Focus Areas For FINRA and SEC Financial Regulations in 2021

January 19, 2021by Smarsh

Subscribe to the Smarsh Blog Digest

Subscribe to receive a monthly digest of articles exploring regulatory updates, news, trends and best practices in electronic communications capture and archiving.

Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.

As part of our recent Innovation Exchange virtual conference about the Future of Work in Financial Services, our closing keynote featured a discussion from experts in financial regulation and supervision. The panel included:

  • Mimi LeGaye, President and Founder of MGL Consulting, a full-service consulting firm that provides compliance, registration and strategic consulting services to broker-dealers, investment advisors and commodities firms

  • Susan Schroeder, Vice-Chair of the Securities Department at WilmerHale law firm in New York and the former head of FINRA enforcement

  • Marianna Shafir, Regulatory Advisor at Smarsh, attorney, a former employee of BNY Mellon and Invesco, and moderator of the panel

The group touched on the many changes brought on throughout the last year and made some predictions about where regulators will be focusing their energy when conducting examinations in the coming year.

Focus areas for FINRA and SEC in 2021

Updated policies and procedures: Business continuity plans, supervisory procedures and compliance manuals must all be updated to incorporate changes brought on by virtual work and increased reliance on technology to do business.

Managing Reg BI: Examiners will expect documentation of disclosure of conflicts of interest with investors and customers.

Addressing market changes: Firms must ensure that their supervisory model continues to match their business model, taking into consideration new customers and potential risks like money laundering that may occur during times of market volatility.

Risk assessments: Conducting regular risk assessments will be key to managing threats brought on by new technology, distributed workforces and market changes.

Supervising non-regulated employee activity: There may be more focus on how firms supervise outsourced activities by non-registered parties.

Virtual examinations: Firms should be ready to respond quickly to examinations taking place online instead of preparing for an in-office visit.

Artificial intelligence and machine learning: Machine learning has the potential to dramatically improve surveillance and monitoring as forms of supervision. The ability to discern context will be critical functionality.

Regulators will expect updated policies and procedures

There will be heavy emphasis on supervisory procedures and compliance manuals, updates to business continuity plans, as well as the technology that firms are using. Examiners will be drilling into how firms documented changes like moving from on-site to virtual branch exams or allowing electronic signatures.

Examiners will be asking questions such as the following:

  • What steps did firms take to adjust to virtual workspaces?
  • What new technology was adopted?
  • How did supervisory procedures change?
  • Were employees given adequate training on policies for new communication tools?

The challenges with new and multiple modes of communication will have lasting implications. Firms need to continue their business and stay connected to clients during disruptive periods. They must create and enforce explicit use policies for modern collaboration, conferencing and chat tools. If rogue employees are using their own methods of communication or unwittingly using an app or a tool that hasn’t been authorized by the firm, this circumvents the firm's ability to supervise those activities and opens up the potential for risk.

Device policies must also be defined. A lot of firms have had to shift to a bring-your-own-device model to be able to work remotely. However, using personal phones or computers for business makes a rep susceptible to repercussions of FINRA rule 8210. They may not be aware of this, causing potential security and regulatory issues.

Questions from examiners may include:

  • Have you provided company-issued computers or phones to your employees as part of this program or have you allowed them to use their own devices?
  • What type of systems do you have in place to make sure you're retaining all the corporate records that would otherwise be housed on those devices?
  • How do you know what devices are accessing your network?
  • What type of access controls do you have for employees?
  • If an employee leaves, can you be certain that you’ve been able to remove sensitive information from their personal computer or mobile device and avoid any security breaches?

Guidance for collaboration and conferencing tools is still in flux

FINRA initially released information about how they view virtual conference rooms like Zoom, but it may be a while before robust guidance about collaboration and conferencing tools is defined because they are complex platforms with a variety of functionality. For example, if people are chatting during a business meeting, FINRA would consider that to be written correspondence, which would be subject to books-and-records requirements.

Regulators are aware of the challenges these platforms pose because they deal with those same issues. They’ve started using Zoom for on-the-record testimony and hearings, and there have been various challenges to FINRA by member firms using conferencing tools, which is made more difficult when their legal counsel also happens to be calling in from a remote location.

The books and records rules were written before communication changed so dramatically through technology. And today’s business doesn’t fit nicely into yesterday’s rules. Whether it's a text message, a screenshot or an in-meeting Zoom chat, it may end up in a regulator's file. Firms need to know that those communications exist and protect their business by capturing and preserving them as records.

Share this post!

Smarsh
Smarsh Blog

Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.

Get a Quote

Tell us about yourself, and we’ll be in touch right away.

Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.

Contact Us

Tell us about yourself, and we’ll be in touch right away.