As in the past, the Financial Industry Regulatory Authority (“FINRA”) marked the beginning of the new year with the release of its 2018 Regulatory and Examination Priorities Letter (the “Letter”). Similar to prior letters, the 2018 Letter identifies several reoccurring areas of concern, such as fraud and recidivist brokers. However, there are also several areas featured for the first time in the 2018 Letter, including cryptocurrencies and related initial coin offerings (“ICOs”), technology governance, business continuity plans, and non-purpose loans. Notably absent from the 2018 Letter is an explicit focus on protection of senior investors; however, considerations related to senior investors transcend virtually all of the specifically identified areas of concern. Specific areas of focus for 2018 include:


The Letter reflects FINRA’s intent to scrutinize activity in microcap stocks, potential insider trading activity, activity reflective of a potential Ponzi scheme and any other activity that jeopardizes the integrity of the market. In this regard, we expect FINRA to place a strong emphasis on the timely filing of accurate Suspicious Activity Reports (“SARs”) and documented compliance with anti-money laundering (“AML”) policies, procedures, rules and regulations. Additionally, FINRA references new Rule 2165 and the amendments to Rule 4512, which are additional tools in the firms’ arsenal for protecting senior investors (see our prior alert on this topic, Bryan Cave Bulletin: New Rule Regarding Financial Exploitation of Seniors To Become Effective February 5, 2018).

Recidivist Brokers

Firms retaining or hiring registered individuals with extensive disciplinary histories will continue to be closely monitored. FINRA routinely monitors registered individuals’ reportable events and their movements among firms. Utilizing this information, FINRA will be focusing on firms’ hiring practices and monitoring of high-risk or recidivist representatives. In this regard, FINRA is likely to look for evidence of a careful, thoughtful analysis of the necessity for imposition of a plan of heightened supervision (see Rule 3110 as it relates to high-risk individuals). Such a focus suggests the potential for a presumption in favor of requiring implementation of such a plan. Also expect increased scrutiny by FINRA over remote supervision arrangements and point-of-sale activities.

In this same vein, FINRA also reminds firms to review their procedures related to private securities transactions and control over outside business activities (“OBAs”).

Business Continuity Plans

FINRA Rule 4370 addresses emergency preparedness and requires firms to have a business continuity plan. FINRA will be looking for evidence that firms have planned for meeting any liquidity needs arising in the face of “stress” created in the wake of a catastrophe. As part of its scrutiny, we expect FINRA to look at what types of events trigger the continuity plan; what systems are deemed “critical;” how the firm’s plan coordinates with outside vendors; and when or under what circumstances the firm will revert back to “normal” operations.

Technology Governance

With respect to technology, FINRA will be looking for a “point person,” whether in-house or outsourced, to be responsible for addressing cyber-related issues. Issues often arise in the context of technology upgrades and implementation of new systems, which may significantly impact order entry and execution, as well as protection of customer information. Firms should expect FINRA review of procedures related to technology implementation and/or change, as well as the identification of a person ultimately responsible for overseeing these activities.

Cryptocurrencies and ICOs

FINRA indicates that in the coming year, it will closely scrutinize the roles played by firms and their registered personnel in connection with effecting transactions in digital assets. No FINRA member currently permits direct trading of cryptocurrencies. While there is clearly interest among firms to permit such activity, for now, as the Letter notes, the biggest concern is related to selling away activity in connection with cryptocurrencies.

While cryptocurrencies may not be directly traded by member firms, there is activity in products tied to such cryptocurrencies. For example, the Bitcoin Investment Trust (“GBTC”) is an exchange-traded fund (“ETF”) that tracks the price of Bitcoin. Although FINRA does not specifically reference such ETF trading in the Letter, in the event of such activity, just as with any new product, we expect FINRA to focus on concerns regarding, among other things, complexity, volatility, and disclosure issues.

Non-purpose Loans

With respect to margining of securities in connection with non-purpose loans, FINRA is expected to focus on the nature and extent of disclosures made regarding the risk of using margin. Such disclosures are contemplated expressly by FINRA Rule 2264, such that this should not be anything new for firms.


Protection of client assets and ensuring the accuracy of firms’ financial reporting, such as net capital, continue to be areas of focus for FINRA. In this regard, we expect that FINRA will review firms’ processes for verifying customer assets and liabilities as reflected in the firms’ capital and reserve computations. Additionally, FINRA will look for evidence that assets are unencumbered, which is likely to be of greater interest in the context of securities held at foreign custodians.


Cybersecurity has been an area of focus over the past several years. Key points of interest are the effectiveness of the firm’s cybersecurity programs, as well as the firm’s preparedness to confront a threat. In this regard, FINRA also reminds firms to review policies and procedures to assess whether to file a SAR and how to identify a cybersecurity event.


Again, suitability is a returning favorite area of focus. In this regard, we expect FINRA to focus on firms’ controls over suitability. Specifically of import in this regard, FINRA will look at firms’ review of new product vetting and the systems or controls in place to ensure that individuals are properly educated and trained in the sale and supervision of the product. FINRA will also examine firms with respect to particular products where the firm has experienced issues in the past. Finally, rollovers from employer-sponsored retirement plans will continue to be a topic of interest for FINRA, as will switches from brokerage to advisory relationships.

Best Execution

We expect FINRA to implement surveillance programs intended to facilitate systematic review of the frequency and relative amount of price improvement obtained or provided when comparing routing or execution venues. Regulatory Notice 15-46 reiterated that merely obtaining the best bid is not sufficient to satisfy the firm’s best execution obligation.

This Exam Priority follows on the heels of FINRA’s November 2017 sweep focused on firms’ best execution obligations when they receive incentives to route orders in a certain way, such as payment for order flow and maker-taker rebates, or when they internalize order flow. Any such incentives must not interfere with the firm’s best execution obligation. The availability of such incentives triggers consideration of the firm’s approach to conflicts of interest.

Along these same lines, FINRA promised surveillance focused on fair pricing and best execution in Treasury transactions, as well.

Rule Changes Coming In 2018

With 2018 will come some significant rule changes, including but not limited to:

  • FINRA Rule 2165 – Financial Exploitation of Vulnerable Clients – Effective February 5, 2018
  • Amendments to Rule 4512 – Customer Account Information – Effective February 5, 2018
  • FinCEN Customer Due Diligence Rule – Effective May 11, 2018
  • Amendments to FINRA Rule 2232 – Customer Confirmations – Effective May 14, 2018
  • Amendments to FINRA Rule 4210 – Margin Requirements for Covered Agency Transactions – Effective June 25, 2018
  • Consolidation of FINRA Rules 1210-1240 – Registration Rules – Effective October 1, 2018