On January 17, the Financial Industry Regulatory Authority (FINRA) released its annual Risk Monitoring and Examination Priorities Letter (Letter), which identifies topics that FINRA will focus on in 2019. Unlike in previous years, this Letter primarily discusses new topics and priorities in areas of ongoing concern while not repeating topics that have been at the center of FINRA’s attention over the years. FINRA notes, however, that while traditional topics such as cybersecurity,1 recidivist brokers and anti-money-laundering (AML) may not be discussed extensively in the Letter, FINRA will nonetheless review firms for compliance regarding these areas of focus.
As always, firms should use the Letter to review their compliance and supervisory procedures carefully and make any necessary revisions. Firms also should be prepared to explain their compliance and supervisory policies in these areas in their upcoming FINRA examinations and provide documentation of relevant reviews. The following is a discussion of some of the more salient points of the FINRA Letter. (more…)
On January 5, the Financial Industry Regulatory Authority (FINRA) released its annual Regulatory and Examination Priorities Letter (Letter) to highlight risks that FINRA believes could adversely affect investors and market integrity. This year’s Letter differs from those in the past in focusing on three broad, principle-based concerns in addition to the usual list of narrowly focused areas that examiners will certainly review. These broad areas are 1) culture, conflicts of interest and ethics; 2) supervision, risk management and controls; and 3) liquidity. The discussion is helpful because it explains FINRA’s overarching concerns, philosophy and its potential basis for pursuing enforcement actions. Firms should read this discussion carefully and internalize its principles. Firms should be able to document and demonstrate to FINRA their appropriate regulatory and ethical culture and how they actively identify and manage potential conflicts of interest. Likewise, in today’s highly automated and data-dependent markets, firms must be able to demonstrate that their procedures and policies related to cybersecurity, technology management and data quality are up to date, adequately resourced and strictly followed.