The Annual Report provides transparency on FINRA’s recent examination findings and focus for the coming year.

On October 16, 2019, the Financial Industry Regulatory Authority (FINRA) published its annual Report on Examination Findings and Observations (Annual Report) for member firms and the general public. The Annual Report gives firms the opportunity to review recent findings by FINRA’s examination, surveillance, and risk monitoring program, and to proactively take corrective action to strengthen their internal compliance and supervisory programs in light of the findings.

Based on FINRA’s examinations of member firms, the Annual Report identifies key findings (which it defines as violations of relevant rules or regulations) and provides observations for effective practices. In cases where effective practices are not identified, they can be reasonably inferred from the findings noted. The Annual Report addresses four main topics: (1) Sales Practice and Supervision; (2) Firm Operations; (3) Market Integrity; and (4) Financial Management.

1. Sales Practice and Supervision 

Supervision and Recordkeeping findings include:

  • Insufficient updating of supervisory processes, written supervisory procedures (WSPs), and training programs to comply with new or amended rules applicable to the firm’s business including the fixed income mark-up disclosure requirements under FINRA Rule 2232 and FinCen’s Customer Due Diligence Rule (CDD) obligations for broker-dealers incorporated by FINRA Rule 3310
  • Lack of reasonably designed branch office supervision and internal inspection programs to identify the unique risks posed by products or services offered only at specific locations; failure to document or properly remediate inspection findings; and failure to conduct periodic inspections of non-branch locations as required by FINRA Rule 3310(c)
  • Inadequate supervision and maintenance of accurate information in account statements, consolidated account reports, and other forms; or lack of WSPs or reasonable processes to detect or prevent document falsification
  • Insufficient supervision to prevent restricted trading or to detect irregularities in specific types of accounts susceptible to insider trading, manipulation, and lack of suitability, including insider accounts, margin accounts, and option accounts

Suitability findings, in addition to the standard suitability issues, include:

  • Inadequate supervision to assess the suitability of recommendations to customers to exchange certain products, such as mutual funds, variable annuities, unit investment trusts, and long-term products
  • Insufficient identification of, or investigation into, suitability “red flags” such as similar recommendations by representatives across many customers with different risk profiles, time horizons, and investment objectives
  • Inadequate supervision of changes by registered representatives to customer account information (such as income, net worth, or customer investment objectives), in many cases unilaterally effected by registered representatives prior to an otherwise questionable or potentially unsuitable transaction
  • Insufficient recognition or remediation of unsuitable trading patterns, including excessive trading and account churning
  • Insufficient identification and prevention of unsuitable recommendations by registered representatives involving complex options strategies

Digital Communication findings include:

  • Insufficient governance processes to identify and prevent business-related communication with customers via prohibited or unsupervised digital communication channels such as text messaging or online messaging applications

Anti-Money Laundering (AML) findings include: 

  •  Inadequate transaction monitoring systems and processes tailored to the firm’s business to properly detect and report suspicious account activity including trading activity indicative of market manipulation and abnormal wire transfer requests
  •  Overreliance by many firms on external clearing firms for transaction monitoring and suspicious activity reporting 

​Uniform Transfers to Minors Act (UTMA) and Uniform Grants to Minors Act (UGMA) Accounts findings include: 

  • Insufficient supervisory process for verifying the authority of custodians of UTMA/UGMA accounts to achieve compliance with Know Your Customer obligations and prevent possible mishandling of a customer’s account

2. Firm Operations

Cybersecurity observations and effective practices include:

  • Maintaining, implementing, and verifying the efficacy of written cybersecurity policies at the branch level to protect confidential data
  • Maintaining, implementing, and verifying the efficacy of written policies governing engagement with third-party vendors
  • Maintaining, implementing, and verifying the efficacy of formal cybersecurity incident response plans
  • Implementing data encryption and access controls for confidential information and the systems that house the data
  • Training personnel to recognize and mitigate cybersecurity risks

Business Continuity Plans (BCPs) findings include:

  • Inadequate identification in BCPs of systems deemed mission-critical for firm operation in the event of an emergency or significant business disruption
  • Insufficient bandwidth to handle customer access needs during emergencies or business disruptions
  • Inadequate maintenance and validation of BCPs to properly reflect changes to critical operational functions, emergency contact information, or customer access procedures

Fixed Income Mark-up Disclosure findings, in addition to findings similar to those noted in FINRA’s 2018 Annual Report, include: 

  • Inaccurate or mischaracterized transaction-related information to retail customers for certain trades in corporate, agency and municipal debt securities, such as excluding additional charges from disclosed mark-ups or mark-downs, mislabeling of sales credits or concessions, incorrect determination of prevailing market price, or misreported times of execution for specific transactions

3. Market Integrity Best

Execution findings include:

  • Inadequate “regular and rigorous” reviews of order execution quality, either by failure to compare with execution quality at competing venues, inadequate type-of-order reviews, or reviews that failed to account for all FINRA Rule 5310 Best Execution Rule factors including, among others, the speed of execution, price improvement opportunities, and the likelihood of execution of limit orders
  • Potential conflicts of interest where order routing was conducted through venues that provide payment for order flow (or other routing inducements), often without supporting “regular and rigorous” reviews to justify such routing decisions
  • Inadequate information provided in the material disclosures section of order routing reports as required by Regulation NMS’s Rule 606, including nondisclosure of material aspects of the non-directed order flow routed to their own trading desk, or material aspects of relationships with venues identified in the reports

Direct Market Access Controls findings, in addition to findings similar to those noted in FINRA’s 2017 and 2018 Annual Reports, include:

  • Insufficient risk management controls and WSPs to mitigate the financial, regulatory, or other risks associated with market access activity, especially for fixed income transactions
  • Inaccurate intra-day (ad hoc) credit threshold adjustments, ineffective trading controls for duplicative and erroneous orders, and insufficient post-trade controls, record management, or surveillance

Short Sales findings, in addition to findings similar to those noted in FINRA’s 2017 Annual Report, include:

  • Insufficient ability to age and properly close out short sale transaction delivery failures within the timeframe required by the Continuous Net Settlement (CNS) System

4. Financial Management

Liquidity and Credit Risk Management observations and effective practices include: 

  • Maintaining robust contingency plans to operate effectively under stressed liquidity conditions and conducting thorough stress tests in an appropriate manner and frequency
  • Updating liquidity and credit risk management programs to account for changing business activities and credit exposure 

Segregation of Client Assets findings, in addition to findings similar to those noted in FINRA’s 2018 Annual Report, include:

  • Incomplete or inaccurate recordkeeping or control processes to demonstrate custody and segregation of customer assets under the Customer Protection Rule
  • Inadequate check handling, inaccurate reserve formula calculations, and account or transaction coding errors

Net Capital Calculations findings, in addition to findings similar to those noted in FINRA’s 2017 and 2018 Annual Reports, include: 

  • Incorrect computation of required net capital due to incorrect consideration of inventory haircut charges for fixed income securities, charges for underwriting commitments, or inaccurate classification of various forms of receivables, fees, expenses, liabilities, and revenue that result in a skewed representation of operating performance and financial condition

Conclusion 

While the Annual Report is not prescriptive and does not create any new legal or regulatory obligations on firms, it does give financial institutions of all sizes a benchmark for assessing their own compliance and risk management programs in advance of an actual FINRA examination. Accordingly, firms should review the Annual Report in conjunction with their self-audits and internal compliance exams as well as their regular policies and procedures reviews.