The Financial Industry Regulatory Authority (FINRA) recently released its 2024 Annual Regulatory Oversight Report, offering crucial insights into the regulatory landscape for broker-dealers. The report addresses various areas, emphasizing key priorities, risks, and effective practices for firms to remain aware of during the coming year. The following are the key takeaways from the 90 page release.
Cybersecurity remains a paramount concern for FINRA. The report underscores heightened risks in areas such as ransomware, insider threats, and cybersecurity events at critical vendors. To mitigate these risks, effective practices include the implementation of robust access controls, continuous monitoring for unauthorized access and data exfiltration, comprehensive training, and well-defined incident response planning.
AML Compliance Focus
Continuing its focus on Anti-Money Laundering (AML) compliance, FINRA identifies risks associated with inadequate customer due diligence, monitoring, and reporting of suspicious activity. The report also sheds light on emerging risks, particularly new account fraud facilitated by cyber methods.
Regulation Best Interest (Reg BI) Emphasis
Regulation Best Interest (Reg BI) compliance remains a critical area. The report reveals findings related to failures in meeting the Care Obligation, proper disclosure and mitigation of conflicts of interest, and the implementation of adequate policies and procedures. Effective practices involve providing guidance and tools to evaluate costs and alternatives, ensuring transparency and compliance.
New Frontiers: Crypto Assets and AI
Introducing new sections on crypto assets and artificial intelligence, the report highlights regulatory considerations in these evolving areas, recognizing the need for vigilance and compliance. Apart from firms with explicit approval for crypto asset securities business, FINRA has urged broker-dealers to inform the self-regulator about their involvement or intended involvement in crypto asset-related endeavors. This includes activities associated with crypto assets that do not fall under the category of securities, as outlined in the report. The report notes that certain broker-dealers have established affiliations with third parties or affiliates to facilitate their clients’ access to non-securities-related crypto asset activities.
Private Placements Concerns
Private placements continue to be a focal point, with identified issues related to inadequate due diligence, late filings, and conflicts of interest. To address these concerns, the report recommends effective practices such as the use of checklists, meticulous documentation of due diligence processes, and the identification of potential conflicts.
To read the full release, click here.