In its 2018 Regulatory and Examination Priorities Letter, FINRA, the Financial Industry Regulatory Authority, highlighted the topics it will focus on this year. The following is a high-level summary of the Letter that can serve as a brief guide for leadership to use in examining and adjusting compliance and risk management functions in an effort to provide enhanced protection for investors and organizations.
FINRA will remain aggressive at investigating insider trading, microcap pump-and-dump schemes, issuer fraud, and Ponzi-type schemes. The Authority will also focus on microcap fraud schemes, including those targeting senior investors, with high-pressure sales tactics. FINRA’s new Rule 2165, and amendments to FINRA Rule 4512, provide firms with more tools to protect seniors. Firms are obligated to file a Suspicious Activity Report (SAR) for illicit activity involving the exploitation of senior investors.
FINRA intends to investigate brokers who use their own or their customers’ accounts to coordinate trading in microcap stocks with known or unknown counterparties. Firms should evaluate internal policies and training regarding permissible communications and interactions with microcap stock promoters.
High-Risk Firms and Brokers
An ongoing priority is identifying high-risk firms and individual brokers and mitigating the potential risks for investors. FINRA will also examine hiring and supervisory practices for high-risk brokers, including:
FINRA will tackle concerns over highly speculative or overly complex products offered by high-risk brokers to investors. The Authority will assess firms’ ability to monitor the proper use of proceeds from offerings and whether registered representatives disclose their interest in, control of, or association with the issuer. There will also be reviews of the outside business activities of registered persons to identify cases where registered representatives borrowed money from customers.
Operational and Financial Risks
Business Continuity Planning: FINRA Rule 4370 requires firms to maintain reasonably designed Business Continuity Plans (BCPs). The Authority will review these BCPs, with a focus on implementation, how systems are classified as mission-critical or secondary, how data backup and recovery are carried out, and other factors.
Customer Protection and Verification of Assets and Liabilities: FINRA will examine the accuracy of firms’ net capital and reserve computations under Securities Exchange Act (SEA) Rules 15c3-1 and 15c3-3. The Authority will review processes for verifying customer assets and proprietary assets and liabilities in those financial records. Additionally, the Authority will evaluate the adequacy of controls and supervision to protect customer assets and compliance with specific requirements of the rule.
Technology Governance: In light of significant customer service and regulatory problems stemming from operational breakdowns in new systems, FINRA will review firms’ information and technology change management policies and procedures.
Cybersecurity: Expect ongoing evaluation of the effectiveness of firms’ cybersecurity programs to protect sensitive information, including personally identifiable information (PII), from ongoing external and internal threats. FINRA will review preparedness, technical defenses, and resiliency measures, among other criteria.
Anti-Money Laundering: Concerns remain over the adequacy of firms’ anti-money laundering (AML) programs. FINRA continues to identify problems related to the adequacy of:
Liquidity Risk: The Authority will evaluate whether firms’ liquidity planning is appropriate for their businesses and customers, and whether it includes scenarios consistent with the firms’ collateral resources and client activity.
Short Sales: There will be examinations of firms’ policies and procedures for establishing and monitoring the rates charged to customers for short sales.
Sales Practice Risks
Suitability: The increase in the number and complexity of products available to investors has prompted the Authority to assess the adequacy of firms’ controls to meet their suitability obligations, including:
Initial Coin Offerings and Cryptocurrencies: With each of these topics receiving major media attention, FINRA will closely monitor the role firms and registered representatives play in carrying out such transactions. FINRA may review the supervisory, compliance, and operational infrastructure in place to ensure compliance with relevant federal securities laws and regulations.
Use of Margin: Expect scrutiny of disclosure and supervisory practices related to margin loans. For instance, the Authority will examine if firms and registered representatives are adequately disclosing the risk of margin loans and maintaining controls reasonably designed to prevent excessive margin trading.
Securities Backed Lines of Credit (SBLOCs): FINRA will assess the adequacy of customer disclosures explaining the potential risks associated with SBLOCs. These disclosures would include the impact of market downturns, the tax implications if pledged securities are liquidated, and the potential impact of increases in interest rates.
Manipulation: Capturing new threat scenarios and changes in market participants’ behavior will continue to be a priority for FINRA. The Cross Market Auction Ramping surveillance pattern, launched in August 2017, leverages machine learning techniques to identify aggressive and dominant trading surrounding the open or close.
Best Execution: The Authority is expanding its equity best execution surveillance program to assess the degree that firms provide price improvements when routing customer orders for execution or when executing internal customer orders. In addition, FINRA initiated an examination sweep in November 2017 that focused on broker dealers’ best execution obligations when they receive order routing inducements.
Regulation SHO: There will be an increased focus on evaluating firms’ compliance with Rule 201 of Regulation SHO. Firms must develop policies and procedures to prevent the execution or display of a short sale order at a price that is equal to or less than the national best bid when a Short Sale Circuit Breaker (SSCB) is in effect for a National Market System (NMS) security.
Fixed Income Data Integrity: Anticipating the launch of Treasury securities reporting to the Trade Reporting and Compliance Engine (TRACE) in July 2017, FINRA developed a suite of data integrity surveillance patterns to monitor firms’ transaction reporting in Treasury securities. The patterns identify:
Options: FINRA developed a surveillance pattern to detect potential front running in correlated options products in 2017 and will remain focused on this area in 2018. The surveillance pattern was designed to detect related scenarios involving options where a market participant may engage in transactions in one product, while having knowledge of a pending transaction in a correlated product prior to the public dissemination of the terms of the order.
Market Access: The Authority will continue to review broker-dealers’ compliance with SEA Rule 15c3-5 — the Market Access Rule. The Rule requires broker dealers to establish reasonable pre-trade financial controls, among other requirements. Broker dealers should maintain documentation to support financial limits and conduct periodic reviews to assess the reasonableness of those thresholds.
Alternative Trading System Surveillance: FINRA will review alternative trading systems’ supervisory systems in the context of reviews opened as a result of surveillance alerts related to potential manipulative activity occurring on or through an alternative trading system.
Report Cards: FINRA will launch new report cards in 2018 to assist firms with their compliance efforts. The Authority will review if and how firms make use of the report cards.
These are only some of the elements of the overall FINRA report, and should be used as a point of reference to help prepare for FINRA examinations as well as assist in the development and maintenance of compliance, supervisory, and risk management programs.
Questions? If we have raised questions relating to your particular business, contact Alexander Moshinsky at 212.331.7448 | firstname.lastname@example.org.