff responsible for addressing them; whether there are processes for accessing liquidity during stress events and determining how such funding would be used; whether contingency funding plans consider the quality of collateral, term mismatches and potential counterparty losses of financing desks; and operational risk management issues for firms that are also Fixed Income Clearing Corporation members.

Contractual commitments from underwriting activities. FINRA will review firms’ compliance with their net capital obligations when they engage in underwriting activities, including whether the firm understands the nature of particular underwritings and maintains a list of deals in which it is involved; maintains evidence of appropriate contractual commitment charges; assesses moment-to-moment and open contractual commitment capital charges when it engages in underwritings; how its regulatory reporting function tracks appropriate net capital treatment of the underwritings in which it is involved; and how the firm documents compliance with these requirements.

LIBOR transition. Outside of the examination program, FINRA will engage with firms to understand how the industry is preparing for the end of LIBOR as a benchmark at the end of 2021, focusing on firms’ exposure to LIBOR-linked financial products; steps they are taking to plan for transition to alternative rates; and the impact on customers.

FIRM OPERATIONS

FINRA will assess firms’ supervisory controls relating to customer confirmations and firms’ compliance with FINRA AML requirements.  FINRA will also look at the following new areas of focus:

Cybersecurity. FINRA will assess whether policies and procedures are reasonably designed to protect customer records and information consistent with Rule 30 of SEC Regulation S-P and whether controls are appropriate to businesses and operations.

Technology governance. Reliance on technology exposes firms to distinct compliance and other risks.  Problems in firms’ change-management and problem-management practices can expose them to operational failures that can compromise their ability to comply with a number of rules and regulations.  When reviewing technology governance programs, FINRA will consider, among other things, whether there have been material changes in the firm’s business and any modifications that have been made to its Business Continuity Plan (BCP); how the firm maintains customer access to funds and securities during a BCP event and manages back-office operations to prevent delays or inaccuracies relating to settlement, reconciliation and reporting requirements; controls to mitigate system capacity, performance and integrity issues that may undermine the firm’s ability to conduct business, monitor risk or report key information; how the firm documents system change requests and approvals; the testing a firm performs prior to putting system changes into production; and the firm’s procedures for tracking and remediating information technology problems.

IN SUM

In sum, the Priorities Letter, like the SEC Office of Compliance and Inspections 2020 Examination Priorities, focuses on the risks, issues, and policy matters FINRA identified in its examination program and in regulating the markets generally, as well as from tips, complaints, and referrals, and coordination with other regulators. And, as with the SEC Examination Priorities, the Priorities Letter is not exhaustive: other areas may be looked at as well during exams. FINRA concludes the Priorities Letter by welcoming comments regarding its priorities and suggestions on how they can be improved.

If you have any questions regarding Priorities Letter, need assistance in preparing for a regulatory exam, or would like to discuss your firm's compliance and supervisory policies and procedures, please contact one of the authors.


[1] See our client alert.