FINRA has made its annual exam priorities available in advance of its 2022 examinations. Many of the items at the top of their priority list focus on ensuring safety and security for clients and their funds – whether through transparent communications, cybersecurity enforcement, or appropriate training for team members.
We’ve put together a summary of the areas where FINRA is planning to focus, along with some guidance on how to ensure you’re well-prepared for each facet of your examination.
Cybersecurity and Technology Governance
Over the past year, FINRA noticed an increase in the number and sophistication of these types of threats and issued several alerts warning firms about a series of phishing emails appearing to come from FINRA.
How to Prepare:
To mitigate cyber-related risks, firms are expected to have a process for continuously assessing cybersecurity and technology risks. In addition, firms are required to include comprehensive cybersecurity and phishing-specific courses as part of their annual training programs.
Outside Business Activities and Private Securities Transactions
FINRA remains focused on Outside Business Activities (OBAs) and Private Securities Transactions (PSTs) disclosure obligations. Many of the exam findings from the past year show that registered reps are continuing to fall short of their obligations when it comes to notifying their firms, in writing, of their OBA and PST activities. Findings also show that many firms have inadequate controls in place to confirm adherence to limitations placed on OBAs or PSTs.
How to Prepare:
Ensure your staff has received the proper training, is completing appropriate notifications, and creating the necessary audit trail for their communications.
Reg BI and Form CRS
FINRA noted that several firms were coming up short on their Reg BI and Form CRS obligations. Some of the most notable findings include insufficient WSPs regarding Reg BI and Form CRS, inadequate staff training, failure to comply with the Care Obligation and the Conflict of Interest Obligation, improper use of the terms “advisor” or “adviser,” insufficient Reg BI disclosures, and much more.
How to Prepare:
Ensure training is up to date. Manage all content reviews through a single compliance review tool/process to ensure you’re capturing and flagging improper terminology during the review process. Meet communication deadlines and document your procedures in your written supervisory manual.
Communications with the Public
FINRA rules require that firms’ communications with the public are fair, balanced, and not misleading. FINRA highlighted the importance of these rules in the context of digital asset communications, mobile apps, and municipal securities communications. In past examinations, FINRA found, among other things, that many firms included false, misleading, and inaccurate information in mobile apps. They also had deficient communications for promoting digital assets, had misrepresentations in cash management account communications, and had insufficient supervision and recordkeeping of digital communications.
How to Prepare:
Your best preparation should have been completed long before the exam was on the books. If you’re concerned about the consistency of your communications, put adequate support and advertising review technology in place and build processes that lessen the possibility of inaccurate or inappropriate communications slipping through the cracks.
Books and Records
Firms are required to “create and preserve, in an easily accessible place, originals of all communications received and sent relating to its ’business as such.’” Moving forward, the regulator will continue to look at the third-party vendors firms use to store their required records and will assess each firm’s policies and procedures regarding their books and records.
How to Prepare:
Regulators have made it clear that using technology for compliance is important. It’s not a nice-to-have anymore; it’s an expectation. When choosing your regtech vendor, thoroughly question them about their compliance with books and records requirements and get a clear understanding of the safeguards they put in place to protect your firm’s information.
Trusted Contact Persons
FINRA Rule 4512(a)(1)(F) (Customer Account Information) requires firms to make a reasonable effort to obtain the name and contact information of a trusted contact person (TCP) age 18 or older. This rule also describes the circumstances in which firms and their associated persons are authorized to contact the TCP and disclose information about the customer account.
FINRA will continue to focus on member firms’ written AML programs which should be reasonably designed to comply with the requirements of the Bank Secrecy Act (BSA) and its implementing regulations. During examinations, member firms are expected to show that they have established and implemented policies, procedures, and internal controls that can be reasonably expected to detect and cause the reporting of suspicious activity; provide for an independent test of the AML program each calendar year; and provide ongoing training for appropriate personnel.
How to Prepare:
Audit your training program to ensure you have provided your team members with the appropriate resources to play their role in protecting your clients. Review your written supervisory manual to ensure you’ve documented your firm’s procedures and made any relevant updates.
FINRA Rule 5310 (Best Execution and Interpositioning) requires that in any transaction for or with a customer or a customer of another broker-dealer, a member firm and persons associated with a member firm shall use reasonable diligence to ascertain the best market for the subject security and buy or sell in such market so that the resultant price to the customer is as favorable as possible under prevailing market conditions.
How to Prepare:
A firm may choose not to conduct an order-by-order review (to the extent consistent with Rule 5310 and associated guidance. However, it must have procedures in place (and documented) to confirm it periodically conducts “regular and rigorous” reviews of the execution quality of its customers’ orders.
As firms anticipate their annual meetings with FINRA examiners, this priority list provides a good road map for preparation and ensuring their compliance programs adequately address the regulator’s top priorities. If you need support to prepare for your examination through training or a review of your compliance manual, or if you need technology tools to ensure you’re prepared for the year to come, reach out to us. Red Oak’s advertising compliance software, registration management tool, and compliance consultants can better prepare you and your firm for your next visit from examiners.
We’ve also created a comparison chart that shows how FINRA’s exam priorities have been trending over the past several years.
|FINRA Exam Priority||2020||2021||2022|
|Alternative Trading System Surveillance||X||X|
|Books and Records||X||X|
|Business Continuity Planning||X|
|Consolidated Audit Trail (CAT)||X||X|
|Cash Management and/or Bank Sweep Programs||X|
|Contractual Commitment Arising from Underwriting Activities||X|
|Communications with the Public||X||X|
|Credit Risk Policies, Procedures, and Risk Limit Determinations||X|
|Culture, Conflicts of Interest and Ethics||X||X|
|Customer Protection/Segregation of Client Assets||X||X||X|
|Data Quality and Governance||X|
|Disclosure of Order Routing Information||X|
|Excessive and Short-term Trading of Long-Term Products||X|
|Exchange-Traded Funds (ETFs)||X|
|Financial Risk Management||X||X|
|Fixed Income Mark-Up Disclosure||X||X|
|Fixed Income Prime Brokerage||X|
|Initial Coin Offerings and Cryptocurrencies||X|
|Large Trader Reporting||X|
|London Interbank Offered Rate (LIBOR) Transition||X|
|Market Access Rule||X||X||X|
|Online Distributions Platforms||X|
|Outside Business Activities/Private Securities Transactions||X||X||X|
|Product Suitability and Concentration||X|
|Regulatory Events Reporting||X|
|Regulation Best Interest (Reg BI) and Form CRS||X||X|
|Sales of Initial Public Offerings (IPOs) Shares||X|
|Sales Practice Risks||X|
|Social Media and Electronic Communications Retention/Supervision||X|
|Vendor Display Rule||X|
About Red Oak Compliance Solutions
Red Oak Compliance Solutions is the global advertising review software of choice in the financial services industry. It is a comprehensive suite of SEC 17A-4 compliant features that are 100% books and records compliant and provides clients with 35% faster approvals and 70% fewer touches or better. We also offer Smart Review(SM), which solves for the storage and maintenance of disclosures, helping firms reduce risk, decrease review times, and increase the speed of distribution of marketing materials. Smart Registration(SM) automates the licensing and registration management process to help reduce regulatory risk and time spent on manual processes. Overall, Red Oak allows firms to minimize risk, reduce costs, and increase compliance review process effectiveness and efficiencies.