On January 10, 2023, the Financial Industry Regulatory Authority, Inc. (“FINRA”) released its 2023 Report on FINRA’s Examination and Risk Monitoring Program (the “Report”). The Report details findings from FINRA’s recent oversight activities of the FINRA Member Supervision, Market Regulation and Enforcement programs.
The 75-page report identifies specific areas of regulatory focus along with applicable rules and considerations, noteworthy exam findings, and best practices and emerging risks for firms to consider when evaluating their compliance programs and controls.
Below, we summarize our top eight takeaways from this year’s report:
Reg BI and Form CRS
Reg BI and Form CRS remain areas of focus across FINRA’s regulatory operations programs. FINRA’s reviews of member firms’ adherence to their obligations pursuant to Reg BI and Form CRS address a number of areas, such as making recommendations that adhere to Reg BI’s Care Obligation; identifying and addressing conflicts of interest; disclosing to retail customers all material facts related to conflicts of interest; establishing and enforcing adequate written supervisory procedures (WSPs), including the provision of effective staff training; and filing, delivering and tracking accurate Forms CRS.
Consolidated Audit Trail (CAT)
FINRA continues to review member firms’ compliance with CAT Rules, which includes timely submission of reportable events and corrections, reporting complete and accurate CAT records, and effectively supervising third-party vendors (including those responsible for CAT submissions and clock synchronization).
Order Handling, Best Execution and Conflicts of Interest
FINRA continues to assess member firms’ compliance with their best execution obligations under FINRA Rule 5310 and Rule 606 of Regulation NMS, which requires broker-dealers to disclose information regarding the handling of their customers’ orders in NMS stocks and listed options. FINRA’s reviews include whether firms are fully and promptly executing marketable customer orders, adequately conducting periodic “regular and rigorous reviews,” and clearly and completely disclosing the specific terms of any profit-sharing relationships—such as payment for order flow (PFOF)—with venues to which they route orders.
As the use of mobile apps becomes increasingly widespread, the risks posed by them become more significant. As such, FINRA has observed potential issues with some mobile apps, including apps that do not adequately distinguish between products and services of the broker-dealer and those of affiliates or third parties (such as transactions involving crypto assets). In the report, FINRA also touches on mobile apps’ disclosures and explanations of higher-risk products or services, such as certain options and margin lending activities.
Cybersecurity threats continue to be one of the most significant risks facing many customers and firms. The report discusses FINRA’s significant focus on cybersecurity, including the establishment of the Cyber and Analytics Unit to enhance the ability to proactively address the increasingly sophisticated cyber threat landscape, the impact of cyber-enabled fraud activity including on investors in the crypto-asset market, and FINRA’s increased outreach to firms to make them aware of cybersecurity threats.
As discussed in the report, FINRA will continue to review firms’ communications and disclosures to customers relating to complex products. FINRA will also review customer account activity to assess whether firms’ recommendations regarding these products are in the best interest of retail customers given their investment profiles and the potential risks, rewards and costs associated with the recommendations.
Not surprisingly, AML fraud remains a major focus area for FINRA. Specifically, FINRA has found that certain member firms have failed to conduct CIP or CDD, as required. FINRA has also found that firms have failed to collect identifying information at the time of account opening and verify the identity of both customers and the beneficial owners of legal entity customers within a reasonable timeframe. Finally, FINRA has some concerns on how firms are detecting and responding to red flags of identity theft or synthetic identity fraud in connection with account opening.
New 2023 Compliance Topics
FINRA also introduced several new topics (e.g., findings, effective practices) under existing sections of the report. These materials included Manipulative Trading, Fixed Income – Fair Pricing, Fractional Shares: Reporting and Order Handling and Regulation SHO (i.e. Bona Fide Market Making Exemptions and Reuse of Locates for Intraday Buy-to-Cover Trades).