Yes, (somehow) it is that time of year again. FINRA recently released its 2023 Report on its Examination and Risk Monitoring Program (the “Report”). As is typical (and this blog has well-covered), it contains a mix of old and new priorities.
Priorities Previously Included: Reg BI and Form CRS, Consolidated Audit Trail (CAT), Cybersecurity, Mobile Applications, Best Execution
New Priorities: An entire new category labeled Financial Crimes, Manipulative Trading, Fixed Income – Fair Pricing, Fractional Shares: Reporting and Order Handling, Regulation SHO
In general, FINRA breaks down the Report into five Categories: (1) Financial Crimes; (2) Firm Operations; (3) Communications and Sales; (4); Market Integrity; and (5) Financial Management. Within these categories, FINRA highlighted certain discrete topics. We discuss FINRA’s highlighted topics at greater length below.
REG BI and Form CRS
FINRA noted that Reg BI and Form CRS remain “areas of focus across FINRA’s regulatory operations.
FINRA provided certain examples of firms’ failures to comply with Reg BI’s various obligations:
- Recommending a series of transactions that were excessive in light of retail customers’ investment profiles.
- Limiting consideration of cost solely to sales charges.
- Not identifying the specific individuals responsible for handling compliance with Reg BI
- Transaction-based fees that were inconsistent with and sometimes materially higher than those outlined in Reg BI customer disclosures.
Consolidated Audit Trail
FINRA noted that firms have “dedicated significant resources to CAT” and that “firms’ overall compliance with CAT reporting requirements remains high.” Nonetheless, FINRA highlighted certain failures: (a) failure to report errors timely; (b) incomplete submission of reportable events; (c) unreasonable vendor supervision; (d) inaccurate or incomplete reporting of CAT orders; and (e) failing to provide regulators with a variety of data related to CAT.
Order Handling, Best Execution and Conflicts of Interest
FINRA continues to assess member firms’ compliance with FINRA Rule 5310. To this end, FINRA explained that it has undertaken targeted regulatory efforts on best execution, including (a) on the impact that not charging commissions has or will have on member firms’ order routing practices and decisions; and (b) targeted reviews of wholesale market makers concerning their order handling practices for customer orders they receive from other broker-dealers.
What remains in flux, however, is how the SEC’s proposed Regulation Best Execution will be adopted/implemented. FINRA’s CEO Robert Cook recently acknowledged the uncertainty of the SEC’s proposal. “FINRA is following this process very closely, and we are working on a plan to deal with the potential uncertainty that would emerge if the SEC finalizes and begins enforcement of its own rule.” While not taking a definitive position, Cook intimated that FINRA would look to adopt a compliance model whereby compliance with the SEC’s rule would satisfy FINRA’s Rules. We will certainly continue to track this as it develops.
Mobile Apps
Like last year, FINRA continued to express its support of mobile apps, with the caveat that they “raise novel questions and potential concerns, such as whether they encourage retail investors to engage in trading activities and strategies that may not be consistent with their investment goals or risk tolerance, and how the apps’ interface designs and functionality could influence investor behavior.”
To this end, FINRA raised several questions for firms to consider including:
- At account opening, do your mobile apps clearly disclose applicable risks and adequately explain other features such as margin or options accounts?
- Do your mobile apps consider detailed customer information—including the customer’s knowledge, investment experience, age, financial situation and investment objectives —when approving access to options or other complex products?
- Do your mobile apps identify information in ways that are easily understandable, based on the experience level of your customers?
Cybersecurity
FINRA noted that in 2022, “the frequency, sophistication and variety of attacks continue to increase,” including those such as customer account intrusions, ransomware attacks and cyber-fraud.
FINRA took numerous steps to bolster cybersecurity. Namely, it established the Cyber Analytics Unit to examine member firms’ controls. It specifically appointed a team to investigate and examine crypto-asset activity. FINRA further issued Regulatory Notice 22-29 to alert firms to increased ransomware risks and provide certain answers to identifying and ameliorating ransomware threats.
Complex Products and Options
FINRA emphasized that it will continue to analyze firms’ communications and disclosures concerning complex products — including to assess whether communications satisfy Reg BI. FINRA also highlighted that it issued Regulatory Notice 22-08, to reiterate member firms’ current regulatory obligations regarding complex products and options, and solicit comments on effective practices member firms have developed for these products — particularly when retail investors are involved.
Additionally, in December 2022 FINRA published an update on its targeted sweep of firms’ practices and controls related to the opening of option accounts. FINRA specifically used this update to pose certain questions for consideration, including: (a) has your firm established minimum criteria for approving options account applications; (b) does your firm provide a copy of the Options Disclosure Document (ODD) to each customer at account opening and subsequently, as required; and (c) does your firm review customers’ trading eligibility as market conditions change?
The takeaway from the Report is clear (as always): firms will do well to ensure its compliance/awareness with all FINRA priorities — especially the above-highlighted ones.
The material contained in this communication is informational, general in nature and does not constitute legal advice. The material contained in this communication should not be relied upon or used without consulting a lawyer to consider your specific circumstances. This communication was published on the date specified and may not include any changes in the topics, laws, rules or regulations covered. Receipt of this communication does not establish an attorney-client relationship. In some jurisdictions, this communication may be considered attorney advertising.
