FINRA’s 2019 Risk Monitoring and Examination Priorities Letter
On Jan. 22, 2019, the Financial Industry Regulatory Authority (FINRA) released its 14th Annual Risk Monitoring and Examination Priorities Letter (Priority Letter) where it identifies its areas of examination focus for 2019. The FINRA president’s cover note points out the addition to the title of a reference to “risk monitoring.” While the Priority Letter describes the multiple issues and concerns on which FINRA will continue to focus during examinations, the president’s note points out that this year’s Priority Letter reflects two changes. The first change is the clarification of how the examination process helps to fulfill the risk assessment function of FINRA. The second change is the shift in emphasis from extensive discussions of continuing concerns that have been the focus of examinations for many years to a more detailed explanation of certain new key priorities that now appear in the new letter.
FINRA’s central examination priorities have been and still include: obligations related to suitability determinations; outside business activities; private securities transactions; private placements, communications with the public; anti-money laundering (AML); best execution; fraud; insider trading and market manipulation; net capital and customer protection; trade and order reporting; data quality and governance; recordkeeping; risk management; and general supervision. However, in contrast to previous years, the 2019 Priority Letter attempts to limit repetitive discussions of certain topics that have been central to its focus in the past. The Priority Letter instead places its emphasis on topics FINRA has not articulated in prior letters.
As further described below, FINRA’s 2019 highlighted priorities are online distribution platforms, fixed-income mark-up disclosure, and regulatory technology. Reflecting FINRA’s concern with identifying risk factors, the Priority Letter also draws attention to the risks related to the sales practice, operations, market, and financial practices of FINRA member firms (hereinafter referred to as “firms”).
Online Distribution Platforms
The purpose of most online distribution platforms is to connect security buyers and sellers on a website that prices orders, executes trades, and displays transaction data. According to FINRA, firms involved with distribution platforms are selling or recommending securities. Therefore, FINRA will evaluate how such firms:
- conduct their reasonable-basis and customer-specific suitability analyses;
- supervise communications with the public;
- meet AML requirements;
- are addressing the risk of offering documents or communications with the public that omit material information or contain false or misleading statements;
- address the risk of sales to non-accredited investors and non-compliant escrow arrangements (applicable to Regulation D offerings); and
- mitigate the risk of excessive or undisclosed compensation arrangements between firms and issuers (applicable to Regulation A offerings).
Fixed Income Mark-Up/Mark-Down Disclosure
In 2019, FINRA will review firms’ mark-up or mark-down disclosure obligations on fixed income transactions pursuant to amendments to FINRA RULE 2232 and MSRB Rule G-15. Additionally, FINRA will review any firm behavior that might be undertaken to avoid their mark-up or mark-down disclosure obligations. Firms should note that FINRA has prepared, and specifically refers to, its own compilation of mark-up and mark-down data, and firms would be prudent to consider that data when determining what is a fair mark-up or mark-down.
On cybersecurity, FINRA follows the trend of other regulators, principally the U.S. Securities and Exchange Commission, in identifying the risks from third-party vendor relationships to firms by virtue of the vendors’ direct access to the financial firm’s computer network. Many hacks in the past five years have begun by weak vendor cybersecurity. Therefore, cybersecurity supervision and cyber governance remains an important part of any risk-oriented culture. Supervision and cyber governance allow trust in the firm as it handles client money. Regulatory technology issues are new and follow the trend of many institutions and firms that use advanced computing capabilities (like machine learning) in identifying risks and behavior that may run afoul of KYC (Know Your Client) and AML guidelines. Organizations are relying more and more on these technologies to detect fraud. FINRA appears to be gathering intelligence to determine whether compliance is being fostered or hindered by regulatory technology.
Sales Practice Risks
Investor suitability remains one of FINRA’s top priorities.
This year, FINRA’s review may emphasize:
- deficient quantitative-suitability determinations or related supervisory controls;
- overconcentration in illiquid securities, such as variable annuities, non-traded alternative investments, and securities sold through private placements;
- recommendations to purchase share classes that are not in line with the customer’s investment time horizon or held for a period that is inconsistent with the security’s performance characteristics;
- whether firms are meeting their suitability obligations and risk-disclosure obligations when recommending exchange-traded products (including leveraged, inverse, and floating rate exchange-traded funds and mutual funds that invest in loans of lower credit quality); and
- securities products that package leveraged loans.
