Eight Takeaways from FINRA’s 2022 Exam Priorities Letter

It’s planning season! Before putting your written training plan together, you’ll want to take a good look at the 2022 Report on FINRA’s Examination and Risk Monitoring Program. The 60-page report identifies specific areas of regulatory focus along with applicable rules and considerations, noteworthy exam findings, and best practices and emerging risks for firms to consider when evaluating their compliance programs and controls.

Below, we summarize our top eight takeaways from this year’s report:

Anti-Money Laundering

There are several focus areas that never seem to fall off FINRA’s radar – and for good reason. One of these ongoing concerns is money-laundering. With that, FINRA will continue to focus on member firm’s written AML programs which should be reasonably designed to comply with the requirements of the Bank Secrecy Act (BSA) and its implementing regulations. During examinations, member firms are also expected to show that they have established and implemented policies, procedures and internal controls that can be reasonably expected to detect and cause the reporting of suspicious activity; provide for an independent test of the AML program each calendar year; and provide ongoing training for appropriate personnel.  

Cybersecurity and Technology Governance

Cybersecurity threats are one of the top risks firms and their customers face. Over the past year, FINRA noticed an increase in the number and sophistication of these types of threats and issued several alerts of its own, warning firms about a series of phishing emails appearing to come from FINRA. To mitigate cyber-related risks, firms are expected to have a process for continuously assessing cybersecurity and technology risks. In addition, firms are required to include comprehensive cybersecurity and phishing-specific courses in their annual training programs.

Outside Business Activities and Private Securities Transactions

As another ongoing focus area, FINRA reminds firms of their Outside Business Activities (OBAs) and Private Securities Transactions (PSTs) disclosure obligations. Many of the exam findings from the past year show that many registered persons are continuing to fall short of their obligations when it comes to notifying their firms, in writing, of their OBA and PST activities. Findings also show that many firms have inadequate controls to confirm adherence to limitations placed on OBAs or PSTs. Firms and their registered members should be aware of these focus areas and anticipate FINRA addressing them again in their 2022 inspections.

Books and Records

Archiving communications is another focus area that has been top-of-mind for FINRA for several years. As a rule, firms are required to, among other things, “create and preserve, in an easily accessible place, originals of all communications received and sent relating to its ’business as such’.” Moving forward, the regulator will continue to look at the third-party vendors firms use to store their required records and will assess each firm’s policies and procedures regarding their books and records.

(NEW) Trusted Contact Persons

FINRA Rule 4512(a)(1)(F) (Customer Account Information) requires firms, for each of their non-institutional customer accounts, to make a reasonable effort to obtain the name and contact information for a trusted contact person (TCP) age 18 or older. This also describes the circumstances in which firms and their associated persons are authorized to contact the TCP and disclose information about the customer account. In its examinations, FINRA will be reviewing firm’s WSPs to ensure that there is a plan in place for obtaining contact information for TCPs.

Reg BI and Form CRS

2021 marked the first full calendar year during which FINRA examined member firm’s implementation of Reg BI and Form CRS related obligations. During this time, FINRA noted that several firms were coming up short on these obligations. Some of the most notable findings include: insufficient WSPs regarding Reg BI and Form CRS, inadequate staff training, failure to comply with the Care Obligation and the Conflict of Interest Obligation, improper use of the terms “advisor” or “adviser,” insufficient Reg BI disclosures, and much more. Needless to say, FINRA will continue to place a large emphasis on Reg BI and Form CRS in its upcoming inspections.

Communications with the Public

FINRA rules require that firms’ communications with the public must be fair and balanced and not misleading. In the Report, FINRA highlighted the importance of these rules in the context of digital asset communications, mobile apps, and municipal securities communications. In past examinations, FINRA found, among other things, that many firms were including false, misleading and inaccurate information in mobile apps, had deficient communications for promoting digital assets, had misrepresentations in cash management account communications, and had insufficient supervision and recordkeeping of digital communications. Going into 2022, firms should consider these, and other factors when communicating with the public.

Best Execution

FINRA Rule 5310 (Best Execution and Interpositioning) requires that, in any transaction for or with a customer or a customer of another broker-dealer, a member firm and persons associated with a member firm shall use reasonable diligence to ascertain the best market for the subject security and buy or sell in such market so that the resultant price to the customer is as favorable as possible under prevailing market conditions. Where a firm may choose to not conduct an order-by-order review—to the extent consistent with Rule 5310 and associated guidance—it must have procedures in place to confirm it periodically conducts “regular and rigorous” reviews of the execution quality of its customers’ orders.


The following chart shows trends in FINRA exam priorities over the past three years.

FINRA Exam Priority 2020 2021 2022
Alternative Trading System Surveillance X X
Anti-Money Laundering X X X
Best Execution X X X
Books and Records X X
Business Continuity Planning X
Consolidated Audit Trail (CAT) X X
Cash Management and/or Bank Sweep Programs X
Contractual Commitment Arising from Underwriting Activities X
Communications with the Public X X
Credit Risk Policies, Procedures and Risk Limit Determinations X
Culture, Conflicts of Interest and Ethics X X
Customer Protection/Segregation of Client Assets X X X
Cybersecurity X X X
Data Quality and Governance X
Direct Market Access Controls
Digital Assets X X
Disclosure of Order Routing Information X
Excessive and Short-term Trading of Long-Term Products X
Exchange Traded Funds (ETFs) X
Financial Risk Management X X
Fixed Income Mark-Up Disclosure X X
Fixed Income Prime Brokerage X
Initial Coin Offerings and Cryptocurrencies X
Large Trader Reporting X
London Interbank Offered Rate (LIBOR) Transition X
Liquidity Risk/Management X X
Market Integrity X X
Market Access Rule X X X
Microcap Fraud X X
Net Capital X X
Online Distributions Platforms X
Options X X
Outside Business Activities/Private Securities Transactions X X X
Private Placements X X X
Product Suitability and Concentration X
Regulatory Events Reporting X
Regulation Best Interest (Reg BI) and Form CRS X X
Report Cards X X
Sales of Initial Public Offerings (IPOs) Shares X
Sales Practice Risks X
Senior Suitability/Suitability X X
Social Media and Electronic Communications Retention/Supervision X
Short Sales X
Short Tenders X
Technology Governance X X
Trading Authorizations
Variable Annuities X X
Vendor Display Rule X