chevron-down Created with Sketch Beta.

ARTICLE

FINRA’s Examination Priorities and Findings for 2020

Ann Began Furman

Summary

  • The SEC adopted Reg BI on June 5, 2019. It establishes a new standard of conduct for firms and their associated persons when making recommendations to retail customers of any securities transaction or investment strategy involving securities.
  • FINRA examined firms’ supervisory systems to determine whether firms have designed them reasonably to detect red flags of possible unsuitable transactions. The findings relate to inadequate supervision in the following areas: product exchanges, “red flags” for suitability, changes to customer account information, and trading activity (for excessive trading or churning).
  • FINRA also notes that it has seen an increasing number of new membership applications  and continuing membership applications from firms seeking to engage in business activities related to digital assets.
  • Amended FINRA Rule 3310 incorporates the Financial Crimes Enforcement Network (FinCEN) new Customer Due Diligence (CDD) rule obligations.
  • Careful study of the letter and report by firm compliance professionals will assist firms in improving risk management, supervision, and regulatory compliance.
FINRA’s Examination Priorities and Findings for 2020
Andrew Bret Wallis via Getty Images

The regulatory examination and enforcement efforts of the Financial Industry Regulatory Authority (FINRA) go hand in hand. FINRA examinations may lead to formal investigations, which may lead to disciplinary complaints and enforcement actions. For broker-dealer firms, studying the lessons learned from FINRA examination priorities, examination findings, and disciplinary actions can be a productive forward-looking exercise.

On January 9, 2020, FINRA released its 2020 Risk Monitoring and Examination Priorities Letter. The stated purpose of the letter is to help firms strengthen their compliance, supervisory, and risk management programs. In addition to identifying priorities for 2020 examinations, the letter sets forth practical considerations and questions to assist firms in evaluating their own programs.

FINRA’s 2019 Report on Examination Findings and Observations, published on October 16, 2019, preceded the letter and identified key findings and observations from recently conducted examinations. In addition to outlining examination findings and observations, the stated purpose of the 2019 examination report is to identify “effective practices that could help improve [firms’] compliance and risk management programs.”

The report discusses FINRA’s decision to distinguish between examination “findings” and “observations.” Examination findings constitute FINRA’s determination that a firm or registered person has violated SEC, FINRA, or other relevant rules. “Observations,” formerly known as recommendations, are FINRA’s suggestions to a firm about how it could improve its control environment in order to address perceived weaknesses that elevate risk.

Both the 2020 priorities letter and the 2019 examination report highlight potential areas of vulnerability for firms. Taken together, the letter and report are helpful resources for firms to assess and enhance their regulatory compliance, supervision, and risk management programs.

The outbreak of coronavirus disease 2019 (COVID-19) has created serious challenges for firms and regulators. As a result, COVID-19 may precipitate changes in FINRA’s examination and enforcement focus for the remainder of the year.

This article discusses select issues identified in the letter and report. Following release of the letter, FINRA released its 2019 enforcement statistics. Each month, FINRA publishes, on its website, disciplinary actions against firms and individuals for violations of FINRA rules, federal securities laws, rules, and regulations, and Municipal Securities Rulemaking Board rules. This article does not discuss FINRA enforcement matters, but it does identify FINRA guidance issued as a result of the pandemic.

Sales Practices and Supervision

One difference between the letter and the report is their respective discussion of the standard of conduct applicable to firms. The 2020 priorities letter addresses examination of firms’ readiness for Regulation Best Interest (Reg BI). On the other hand, the 2019 examination report addresses findings related to FINRA’s existing suitability and related supervisory obligations.

SEC Reg BI and Form CRS

The SEC adopted Reg BI on June 5, 2019. It establishes a new standard of conduct for firms and their associated persons when making recommendations to retail customers of any securities transaction or investment strategy involving securities. Firms and their associated persons are required to act in the best interest of their retail customers without placing their financial or other interests ahead of the interests of the retail customer. The rule requires additional disclosures, policies and procedures, conflict identification, and training beyond what firms have previously had in place. The rule also requires delivery of a relationship summary to a customer on Form CRS. The compliance date for Reg BI and Form CRS is June 30, 2020.

