Today, we offer our “Friday List,” an occasional feature summarizing a topic significant to investment management professionals interested in regulatory issues. Our Friday Lists are an expanded “Our Take” on a particular subject, offering our unique (and sometimes controversial) perspective on an industry topic.
Both FINRA and the SEC OCIE staff recently released their 2020 examination priorities. Today’s list summarizes their 10 most significant concerns for investment managers and broker-dealers. New areas this year include Regulation Best Interest, digital assets and cash sweep programs. Some longtime favorites include anti-money laundering, best execution, and retail sales practices. Compli-pros should use these letters to prepare their compliance programs and exam readiness.
10 Most Significant 2020 Examination Priorities
Compliance programs. OCIE’s overriding concern is assessing whether compliance is actively engaged in firm operations and whether the CCO is knowledgeable and empowered. FINRA wants firms to evaluate the “state of their compliance, supervisory and risk management programs.”
Regulation Best Interest. Both OCIE and FINRA warn firms to implement new procedures and processes to comply with Regulation Best Interest, including Form CRS, and related interpretations.
Retail Sales Practices. OCIE wants firms to re-consider disclosure, sales practices and conflicts of interest when advising retail clients. FINRA adds supervision and focuses on certain products such as private placements and variable annuities.
Revenue Sharing. The regulators have serious reservations about advisers who have a financial interest in the products they recommend.
Information Security. Firms need to assess systems, technology governance, and testing to ensure the protection of clients’ personal information.
Trading Practices. FINRA will target market manipulation practices, mark-ups/mark-downs, short sales, short tenders, and TRACE reporting.
Digital Assets. OCIE worries that firms may not understand the differences between digital assets and more traditional products. The examination staff will review suitability, trading, custody, valuation, and supervision.
Anti-Money Laundering. Both regulators expressed concerns about how broker-dealers comply with their anti-money laundering obligations.
Cash Sweep. FINRA wants firms to consider how they communicate features and options and how the programs operate.
Best Execution. Always a perennial favorite, FINRA will focus on routing decisions, odd-lots, and options.
It is notable that FINRA intends to prioritize Regulation BI in the first year. Usually, the regulators give some time for firms to put operations in place before conducting regulatory sweeps for compliance with new laws and regulations.
Regardless of where FINRA lands on this rule, we recommend that compli-pros prohibit such designations in the WSPs. FINRA correctly cites the conflicts of interest, especially with senior investors. If reps already circumvent firm rules, how can FINRA ensure that reps will notify their firms?
FINRA has released its 2019 Report on Examination Findings and Observations, offering insight on enforcement cases and risk management concerns. FINRA provides a long list of examination and enforcement findings including negligent practices related to (i) supervision (failure to amend WSPs for new or amended rules, weak branch office inspections); (ii) suitability (product exchanges, churning); (iii) digital communications (failure to stop individual texting, electronic sales seminars); (iv) anti-money laundering (inadequate transaction monitoring, overreliance on clearing firms); (v) UTMA/UGMA (know your customer); (vi) cybersecurity; (vii) business continuity plans; (viii) fixed income mark-ups; (ix) best execution; (x) market access; (xi) short sales; (xii) liquidity risk management; (xiii) segregation of client assets; and (xiv) net capital. A senior FINRA official explained the purpose of the Report: “We hope firms find the Exam Findings and Observations Report useful in strengthening their own control environments and addressing potential deficiencies before their next exam.”
The Exam Report is more useful than the annual Exam Priorities letter because it reflects actual cases and findings rather than a regulatory wish list. We recommend that all compli-pros establish an internal working group to address the issues raised in the Report.
We don’t relish the idea of a regulator that has to fill a large financial deficit, especially since it could use fines to fill some of this hole. We expect the lower fine numbers during the last 2 years to be more of an aberration.
On the positive side, requiring what amounts to a net capital penalty should get the attention of senior leaders at these problem firms. On the other hand, FINRA needs to be careful that such a firm doesn’t make a cold calculation to hire a bad broker if the broker’s production offsets the additional financial obligation.
At the very least, member firms should review their 529 Plan recommendations to see if they have exposure and then take action to remediate. Because of the broader implications of an enforcement action and individual liability, we recommend consulting counsel about whether to self-report.
FINRA has fined a large broker-dealer $10 Million for widespread anti-money laundering compliance failures arising from failed systems, insufficient resources, and poorly-designed supervision. FINRA charges that the firm’s wire transfer surveillance system failed to collect required data and thereby omitted information that should have been transmitted to the AML surveillance system. FINRA also faults the firm for significantly understaffing the AML surveillance team, resulting in cursory reviews. The firm was also faulted for improperly allocating supervisory responsibility over surveillance of penny stock trades. FINRA rules require member firms to implement an anti-money laundering program to ensure compliance with the Bank Secrecy Act. A FINRA Enforcement official chided the industry, noting that the regulator “continues to find problems with the adequacy of some firms’ overall AML programs, including allocation of AML monitoring responsibilities, data integrity in AML automated surveillance systems, and firm resources for AML programs.”
Anti-Money Laundering compliance remains a huge challenge for broker-dealers that must spend significant resources on both technology and personnel to ensure adequate monitoring. Regardless, we recommend upgrading your systems and processes before the regulators force your hand with enforcement actions and multi-million fines.
released its 2019 Examination Priorities Letter, spotlighting new areas
including online distribution platforms and fintech, regulatory technology, digital
assets, and fundraising for outside business activities. FINRA will closely scrutinize member firms’
participation with online securities distribution platforms and whether firms
are aiding the unlawful distribution of unregistered securities by handling
customer accounts and/or receiving transaction-based compensation. When using regulatory technology tools, firms
will be asked how they supervise third party vendors and how they protect customer
information. FINRA will work with the
SEC to ensure that member firms implement adequate controls and supervision when
engaging with digital asset offerings through marketing, clearing, and
recordkeeping activities. FINRA continues
its focus on outside business activities with a special emphasis on fundraising
for personal benefit. FINRA also makes
clear that it will continue to review firms for compliance with longstanding
priorities including suitability, fund share classes, private placements,
communications, AML, cybersecurity, senior investors, best execution, and
Compli-pros should read this Examination Priorities Letter together with the recently released Examinations Findings to create an inventory of compliance risks that the firm should immediately address through gap analysis and enhanced procedures. Our experience is that the FINRA examiners hew closely to the announced priorities.
FINRA has issued a report on cybersecurity best practices to assist firms in the development of their cybersecurity programs. FINRA notes that it continues to see “problematic cybersecurity practices” during examinations and that firms identify cybersecurity as a “primary operational risk.” The report focuses on strengthening cybersecurity controls in branch offices, ways to limit phishing attacks, how to mitigate insider threats, the elements of an effective penetration testing program, and adequate controls for mobile devices. The report also includes an appendix that lists core cybersecurity controls for small firms including patch maintenance, access management, vulnerability scanning, and email protection.
The 19-page report does a good job describing every cybersecurity nightmare scenario, which may be instructive for those C-suite executives still in denial. The best part of the report is the small firm appendix that focuses on key issues.