Management teams advised to prepare for this new environment.
On January 5th, the Financial Industry Regulatory Authority, Inc. (FINRA) issued its 2016 Regulatory and Examination Priorities Letter identifying new areas of focus as well as issues of ongoing concern. This document can serve as a guideline for management in examining and adjusting compliance and risk management functions in order to better protect both investors and the organization itself.
Here is a summary of key aspects of the letter.
In 2016, FINRA will formalize its assessment of culture conformance with each organization's own policies and procedures. Below are five key culture attributes each firm should self-examine:
Firm's supervisory, risk management, and control systems are essential safeguards to protect and reinforce a firm's culture.
MANAGING CONFLICTS OF INTEREST
Incentive Structures: FINRA's reviews will incorporate each firm's conflict mitigation process over compensation plans for registered representatives. This approach addresses the sale of proprietary or affiliated products, or products for which a firm receives third-party payments. Additionally, FINRA has filed with the U.S. Securities and Exchange Commission (SEC) proposed Rule 2273 which would require firms to deliver educational communications in connection with firm recruitment practices. Financial incentives received by registered representatives should not create a conflict of interest.
Information Sharing: Another key area of focus is the establishment of effective controls to detect, minimize, and diminish information leakage throughout the company. Unwarranted sharing of information can occur in many different areas including between a firm's trading activities and the other parts of the firm. It is important to establish controls that prevent conflict of interest concerns (i.e., front running).
Investment Banking and Research Business Lines: In the past, FINRA litigated against and fined 10 firms a total of $43 million citing violations for research practices. Firms may not use research analysts or the promise of offering favorable research to win investment banking business.
Position Valuation: Traders whose compensation is partially based on securities valuations should not be permitted to provide such valuations for proprietary positions they establish. This specifically relates to pricing of illiquid, level three assets (assets or liabilities whose value is calculated based on unobservable input). A firm's risk management process, as well as processes covering traders' performance assessments and compensation, should be examined and reviewed to avoid a conflict of interest.
Cybersecurity: The cybersecurity threat is an ongoing and growing problem for the securities industry. Organizations face the risk of unauthorized internal and external access issues to their online trading platforms, asset transfer systems, customer accounts, and vendor management systems. Cybersecurity risk management is a requirement that includes governance, risk assessment, technical controls, incident response, vendor management, data loss prevention, and staff training. In addition, organizations are required to have policies and procedures in place that address the integrity, confidentiality, and availability of sensitive customer information. This requirement includes compliance with SEC Regulation S-P and Securities Exchange Act (SEA) Rule 17a-4(f), mandating electronically stored records preservation in a non-rewriteable, non-erasable format.
Technology Management: FINRA is placing a great deal of emphasis on the management of technology systems. Organizations are required to have sufficient change management, supervision of back office, and vendor system changes programs. Moreover, organizations should have written policies and procedures and be able to present sufficient evidence of supervision as well as segregation of duties. Many deficiencies have been noticed, and more FINRA examinations of life cycle development, new system implementation, and legacy compliance systems replacement to new systems are expected.
Data Quality and Governance: Data quality remains a high priority when it comes to processes for data governance, quality controls, and reporting practices. Data reported to management and to a firm's surveillance and supervisory systems should be accurate, complete, consistent, and reported timely. Operational difficulties arise as a result of poor data quality and integrity issues, which undermine the ability to manage risks and business activities. FINRA observed problems with firm's automated anti-money laundering (AML) surveillance systems not capturing complete and accurate data, increasing the risk of missed or poor quality alerts.
Monitoring: The monitoring of Outsourced Service Providers (OSP) continues to be a major topic. Firms are required to conduct a risk assessment and due diligence of OSPs and to monitor services provided on an ongoing basis. The responsibility to supervise covered activities for compliance with applicable federal securities laws and regulations, as well as self-regulatory organization rules, remains with each broker-dealer.
ANTI-MONEY LAUNDERING (AML) CONTROLS
Suspicious Activity Monitoring: Monitoring of suspicious activity over both money movements and actual trading remains an important topic. Continuous testing should be conducted to confirm the accuracy of data sources. Firms should assess the adequacy of monitoring high-risk customer accounts and transactions, including activity that occurs in cash management accounts where banking services are offered to brokerage customers. Testing of customer activity should be conducted over a specified period of time to reveal a pattern of transparency. When firms delegate the monitoring of suspicious trading activity to personnel outside of the AML function, they should ensure that appropriate delegation has been made, and that the AML function has an open line of communication with the personnel conducting reviews of trading activity.
Firm Funding: Regulatory Notice 15-33 will be the baseline regarding reviews conducted during 2016. Firms should evaluate their liquidity needs both market-wide and unique to each firm's stresses and develop contingency plans so that they have sufficient liquidity to overcome the stresses. Firms should also conduct stress tests and operational reviews to evaluate the effectiveness of their contingency plans.
Internal Audit Framework: Firms should place a significant emphasis on their internal audit organizations. An effective internal audit framework will contribute to strong internal controls and support an effective corporate governance structure. Firms should focus on internal audit processes for identifying and prioritizing risks, the interaction between the audit committee and the board of directors, the involvement of internal audit in committees and major projects, and the execution of an audit plan which substantially addresses risks identified by an annual risk assessment.
New Clients: Another major focal point for FINRA is assessing policies and procedures around the onboarding of clients. Firms should have procedures in place to identify credit, liquidity, and operational risks associated with new clients. For example, the following interrelationships may be examined for prospective clients:
Suitability and Concentration: FINRA continues to focus on suitability determination and concentration concerns. Due to the complex nature of speculative or longer-duration interest-rate sensitive and alternative products, broker-dealers are required to recommend appropriate transactions or investment strategies based on customers' investment profiles. In general, a customer investment profile includes the individual's age, other investments, financial situation and needs, tax status, investment objectives, investment experience, investment time horizon, liquidity needs, and risk tolerance. Firms should also have in place policies and procedures that govern monitoring for excessive concentration, including considerations of such factors as credit risk and duration and leverage as relevant to specific fixed-income, complex, and alternative products. FINRA will continue to reinforce these rules and requirements.
Seniors and Venerable Investors: For 2016, FINRA will set a priority on the treatment of senior and other vulnerable investors - protecting them from fraud, sales practice abuse, and financial exploitation. There have been instances when individuals exploited a position of trust to gain control over an elderly person's assets. In other instances, registered representatives have borrowed large sums of money from elderly clients and sometimes took control of assets through Powers of Attorney and other mechanisms.
FINRA is continuing to focus on governance, operational risk management, internal controls, and compliance practices. The issues described in this Alert should be considered by management and specifically by compliance functions within your organization.
At Berdon, through our professional's extensive knowledge and experience, we can provide insights on issues that arise across the securities industry. Our goal is to help your firm develop and implement the right set of compliance policies and procedures to mitigate your specific risks.