[Slideshow] FINRA Releases First Ever Exam Findings

Last Wednesday, FINRA released its first ever examination findings report, which summarizes common risks unveiled during broker-dealer audits. The 14-page report is an outcome of Robert Cook’s FINRA 360 program and is intended to further improve firms’ compliance functions based upon the experiences of other member firms, enabling them to better anticipate and address potential areas of concern before their own examinations occur. Below is a list of highlighted observations included in the Summary Report.


As the nature and sophistication of cybersecurity threats continue to evolve, even robust cybersecurity programs can be compromised when, for example, an employee opens an email attachment that contains malware. Common threats FINRA observed in 2016 and 2017 include phishing attacks, ransomware attacks and fraudulent third-party wires that frequently involve use of email or stolen customer or financial advisor credentials. FINRA also observed a variety of areas where firms could improve their cybersecurity programs, such as access management, risk assessments, vendor management, branch offices, segregation of duties, and data loss prevention.

Training Topics: Cybersecurity & FINRA, Cybersecurity for Supervisors, Cybersecurity: Phishing, Phishing Awareness – The Human Factor of Security, Customer Data Protection and More

View Training


Outside Business Activities and Private Securities Transactions

Problems observed by FINRA in this area include individuals failing to notify the member firm of their OBAs and PSTs, including situations where a new hire or current registered or associated person failed to notify their prospective or current firm in writing of an existing OBA or PST. In other cases, the firm itself failed to adequately review certain OBAs and PSTs (such as failing to collect/maintain supporting documents or failure to execute reviews in sufficient depth).


Training Topics: Outside Business Activities and Private Securities Transactions, Outside Business Activities: A Wholesalers Responsibilities, Quest Annual Compliance Reminders for Registered Representatives and More

View Training

Anti-Money Laundering

Problems observed by FINRA in this area include failure to maintain adequate AML policies and procedures (such as failing to expand the AML program with a business or as the business evolved), placing AML program responsibilities with inadequately trained personnel, lack of adequate resources provided to AML departments and failure to ensure the independent testing required under FINRA Rule 3310(c) included a review of how the firm’s AML program was implemented.


Training Topics: Advanced Anti-Money Laundering, Anti-Money Laundering and the Red Flag Rule, Anti-Money Laundering Considerations for Banks, Anti-Money Laundering Detection and Prevention for Agents and More

View Training

Product Suitability

The concerns that FINRA had during the course of examinations with regard to the suitability of certain products and their supervision did not vary materially by firm size, but did occur more frequently in connection with certain product classes, specifically unit investment trusts (UITs) and certain multi-share class and complex products, such as leveraged and inverse exchange-traded funds (ETFs).



Training Topics: Client Suitability, FINRA’s Suitability and Know Your Customer Rules (FINRA Rules 2111 and 2090), Introduction to Suitability and the Senior Protection Model Regulation, ETF Investing, Non-Traditional ETFs and More

View Training

Best Execution

FINRA had concerns regarding the duty of best execution at firms of all sizes that receive, handle, route or execute customer orders in equities, options and fixed income securities. FINRA found that some firms failed to implement and conduct an adequate regular and rigorous review of the quality of the executions of their customers’ orders.




Training Topics: Best Execution and Debt Mark Ups, order Execution Qualifiers and More

View Training

Market Access Controls

As trading in the U.S. securities markets has become more automated, the potential impact of a trading error or a rapid series of errors—caused by a computer or human error, or a malicious act—has become more severe. FINRA observed several areas where some firms that provide market access fall short of their obligations under SEA Rule 15c3-5, particularly with respect to the establishment of pre-trade financial thresholds, implementing and monitoring aggregate capital or credit exposures, and tailoring erroneous trade controls.


Training Topics: SEC Rule 15c3-5: Market Access Rule and More

View Training

Additional Observations

In addition to the topics addressed, FINRA also draws firms’ attention to areas where operational deficiencies have challenged some firms’ ability to meet their compliance obligations. These areas include: alternative investments held in individual retirement accounts (IRAs), Net Capital and Credit Risk Assessments, Order Capacity, Regulation SHO and TRACE Reporting.



Training Topics: TRACE Reporting, Alternative Investment Companies, Supervising Alternative Investments, Qualified Plan Rollovers and More

View Training