On January 17, the Financial Industry Regulatory Authority (FINRA) released its annual Risk Monitoring and Examination Priorities Letter (Letter), which identifies topics that FINRA will focus on in 2019. Unlike in previous years, this Letter primarily discusses new topics and priorities in areas of ongoing concern while not repeating topics that have been at the center of FINRA’s attention over the years. FINRA notes, however, that while traditional topics such as cybersecurity,1 recidivist brokers and anti-money-laundering (AML) may not be discussed extensively in the Letter, FINRA will nonetheless review firms for compliance regarding these areas of focus.
As always, firms should use the Letter to review their compliance and supervisory procedures carefully and make any necessary revisions. Firms also should be prepared to explain their compliance and supervisory policies in these areas in their upcoming FINRA examinations and provide documentation of relevant reviews. The following is a discussion of some of the more salient points of the FINRA Letter.
Online Distribution Platforms
FINRA notes that firms increasingly are involved in the distribution of securities through online platforms, some operated by unregistered entities, in reliance on Rule 506(c) of Regulation D and Regulation A under the Securities Act of 1933, and FINRA is concerned that some member firms have argued that they are not selling or recommending securities when involved with such platforms, despite evidence to the contrary. FINRA plans to evaluate how firms conduct their reasonable basis and customer-specific suitability analyses, supervise communications with the public and meet AML requirements in the context of distribution from online platforms. Further, given the broad visibility of these offerings, FINRA will evaluate how firms are addressing the risk of offering documents or communications with the public that omit material information or contain false or misleading statements or promises of high targeted returns.
Fixed-Income Markup Disclosure
FINRA will review firms’ compliance with their markup or markdown disclosure obligations on fixed-income transactions with customers pursuant to recent amendments to FINRA Rule 2232 and MSRB Rule G-15. As is typical with a new rule, we expect initial exams to focus on whether firms successfully implemented the requirements and have adequate policies and procedures designed to ensure compliance. To help firms assist in compliance with such requirements and to better inform investors, FINRA commenced issuing to firms its “Mark-up/Mark-down Analysis Report” and has also made publicly available a Bond Facts Tool, which provides security-specific product data to help retail investors understand the quality of their fixed-income securities transactions. FINRA will also review for any changes in firms’ behavior that might be undertaken to avoid their markup and markdown disclosure obligations.
FINRA notes the increase in firms’ use of a variety of innovative regulatory technology tools to make their compliance efforts more efficient, effective and risk-based. FINRA plans to engage with firms to understand how they are using such tools and addressing related risks, challenges or regulatory concerns.
Sales Practice Risks
Suitability remains a perennial priority. Some of the specific areas that FINRA plans to focus on include (1) deficient quantitative suitability determinations or related supervisory controls; (2) overconcentration in illiquid securities, such as variable annuities, nontraded alternative investments and securities sold through private placements; and (3) recommendations to purchase share classes that are not in line with the customer’s investment time horizon or hold for a period that is inconsistent with the security’s performance characteristics. In addition, FINRA remains concerned about the increasing complexity of exchange-traded products (ETPs) and securities products that package leveraged loans.
FINRA will continue to focus on how firms are protecting senior investors and retirees from fraud, sales practice abuses, and financial exploitation. FINRA will assess the supervisory systems that firms use to place heightened scrutiny over such accounts. FINRA is also interested in learning about firms’ early experiences with new FINRA Rules 2165 and 4512 relating to, respectively, temporary holds on disbursements and the requirements of a trusted contact.
Outside Business Activities and Private Securities Transactions
FINRA will continue to assess firms’ controls related to associated persons’ outside business activities and private securities transactions, including associated persons raising funds from their customers away from their firm and outside of their firm’s supervision. FINRA is particularly concerned about fundraising activities for entities that the associated persons control or in which they have an interest, specifically for entities with misleading names that are similar to established issuers.
Supervision of Digital Assets Business
FINRA notes that firms have demonstrated significant interest in participating in activities related to digital assets,2 and FINRA encourages firms to notify FINRA if they plan to engage in such activities, even where a membership application is not required. FINRA will review firms’ activities through its membership and examination processes related to digital assets and assess firms’ compliance with applicable securities laws and regulations and related supervisory, compliance and operational controls to mitigate the risks associated with such activities. FINRA intends to coordinate closely with the U.S. Securities and Exchange Commission (SEC) on an array of issues related to digital assets.
Customer Due Diligence and Suspicious Activity Reviews
FINRA will assess firms’ compliance with the Financial Crimes Enforcement Network’s newly enhanced customer due diligence rule, focusing on the data integrity of suspicious activity monitoring systems as well as the decisions associated with changes to those systems.
FINRA is concerned about firms failing to use reasonable diligence to assure that their customer order flow is directed to the best market given the size and types of transactions, the terms and conditions of orders and other factors. As a point of emphasis, FINRA is specifically interested in reviewing firms’ best execution decision-making in situations where firms route all or substantially all customer orders to a small number of wholesale market makers from which they receive payment for order flow or an affiliated broker-dealer or alternative trading system in which the firm has a financial interest. FINRA will also review how firms quantify the benefits to customers from firms’ receipt of order routing inducements and how they manage conflicts of interest. Requiring firms to quantify the benefits to customers from the receipt of payment for order flow or other inducements appears to be a new factor FINRA believes is necessary to be weighed in connection with the firms’ best execution reviews. We are unaware of previous law or guidance that has required this. Also, notably, late last year the SEC approved amendments to Rule 606 that require additional disclosures regarding the handling of customer orders, including the terms of any payment for order flow arrangements.
