2016 has arrived and, with the new year, FINRA has published its agenda of key examination priorities. This year’s 13-page Regulatory and Examination Priorities Letter sets forth both long-standing and new items for firms to evaluate in preparing for an examination. Not surprisingly, the letter is broad, and covers a wide range of areas; we indicate below our recommendations for firms that are preparing for an exam. Each member firm should, however, carefully assess the priorities identified in the letter in the context of its own business.
Supervision, risk management and controls – FINRA examinations will focus on anti-money laundering, cybersecurity, the management of conflicts of interest and technology management, as well as outsourcing and data quality.
Liquidity – FINRA will review the adequacy of firms’ contingency funding plans both in light of their business model and in connection with testing for market-wide and “idiosyncratic” stresses. FINRA will also evaluate liquidity planning and controls maintained by high-frequency trading firms.
Other areas of priority:
- firms' monitoring of excessive concentrations and recommendations, particularly as to complex, speculative or illiquid products;
- sales practices related to seniors and other vulnerable investors;
- private placements and Regulation A+ offerings;
- fixed income securities, including excessive charges;
- market integrity, including FINRA’s vendor display rule, market access, fixed-income order handling, Regulation SHO, and manipulation across markets and products; and
- Financial and operational controls relating to exchange-traded funds and fixed-income prime brokerage.
An Emphasis on Firm Culture and Ethics
FINRA plans to formalize its assessment of firm culture to better understand how it may impact compliance and risk management. It will also attempt to complete the review begun in late 2015 regarding incentives and conflicts of interest in connection with firms' retail brokerage business.
In particular, FINRA will assess five indicators of a firm's culture:
- whether control functions are valued within the organization;
- whether policy or control breaches are tolerated;
- whether the organization proactively seeks to identify risk and compliance events;
- whether immediate managers are effective role models of firm culture; and
- whether sub-cultures that may not conform to overall corporate culture are identified and addressed.
Firm culture is hard to quantify. Most FINRA members will state that their compliance and ethics culture is a strong one. But will FINRA agree? That remains to be seen.
In the letter, FINRA defines “firm culture” as the “set of explicit and implicit norms, practices, and expected behaviors that influence how firm executives, supervisors and employees make and implement decisions in the course of conducting a firm’s business.” This is a difficult standard to reduce to a rule. FINRA indicates that it will assess the firm’s culture based on the five “indicators” described above.
How can a firm demonstrate its strong culture? FINRA expects members to take visible actions that help mitigate conflicts of interest, and to promote the fair and ethical treatment of customers. As examples, the letter indicates that material breaches of firm policies and procedures should not be tolerated and that the amount of resources devoted to the compliance team will be assessed.
Supervision, Risk Management and Controls
In this area, FINRA indicated that it will focus on four key areas where it has had ongoing concerns:
- Management of conflicts of interest – for example, how do firms address issues that arise in compensation plans for its representatives, and sales of proprietary products? Here, FINRA references its proposed Rule 2273, which would require firms to provide educational communications in their recruitment practices. FINRA also stated that it remains focused on the conflict between investment banking and research, and whether these groups are properly separated, as well as inappropriate information leakage resulting from breaches in ethical walls.
- Technology – are the firm’s technology systems sufficient to support its risk management policies and practices? FINRA will focus on firms’ supervision and risk management related to cybersecurity, technology management, and data quality and governance. Chief Technology Officers should expect to have a seat at the table for an examination, and we would encourage them to review the items raised in the letter.
- Outsourcing – what sort of due diligence do members undertake? How are they supervised? FINRA reminds its members that outsourced services remain the member’s own responsibility.
- Anti-money laundering (“AML”) - are firms testing their system and data sources? Which accounts are being carefully scrutinized, and how? Which customer transactions are not being subject to surveillance, and why?
Members should have ready for review their contingency funding plans, which should be tailored to their business models. FINRA expects that members will conduct stress tests and other reviews to evaluate the effectiveness of their contingency plans.
More on Suitability (and Concentration)
FINRA notes in the letter that not all firms have established systems to monitor and supervise suitability that are tailored to their respective product offerings, particularly in the case of products that FINRA has historically identified as complex. FINRA also has noted “shortcomings in some firms’ new product review committees and training programs.” FINRA also found deficiencies as to monitoring for excess concentration. Accordingly, FINRA will focus on assessing firms’ policies and processes that govern monitoring for excessive concentrations, as well as suitability determinations for recommended transactions or investment strategies. FINRA encourages members to ensure that its registered representatives, when making a recommendation, are considering key factors such as credit risk, duration and leverage.
Protecting Senior Investors
As discussed in our related blog entry, FINRA has suggested a variety of procedures for firms to follow in order to help prevent elder abuse. The topic has been in the news in recent years, and FINRA has proposed rules to help address these issues.
Private Placements and New Offering SEC Rules
As we have discussed at length in other materials, the JOBS Act, and the SEC’s revised Regulation A and “crowdfunding” rules have liberalized the regulatory regime for smaller companies seeking to raise capital. While many applaud these changes in terms of the flexibility that they afford to issuers, they may create challenges to broker-dealers in terms of ensuring that appropriate suitability standards are satisfied. Accordingly, FINRA’s letter indicates that in respect of non-registered offerings, FINRA will continue to focus on suitability, disclosure and due diligence. For example, FINRA expressed a concern that some communications used by firms concerning private placements have not reflected the significant risks of loss of principal and lack of liquidity associated with these investments. For example, to the extent that Regulation A+ offerings must be filed with FINRA, the letter indicates that FINRA will carefully scrutinize filings for conflicts of interest and other matters that raise issues under the Corporate Financing Rule.
Significant regulatory focus remains on ETFs and other exchange traded products, as discussed in the SEC’s recent research note relating to volatility issues arising in August 2015. FINRA’s letter indicates that it will review broker-dealers’ role as authorized participants (“APs”) in the ETF creation and redemption process. The letter notes that FINRA is concerned that these activities may result in pressure on the financial integrity of broker- dealers in some conditions, potentially impairing the liquidity provision function the broker-dealer plays when acting as an AP.
FINRA’s priorities letter is broad, as befits a diverse industry. Each member firm should carefully consider the issues raised in light of its own business. We encourage members to be prepared to discuss each relevant issue, in light of its own practices, policies and procedures.