The Financial Industry Regulatory Authority issued its annual report of examination findings and observations. The report echoed many themes of last year’s examination summary and identified numerous lapses observed at members involving supervision, especially supervision of member obligations related to suitability; controls over digital communication; anti-money laundering; business continuity plans; and direct market controls, as well as other obligations. FINRA only identified practices some firms have taken to strengthen their cybersecurity risk management programs without noting any weaknesses, however.
Among other things, FINRA found that some firms did not develop controls to adequately address newly adopted or amended rules, or identify such controls in their written supervisory procedures. Moreover, some firms had inadequate branch supervision and inspection programs, while others did not have reasonable processes to detect various forms of forgery in connection with the preparation of customer documentation. FINRA also claimed that some firms failed to maintain an adequate supervisory system to assess the suitability of recommendations to customers when exchanging certain products or identify red flags of unsuitable transactions. FINRA also identified that while some firms prohibited the use of certain texting and social media, they did not maintain a process to respond to red flags of violations of such policy. Also, said FINRA, some firms failed to monitor for suspicious transactions activity that related principally to securities trading. Accordingly, “some firms failed to detect red flags such as market dominance, prearranged trading or instances where groups of seemingly unrelated accounts were working in concert to manipulate stock prices,” said FINRA.
FINRA additionally found that some firms failed to include pre-trade order limits, pre-sent capital thresholds and “duplicative and erroneous order controls” for trading on alternative trading systems in potential violation of the Securities and Exchange Commission’s Market Access Rule (click here to access background). FINRA also alleged that some firms did not have adequate risk management controls that could support a chief executive officer’s required annual certification that the broker-dealer’s controls and procedures comply with Reg MAR’s requirements.
FINRA also found issues around suitability, AML and market access controls in its 2018 Examination findings published in December 2018 (click here to access).
Compliance Weeds: In my prior position as the group general counsel of an international derivatives brokerage entity, I always found examination overviews or similar documents published by regulators very helpful. This was not necessarily because I found issues spotted by regulators relevant to our situation (although very often I did), but because it caused me to reflect on our policies and compliance procedures more generally and to think about areas for possible enhancements.
It is a good discipline for all compliance and other control professionals at least annually to step back and think about processes that could be improved, and to work with supervisors to effectuate such changes.