FINRA has released its 2016 examination and regulation priorities letter, identifying areas of focus for member firms.

In the New Year, what should your firm pay attention to as you evaluate compliance procedures and programs? Here’s a quick look at the three big topics that are most important to the regulator this year.

Culture, Conflicts of Interest and Ethics

This year, assessment of a firm’s culture will be formalized, with a continued focus on how a firm manages its conflicts of interest and ethics. The regulator doesn’t want to dictate culture, but aims to find out how culture affects firms’ overall compliance and risk management.

Five indicators will be used to assess firm culture, including whether or not a) control functions are valued within the firm, b) policy or control breaches are tolerated, c) a firm proactively seeks to identify risk and compliance events, d) supervisors are effective role models of firm culture, and e) sub-cultures (branch offices, etc.) that don’t conform to corporate culture are identified and addressed.

What this means to you: Firms are expected to take visible action to mitigate conflicts of interest, and promote the fair and ethical treatment of customers. Breaches of firm policies and procedures shouldn’t be allowed, and your firm must have the compliance functions and resources in place to manage the complex and changing regulatory environment. This is closely related to FINRA’s focus on supervision and risk management, described below.

Related Content

• The Financial Advisor’s Guide to Social Media Regulations

Supervision, Risk Management, and Controls

Firms must create and manage a system to supervise the activities of their employees and other associated persons, in line with FINRA rules and securities laws and regulations.

FINRA will focus on five areas of recurring concern that affect business conduct and market integrity. These include:

• Management of conflicts of interest. Areas under FINRA review include incentive and compensation structures, the use of favorable research to win investment banking business, control of information leakage, and position valuation (when proprietary traders provide valuations for proprietary positions they create).
• Technology. Supervision and risk management practices related to a firm’s technology infrastructure, including hardware, software, and the people who develop and maintain the IT systems will be examined by FINRA.
  • Concerns about cybersecurity preparedness persist, and the regulator wants firms to improve their defenses. Specifically, FINRA will review how firms approach cybersecurity risk management, and related governance, risk assessment, technical controls, incident response, vendor management, data loss prevention, and staff training practices. FINRA may specifically examine a firm’s ability to protect the confidentiality, integrity, and availability of information, including compliance with SEC Rule 17a-4(f), which requires electronically stored records to be preserved in a non-rewriteable, non-erasable format.
  • In technology management, FINRA is seeing operational breakdowns when firms change from a legacy to a new compliance system. The transition can bring about inadequate retention and supervision of email and other electronic communications, among other problems, so the regulator will look for evidence of proper controls when a firm implements a new compliance system.
  • FINRA will also examine how firms handle data governance, quality controls and reporting practices that are designed to ensure the accuracy, completeness, consistency, and timeliness of data reports to a firm’s management and its surveillance and supervision systems.
• Outsourcing. As firms continue to reduce costs by outsourcing operational functions, FINRA will review firms’ due diligence and risk assessment of service providers, and their ongoing supervision of those providers.
• Anti-money laundering. FINRA will continue to look at how firms monitor, detect, and report suspicious trading activity and money movement.

What this means to you:  A breakdown in technology can widely impact your firm, customers, and the market, so internal and outsourcing practices are critical. Expect that cybersecurity, technology management, and data quality and governance will be evaluated closely by FINRA, and make sure your policies, systems, training, and enforcement procedures are all up to par.

Liquidity

Firm practices to manage funding and liquidity risk will be examined by FINRA in 2016. This has been an interest area for a while, and the focus will continue in 2016. Firms are expected to evaluate their liquidity requirements related to market or business stresses, and develop contingency plans to weather those stresses.

What this means to you: Your firm should have plans in place to manage any firm business failures and systemic crises. Stress tests and other reviews of these plans should be conducted to ensure that contingency plans are sound. Expect that FINRA will review your firm’s contingency plans. The framework for these reviews will look at the effective practices included in FINRA Regulatory Notice 15-33.

There are other individual areas of focus for FINRA in 2016, including sales practices, financial and operational controls, and market integrity. However, the overall message is clear: a firm’s compliance team, supervisors, and business leaders must address all of the topics and issues outlined, as risk management continues to play an integral part in the protection of investors, the markets, and firms themselves.