Jan 132016

Financial Industry Regulatory Authority 2016 Exam Priorities

W. Hardy Callcott, Michael D. Wolk and Timothy B. Nagy
,

On January 5, the Financial Industry Regulatory Authority (FINRA) released its annual Regulatory and Examination Priorities Letter (Letter) to highlight risks that FINRA believes could adversely affect investors and market integrity. This year’s Letter differs from those in the past in focusing on three broad, principle-based concerns in addition to the usual list of narrowly focused areas that examiners will certainly review. These broad areas are 1) culture, conflicts of interest and ethics; 2) supervision, risk management and controls; and 3) liquidity. The discussion is helpful because it explains FINRA’s overarching concerns, philosophy and its potential basis for pursuing enforcement actions. Firms should read this discussion carefully and internalize its principles. Firms should be able to document and demonstrate to FINRA their appropriate regulatory and ethical culture and how they actively identify and manage potential conflicts of interest. Likewise, in today’s highly automated and data-dependent markets, firms must be able to demonstrate that their procedures and policies related to cybersecurity, technology management and data quality are up to date, adequately resourced and strictly followed.

We do not believe this is an academic discussion; it is a warning that these fundamental concerns will be a core part of FINRA’s examinations and investigations and that deficiencies in these areas will likely justify increased sanctions for other violations. We would hope that the opposite is also true, that a firm that can demonstrate an appropriate culture and ethics would not be subject to as harsh discipline or perhaps any formal discipline when a potential issue is detected and appropriately addressed.

As in the past, the Letter also discusses many of the same issues addressed in prior years, including suitability, cybersecurity, anti-money laundering (AML), senior investors, and financial and operational priorities. As always, firms should use the Letter to review their compliance and supervisory procedures carefully and make any necessary revisions. Firms also should be prepared to address the firm’s compliance and supervisory policies in these areas in their upcoming FINRA examinations. The following is a discussion of some of the more important points of the FINRA Letter. A copy of the Letter is available here.

Culture, Conflict of Interest and Ethics

FINRA’s letter emphasizes that firm culture has a profound influence on how a firm conducts its business and manages conflicts of interest. The focus on firm culture is similar to the approach that has become standard from banking regulators. For 2016, FINRA provides notice that its examiners will formally assess firm culture to determine how it affects compliance and risk management while continuing to focus on conflicts of interest and ethics. Specifically, FINRA identifies the following five indicators that it will use to assess a firm’s culture:

  • whether control functions are valued within the organization,
  • whether policy or control breaches are tolerated,
  • whether the organization proactively seeks to identify risk and compliance events,
  • whether immediate managers are effective role models of firm culture and
  • whether subcultures that may not conform to overall corporate culture are identified and addressed.

FINRA notes that a firm’s culture is a product of its supervisory system and that firms should take visible actions to help mitigate conflicts of interest and promote the fair and ethical treatment of its customers.

Supervision, Risk Management and Controls

FINRA reiterates its belief that a firm’s supervisory, risk management and control systems are essential safeguards to protect and reinforce a firm’s culture. FINRA has observed recurring challenges in four areas that affect a firm’s business conduct and the integrity of the markets. Those areas are management of conflict of interest, technology, outsourcing and AML.

Management of Conflict of Interest

FINRA will continue to focus on compensation plans for registered representatives and will complete the targeted examination it launched late last year regarding incentive structures and conflicts of interest in connection with firms’ retail brokerage business. In addition, FINRA reminds firms that it recently filed proposed Rule 2273 with the Securities and Exchange Commission (SEC), which would require firms to deliver educational communications in connection with its recruiting practices highlighting whether financial incentives received by registered representatives may create a conflict of interest.

FINRA also remains concerned about violations of its research rules and warns that firms may not use research analysts or the promise of offering favorable research to win investment banking business. FINRA intends to assess whether firms’ research analysts are inappropriately involved in seeking investment banking business and whether banking personnel exercise undue influence on analysts.

For 2016, FINRA maintains its long-held interest in regard to how firms identify, minimize and mitigate information leakage within or outside the firm. FINRA identifies a variety of situations in which information leaking could occur, e.g., between a firm’s trading activities and other parts of a firm, and noted its intent to examine for such situations. Firms are encouraged to review the adequacy of information barrier controls established to prevent information leakage.

Technology

In the technology arena, cybersecurity remains a chief area of focus. FINRA points out that some firms have not improved their cybersecurity defenses or their enhancements have been inadequate. Depending on a firm’s risk profile, FINRA will examine one or more of the following cybersecurity areas: governance, risk assessment, technical controls, incident response, vendor management, data loss prevention and staff training. In addition, FINRA will focus on supervision and risk management related to technology management, including change management to compliance and supervisory systems. A new focus for FINRA is on data quality and governance. Firms are expected to have a process to oversee whether the data that feed their surveillance and supervisory systems are accurate, complete, consistent and timely.