In the 2020 priorities letter, FINRA noted that, in the first part of 2020, FINRA would review firms’ preparedness for Reg BI to understand implementation challenges. After the June 30 compliance date, FINRA intends to examine firms’ compliance with Reg BI, Form CRS, and related SEC guidance. In this regard, FINRA announced in the letter that it might take into consideration the following factors when reviewing a firm for Reg BI compliance:

  • Does a firm have procedures and training in place to assess recommendations using a best interest standard?
  • Do a firm and its associated persons apply a best interest standard to recommendations of types of accounts?
  • If a firm and its associated persons agree to provide account monitoring, do they apply the best interest standard to both explicit and implicit hold recommendations?
  • Do a firm and its associated persons consider the express new elements of care, skill, and costs when making recommendations to retail customers?
  • Do a firm and its associated persons consider reasonably available alternatives to the recommendation?
  • Do a firm and its registered representatives guard against excessive trading, irrespective of whether the broker-dealer or associated person “controls” the account?
  • Does a firm have policies and procedures to provide the disclosures required by Reg BI?
  • Does a firm have policies and procedures to identify and address conflicts of interest?
  • Does a firm have policies and procedures in place regarding the filing, updating, and delivery of Form CRS?

On April 7, 2020, the SEC Office of Compliance Inspections and Examinations (OCIE) published two risk alerts addressing examinations that focus on compliance with Reg BI and Form CRS. OCIE acknowledges in the risk alerts the challenges created by COVID-19. Disruption caused by COVID-19, however, was not enough of a reason for the SEC to extend the Reg BI compliance date.

Suitability and Know-Your-Customer Examination Findings

FINRA examined firms’ supervisory systems to determine whether firms have designed them reasonably to detect red flags of possible unsuitable transactions. The findings relate to inadequate supervision in the following areas: product exchanges, “red flags” for suitability, changes to customer account information, and trading activity (for excessive trading or churning).

The report notes, as an example of a problematic practice, that some firms did not identify or question patterns of similar recommendations by representatives or branch offices across many customers with different risk profiles, time horizons, and investment objectives. Further, in other instances, several customers of a representative or branch office appeared to have made “unsolicited” transactions in identical securities, which FINRA notes could raise questions about whether the transactions were actually “unsolicited.”

FINRA identified another problematic area. FINRA Rule 2090 (know your customer) requires firms and their associated persons to use reasonable diligence to determine the “essential facts” about every customer and “the authority of each person acting on behalf of such customer.” FINRA noted that some firms did not establish, maintain, or enforce a supervisory system reasonably designed to achieve compliance with their continuing obligation to know the essential facts of their customers in the context of Uniform Transfers to Minors Act and Uniform Grants to Minors Act (UTMA/UGMA) accounts. When UTMA/UGMA accounts are established, the beneficiary (a minor) becomes the owner of the property at the time of the gift; however, the custodian manages and invests the property on the beneficiary’s behalf until the beneficiary reaches the age of majority, at which time the custodian is required to transfer the custodial property to the beneficiary.

The report notes FINRA’s findings that, even though firms were aware of the need to transfer responsibility for the UTMA/UGMA account at a future date, “some firms did not take any steps to track or monitor when beneficiaries would reach the age of majority, while other firms had procedures for their registered representatives to follow, but did not require any supervisory oversight.” In some instances, moreover, “firms permitted custodians to effect transactions in, and withdraw, journal and transfer money from UTMA/UGMA accounts months, or even years, after the beneficiaries reached the age of majority, and ignored red flags of such activity (e.g., customer complaints relating to such transactions).”            

Financial Management

Digital Assets

A “digital asset” encompasses cryptocurrency or other virtual coin or token and any other asset that consists of records in a blockchain or distributed leger. FINRA has identified digital assets as an area of examination focus in 2020, noting novel and complex regulatory issues raised under the federal securities laws (including Securities Exchange Act of 1934 Regulation D, Regulation S, Regulation A, the net capital rule, customer protection rule, financial reporting rule, quarterly securities count rule, and record-keeping rules) and under FINRA rules (including supervision, anti-money laundering, and communications with the public).

