Retail Investors and Cybersecurity Top FINRA 2022 Priorities

March 16, 2022by Smarsh

Subscribe to the Smarsh Blog Digest

Subscribe to receive a monthly digest of articles exploring regulatory updates, news, trends and best practices in electronic communications capture and archiving.

Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.

There was a retail trading frenzy in 2021, with approximately six million people downloading trading apps in January alone. This led to record-high average daily volumes for trading with retail brokerages.

In light of this surge, FINRA is focusing their efforts on investor protection and market integrity in 2022. We’ve distilled the 175-page report into four key areas of focus:

  • Protecting retail investors
  • Supervising public communications
  • Clarifying Regulation Best Interest (RegBi) policies
  • Staying current with cybersecurity

Watch the webinar on-demand on BrightTALK.

smarsh 2022 finra exampriorities webinar thb

1. Protecting retail investors

A major FINRA focus in 2022 is on the influx of retail investors, many of whom are Gen Z or newer investors. Firms are attracted to this new and growing market, but it also is a market of less sophisticated investors, making it ripe for potential market abuses.

Social media is a popular channel for this demographic, and both firms and financial influencers (or finfluencers) know this. While some firms, such as Fidelity, have social media accounts that are designed to engage these investors with educational material, other individuals and firms are using social channels in a way that is concerning to regulators.

“I think the next year is going to touch on a lot of things like gamification and other digital engagement practices surrounding the retail investor,” says Tiffany Magri, Regulatory Advisor at Smarsh. “Are firms engaging in these activities to educate and inform and increase returns for retail investors? Or are they only considering their own returns when engaging in these types of activities?”

Firms can expect FINRA to pay extra attention to ensure firms are applying compliance policies and practices and supervising social media activities. If representatives are acting as finfluencers, supervisors are obligated to capture, store and monitor these types of communications.

“Are firms engaging in these activities to educate and inform and increase returns for retail investors? Or are they only considering their own returns when engaging in these types of activities?“

2. Supervising public communications

With more advisors and representatives working from home, FINRA will continue to focus on communications with the public and more specifically Outside Business Activities (OBA) in 2022. In addition to reviewing firm records, it’s expected that FINRA will also scrub social media and online forums during their reviews. Firms will need to perform due diligence on their own representatives to reduce the risk of undisclosed outside business activities.

Video was also a part of the public communications focus. FINRA called for firms to create best practices and protocols around video content, including developing procedures around livestream public appearances and scripted presentations. In September 2021, FINRA added the use of visual aids like whiteboards or instant messages and polls in presentations to be considered communications with the public.

“Firms need to review how they are using those digital communications and making sure that those communications fit into their procedures and practices,” says Magri.

3. Clarifying Regulation Best Interest (RegBi) policies

Firms can also expect another wave of Regulation Best Interest (RegBi) enforcements. According to Elin Cherry, CEO and founder of Elinphant, FINRA has fleshed out the guidance on RegBi and will continue to do so.

“I think what FINRA has found is that firms haven’t implemented it correctly,” says Cherry. “Firms did the bare minimum by adding standard boilerplate language into their policies and procedures, but now FINRA will clarify guidance to make sure policies and procedures are buttoned up.”

Magri adds, “One of my favorite parts of the best interest section in the exam letter is that it essentially says, ‘Don't just state what the policies are, but include how you're going to fulfill them.’”

An important aspect of RegBi is that it is interwoven with many other policies and procedures firms already have in place. FINRA does point this out so firms can evaluate their policies and procedures holistically to ensure that necessary items and records are captured . As a best practice, firms should monitor communications channels for red flags indicating possible infractions to these policies.

“It's really looking at this rule and evaluating all the different items and making sure you're testing those practices and maintaining those records,” says Magri. “Designating a supervisor who really understands RegBI to maintain these polices is going to be crucial for firms going forward.”

4. Stay current with cybersecurity

The new model of having new data, new office locations and a new class of investors creates more opportunities for intentional wrongdoing. FINRA also released notices cautioning firms to be on higher alert and readiness given some of the geopolitical events going on in the world today.

It's increasingly important for firms to have robust policies in place for confidential and sensitive data. Cyberattacks are constantly evolving and getting more sophisticated and common. Cybersecurity needs to evolve with it.

Firms need to have a cybersecurity “playbook” that has strategies to:

  • Integrate periodic risk assessments
  • Categorize and prioritize those assessments
  • Detect and monitor cyber incidents
  • Respond to cyber incidents
  • Partner and collaborate with cybersecurity professionals

If a firm stores its data in the cloud, the firm must make sure its technology partner is suited for that purpose and have a security infrastructure, protocols, and strategy in place.

“Firms need to perform due diligence on their technology vendors annually,” says Cherry. “A vendor hired five years ago may not have kept up with all the cybersecurity changes.”

Digital communication will play a larger role this year

Digital communication is the lynchpin of FINRA’s focus, which makes sense for three key reasons:

  • The financial services industry will remain in a hybrid scenario
  • Retail investors are making a clear impact
  • Communication channels will continue to evolve with advancing technologies and investor preferences

“Digital communications seem front and center in this report, which makes sense since we’re all digitized and remain in a hybrid scenario,” notes Robert Cruz, VP of Information Governance at Smarsh. “But it’s also because this generation of retail investors are choosing different communication vehicles. They engage in non-traditional ways, and I see more firms embracing that.”

Firms need to be able to adequately capture, retain and supervise digital communication records. More importantly, there needs to be a supervision solution in place that can help identify communication red flags with precision to get ahead of potential misconduct.

“Firms need to make sure that they have a good due diligence process at the front door when they’re making decisions about which tools to allow and which tools to prohibit,” adds Cruz.

While FINRA has laid out its focus for this year, firms can be confident that this guidance will persist as long as digital communication technologies play a role in reaching and engaging investors.

Share this post!

Smarsh
Smarsh Blog

Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.

Get a Quote

Tell us about yourself, and we’ll be in touch right away.

Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.

Contact Us

Tell us about yourself, and we’ll be in touch right away.