FINRA has issued a report summarizing its observations on the compliance and supervision issues arising from recent examinations. Highlighted concerns include cybersecurity, outside business activities, anti-money laundering, product suitability, best execution, and alternatives in IRA accounts. FINRA found weaknesses in cybersecurity programs including failure to control access to data, insufficient risk assessments, and inadequate vendor supervision. FINRA expressed concerns about failures to report OBAs and failures to execute adequate reviews or retain documentation. AML programs fell behind as firms changed and grew but failed to properly resource growing AML volume. FINRA raised suitability concerns over recommendations of UITs, fund share classes, and complex products. FINRA hopes that firms will use the report as a “resource in tailoring their compliance and supervisory programs to their business.”
OUR TAKE: It’s always good to get more transparency into the examination program. What’s less clear is how firms should react to this information especially since FINRA generally issues its examination priorities letter in January. Regardless, expect FINRA to focus on these issues during cycle exams.
Today, we offer our “Friday List,” an occasional feature summarizing a topic significant to investment management professionals interested in regulatory issues. Our Friday Lists are an expanded “Our Take” on a particular subject, offering our unique (and sometimes controversial) perspective on an industry topic.
Within the last 2 weeks, the SEC OCIE staff and FINRA published their 2017 examination priorities letters (see SEC letter here and FINRA letter here). If past is prelude, the regulators will fulfill their promises to examine the highlighted areas. Also, the regulators have advised compliance staff to spruce up procedures and testing in these areas. We did a breakdown of the two letters and offer our view of the most significant priorities.
10 Most Significant 2017 Examination Priorities
- Suitability: The SEC expressed significant concern about mutual fund share classes and wrap programs. FINRA will look at rep training as well as over-concentration of high-risk products.
- Cybersecurity: Each of the SEC and FINRA specifically highlighted cybersecurity. They will review information security, data storage formats, password controls, physical security, and service provider oversight.
- Bad Brokers: Both the SEC and FINRA will target firms that retain and/or hire recidivist brokers. The regulators will review supervision as well as hiring and training practices.
- Senior Investors: Both regulators will focus on sales practices to, and products for, senior investors. The regulators are concerned with suitability especially related to high-yield products, target-date funds, and variable insurance products.
- Public Plans: The OCIE staff will scrutinize how advisers to public pension plans fulfill their fiduciary duties. The staff also plans to examine pay-to-play practices.
- Branch Offices: Both regulators will examine how firms supervise branch locations. These exams will include reviews of marketing, client communications, and outside business activities.
- Anti-Money Laundering: Both the SEC and FINRA expressed continued concern about AML compliance. They will test suspicious activity reporting, independent testing, automated trading, money movement, and foreign currency transactions.
- Robos: The SEC will focus on compliance programs, suitability, data protection, and algorithm oversight.
- ETFs: The SEC wants to ensure compliance with exemptive relief conditions. The staff also promised reviews of the creation/redemption processes and sales practices.
- Private Funds: The SEC staff expressed concern about the private fund industry including conflicts of interest, disclosure and fees.
The staff of the SEC’s Office of Compliance Inspections and Examinations has released the 2017 Examination Priorities, which focus on retail investment products, retirement advice, FINRA supervision, and private funds. The staff’s retail initiatives will include a focus on robo-advisers (compliance programs, suitability, data protection); wrap programs (suitability, trading away), ETFs (exemptive relief compliance, creation/redemption processes), and newly-registered advisers. As part of its emphasis on retirement products, the SEC will scrutinize variable insurance and target date funds and assess how pension plan advisers satisfy their fiduciary obligations. The staff will continue to target private fund advisers and cybersecurity. As part of its obligation to assess market-wide risks, OCIE will enhance oversight of FINRA, including assessing the quality of broker-dealer exams. OCIE’s Director advised registrants to “evaluate their own compliance programs in these important areas and make necessary changes and enhancements.”
OUR TAKE: Many of these areas – wrap, ETFs, variable insurance, target date funds, cybersecurity – continue longstanding initiatives. Others – robos, private advisers, FINRA – are more recent regulatory objectives. Compliance officers should use this exam priorities letter as a tool to upgrade their own compliance programs.
FINRA has published its annual Regulatory and Examination Priorities Letter, which focuses on high risk and recidivist brokers, protecting senior investors, and cybersecurity. FINRA will examine how firms hire and supervise brokers with disciplinary records. FINRA will evaluate branch-office inspection programs including client communications and outside business activities. Examination staff will scrutinize sales practices for senior investors including suitability when recommending complex products and penny stocks. FINRA expressed significant concern about cybersecurity including how firms prevent data loss, monitor passwords, ensure physical security, and maintain records. In addition to these central themes, FINRA will continue to examine product suitability and concentration, outside business activities, liquidity risks, supervisory controls, anti-money laundering, and best execution. FINRA CEO Robert Cook characterized FINRA’s priorities as a “focus on core ‘blocking and tackling’ issues of compliance, supervision and risk management.”
OUR TAKE: In past years, FINRA exams closely followed the Exam Priorities Letter. Compli-pros should tailor their compliance programs and training to the topics and practices described in the Letter.