Bates Research | 02-11-21
How Will FINRA’s New Report on Examination and Priorities Impact Your Firm in 2021?
In a new publication combining its annual report on observations and exam findings with its report on risk monitoring and program priorities, FINRA is offering a “single authoritative source” for members to turn to for the purposes of adapting their compliance programs and preparing for “emerging issues for the coming year.”
In the new comprehensive 2021 Report on FINRA’s Examination and Risk Monitoring Program, FINRA identifies eighteen regulatory areas for member consideration that cover the gamut of compliance obligations. For each area, FINRA highlights the applicable rule, provides a summary of recent exam findings and key compliance practices, and shares additional resources. The regulatory areas are organized under four categories: firm operations, communications and sales, market integrity and financial management. The report did not cover how firms transitioned and supervised their operations during the pandemic, a subject covered under a FINRA Special Alert from May 2020. (A separate report is forthcoming.)
Headlining the new report is a set of priorities that have been the subject of considerable review and change over the past year. In this article we take a look at the highlights from the report and provide our updated annual Bates chart (below) which keeps track of FINRA’s articulated priorities from year-to-year.
Top FINRA Exam Priorities for 2021
See highlights of FINRA’s continuing and emerging concerns on our 2021 FINRA chart below, which keeps track of articulated priorities from year to year.
© 2021, Bates Group LLC
Source: 2021 Report on FINRA’s Examination and Risk Monitoring Program (Compiled by Alex Russell, Managing Director, White Collar, Regulatory and Internal Investigations)
Reg BI Still a Top Concern in 2021
In its 2021 report, FINRA selected those priorities “that impact compliance programs across a large population of member firms.” These include Regulation Best Interest (“Reg BI”), cybersecurity, Anti-Money Laundering (“AML”) and communications with the public.
Reg BI continues to top the priorities list. Consistent with numerous efforts to embed the new regulation within the compliance culture of its member firms, FINRA emphasized that going forward, it intends to “expand the scope of our Reg BI and Form CRS reviews and testing to effect a more comprehensive review of firm processes, practices and conduct.” The expanded scope is evident in numerous “related considerations” questions cited in the report. The SRO further cautions that it will take enforcement action when it observes conduct that (i) may cause customer harm, (ii) would have violated suitability standards or (iii) disregards the new requirements.
Cybersecurity, particularly as it relates to the protection of customer records and information, remains a high priority. FINRA reminded members that a cybersecurity program must address new and existing risk of cyber-enabled fraud and crime. Recent observations included data breaches, systemwide outages, email takeovers, wire fraud, imposter websites and ransomware. FINRA intends to review cybersecurity programs to ensure they are reasonably designed and tailored to the firm’s risk profile, business model and scale of operations and for compliance with business continuity plan requirements.
Anti-Money Laundering remains a top priority (though it was not included in the Report’s selected listing.) The report covers FINRA rules that require members to develop and implement a program reasonably designed to comply with the requirements of the Bank Secrecy Act (“BSA”) and FinCEN’s Customer Due Diligence rule. The report identified numerous deficiencies of firm AML policy and procedure found during examinations, including inadequate AML transaction monitoring, failures in suspicious activity reporting, insufficient testing, inadequate frameworks for cash management, gaps in data included in monitoring, and concerns about high-risk trading by foreign accounts. Given the significant changes to the BSA enacted into law in December 2020, one can expect significant updates to FINRA’s guidance for member firms.
Communications with the public is an area which appears to have taken on a higher priority. FINRA rules on communications are broad, covering correspondence, retail communications and institutional communications. The rules set “principles-based content standards” that apply to new technologies and practices. FINRA intends to review firm communications as to new and complex products, supervision, recordkeeping, and the use of new marketing technologies (like app-based platforms), as well as firm-disseminated information directed at senior or vulnerable investors. FINRA also notes several areas within the category for additional consideration, including firm policy and procedure around digital communications channels, digital asset communications and communications around cash management accounts.
Additional Highlighted Priorities
FINRA also highlighted several long-standing priorities, reminding firms that it will continue to review compliance with the rules on, for example, variable annuities, best execution and Consolidated Audit Trail requirements.
With respect to variable annuities, FINRA stated that it will evaluate member responsibilities to exchanges under FINRA rules and under Reg BI. FINRA noted that it is particularly concerned with the consequences of insurers’ actions concerning these financial products, including the termination of service agreements, trail commissions and potential buyout offers to variable annuity customers.
As to best execution, FINRA advised that it continues to review for “potential conflicts of interest in order-routing decisions, appropriate policies and procedures for different order and security types, and the sufficiency of member firms’ reviews of execution quality,” while being particularly concerned with “zero commission trading”—a subject highlighted in a separate examination letter in February 2020. FINRA advised firms to use exception and surveillance reports, to conduct reviews of order routing and other processes on a more frequent basis, and to continually update written supervisory procedures to address market changes.
FINRA also reminded firms of their supervisory responsibilities and the steps they should be considering when developing and implementing compliance programs under the consolidated audit trail compliance rule (“CAT”). How vigorous the enforcement will be on CAT compliance is still an open question given this early stage.
Not Separated: Supervision, Seniors
Finally, FINRA acknowledged that it does not address supervisory deficiencies or practices as a separate supervision topic, but rather incorporates them as part of the 18 designated subject matter areas. Similarly, it noted that protecting seniors or vulnerable investors is not separated out, but is incorporated into communications, product recommendation or sales practice conduct by subject matter.
In an Appendix, FINRA reaffirmed how it expects members to use the information contained in the report and similar documents. FINRA encourages firms to undertake a comprehensive review of the findings, observations and recommendations, and to identify those areas that are applicable to their businesses. It expects that firms incorporate the highlighted topics in their overall risk assessments and compliance program review. FINRA recommends firms undertake a gap analysis “to evaluate how their compliance programs and written supervisory procedures address the questions” raised in the report to help avoid a similar finding against the firm in the future.
Based on these measures, FINRA recommends the creation of project teams and workstreams to act on the findings, ensure that compliance groups are appropriately informed, ensure that business leadership are appropriately engaged, and prepare staff guidance and training.
These are serious expectations, and firms are well advised to follow through.