Bates Research | 01-24-23

FINRA 2023 Exam and Risk Monitoring Report with Bates Chart and Summary – Prioritizing the Priorities

In its 2023 annual report on examinations and risk monitoring, FINRA provides its latest overview of firm compliance obligations. Divided into five discrete topical categories—financial crimes (a new breakout category this year), firm operations, communications and sales, market integrity, and financial management—FINRA’s priorities are further delineated into numerous subcategories. The Annual Report includes findings and observations from the recent oversight activities of FINRA’s Member Supervision, Market Regulation, and Enforcement programs, and:

Identifies the relevant rule(s);
Highlights key considerations for member firms’ compliance programs;[1]
Summarizes noteworthy findings or observations from recent oversight activities;
Outlines effective practices that FINRA observed through its oversight activities; and
Provides additional resources that may be helpful to member firms in reviewing their supervisory procedures and controls, and fulfilling their compliance obligations.

As always, FINRA encourages member firms to use the Annual Report (and its other published resources) to, among other things, (i) assess the applicability of the provided information to a firm’s business model; (ii) incorporate relevant topics into firm risk assessments; (iii) identify gaps in existing compliance programs; and (iv) improve training. The 24 substantive subcategories offer up important guidance. In this article, Bates summarizes FINRA’s 2023 Annual Report priorities. Our annual chart offers insight into how newly observed risks have added to and affected those priorities year over year.

The Annual Report identifies FINRA’s top examination priorities for member firms:

Adherence to their obligations pursuant to Regulation Best Interest and Form CRS[2]
Compliance with best execution obligations and disclosure regulations on order handling in certain stocks and listed options
Current regulatory obligations regarding complex products and options communications, and disclosure (including on crypto asset products) and supervisory controls related to the opening of options accounts;
Cybersecurity risk management (FINRA stated that it has specialized teams devoted to reviewing firm controls, conducting investigations of cyber-related fraud, and examining crypto-asset activity.) At the recent New York SIFMA C&L Society luncheon on the FINRA 2023 Priorities—featuring Robert Cook (President & CEO) and Greg Ruppert (EVP, Member Supervision)—it was relayed that firms should consider where they are using technology that it did not use before, including services offered via Application Programming Interface (APIs) and outside of the firm. Members should also review the Division of Examination’s alert on identity theft and FINRA’s Regulatory Notice 22-29 on ransomware. FINRA also emphasized that cybersecurity is not just the C.I.S.O.’s responsibility.
Obligations as to mobile apps, specifically whether firms adequately disclose or distinguish “between products and services of the broker-dealer and those of affiliates or other third parties”
Compliance with Consolidated Audit Trail reporting requirements including “timely submission of reportable events and corrections, reporting complete and accurate CAT records, and effectively supervising third-party vendors.”

[1] FINRA’s considerations are intended to serve as a possible starting point in considering a firm’s compliance program related to a topic. Firms should review relevant rules to understand the full scope of their obligations.

[2] In an upcoming article, Bates will take a deeper look at FINRA’s observations from its compliance reviews on each of the core duties under the two-year-old rule, including addressing the care in handling recommendations, conflicts of interest, required disclosure of material facts to retail clients, establishment of supervisory policies and procedures, and matters regarding Form CRS preparation.

Top Areas of FINRA Focus for 2023

See highlights of FINRA’s continuing and emerging concerns on our annual comparison chart below, which keeps track of articulated priorities from year to year. (Items highlighted in gold are new for 2023; summary continues after chart.)

FINRA 2023 Exam and Risk Monitoring Report with Bates Chart and Summary – Prioritizing the Priorities

© 2023 Bates Group LLC
Source: 2023 Report on FINRA’s Examination and Risk Monitoring Program
(Compiled by Alex Russell, Managing Director, White Collar, Regulatory and Internal Investigations)

New Format and New Topics

The Annual Report lists member firm compliance obligations by topic now under five categories. Financial crimes, the newest category, incorporates previous sub-topics (e.g., cybersecurity and technology governance under SEC Regulation S-P) concerning compliance policies and procedures to safeguard customer records and information, as well as FINRA rules on business continuity planning and supervision.

This new category also incorporates “anti-money laundering, fraud and sanctions” obligations concerning policies and procedures required under FINRA rules (e.g., detection, suspicious activity reporting, testing, training, and customer due diligence) for compliance under the Bank Secrecy Act (BSA) and its implementing regulations (e.g., maintaining a Customer Identification Program (CIP); verifying the identity of legal entity customers; etc.). The Report notes that member firms should stay apprised of progress being made to implement the Anti-Money Laundering Act of 2020.

A new sub-topic for FINRA, under the category financial crimes, focuses on manipulative trading, which implicates rules on impermissible trading practices (e.g., use of deceptive devices, publication of transactions and quotations, order entry and execution practices.) The new sub-topic also emphasizes supervisory obligations to ensure a process for the review of securities transactions “reasonably designed to identify trades that may violate the Exchange Act, SEC rules or FINRA rules prohibiting insider trading and manipulative and deceptive devices.”

At the SIFMA luncheon, FINRA’s Ruppert discussed manipulative trading and what prompted the change. He shared that there is an increase in wash sales and front running activity. He suggested that member firms look at manipulative trading from the perspective of behavioral analytics, starting with alerts and complaints and looking for commonalities in the data, including, for example, common phone numbers, IP addresses, and branches used. He emphasized the importance of "stepping up controls, investigative work, SARs, risk monitoring, and reach-outs to FINRA.”

The remaining new sub-topics fall under the general category of market integrity and include FINRA rules on (i) fixed income and fair pricing that apply to transactions (including fixed income and municipals) generally requiring that a dealer charging a mark-up or mark-down do so based on the prevailing market price; (ii) reporting and order handling of fractional shares; and (iii) short sale and closeout requirement exceptions for bona fide market making activity.

Conclusion

FINRA’s Annual Report provides important guidance for compliance officers. This latest Annual Report reinforces the reach and depth of FINRA’s rules and brings to light practices member firms can consider for maintaining effective compliance programs.

Last year, Bates recommended that member firm compliance reviews shift from an annual review to ongoing reviews. In that light, this year’s Annual Report illustrates FINRA’s continuing efforts to guide compliance officers in navigating the expanding set of rules. As new developments arise, Bates will keep you apprised.