Bates Research | 10-31-19
FINRA Issues 2019 Report On Exam Findings
FINRA issued its annual Report on Examination Findings and Observations on October 16th. Like last year’s Report, the 2019 version highlights selected firm compliance violations and provides “observations” on how firms can improve their programs and address “perceived weaknesses that elevate risk.”
The report is divided into four general categories of regulatory oversight: (i) supervision and sales practices, (ii) firm operations, (iii) market integrity, and (iv) financial management. Within each category, FINRA selected key areas of concern that have been the subject of significant regulatory activity over the past year—primarily, rule changes and enforcement. This year, the FINRA report leads with supervision, pre-Regulation BI suitability, anti-money laundering and cybersecurity. By prioritizing these high-profile subjects in this way, the Report puts firms on notice regarding the types of enforcement actions regulators might bring going forward. Here, we take a closer look at these priorities and note additional compliance concerns raised in the Report.
Supervision, Sales Practices and Firm Operations
The new examinations report emphasizes adequate supervision across all categories, underscoring many of the newly adopted and amended rules. FINRA warned that firms are expected to evaluate which new and amended laws and regulations apply to their business, and that firms should put in place adequate supervisory procedures and training programs to comply with these expectations.
Specifically, FINRA cited a host of failures to update processes and written supervisory procedures related to, for example, new fixed income mark-up disclosure requirements, new trusted contact person information requirements, new requirements on temporary holds and record retention requirements (related to the financial exploitation of specified adults) and new anti-money laundering program requirements (including FinCen’s Customer Due Diligence rule obligations).
In addition, FINRA found supervision failures related to branch activities. These failings include inadequate understanding of products and services offered through these branches, failures to conduct adequate branch inspections and failures to take corrective action.
Other supervisory failures noted in the Report include inadequate recordkeeping and reporting, as well as failures to establish and maintain processes to detect or prevent the falsification of documents. FINRA also found supervisory failures on restricted trading of insider accounts, margin accounts and options accounts.
The Report highlights a perennial area of focus, suitability. This year, however, FINRA emphasized that its review of suitability failures concerned pre-Regulation Best Interest standards and did not address issues raised by the new regulation.
The highlighted failures signal that FINRA will continue to examine the suitability of recommendations “in light of a customer’s individual financial situation and needs, investment experience, risk tolerance, time horizon, investment objectives, liquidity needs and other investment profile factors” as a high priority issue. The Report identifies specific supervisory failings. These include inadequate (i) processes necessary to identify patterns of unsuitable recommendations related to exchanges and their corresponding products, fees, costs and product values, (ii) supervisory systems that were not designed to detect red flags on unsuitable transactions, (iii) supervision over changes to customer account information and (iv) supervision of trading activity that raise suitability red flags.
FINRA also took action against registered representatives that recommended unsuitable complex options strategies to customers who did not have the sophistication to understand the options, and against brokers for failing to implement trade limits and other controls to identify and prevent trading in options that exceeded customer pre-approved investment levels.
FINRA focused on two areas of AML compliance concern. First, it identified deficiencies in systems and processes necessary for adequate AML transaction monitoring. FINRA found (i) failures to tailor such monitoring to address the firm’s particular business, (ii) failures to detect and report suspicious activity, and (iii) failures to detect red flags that might indicate an intent to manipulate stock prices or that may indicate a need to verify wire transfer instructions. Second, FINRA expressed concern for registered representatives’ overreliance on clearing firms to handle transaction monitoring and suspicious activity reporting.
CyberSecurity & Digital Communications
In the form of “observations,” FINRA notes how cybersecurity attacks are on the rise, both in terms of volume and sophistication. As a result, the self-regulatory agency wants firms to be vigilant and ensure the development and implementation of effective policies and procedures that address the protection of customer records and information. To this end, FINRA reminded firms to tailor their programs in the context of their business model and risk profile.
Specifically, FINRA advised firms to (i) develop, implement and maintain cybersecurity controls for branch offices in order to protect confidential data; (ii) document policies and procedures for vendors and third parties that provide services and handle sensitive client information; (iii) establish response plans for cybersecurity incidents; (iv) employ data protection encryption for all confidential information; (v) timely apply system security patches and establish appropriate data access controls (including two-factor authentication) to ensure protection of confidential information; (vi) ensure robust cybersecurity training; and (vii) implement change management procedures as necessary to protect sensitive information.
As to examination findings on digital communications, generally, FINRA urged firms to establish policies and processes to identify and respond to red flags when registered representatives were using prohibited channels (personal texting, social media or other sharing applications) in connections with firm business.
Other Examination Highlights
UTMA and UGMA Accounts: FINRA found that some firms did not have adequate supervisory systems in place to ensure that registered representatives knew key facts about their UTMA/UGMA Account customers, and did not have proper monitoring in place to effect timely transfers of responsibility for the account (such as on the date of majority). FINRA also criticized certain firms for allowing custodians to “withdraw, journal and transfer money from UTMA/UGMA accounts months, or even years, after the beneficiaries reached the age of majority.”
Business Continuity Planning: FINRA found that firms had not adequately prepared or maintained required business continuity plans. FINRA found deficiencies in identifying key “mission-critical” systems, such as for order management of trading desks, or vendor systems that processed and managed financing transactions, such as securities lending and repurchase agreements. FINRA also found business continuity plans that (i) contained outdated emergency contact information and principal registrations, (ii) failed to update operational changes, and (iii) failed to ensure sufficient capacity to handle higher levels of activity in the event of a business disruption.
Fixed Income Mark-up Disclosure: FINRA reaffirmed concerns raised in the 2018 Report regarding new rules associated with providing transaction-related pricing information to retail customers for certain trades in corporate, agency and municipal debt securities. This year, FINRA found disclosure inaccuracies (including mislabeling) of registered representative’s sales credits and concessions, and warned against “mischaracterizations” of certain charges which should be reflected as firm compensation. Other deficiencies were found in the miscalculation of “prevailing market price” determinations and inaccurate reporting of execution times.
Best Execution: FINRA identified issues with the quality of firms’ required execution reviews of customer orders. FINRA reminded firms that such reviews must be performed, at a minimum, on a quarterly basis and on a security-by-security, type-of-order basis. FINRA examinations also uncovered conflicts of interest and related disclosures deficiencies.
FINRA intends for the 2019 Report to be reviewed carefully. While the Report is not intended to be comprehensive, firms would be remiss if they do not consider their own programs and practices in light of the identified compliance failings and concerns. Bates will continue to track regulatory developments and enforcement actions to help you stay ahead of the curve.
For additional information and assistance, please follow the links below to Bates Group's practice pages: