2023 FINRA Regulatory Focus   

2023 FINRA Regulatory Focus   

On January 10th FINRA released its comprehensive new report on its 2023 examination and risk monitoring priorities. The report covers 24 areas where broker/dealers should be prioritizing their supervisory efforts to address the concerns of the regulator and prepare for a new round of FINRA onsite branch examinations. The report from FINRA identifies compliance areas that “remain perennially important, with updates to reflect evolving risks, industry trends and findings from FINRA’s recent oversight activities”.

The fines and disciplinary actions levied by FINRA last year were a stark reminder of the consequences of non-compliance and the value of being prepared before you are notified of a routine or for-cause examination. Thorough self-scrutiny, a detailed review of the current controls and supervisory procedures, independent mock audits, and leveraging advances in technology are significant measures in identifying risks and protecting the broker/dealer from the wrath of the regulators.

 

FINRA Regulatory Fees

Every year, FINRA collects regulatory fees to fund its various programs and initiatives, including its examination and enforcement programs. These fees are assessed on a per-firm basis, and the amount each firm is required to pay is based on several factors, including the firm’s size, the type of business it conducts, and the number of FINRA-registered representatives it employs.

FINRA Examination Priorities

The recent FINRA report highlights the areas where brokers/dealers should be prioritizing their supervisory efforts in preparation for FINRA onsite branch examinations. The report covers 24 areas of concern for FINRA, and the regulator identifies compliance areas that remain perennially important with updates to reflect evolving risks, industry trends, and findings from FINRA’s recent oversight activities.

The report highlighted the following areas of increased or continued scrutiny:

Cybersecurity and Technology Governance – Account Access Authentication, Account Opening Identity Validation, Identity Theft Prevention, Data Loss Prevention and Encryption, Branch Policies, Controls, and Inspections, Vendor Controls, Cloud-based Data Storage, Writing Supervisory Procedures, and SARs.

Anti-Money Laundering –Obligations in CIP and CDD, Inadequate Verification of Identities, Identity Theft, Due Diligence, Detecting and Reporting Suspicious Activities, Handling FinCEN Information Requests, Inadequate Independent Testing, SmallCap IPOs, Sanctions Evasion, ACATs Fraud

Manipulative Trading – Inadequate WSPs, Surveillance Thresholds and Deficiencies

Outside Business Activities and Private Securities Transactions ­– Inaccurate Interpretation of Compensation, Inadequate Approval Procedures, Lack of Documentation, Insufficient Notice and Reviews, Inadequate Controls, Inadequate Recordkeeping of Cryptocurrency Activities

Books and Records – Misinterpreted Obligations, Failure to Maintain Email Correspondence, Failure to Capture and Review Text, IM, BYOD, and similar Correspondence

Regulatory Events Reporting – Representatives Not Reporting to the B/D, Firms Not Reporting to FINRA, Incorrect Filings, Inadequate Surveillance

Municipal Securities – Inadequate Controls and Procedures, Short Positions and Fails to Receive

Trusted Contact Persons (TCP) – No Reasonable Effort to Obtain TCP Information, No Written Disclosures, No Documented Training, No Documented Internal Review

 

Funding Portals and Crowdfunding Offerings – Failure to Obtain Attestations, Missing Disclosures, Failure to Report Complaints, Filing Errors, Providing Advice, Misleading Statements

Reg BI and Form CRS – Failure to Comply with the Care, Conflicts, Disclosure, or Compliance Obligations, Deficient Filings, Failure to Deliver, Improper Website Posting, Inadequate Amendments

Communications With the Public – Misleading Mobile Apps, Deficient Crypto Communication, ESG Promotion Factors

Private Placements – Late Filings, No Reasonable Investigation

 Variable Annuities – Unsuitable Exchanges, Insufficient Training, Poor Data Quality, Failure to Consider Reasonably Available Alternatives

 

 


Consolidated Audit Trail (CAT) – Submission of Reportable Events, Inaccurate Reporting, Late or Failed Submissions of Corrections, Inadequate Vendor Supervision, Recordkeeping

Best Execution – No Assessment of Competing Markets, Unreasonable “Regular and Rigorous Reviews”

Disclosure or Routing Information – Inaccurate Rule 606 Reports, Deficient Communication, Insufficient WSPs, Incomplete Disclosures

Fixed-Income Fair Pricing – Incorrect PMP Determinations, Markup/down Reviews, Exception Reporting

Fractional Shares – Reporting and Order Handling – Reporting Failures, Inadequate Supervisory Systems and Controls

Regulation SHO – No bona fide Market-making, Intraday Buy-to-Cover Trades

Net-Capital – Incorrect Capital Charges for Underwriting Commitments, Inaccurate Deductions and Concentration Charges, Inaccurate Recording of Revenue and Expenses, Inadequate WSPs

Liquidity Management – Inaccurate Clearing Deposit Requirements, Stress Testing Deficiencies, No Contingency Planning

Credit Risk Management – No Credit Management Reviews, No Credit Limit Assignments, Inadequate Systems to Monitor Customer and Counterparty Limits

Segregation of Assets and Customer Protection – Inconsistent Check-Forwarding Processes, Inadequate Reserve Formula Calculations, Inaccurate Segregation of Customer Securities

Margin and Intraday Trading – Inadequate Monitoring Systems, Not Promptly Escalating Risk Exposures, Insufficient WSPs, Ineligible Securities in Margin Portfolios

The breadth and detail of the report assign a heavy challenge for most compliance teams, especially those responsible for smaller and mid-sized Broker/Dealers who may lack the internal resources to comply. If you are uneasy about how you might fare should you become part of the FINRA Regulatory Focus for 2023, consider hiring additional experienced professionals to conduct a mock examination, conduct an independent assessment of your supervisory controls and written procedures, or serve as an additional registered principal when the need arises.