A common phrase to abide by in the New Year is “out with the old, in with the new.” FINRA’s 2022 Report on its Examination and Risk Monitoring Program (the “Report”), however, contains a combination of old and new priorities. We previously previewed the Report.
Old priorities, once again included, are: Anti-Money Laundering, Reg BI and Form CRS, and cybersecurity.
New risk areas include: firm short positions and fails-to-receive in municipal securities; trusted contact persons; funding portals and crowdfunding offerings, disclosure of routing information; and portfolio margin and intraday trading.
In general, FINRA breaks the Report down into four categories: (1) Firm Operations; (2) Communications and Sales; (3); Market Integrity; and (4) Financial Management. Within these categories, FINRA highlighted certain discrete topics. We discuss FINRA’s highlighted topics at greater length below.
REG BI AND FORM CRS
FINRA noted that it “expanded the scope of its reviews and testing relative to 2020 to execute a more comprehensive review of firms’ processes, practices and conduct in areas such as establishing and enforcing adequate written supervisory procedures (WSPs); filing, delivering and tracking accurate Forms CRS; making recommendations that adhere with Reg BI’s Care Obligation; identifying and mitigating conflicts of interest; and providing effective training to staff.”
FINRA also provided certain highlights (essentially firms’ failures) from its exam findings:
- Supervisory Practices not reasonably designed to achieve compliance with Reg BI and Form CRS;
- Failing to modify existing policies and procedures to reflect Reg BI’s requirements;
- Inadequate Staff Training;
- Form CRS Not Posted Properly on Website; and
- Misconstruing Obligation to File Form CRS.
CONSOLIDATED AUDIT TRAIL (CAT)
FINRA noted it will continue to evaluate firms that “receive or originate orders in National Market System (NMS) stocks, over-the-counter (OTC) equity securities and listed options for compliance with Securities Exchange Act of 1934 (Exchange Act) Rule 613 and the CAT NMS Plan FINRA Rule 6800 Series (Consolidated Audit Trail Compliance Rule) (collectively, CAT Rules).” The Report further addressed reporting CAT information to the Central Repository and preserving an effective supervision process.
Order Handling, Best Execution and Conflicts of Interest
FINRA noted that one of its “cornerstone” activities was “assessing firms’ compliance with their best execution obligations under FINRA Rule 5310.” FINRA further noted that it launched a “targeted exam” to assess the impact of zero commission model firms have adopted. FINRA stated it will release the results of this exam in the future.
FINRA also stated it is focusing on firms’ compliance with Rule 606 of Regulation NMS, “which requires broker-dealers to disclose information regarding the handling of their customers’ orders in NMS stocks and listed options.”
Mobile Apps
FINRA noted that mobile apps “raise novel questions and potential concerns, such as whether they encourage retail investors to engage in trading activities and strategies that may not be consistent with their investment goals or risk tolerance, and how the apps’ interface designs could influence investor behavior.”
FINRA noted these apps can cause signification problems relating to communications with customers, particularly concerning account openings. Recognizing this, FINRA initiated a targeted exam relating to firms’ management of their obligations related to information collected from those customers and other individuals who may provide data to firms.” FINRA will share these results in the future.
Complex Products
FINRA will continue to review firms’ “communications and disclosures made to customers in relation to complex products, and will review customer account activity to assess whether firms’ recommendations regarding these products are in the best interest of the retail customer given their investment profile and the potential risks, rewards and costs associated with the recommendation.”
FINRA mentioned it launched an exam in 2020 to review firms’ practices and controls concerning the opening of option accounts. FINRA again noted it will share these results in the future.
Cybersecurity
In 2021, FINRA noted an increase in the “number and sophistication” of cybersecurity threats. These included phishing campaigns from phony emails purporting to be from FINRA.
FINRA noted it issued additional regulatory guidance on a number of issues, including: (a) the increase of fraudsters utilizing compromised registered representative or employee email accounts to execute transactions or move money; (b) bad actors using customer information to gain unauthorized entry to customers’ email accounts, online brokerage accounts or both; and (c) using synthetic identities to fraudulently open new accounts. FINRA stated it will continue to assess firms’ programs to protect sensitive customer and firm information, as well as share effective practices firms can employ to protect their customers and themselves.
Special Purpose Acquisition Companies (SPACs)
FINRA noted “another topic that has received significant attention is the increased use of Special Purpose Acquisition Companies (SPACs) to bring companies public.” While FINRA recognized their utility, in October 2021 it launched an exam to “explore a range of issues, including how firms manage potential conflicts of interest in SPACs, whether firms are performing adequate due diligence on merger targets and if firms are providing adequate disclosures to customers.” FINRA has yet to disclose these findings.
The takeaway from the nearly 60-page Report is clear: firms will do well to ensure its compliance with all priorities, but especially with respect to the above highlighted ones. The good news is that while no one likes exams, at least FINRA’s is an open-book exam.
The material contained in this communication is informational, general in nature and does not constitute legal advice. The material contained in this communication should not be relied upon or used without consulting a lawyer to consider your specific circumstances. This communication was published on the date specified and may not include any changes in the topics, laws, rules or regulations covered. Receipt of this communication does not establish an attorney-client relationship. In some jurisdictions, this communication may be considered attorney advertising.