Outsourcing

As part of its focus on the role of outsourcing, FINRA reminds firms to supervise covered activities, among other things, even if those tasks have been outsourced to third-party vendors. Further, FINRA cautions firms not to outsource functions that are required to be performed by qualified registered persons. Firms are encouraged to conduct adequate initial and ongoing due diligence of outsourced providers to ensure compliance.

AML

FINRA examiners will focus on the adequacy of firms’ AML surveillance of high-risk customer accounts and transactions. This surveillance should include activity that occurs in cash management accounts where banking services are offered to brokerage customers. Moreover, for situations in which certain transactions have been excluded from AML surveillance, FINRA warns that examiners will check to ensure that the rationale for any such exclusion is documented. FINRA remains focused on high-risk activity involving microcap fraud and stresses that firms should have systems in place to monitor for red flags indicative of suspicious or manipulative trading activity.

Liquidity

FINRA examinations will also focus on firms’ efforts to manage funding and liquidity risk programs. As a framework for its reviews, FINRA plans to use many of the effective practices contained in Regulatory Notice 15-33, Guidance on Liquidity Risk Management Practices. Further, FINRA intends to focus on the adequacy of high-frequency trading firms’ liquidity planning and controls.

Other Notable Areas of Focus in 2016

Sales Practice

Seniors and Vulnerable Investors: FINRA has observed repeated situations where seniors have been victims of fraud and abuse and stresses that the treatment of seniors and other vulnerable investors is a priority. FINRA examinations will include suitability and concentration concerns as well as recommendations regarding higher-cost products that may drive unsuitable recommendations. FINRA urges firms to monitor investors’ accounts for red flags of possible abuse, such as overly aggressive investments or unusual asset movements, including to recipients outside the country.

Sales Charge Discounts and Waivers: FINRA reiterates the concern expressed in its 2015 letter regarding firms’ failures to provide appropriate volume discounts (breakpoints) or sales charge waivers for products such as mutual funds, unit investment trusts, non-traded real estate investment trusts (REITs) and business development companies (BDCs). FINRA points out that it brought multiple enforcement actions in 2015 that resulted in millions of dollars in fines and restitution. FINRA believes that firms need to establish and maintain controls to ensure that customers receive the volume discounts and fee waivers they are due.

Private Placements: FINRA continues to focus on firms’ private placement activities, particularly in light of recent regulatory developments, including the ability to conduct general solicitations under SEC Rule 506(c) of Regulation D and the crowdfunding rules that will become effective this year. FINRA notes that some communications used by firms concerning private placements have not reflected the significant risks of loss of principal and lack of liquidity associated with these investments. Firms should assure that where a communication addresses a specific investment benefit associated with a private placement offering, the key risks also are adequately disclosed.

Other Issues: FINRA also indicated that offerings under new SEC Regulation A+ will be a focus of attention. FINRA will examine firms’ compliance with the customer account statement and the Direct Participation Program rules that become effective in April 2016, particularly with respect to non-traded REITs and BDCs. FINRA also will focus on whether firms have adequately documented whether they have fully assessed the potential for conflicts of interest before approving outside business activities.

Financial and Operational Controls

Internal Audit: A new focus for FINRA will be on the internal audit function. This focus is familiar from the bank regulatory world but is notable because no FINRA rule even requires broker-dealers to have an internal audit function. FINRA now states that an effective internal audit framework contributes to strong internal controls and a robust corporate governance structure. FINRA’s review of internal audit will focus on the following areas: its process for identifying and prioritizing risks; the interaction between internal audit and the audit committee or the board of directors; the involvement of internal audit in committees and major projects; and the execution of the audit plan specific to coverage of select business and control functions. FINRA will also focus on how issues are tracked through resolution and evaluate how internal audit deficiencies are incorporated into business risks.

Fixed-Income Prime Brokerage: For 2016, FINRA will focus on settlement practices for fixed-income trades to understand how the operational and credit risks are managed when large trades are executed away from the prime broker. In addition, FINRA will explore industry practices with respect to disaffirming trades and the legal documentation that supports the settlement process and will consider financing practices for fixed income where extensive leverage is offered.

Client Onboarding: FINRA has observed that firms encountering capital and liquidity problems or shortfalls generally have not used good practices to onboard professional clients, e.g., institutional, trading, hedge fund and broker-dealer clients. FINRA intends to assess firms’ policies and controls related to onboarding clients and correspondents. Moreover, FINRA will select some medium and small firms to understand how they assess credit, liquidity and operational risks associated with onboarding new clients, among other things.

