On January 4, 2017, the Financial Industry Regulatory Authority (FINRA) published its Annual Regulatory and Examinations Letter (Priorities Letter), which outlines the key areas on which FINRA intends to focus during its 2017 exam period.

The areas of focus in the Priorities Letter are based on observations from FINRA’s regulatory programs, with additional input from investor advocates, member firms and other regulators. The Priorities Letter notes that FINRA will continue to focus on issues related to compliance, supervision and risk management. Key areas of emphasis for 2017 include: (1) high risk and recidivist brokers; (2) sales practices, such as the excessive and short-term trading of long-term products; (3) financial risks, such as liquidity risk and financial risk management; (4) operational risks, such as cybersecurity and supervisory controls; (5) market integrity, including manipulation and trading conduct examinations. FINRA will conduct electronic, off-site reviews in 2017 which will supplement the traditional on-site examinations of member firms.1

What this means

Member firms will need to keep these FINRA priorities at the top of their checklist when reviewing their compliance, supervisory and risk management programs, and internal training and communications.

  1. High Risk and Recidivist Brokers:2

FINRA will review member firms’ supervisory and compliance controls for the hiring and monitoring of high-risk and recidivist brokers. This will include brokers’ interactions with customers, and compliance with rules regarding suitability, KYC (know your customer), outside business activities, private securities transactions, and commissions and fees. FINRA will determine if firms have developed a supervisory plan tailored to detect and prevent future misconduct, and will evaluate branch office inspection programs, including supervision of account activity, and use of social media.

  1. Sales Practices:3

FINRA’s areas of concern include, broker-dealer controls to protect senior investors from fraud and inappropriate advice, product suitability and concentration, excessive and short-term trading of long-term products, outside business activities and private securities transactions, and social media and electronic communications retention and supervision. FINRA will continue to evaluate broker-dealers effectiveness in monitoring the above areas of concern, and will focus on the controls in place to prevent unsuitable sales practices. Firms should evaluate whether their supervisory systems detect activity intended to evade automated surveillance, and comply with Security and Exchange Commission (SEC) and FINRA record retention requirements to “…ensure the capture of business-related communications regardless of the devices or networks used.4

  1. Financial Risks:5

In 2016 FINRA found that broker-dealers lacking liquidity risk management plans, did not conduct stress tests, applied insufficiently rigorous assumptions, and retained insufficient fund sources. FINRA will review such funding and liquidity plans, and assess whether firms adequately evaluate their liquidity needs, along with their contingency plans and stress testing for plan effectiveness. Amendments to FINRA Rule 4210 where margin requirements for covered agency transactions became effective, will be reviewed to confirm risk policies, procedures and that limit setting processes comply with the rules.

  1. Operational Risks:6

Among the operational risks listed, cybersecurity is listed first, and according to FINRA “…remain[s] one of the most significant risks many firms face, and in 2017, FINRA will continue to assess firms’ programs to mitigate those risks.7” The assessments will be tailored and based on a variety of factors, business models, size and risk profile, and may include, methods for preventing data loss, controls used to monitor and protect data, management of vendor relationships, and controls in place to protect sensitive information.

FINRA will also assess broker-dealer testing of internal supervisory controls, and will evaluate whether these controls and supervisory processes will protect customer assets, in addition to focusing on Anti-Money Laundering and suspicious activity monitoring. Trading surveillance processes “…must … include alerts tailored to the firm’s anti-money laundering red flags.8

  1. Market Integrity:9

Detecting and deterring market manipulation is a critical priority for FINRA. They have developed a cross-product surveillance pattern and introduced the Cross Market Equity Supervision Report Cards to detect layering and spoofing activity, as a compliance tool. A Fixed Income Securities Surveillance Program has been expanded to include manipulation-based surveillance patterns, such as wash trades, and new TRACE reporting requirements for transactions in US Treasury securities that become effective in July 2017. As such, the development of a data integrity program to monitor the accuracy of the submitted data is a FINRA priority. To allow market conduct integrity FINRA has issued “Best Execution” obligations, together with a Market Access Rule, and Audit Trail Reporting Early Remediation to alert firms to any potential issues.

Key Observations and Take-aways

FINRA President and CEO, Robert Cook stated that most of the topics addressed in this year’s letter have been highlighted in prior years, but specific areas of emphasis have been updated or modified based on recent observations and experience.10 Importantly, the 2017 Priorities Letter recognizes the nature of the “Insider Threat” and expresses FINRA’s intent to inquire into what controls firms have in place to acknowledge and manage it.11 “The nature of the insider threat itself is rapidly changing as the workforce evolves to include more employees who are mobile, trusted external partnerships and vendors, internal and external contractors, as well as offshore resources …12” according to the 2017 Letter. The volume of sensitive financial data stored electronically has risen exponentially in the last few years, as have the increasingly aggressive attempts to hack into data repositories, making cybersecurity and conduct surveillance key themes of the 2017 Letter.13

FINRA issued a series of Letters of Consent at the end of December, levying fines totaling $14 million against 12 firms for failing to maintain accurate, complete and adequately protected electronic records.14 Maintaining the integrity of these records is critical to the investor protection function, and regardless of the regulatory environment, is key to the reputational retention of financial firms.

Brad Bennet, FINRA’s current Chief of Enforcement will be stepping down,15 and there may be changes which come with the new Trump administration in Washington. Only time will tell whether FINRA will continue its aggressive enforcement actions, or if there will be a softening of attitudes. Regardless of the regulatory enquiries however, firms should continue to take actions to improve cybersecurity resilience and conduct surveillance, to maintain investor protection.

 

Visit www.accenture.com/RegulatoryCompliance for latest insights on regulatory remediation and compliance transformation.

Newsletter Author: Samantha Regan, Mairi Bryan

References

  1. “FINRA Publishes 2017 Regulatory and Examination Priorities Letter,” The National Law Review, January 6, 2017. Access at: http://www.natlawreview.com/article/finra-publishes-2017-regulatory-and-examination-priorities-letter
  2. “FINRA’s Regulatory and Examination Priorities for 2017,” The SDDCO Group. Access at: http://sddco.com/updates/finra-regulatory-and-examination-priorities-letter-2017/
  3. Ibid
  4. Ibid
  5. Ibid
  6. Ibid
  7. “The FINRA Worm Turns,” Mintz Levin, Privacy & Security Matters, January 6, 2017. Access at: https://www.privacyandsecuritymatters.com/tag/finra-2017-regulatory-and-examination-priorities/
  8. “FINRA’s Regulatory and Examination Priorities for 2017,” The SDDCO Group. Access at: http://sddco.com/updates/finra-regulatory-and-examination-priorities-letter-2017/
  9. Ibid
  10. “2017 Regulatory and Examination Priorities Letter,” Financial Industry Regulatory Authority, January 4, 2017. Access at: http://www.finra.org/industry/2017-regulatory-and-examination-priorities-letter
  11. “The FINRA Worm Turns,” Mintz Levin, Privacy & Security Matters, January 6, 2017. Access at: https://www.privacyandsecuritymatters.com/tag/finra-2017-regulatory-and-examination-priorities/
  12. Ibid
  13. Ibid
  14. Ibid
  15. Ibid

Disclaimer

This blog is intended for general informational purposes only, does not take into account the reader’s specific circumstances, may not reflect the most current developments, and is not intended to provide advice on specific circumstances. Accenture disclaims, to the fullest extent permitted by applicable law, all liability for the accuracy and completeness of the information in this blog and for any acts or omissions made based on such information. Accenture does not provide legal, regulatory, audit or tax advice. Readers are responsible for obtaining such advice from their own legal counsel or other licensed professional.

About Accenture:

Accenture is a leading global professional services company, providing a broad range of services and solutions in strategy, consulting, digital, technology and operations. Combining unmatched experience and specialized skills across more than 40 industries and all business functions—underpinned by the world’s largest delivery network—Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders. With more than 373,000 people serving clients in more than 120 countries, Accenture drives innovation to improve the way the world works and lives. Its home page is www.accenture.com.

Copyright © 2017 Accenture. All rights reserved.

Accenture, its logo, and High Performance Delivered are trademarks of Accenture. This document is produced by Accenture as general information on the subject. It is not intended to provide advice on your specific circumstances.

If you require advice or further details on any matters referred to, please contact your Accenture representative.

Submit a Comment

Your email address will not be published. Required fields are marked *