Subject: Cybersecurity

Exam Time: FINRA Releases its 2022 Report on its Examination and Risk Monitoring Program

A common phrase to abide by in the New Year is “out with the old, in with the new.” FINRA’s 2022 Report on its Examination and Risk Monitoring Program (the “Report”), however, contains a combination of old and new priorities. We previously previewed the Report.

Old priorities, once again included, are: Anti-Money Laundering, Reg BI and Form CRS, and cybersecurity.

New risk areas include: firm short positions and fails-to-receive in municipal securities; trusted contact persons; funding portals and crowdfunding offerings, disclosure of routing information; and portfolio margin and intraday trading.

Continue reading “Exam Time: FINRA Releases its 2022 Report on its Examination and Risk Monitoring Program”

SEC’s 2018 Exam Priorities – Worth the Wait

The SEC’s Office of Compliance Inspections and Examinations (OCIE) released its 2018 National Exam Program Examination Priorities on February 7, 2018 (“2018 Priorities Letter”). While issued later than in years past and almost a month to the day after the publication of the priorities letter from the Financial Industry Regulatory Authority (FINRA), OCIE deserves credit for the increased transparency and guidance provided in the 2018 Priorities Letter. By way of perspective, OCIE’s sixth publication of its examination priorities more than doubled the amount of information provided in last year’s edition. This improved transparency is consistent with the public statements of OCIE’s Director. Despite the greater detail, there appears to be one glaring omission: OCIE does not discuss how the anticipated rulemaking by the Commission regarding the development of a fiduciary standard may impact its priorities. However, upon further consideration and recalling that OCIE’s primary mission is to conduct examinations to assess compliance with the current securities laws, we realize it would have been premature for OCIE to discuss views on some yet-to-be formulated SEC fiduciary standard. That said, OCIE is clearly prioritizing the protection of retail investors even more than in years past, which is consistent with the SEC Chairman’s public statements about prioritizing the protection of “Main Street” investors. While the SEC Chairman has made these issues a “Main” priority, the SEC’s heightened focus regarding retail and retirement investors has been strengthening significantly since the Retirement-Targeted Industry Reviews and Examinations (ReTIRE) Initiative announced a few years ago and through the SEC’s announcement this past autumn of the Retail Strategy Task Force. Thus, OCIE leads into the 2018 Priorities Letter in the second and third sentences by opening with: “…we will continue to prioritize our commitment to protect retail investors, including seniors and those saving for retirement. We will especially be looking closely at products and services offered to retail investors, as well as the disclosures they receive about those investments.” This focus is similar to the focuses emphasized by FINRA in its recent priorities letter. Continue reading “SEC’s 2018 Exam Priorities – Worth the Wait”

FINRA 2018 Annual Regulatory and Examination Priorities Letter Makes No Mention of a Fiduciary Duty for Brokers

FINRA released its 2018 Annual Regulatory and Examination Priorities Letter (Priorities Letter) on January 8, 2018. While FINRA advises that it can change its priorities in response to circumstances, the purpose of the Priorities Letter is to permit broker-dealers to plan their compliance, supervisory and risk management programs and to prepare for FINRA examinations. Therefore, this Priorities Letter is significant both in what it says and in what it has chosen not to say including failing to discuss FINRA’s views regarding a “fiduciary standard.”
Continue reading “FINRA 2018 Annual Regulatory and Examination Priorities Letter Makes No Mention of a Fiduciary Duty for Brokers”

FINRA’S First Ever Public Release of Exam Findings: Top 6 Observations for Improving Compliance

As part of the Financial Industry Regulatory Authority’s (FINRA) efforts to protect investors, FINRA regularly conducts examinations of its broker-dealer members. Despite requests to release the reports to assist other FINRA members in improving their compliance with securities rules and regulations, FINRA has traditionally kept the reports private. That all changed this month.

On December 6, FINRA released a Summary Report of several observations from recent examinations. FINRA selected key issues based on their “potential impact on investors and markets or the frequency with which they occur.” The Summary Report will help FINRA members address potential areas of concern and improve their compliance and supervisory programs prior to their own examinations.

The Summary Report provides observations in 11 exam areas, and the notable ones include:

Continue reading “FINRA’S First Ever Public Release of Exam Findings: Top 6 Observations for Improving Compliance”

The SEC’s 2017 Cybersecurity Alert and New Cyber Unit

In August 2017, the SEC’s Office of Compliance Inspection and Examinations (OCIE) issued a Risk Alert outlining observations from its “Cybersecurity 2 Initiative,” which was built upon its 2014 “Cybersecurity 1 Initiative.”  Notably, this alert offered a rare industry compliment, describing “an overall improvement” in cybersecurity practices and processes since the Cybersecurity 1 Initiative.  Below we summarize the OCIE staff’s observations, certain criticisms and their descriptions of robust policies, procedures and practices.
Continue reading “The SEC’s 2017 Cybersecurity Alert and New Cyber Unit”