Market Integrity

Market Access: FINRA’s Letter indicates that it plans to deliver compliance report cards to firms early this year. The report cards are derived from FINRA’s cross-market equity manipulation surveillance program. FINRA also noted that it will begin publication of monthly report cards focused on layering and spoofing. The report cards will capture potentially manipulative activity conducted solely through a firm as well as cross-firm activity involving a particular firm. It is unclear how FINRA will identify as potentially manipulative on an automated basis cross-firm activity without knowing the identity of the account(s) involved. FINRA will examine how firms use this new information to identify and address potential misconduct. In this regard, firms should be prepared to document their reasonable inquiry into the report card data and its ultimate course of action to address the conduct, including any determination that no further action is required.

We cannot overstate the seriousness with which FINRA is conducting its examination of procedures to comply with the Market Access Rule. We have seen very aggressive interpretations of the Rule’s requirements and referrals to enforcement for seemingly minor deficiencies immediately addressed during the examination. Firms should be prepared for a very thorough and aggressive examination in this area.

Fixed Income: FINRA continues to surveil transactions in fixed-income securities actively for compliance with order handling and fair pricing requirements. Later this year, FINRA is likely to begin surveiling for compliance with the new best execution requirements of Municipal Securities Rulemaking Board (MSRB) Rule G-18, which is scheduled to take effect by April 29. Both FINRA and MSRB recently issued guidance regarding firms’ best execution obligations for transactions in fixed-income securities. (See Implementation Guidance on MSRB Rule G-18, on Best Execution (Nov. 2015) and FINRA Regulatory Notice 15-46 (Nov. 2015).) The Letter also announced that FINRA would enhance its best execution surveillance by implementing spread-based surveillance patterns in 2016.

Regulation SHO: For 2016, FINRA will assess firms’ compliance with SEC Regulation SHO. FINRA stresses that firms should appropriately close out fails to deliver by the designated close-out date pursuant to Rule 204 of Regulation SHO. FINRA states that its surveillance and examinations continue to uncover deficiencies with firms’ compliance with the requirement to be net flat or net long on the Rule 204 close-out date.

In its examinations, FINRA will assess whether firms are implementing supervisory processes to comply with the net-flat or net-long position requirement of Rule 204 and whether they are correcting deficiencies. Furthermore, FINRA will evaluate the adequacy of authorized participants’ (APs) controls on exchange-traded products redemption orders. FINRA encourages APs to ensure that they (and their customers as required by each specific AP agreement) have sufficient shares in their possession to prevent over-redemptions and potential violations of Rule 204 for failures to deliver shares.

Conclusion

Not surprisingly, many of FINRA’s 2016 specific exam priorities are in step with those announced in 2015. Firms are well served to review their written supervisory policies and procedures in each of the priority areas and to make necessary amendments before FINRA arrives for an examination.

W. Hardy Callcott

San Francisco

wcallcott@sidley.com

Michael D. Wolk

Washington, D.C.

mwolk@sidley.com

Timothy B. Nagy

tnagy@sidley.com

You might also like
How the China Personal Information Protection Law Applies to Foreign Asset Managers

Since China’s Personal Information Protection Law (PIPL) came into effect in November 2021, there has been widespread uncertainty amongst offshore fund managers and investors with entities outside Mainland China as to how and whether the regime applies to them. Given the potential for foreign asset managers to overlook or misinterpret PIPL, this brief update outlines some guidance as to how PIPL can apply, and to whom, in a practical context.

The Future of UK Open Banking: Joint Regulatory Oversight Committee Issues Recommendations

The committee of government and regulatory authorities responsible for open banking in the UK has set out its plans and timeframes for expanding and developing infrastructure, standards, and processes for the sector. Central among these are proposals to improve the performance of interfaces among relevant firms, mitigate financial crime risks, and ensure that end users receive sufficient information and are protected if something goes wrong. This Sidley Update summarises the proposals and key points for firms.

FemTech Has Been Warned: UK’s ICO Indicates Closer Scrutinization of FemTech Apps

On 4 April 2023, John Edwards, the UK’s Information Commissioner, stated that the UK’s Information Commissioner’s Office (ICO) would be “going after providers of women’s health apps and auditing them, and getting them to change any practices that are non-compliant.” Speaking at the IAPP Global Privacy Summit in Washington DC, the Information Commissioner indicated that this proposed strategy forms part of the ICO’s new “agile” initiative, which will focus on “areas of vulnerability, targeting…intervention [where] that has the greatest impact”.