7 Important Takeaways from FINRA’s 2017 Priorities Letter

FINRA has just released its 2017 Regulatory and Examination Priorities Letter, which points out key areas member firms need to focus on to protect investors, market integrity, and their own business.

This year, the regulator plans to be particularly diligent on firms that hire repeated rule-breakers and high-risk registered brokers. FINRA also continues to task firms with improving their overall protection of vulnerable senior investors, tightening cybersecurity programs and controls, and shoring up other core issues related to compliance, supervision, and risk management.

Firms can use the letter to review and strengthen their compliance, supervisory and risk management programs, and to define their internal training related to FINRA priorities. Here are seven takeaways from the FINRA letter that firms can use to navigate through examinations in 2017:

  1. High-risk brokers, beware.

FINRA will continue to focus on high-risk brokers this year, especially those with repeated offenses or allegations of wrongdoing. Firms that hire or seek to hire recidivist brokers can expect “rigorous regulatory attention” and will need to perform due diligence when employing and monitoring representatives in this category.

FINRA has recently established a dedicated examination unit that will identify and examine brokers who may pose a high risk to investors. This specific unit will review high-risk brokers and their interactions with customers, compliance with rules regarding suitability, outside business activities, private securities transactions, and more.

The regulator will also assess whether firms develop and implement a supervisory plan that’s reasonably built to detect and prevent misconduct by a broker if that broker has a history of misconduct. Firms that have a concentration of brokers with misconduct histories (or several sales practice complaints and arbitrations) will also be looked at closely.

  1. Financial advice must be suitable for the customer.

FINRA is concerned because it continues to see situations where a broker recommends financial products that aren’t suited to their customers. This is particularly applicable and alarming when elderly investors receive recommendations that aren’t right for them. Firms are asked to take specific measures to protect senior citizens from financial exploitation. It’s recommended that firms double-check orders, and monitor their brokers’ outside ‘business’ activities and interaction with seniors. FINRA plans to follow up with assessment of firms’ controls to protect seniors from fraud, abuse and improper advice, and has several suggestions regarding the steps firms must take to prepare included in its letter.

  1. Social media and electronic communications retention and supervision systems are now magnified.

FINRA will continue to closely review firms’ compliance with their supervisory and record-retention obligations related to social media and other electronic communications, because these digital records have an increasingly critical role to play in the securities business. The regulator stresses these obligations apply to business communications irrespective of the medium or device used to communicate. That means that under U.S. Securities and Exchange Commission (SEC) and FINRA record-retention requirements, firms must ensure the capture of business-related communications no matter what devices or networks are used by an organization and its employees. Firms must capture and maintain all business-related communications so they can be reviewed for inappropriate business conduct.

  1. Cybersecurity continues to alarm firms and FINRA alike.

Cybersecurity threats remain one of the most significant risks firms face. This year, FINRA will continue to assess firms’ programs to manage risks, while acknowledging there’s no one-size-fits-all approach to cybersecurity. FINRA will tailor its assessment of cybersecurity programs to each firm based on a variety of factors, including business model, size and risk profile.

FINRA points firms to two areas in cybersecurity that have shown “repeated shortcomings in controls.” First, the regulator has noticed cybersecurity controls at a firm’s branch offices tend to be weaker than those at the home office, and calls for firms to improve upon that problem. (See more about broker offices, below.)
Second, FINRA notes many firms have failed to fulfill their obligations under the SEC Rule 17a-4(f) which requires firms to preserve records in a non-rewritable, non-erasable format (write once/read many, a.k.a. WORM). This is a significant problem that firms must correct, since FINRA recently announced enforcement actions against 12 firms for failure to preserve broker-dealer and customer records in WORM format. FINRA has made it clear this issue will see continued scrutiny in 2017, and advises firms to use review and retention systems and services for email and other electronic communications that fulfill the specific 17a-4(f) requirements.

  1. Firms are asked to buckle down on their branch office supervisory systems.

FINRA said it will continue to evaluate firms’ branch office inspection programs and supervisory systems including, but not limited to, independent contractor branches. FINRA’s focus for these reviews will include an evaluation of:

  • Account activity supervision
  • Advertising and communications, including the potential use of unapproved email addresses for business
  • Communications with customers through social media, seminars, radio shows or podcasts
  • Registered representatives’ websites
  • Outside business activities

Along the same lines, FINRA will assess firms’ testing of their overall internal supervisory controls, which enable firms to identify and fix gaps or inadequate controls in their compliance systems. While problems may appear first in a firm’s daily operations, FINRA has noticed issues become more prevalent when a firm increases its business scale or scope, or jumps from a legacy compliance system to a new one. Control problems may include record-retention omissions and failure to deliver proper documents and communication to clients.

  1. New electronic, off-site reviews are on their way.

This year, FINRA will start using electronic, off-site reviews to supplement its regular on-site examinations. It’s expected this will help FINRA review selected areas that are typically covered in its priorities letters, without the need to appear on-site at a firm. The regulator will make “targeted and limited” information requests to firms and then review responses off-site, for a select group of firms not scheduled for a regular exam in 2017. This implies that the regulator will be able to conduct more reviews, faster than ever before.

  1. Firms will soon have new insight into the industry’s exam results.

FINRA has heard frequently from firms and other stakeholders that they want to know more about what the regulator finds in its examinations. In response, FINRA will start publishing a summary report that outlines key findings from examinations in selected areas, on a national level. The results are expected to inform firms of deficiencies FINRA has observed, including in its areas of priority. This will also firms that haven’t been examined yet to fix any similar deficiencies in their business, or strengthen their controls.

FINRA will also develop a “compliance calendar” and a directory of compliance service tools, resources, and providers, to be shared with smaller firms that have asked for this guidance.

Smarsh recommends that firms review the FINRA letter in its entirety, as there are many other highlights that outline what broker-dealers should expect this year, with practical examples given.

If you’d like to learn more about how you can use The Archiving Platform from Smarsh to prepare your firm for many of the electronic communications archiving requirements set forth by FINRA and other regulators, visit http://www.smarsh.com/watch-it-work/.

Share this post!

Smarsh

Get a Quote

Tell us about yourself, and we’ll be in touch right away.

Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.

Contact Us

Tell us about yourself, and we’ll be in touch right away.