FINRA continues to focus on market manipulation by enhancing FINRA’s surveillance capabilities and providing firms with tools they can use to identify possible manipulative activities. This year, FINRA will focus on manipulative trading in correlated ETPs, with an emphasis on those that track common, broad market indices. FINRA also will focus on reviews for manipulation of options products that may be correlated to such indices. FINRA will continue to help firms with their compliance efforts by providing Cross Market Supervision Report Cards, which can help firms identify potential manipulation across multiple firms, markets and products and proactively address related compliance risks. Firms will be expected to incorporate cross-market transaction activity into their suspicious and/or manipulative trading activity surveillance and reviews. We note that firms are generally well served to use the Cross Market Supervision Report Cards in their review, keeping mind that the regulators are able to monitor the frequency with which they are accessed.
FINRA plans to review firms’ compliance with SEC Rule 15c3-5, focusing on how firms apply appropriate controls and limits to sponsored access orders, retain the sole authority to determine the boundaries for those controls and limits, test the effectiveness of those controls and limits, and implement and test exception reporting systems covering sponsored access orders. Firms need to pay particular attention to enforcement actions in this area as interpretation of the Rule’s requirements and regulatory expectations have expanded. For example, we note that firms often must to show an empirical basis for their trade thresholds, such as order size or message rates. Unfortunately, little other guidance has been issued outside of the regulatory context.
FINRA will review whether firms have structured their aggregation units in a manner that is consistent with the requirements of Regulation SHO Rule 200(f) and can demonstrate the independence of the units through measures such as separate management structures, location, business purpose and profit-and-loss treatment.
As in 2018, FINRA will review how firms account for their options positions when tendering shares in partial tender offers, for compliance with Rule 14e-4 under the Exchange Act. FINRA will continue to educate firms about the applicable requirements and evaluate firms for compliance.
FINRA will review firms’ policies and procedures for identifying, measuring, and managing credit risk, including risk exposures that may not be readily apparent.3 Such responsibility can be incurred under clearing arrangements, prime brokerage arrangements, “give up” arrangements, sponsored access arrangements or principal letters. In recent exams, FINRA has focused on illiquid or highly concentrated margin positions and margin positions involving highly volatile securities and will likely do so in 2019. FINRA will also assess the extent to which firms identify and address all relevant risks when they extend credit to their customers and counterparties and whether firms comply with FINRA’s rules on margin requirements.
Funding and Liquidity
FINRA will continue to evaluate firms’ liquidity planning, including whether they have a reasonable process to regularly assess the adequacy of their liquidity pools and update their stress test assumptions based on changes in their businesses, products and customers. FINRA plans to focus on whether firms update their stress test assumptions in light of changes in the marketplace, such as the increased volatility experienced at the end of quarters, including the fourth quarter of 2018. FINRA will also focus on applicable contingency plans related to government securities repo funding and adequacy of firms’ liquidity pools.
Though not mentioned in the Letter, we have recently become aware that FINRA Enforcement is no longer issuing a Wells Notice in every inquiry, particularly with respect to routine sweeps and reviews conducted by Market Regulation. The practice, which was based on Rule 5(c) of the SEC’s Rules on Informal and Other Procedures, required FINRA staff to notify a respondent of the nature of the investigation and potential violations and afforded the respondent an opportunity to make a written submission outlining any potential defenses or mitigating factors. A firm’s response to a Wells Notice was included in the information presented to the Office of Disciplinary Affairs when considering the sufficiency of a recommended sanction. Our understanding is that FINRA will generally reserve issuing a Wells Notice for those instances that appear unlikely to settle or are clearly subject to litigation.
There were very few surprises in the Letter as many of the topics and initiatives have dominated FINRA’s focus in the prior year. One of the general themes we observed is FINRA’s focus on testing compliance with new or enhanced rules, including rules related to senior investor protection, AML, customer due diligence and fixed-income markup disclosure. Nevertheless, firms should review their practices and procedures in each of the areas and be prepared to address in future examinations.
1 FINRA recently published a Report on Selected Cybersecurity Practices – 2018, and this document provides additional information on practices that may help some firms strengthen their cybersecurity programs.
2 FINRA provided general guidance regarding digital asset in Regulatory Notice 18-20, available here: http://www.finra.org/industry/notices/18-20. In this notice, FINRA defined “digital asset” as cryptocurrencies and other virtual coins and tokens (including virtual coins and tokens offered in an initial coin offering (ICO) or pre-ICO) and any other asset that consists of, or is represented by, records in a blockchain or distributed ledger (including any securities, commodities, software, contracts, accounts, rights, intangible property, personal property, real estate or other assets that are “tokenized,” “virtualized” or otherwise represented by records in a blockchain or distributed ledger).
3 For example, a firm may be exposed to credit risk when it becomes responsible for transactions that its customers and correspondents execute “away” from the firm, without the firm’s participation until after execution.