Protection of senior investors also remains one of FINRA’s top examination priorities.
This year, FINRA’s examinations may emphasize:
- how firms are protecting senior investors from fraud and exploitation;
- firms’ supervision of accounts where registered representatives serve in a fiduciary capacity (including how registered representatives use their role as a fiduciary to take control of assets); and
- review of supervisory systems that firms employ pertaining to accounts of senior investors.
As part of its risk assessment efforts, FINRA will seek to understand what controls firms have in place to implement new FINRA Rule 2165, and their early experience with the new provisions.
Outside Business Activities and Private Securities Transactions
FINRA will review firms’ controls related to associated persons’ outside business activities and private securities transactions (including how such persons raise funds from their customers outside of their firm’s supervision).
Supervision of Digital Assets Business
FINRA encourages firms to notify FINRA if they plan to engage in the digital assets business. FINRA will examine how such firms determine whether a particular digital asset is a security and whether they have implemented adequate controls and supervision over compliance with rules related to the marketing, sale, execution, control, clearance, recordkeeping, valuation, and AML/Bank Secrecy Act regulations of digital assets. FINRA advises that it will coordinate closely with the SEC regarding these developing areas.
Customer Due Diligence and Suspicious Activity Reviews
FINRA will assess firms’ compliance with FinCEN’s Customer Due Diligence (CDD) rule (effective on May 11, 2018).
The CDD rule requires firms to:
- identify beneficial owners of legal entity customers;
- understand the nature and purpose of customer accounts; and
- conduct ongoing monitoring of customer accounts to identify and report suspicious transactions and update customer information.
FINRA will continue examining best execution practices, specifically reviewing the:
- best execution decision-making when a firm routs substantially all customer orders to (i) a small number of wholesale market makers from which they receive payment for order flow or (ii) an affiliated broker-dealer or an alternative trading system (ATS) in which the firm has a financial interest;
- process for checking additional venues to identify opportunities for price improvement that would benefit the customer;
- process for quantifying the benefits to customers from firms’ receipt of order routing inducements; and
- process for handling conflicts of interest involving the duty of best execution and any inducements or benefits received from the routing or internalization of customer orders.
Market Manipulation and Market Access
FINRA will continue to look for any type of manipulation, specifically focusing on manipulative trading in correlated exchange-traded products and correlated options products. FINRA also will assess the ability of a firm’s policies and procedures to detect and prevent manipulative trading activity.
Regarding market access, FINRA will continue to review firms’ compliance with Rule 15c3-5 (the Market Access Rule) under the Securities Exchange Act of 1934 (Exchange Act). Specifically, FINRA will focus on how firms apply appropriate controls and limits to sponsored-access orders, retain the sole authority in determining the boundaries for those controls and limits, and implement and test exception-reporting systems covering sponsored-access orders.
Short Sales and Tenders
FINRA will review whether firms have structured their aggregation units in a manner consistent with the requirements of Exchange Act Rule 200(f). Furthermore, FINRA will continue reviewing how firms account for their options positions when tendering shares in the offer.
Financial risks continue to be of great importance to the soundness of securities markets. The potential danger to customers, companies, and to the economy, in general, were highlighted by the events that led to many of the market reforms under which we currently operate, and we can expect FINRA to apply its risk-based analysis to issues in sensitive areas.
FINRA will review firms’ policies and procedures for identifying, measuring, and managing credit risk and will assess the extent to which firms identify and address all relevant risks when they extend credit. FINRA will also examine firms’ compliance with FINRA Rule 4210(f)(1) (Margin Requirements), which requires substantial additional margin on positions in securities that are subject to fluctuations.
Funding and Liquidity
FINRA will continue to evaluate firms’ liquidity planning. Its review will focus on whether firms update their stress-test assumptions, considering changes in the marketplace and/or changes in their business. FINRA also will assess the adequacy of firms’ liquidity pools and their regular review of the reasonableness of stress-test assumptions, considering firm business activities and arrangements.
Going forward, examinations will include inquiries into a variety of other areas based upon changes in market conditions, industry practice, investor protection, and the business model of each FINRA member firm. Also, developments during the year can prompt FINRA to expand its priorities and/or shift its focus.