Why it matters

The Financial Industry Regulatory Authority (FINRA), the independent self-regulatory body for the securities industry, has issued its list of examination priorities for 2016. Banks will recognize many, but some others are uncustomary for bank examinations and are worthy of note. Culture, conflicts of interest, and ethics—with a "focus on the frameworks that firms use to develop, communicate, and evaluate conformance to their culture"—along with supervision, risk management, and controls, and liquidity, by conducting a review of contingency funding plans. In addition to these primary areas of focus, FINRA plans to take a look at sales practices, including the treatment of senior and other vulnerable investors as well as excess concentrations, financial and operations controls (with consideration of issues such as internal audits and client onboarding), and market integrity. "FINRA urges compliance staff, supervisors and senior business leaders to consider the broad issues and the targeted topics addressed in this letter," the agency wrote. "Using the information as part of firms' risk management can better protect investors, the markets and firms themselves."

Detailed discussion

FINRA emphasized three areas in its annual Regulatory and Examination Priorities Letter for 2016: culture, conflicts of interest, and ethics; supervision, risk management, and controls; and liquidity.

Defining "firm culture" as "the set of explicit and implicit norms, practices, and expected behaviors that influence how firm executives, supervisors, and employees make and implement decisions in the course of conducting a firm's business," the agency announced its intent to formalize its assessment of culture in 2016, while continuing a focus on conflicts of interest and ethics.

While FINRA does not seek to dictate firm culture, the regulator will assess five indicators: whether control functions are valued within the organization, whether policy or control breaches are tolerated, whether the organization proactively seeks to identify risk and compliance events, whether supervisors are effective role models of firm culture, and whether subcultures (such as a branch office or the investment banking department) that may not conform to overall corporate culture are identified and addressed.

As for conflicts of interest and ethics, firms should take "visible actions" to help mitigate conflicts of interest and promote the fair and ethical treatment of customers, FINRA advised.

Turning to supervision, risk management, and controls, the agency reminded firms that its rules create an obligation "to establish and maintain a system to supervise the activities of their associated persons that is designed to achieve compliance with securities laws and regulations," as well as FINRA rules.

To that end, four areas where the agency has observed repeated concerns will be the subject of focus: management of conflicts of interest, technology, outsourcing, and anti-money laundering (AML). The year 2016 will bring the completion of a targeted examination that launched in 2015 regarding incentive structures and conflicts of interest in connection with firms' retail brokerage business, FINRA noted.

Technology—and firms' supervision and risk management practices related to their technological infrastructure—will be top of mind for the regulator, particularly having observed shortcomings in the management of technology systems. Given the persistence of threats and the need to improve defenses, examiners will also focus on cybersecurity preparedness.

"Firms face risks from unauthorized internal and external access to customer accounts, online trading systems and asset transfer systems, as well as in the management of their vendor relationships," FINRA wrote. Examiners will review firms' approach to cybersecurity risk management, including vendor management, staff training, data loss prevention, and incident response.

AML controls, such as suspicious activity monitoring, continue to be on the top of the list of FINRA's priorities. Firms should routinely test systems and verify the accuracy of data sources to ensure that all types of customer accounts and customer activity—particularly higher-risk accounts and activity—are properly identified and reviewed in a manner designed to detect and report potentially suspicious activity, the agency said, with the rationale for any decisions well-documented.

The areas of interest for the regulator with regard to liquidity include firm funding, with a review of the adequacy of firms' contingency funding plans in light of their business models. Practices ranging from the rigorous evaluation of liquidity needs related to both marketwide and idiosyncratic stresses to continuity plans to ensure sufficient liquidity to weather such stresses will be examined by FINRA. For further guidance, firms should review Regulatory Notice 15-33, the agency suggested.

Other areas of focus for the regulator: sales practices, with an eye on excess concentration and vulnerable populations. Having observed deficiencies in the failure to adequately monitor for excess concentration, FINRA intends to assess firms' policies and processes to govern monitoring of excessive concentrations. As for seniors and other vulnerable investors, the regulator will examine "recommendations regarding higher-cost products that may drive unsuitable recommendations and affect product performance to the detriment of the investor."

While considering firms' financial and operational controls, the agency said it will review internal audit frameworks, policies and controls related to onboarding clients and correspondents (noting shortfalls in the area of onboarding professional clients), and the transmittal of customer funds, having recently brought several enforcement actions in the area. As a final area of focus, FINRA reminded firms about market integrity issues such as market access and audit trail integrity.

Many of the areas identified by FINRA are déjà vu for banks in their examinations—risk management, AML compliance and vendor management and, more recently, cybersecurity and liquidity. However, bank examinations seldom address the "ethics" of a bank or whether supervisors and executives are "effective role models of firm culture." These are concepts worthy of consideration by banks and their boards of directors. Another FINRA emphasis—that securities firms should not use their research analysts to win investment banking business—should be kept in mind as banks consider financial advisors for raising capital or doing M&A.

To read the letter identifying FINRA's 2016 priorities, click here.