It is notable that FINRA intends to prioritize Regulation BI in the first year. Usually, the regulators give some time for firms to put operations in place before conducting regulatory sweeps for compliance with new laws and regulations.
Regardless of where FINRA lands on this rule, we recommend that compli-pros prohibit such designations in the WSPs. FINRA correctly cites the conflicts of interest, especially with senior investors. If reps already circumvent firm rules, how can FINRA ensure that reps will notify their firms?
FINRA has released its 2019 Report on Examination Findings and Observations, offering insight on enforcement cases and risk management concerns. FINRA provides a long list of examination and enforcement findings including negligent practices related to (i) supervision (failure to amend WSPs for new or amended rules, weak branch office inspections); (ii) suitability (product exchanges, churning); (iii) digital communications (failure to stop individual texting, electronic sales seminars); (iv) anti-money laundering (inadequate transaction monitoring, overreliance on clearing firms); (v) UTMA/UGMA (know your customer); (vi) cybersecurity; (vii) business continuity plans; (viii) fixed income mark-ups; (ix) best execution; (x) market access; (xi) short sales; (xii) liquidity risk management; (xiii) segregation of client assets; and (xiv) net capital. A senior FINRA official explained the purpose of the Report: “We hope firms find the Exam Findings and Observations Report useful in strengthening their own control environments and addressing potential deficiencies before their next exam.”
The Exam Report is more useful than the annual Exam Priorities letter because it reflects actual cases and findings rather than a regulatory wish list. We recommend that all compli-pros establish an internal working group to address the issues raised in the Report.
We don’t relish the idea of a regulator that has to fill a large financial deficit, especially since it could use fines to fill some of this hole. We expect the lower fine numbers during the last 2 years to be more of an aberration.
On the positive side, requiring what amounts to a net capital penalty should get the attention of senior leaders at these problem firms. On the other hand, FINRA needs to be careful that such a firm doesn’t make a cold calculation to hire a bad broker if the broker’s production offsets the additional financial obligation.
fined a large broker-dealer $2 Million for under-resourcing its compliance
function, thereby allowing unlawful short-selling. As the firm’s trading activity increased, the
firm continued to rely on a primarily manual system to monitor compliance with
Regulation SHO’s requirements. The
handful of employees tasked with monitoring trading requested more resources as
their 12-hour workdays could not adequately surveil the activity of 700 registered
representatives. FINRA alleges that the
firm routinely violated Regulation SHO by failing to timely close-out
positions, illegally routing orders, and failing to issue required
notices. As part of the settlement, the broker-dealer
also agreed to hire an independent compliance consultant.
TAKE: Firms need to track business activity to ensure that compliance and operations
infrastructure keep up with the business.
A good metric is whether the firm spends at least 5% of revenues on compliance
infrastructure including people and technology.
At the very least, member firms should review their 529 Plan recommendations to see if they have exposure and then take action to remediate. Because of the broader implications of an enforcement action and individual liability, we recommend consulting counsel about whether to self-report.
FINRA has issued a report on cybersecurity best practices to assist firms in the development of their cybersecurity programs. FINRA notes that it continues to see “problematic cybersecurity practices” during examinations and that firms identify cybersecurity as a “primary operational risk.” The report focuses on strengthening cybersecurity controls in branch offices, ways to limit phishing attacks, how to mitigate insider threats, the elements of an effective penetration testing program, and adequate controls for mobile devices. The report also includes an appendix that lists core cybersecurity controls for small firms including patch maintenance, access management, vulnerability scanning, and email protection.
The 19-page report does a good job describing every cybersecurity nightmare scenario, which may be instructive for those C-suite executives still in denial. The best part of the report is the small firm appendix that focuses on key issues.
FINRA has released its 2018 Examinations Findings as a “resource for firms to strengthen their compliance programs and supervisory controls.” FINRA says the report selected certain observations because of “their potential significance, frequency, and impact on investors and the markets.” The report highlights widespread deficiencies in suitability policies and procedures including “quantitative suitability” (i.e. series of transactions), overconcentrations, excessive trading, and variable annuities. FINRA also cites widespread failures to ensure fulsome disclosure of fixed income mark-ups, reasonable private placement due diligence, and abuse of discretionary authority. The broker-dealer regulator summarizes other concerns including anti-money laundering, net capital and customer protection calculations, best execution and outside business activities.
This extensive list (15 pages) covers many of FINRA’s greatest regulatory hits. It’s a great document for new compliance officers because it covers a wide range of broker-dealer compliance requirements. Rather than helping compli-pros focus resources, it works better as a checklist to verify that the firm has addressed the most serious regulatory requirements.
Ray Calvano of Cipperman Compliance Services recently attended the FINRA Annual Conference in Washington. Major speakers included FINRA President and CEO Robert Cook and SEC Chairman Jay Clayton. Mr. Clayton cited the SEC’s continuing concerns about cryptocurrencies and ICO offerings. He also tried to offer some insight into the new Regulation Best Interest and what it means for broker-dealers. The Conference also addressed how FINRA could tailor its regulations to the needs of smaller firms. Feel free to contact Ray if you want more information.