FINRA recently released the 2021 Report on FINRA’s Examination and Risk Monitoring Program.
This report combines some of the information firms are accustomed to seeing from their regulator – the Report on Examination Findings and Observations and the Risk Monitoring and Examination Program Priorities Letter.
What Was the Purpose of this FINRA Report?
The regulator’s goal is to provide an annual update on core compliance responsibilities and share resources and noteworthy findings.
The report brings together some of the top findings during last year’s examinations and the areas where the regulator intends to focus during the coming year’s examinations.
Combining the two reports may make it easier for firms to understand the common challenges facing them and proactively prepare and guard against issues that are regularly occurring in the industry.
What Key Topics Did the Report Address?
The report covered a range of issues, findings, and best practices in the areas of firm operations, communication and sales, market integrity, and financial management. It also highlighted emerging risks related to some categories (emphasizing the risks associated with cybersecurity).
Books and records compliance was specifically cited as a concern in the firm operations section of the report. Books and records requires firms to “create and preserve, in an easily accessible place, originals of all communications received and sent relating to its ‘business as such.”
One of the top exam findings in this area: some firms are not completing appropriate due diligence to ensure their regtech vendors are actually in full books and records compliance. FINRA encourages firms to complete thorough due diligence, testing, and verification to ensure the compliance technology vendors they select are actually in compliance with the necessary regulations.
Cybersecurity was highlighted as an emerging risk to firms, based on the rapid increase in tech-related incidences (system outages, imposter websites, ransomware, and more). Other areas covered by the firm operations section include:
- Technology governance
- Anti-money laundering
- Outside business activities and private securities transactions
- Regulatory events reporting
- Fixed income mark-up disclosure
Communication and Sales
Reg BI continues to be an area of focus for examiners. They want to see a system in place to ensure Reg BI and Form CRS guidelines are being followed.
The reviews this year are likely to be more intensive than those conducted the previous year. They will evaluate firms’ processes, practices, and conduct related to providing service and disclosures that meet the regulatory requirements for customer/client best interests.
FINRA also included a link to content focusing on reg bi best practices and compliance protocols.
Firms are also encouraged to create more comprehensive processes for digital communication management. This should include:
- Monitoring of digital channels, tools, and features
- Clearly defining appropriate and non-permissible digital communications
- Creating specific training processes and review procedures for each platform
- Defining appropriate disciplinary actions for registered representatives who do not comply with your set guidelines
One common finding was a deficiency in supervision and recordkeeping for digital communication. In a fast-paced world, printing and filing physical copies of interactions isn’t good enough. Firms need digital compliance support to ensure they’re properly tracking content and interactions and creating a necessary audit/document trail.
In the market integrity section, FINRA focused on, among other things, the need to comply with Exchange Act Rule 613 and the CAT NMS Plan FINRA Rule 6800 Series (Consolidated Audit Trail Compliance Rule).
These rules are a reminder to be punctilious regarding the timeliness, accuracy, and completeness of audit trail data, in addition to ensuring adherence to compliance standards.
Again, these guidelines are difficult, if not impossible, to meet without 100% books and records compliant technology in place. The level of detail required, the timestamps, the information required of the individual reporting – it’s far too much to handle manually, particularly at a time when people are working in disparate locations.
The top findings in this area related to ensuring adequate liquidity and adequate levels of capital reserves. Firms are expected to have contingency plans and conduct stress tests that appropriately reflect the firm’s business operations’ size and complexity.
Other areas for consideration include properly evaluating and measuring credit risk and having a clear understanding of exposure that could occur from affiliates.
How Should I Use This Report to Improve My Firm’s Compliance Competency?
Evaluate what each of the significant findings might mean to your firm. Is it an issue that has been recognized in your area or something that doesn’t relate to your business practices at all?
Once you find items that play a significant role in your standard business practices, FINRA highly encourages making proactive decisions to incorporate the proper steps or processes into your compliance and organizational efforts.
Don’t wait until you know the examiners are headed your way to start making changes. Start updating processes where needed, ensuring you have the right compliance technology in place, and ensuring you’ve done your best to keep your organization in line.
And take special note of the areas of emerging risk outlined in the document. These areas can give your compliance experts a starting point to research, determine changes that may be necessary for the coming years, and set the level of risk you’re comfortable with. When you’re able to dedicate yourself to looking forward, you can turn compliance into a truly strategic advantage for your firm.