On October 16, the U.S. Financial Industry Regulatory Authority (FINRA) published its annual report on examination findings and observations for broker-dealers (Report). Although the details of FINRA’s regulatory framework differ in many ways from the framework that AUM Law’s clients face, we think that some of the Report’s findings and observations are instructive. We found the following sections particularly interesting:
- Digital Communication (pp 6-7): FINRA found that some firms were facing challenges complying with supervision and recordkeeping requirements for various digital communication tools, technologies and services (Digital Channels) such as texting, social media or collaboration applications. For example, some firms didn’t maintain processes to identify and respond to red flags indicating that employees were using Digital Channels prohibited by the firm for business communications with customers and/or conducting electronic sales seminars in chatrooms or on prohibited Digital Channels outside of supervision or recordkeeping programs. The Report also highlights a number of effective practices that FINRA observed including:
- Blocking Digital Channels (or features of Digital Channels) that limit the firm’s ability to comply with its recordkeeping requirements (such as apps with end-to-end encryption or self-destructing messages);
- Written supervisory procedures to manage the lifecycle of video content (such as live-streamed public appearances);
- Mandatory training programs conducted before giving individuals access to firm-approved Digital Channels;
- Temporarily suspending or permanently blocking access to certain Digital Channels for individuals who don’t comply with the firm’s policies; and
- Firms working closely with their marketing, compliance and IT departments as well as third-party vendors to monitor the rapidly evolving array of communication methods.
- Suitability (at pp. 4-5): In this year’s Report, FINRA discusses findings relating to, among other things, inadequate supervision of recommendations that customers exchange products and inadequate systems to detect red flags (such as patterns of similar recommendations across customers with differing risk profiles, patterns of “unsolicited” transactions in identical securities). FINRA also found that some firms didn’t adequately supervise changes to customer account information, especially where the changes occurred close in time to transactions that, but for the change, would have been subject to heightened scrutiny, would have raised suitability concerns or would not have been approved.
- Business Continuity Plans (BCPs) (at pp. 12-13): FINRA observed firms that didn’t identify all their mission-critical systems, lacked sufficient capacity to handle increased call volumes and online activity during a business disruption, didn’t update their BCPs after significant operational changes, didn’t update their emergency contact information, and/or allowed employees to maintain critical working documents on their computers’ local hard drives. FINRA also commented favorably on firms that tested their BCPs annual and incorporated test results into firm training.