FINRA also notes that it has seen an increasing number of new membership applications  and continuing membership applications from firms seeking to engage in business activities related to digital assets. It also has seen an increased number of registered representatives engaging in outside business activities involving digital assets. Some firms have sought to facilitate private offerings of digital asset securities, operate secondary trading platforms, or facilitate trades of indirect investment products, such as private funds investing in cryptocurrencies.

In its 2020 examinations, FINRA may take the following factors, among others, into consideration when reviewing a firm’s digital asset activities:

  • If a firm is considering engaging in digital asset activities, has it filed a continuing membership application with FINRA?
  • Does a firm provide a fair and balanced presentation in marketing materials and retail communications, including addressing risks presented by digital asset investments, and not misrepresenting the extent to which digital assets are regulated by FINRA or the federal securities laws or eligible for protections thereunder (such as Securities Investor Protection Corporation coverage)?
  • Do a firm’s communications inappropriately imply that digital asset services offered through an affiliated entity are offered through and under the supervision, clearance, and custody of a registered broker-dealer?
  • If a firm is engaging in digital asset transactions, what controls and procedures has it established to support the facilitation of such transactions, including initial issuance or secondary market trading of digital assets?

As noted in the letter, the 2019 examination report sets forth regulatory obligations and noteworthy examination findings relating to digital-asset communications.

Firm Operations

Anti-Money Laundering (AML) Compliance and Amended FINRA Rule 3310

Amended FINRA Rule 3310 incorporates the Financial Crimes Enforcement Network (FinCEN) new Customer Due Diligence (CDD) rule obligations. The CDD rule requires that firms identify beneficial owners of legal entity customers, understand the nature and purpose of customer accounts, conduct ongoing monitoring of customer accounts to identify and report suspicious transactions, and update customer information.

The 2019 examination report notes that some firms did not update their written supervisory procedures (WSPs) to reflect amended Rule 3310. In this regard, FINRA stressed that it expects firms to evaluate which new and amended laws and regulations apply to their business and evaluate whether the firm needs to amend its supervisory systems, WSPs, and training programs. FINRA has identified as an area of examination focus firms’ compliance with FINRA Rule 3310.

Business Continuity Plans and Emergency Contact Information Findings

 FINRA Rule 4370 (business continuity plans and emergency contact information) requires firms to create and maintain a written business continuity plan (BCP) with procedures reasonably designed to enable firms to meet their obligations to customers and other broker-dealers during an emergency or significant business disruption. Firms are required to update their BCPs, as necessary, to reflect changes in firm operations, structure, business, or location.

The 2019 examination report notes that FINRA found that some firms encountered challenges when their BCPs did not reflect market conditions, business models, or other circumstances. For example, some firms’ BCPs omitted “mission-critical systems,” i.e., those used for order management for trading desks, or vendor systems that processed and managed financing transactions, such as securities lending and repurchase agreements.

FINRA found other BCP problems, including (1) insufficient capacity to handle increased call volumes or online activity during business disruption, (2) not updating the BCP for operational changes, (3) outdated contact information, (4) storing documents on the local drives of office computers rather than on the firm’s network, and (5) not maintaining a registered principal registration as required for management personnel responsible for performing the annual BCP review.

In the first quarter of 2020, FINRA began publishing on its website guidance and temporary relief related to the outbreak of COVID-19. FINRA’s COVID-19 guidance includes frequently asked questions (FAQs) on several topics, including FAQs on BCP matters. In addition, on March 9, 2020, FINRA issued Regulatory Notice 20-08 addressing pandemic-related BCP guidance and regulatory relief.

Closing Thoughts

Careful study of the letter and report by firm compliance professionals will assist firms in improving risk management, supervision, and regulatory compliance. It remains to be seen how the disruption caused by the COVID-19 pandemic will affect FINRA’s 2020 examination and enforcement priorities.

Apart from COVID-19, another piece of the regulatory landscape warrants attention. This year, OCIE identified SEC oversight of FINRA as an examination priority. As part of its oversight process, OCIE conducts risk-based examinations of FINRA’s major regulatory programs and oversight examinations of FINRA’s examinations of broker-dealers. Based on this oversight process, OCIE makes “detailed recommendations to improve FINRA’s programs, risk assessment, processes, and its future examinations.” Stay tuned for news resulting from OCIE’s 2020 oversight examination of FINRA.

    Authors