The Financial Industry Regulatory Authority (FINRA) has released its annual 2019 Priorities Letter, highlighting new areas of focus, including regulatory technology (RegTech), online distribution platforms, and existing priorities.
This year, the annual letter has a new title: It’s now dubbed the “Risk Monitoring (instead of Regulatory) and Examination Priorities Letter.” FINRA’s CEO Robert Cook, explains how the new title reflects FINRA’s risk monitoring priorities. “Risk monitoring is the ongoing process through which FINRA monitors developments at firms and across the securities industry to identify risks and assess their prevalence and impact. We use this analysis to evaluate whether a regulatory response is appropriate, determine what that response should be, and then allocate the required resources to implement the response.”
This year’s letter takes a new approach — focusing on materially new areas so readers can better identify vectors for program improvement.
New areas of focus include:
Regulatory Technology (RegTech)
FINRA examiners will be focusing on RegTech to understand how firms “are using such tools and addressing related risks, challenges, or regulatory concerns, including those relating to supervision and governance systems, third-party vendor management, safeguarding customer data, and cybersecurity.”
FINRA will continue to implement targeted regulatory responses to address specific risk and compliance issues. I attended the new RegTech conference held in New York last week and enjoyed the insights on how technology is being used to strengthen firms’ compliance programs. During the Regulators Viewpoint on RegTech session, panelist Nick Cook from the Financial Conduct Authority (FCA) said that RegTech enables firms to be at the frontline, not in the back office. The panelist also noted that training is critical and an important part of the implementation process of new tech tools. I highly recommend attending the next RegTech conference to find out about the available tech tools and industry best practices.
Supervision of Digital Assets Business
FINRA will review firms’ activities through its membership and examination processes related to digital assets and assess firms’ compliance with applicable securities laws and regulations and related supervisory, compliance, and operational controls to mitigate the risks associated with such activities. Coordinating closely with the SEC, FINRA will consider how firms determine whether a particular digital asset is a security, and whether firms have implemented adequate controls and supervision over compliance with rules related to the marketing, sale, execution, control, clearance, recordkeeping, and valuation of digital assets, as well as AML/Bank Secrecy Act rules and regulations.
Online Distribution Platforms
Firms are increasingly involved in online distribution platforms in reliance on Rule 506(c) of Regulation D and Regulation A under the Securities Act of 1933 (Securities Act). While some online distribution platforms are owned and operated by broker-dealers, others are operated by unregistered entities, which may use member firms as selling agents or brokers of record, or to perform activities such as custodial, escrow, back-office and financial technology (FinTech)-related functions. FINRA is concerned that some member firms assert that they are not selling or recommending securities when involved with online distribution platforms despite evidence to the contrary, including handling customer accounts and funds, or receiving transaction-based compensation. FINRA will evaluate how firms conduct their reasonable basis and customer-specific suitability analyses, supervise communications with the public, and meet AML requirements. Further, given the broad visibility of offerings distributed through online platforms, FINRA will evaluate how firms are addressing the risk of offering documents or communications to the public that omit material information or may contain false or misleading statements, or promissory claims of high targeted returns.
Firms should also expect review on existing priorities, including:
As always, suitability will remain one of FINRA’s top priorities. This year, some of the new specific areas include: (1) deficient quantitative suitability determinations or related supervisory controls; (2) overconcentration in illiquid securities, and (3) recommendations to purchase share classes that are not in line with the customer’s investment time horizon or objectives. Firms are encouraged to look at suitability broadly to make sure they have the right controls in place and to supervise.
Protection of senior investors, as well as investors who are retired or approaching retirement, remains a top priority for FINRA, and continued focus on how firms are protecting such persons from fraud, sales practice abuses, and financial exploitation. FINRA will assess firms’ supervision of accounts where registered representatives serve in a fiduciary capacity, including holding a power of attorney, acting as a trustee or co-trustee, or having some type of beneficiary relationship with a non-familial customer account. FINRA will assess the supervisory systems firms employ to place heightened scrutiny over such accounts.
Outside Business Activities and Private Securities Transactions
FINRA will continue to assess firms’ controls related to associated persons’ outside business activities and private securities transactions, including associated persons raising funds from their customers away from their firm and outside of their firm’s supervision. FINRA is particularly concerned about fundraising activities for entities that the associated persons control or in which they have an interest, specifically entities with potentially misleading names that are similar to established issuers.
As mentioned in my most recent SEC risk alert article, this should come as no surprise! It was only a matter of time until FINRA opted to focus on RegTech. Firms are using a variety of innovative RegTech tools to make their compliance efforts more efficient, effective, and risk-based. FINRA’s whitepaper is a helpful report outlining RegTech developments within the securities industry. FINRA emphasizes the need to deploy surveillance and monitoring tools to help facilitate compliance. This year’s report concludes that new RegTech tools could transform compliance.
Utilize your archiving platform to incorporate risk monitoring into your compliance program. Detail monitoring of electronic communications is an incredibly effective way to identify risk and asses the impact. A superior archiving platform can automatically flag messages that contain risk keywords or phrases likely to warrant review. You can create lexicons focusing on areas such as high-risk brokers, fraud, improper sales practices and outside business activities. Outside Business Activity Lexicon examples include: “own a %,” “borrow money,” “side gig”. Lexicon policies greatly enhance your supervisory control policies and procedures, helping you meet FINRA requirements for risk-based review, as well as ensuring your reviewers only review high-risk messages.
To learn more about the changes to the letter and to drill into a few key topics, listen to the FINRA Unscripted podcast. This episode is a great resource for hearing actual examiners discuss the new letter.
Firms are encouraged to assess their supervisory systems and controls to ensure compliance with rules and regulations. Adopt and implement tailored heightened supervisory procedures for the above topics. Firms should also periodically test the integrity of their systems to ensure compliance.
The Annual FINRA Priorities Letter is a great resource for firms looking to improve their compliance, supervisory and risk management programs. Use this document to reassess the systems of supervision and policies in place, alongside the exam findings report. Revisit those areas of your firm’s activities and controls to better prepare for the next FINRA exam.