Report on FINRA’s 2021 Examination and Risk Monitoring Program
On Feb. 1, 2021, the Financial Regulatory Authority (FINRA) released its 2021 Report on FINRA’s Examination and Risk Monitoring Program (Report), in which it identifies its areas of examination focus for FINRA member firms (Firms) in 2021. The Report replaces the prior format for examination focus, the Risk Monitoring and Examination Program Priorities Letter. In the introduction to the Report, FINRA acknowledges the ongoing COVID-19 pandemic, its regulatory notice in response, and the challenges Firms have faced in response. The report stresses, however, that while FINRA has been in contact with firms throughout the pandemic, it is not ready to address any specific COVID-19-related issues and that such issues will be covered in a future publication.
The Report addresses several key topics from four distinct categories: Firm Operations, Communications and Sales, Market Integrity, and Financial Management. Highlighted areas from these four categories were:
Regulation Best Interest (Reg BI) and Form CRS
Consolidated Audit Trail
Communications with the Public
A discussion of these topics, separated by category, follows below. The Report also contains an Appendix that describes how Firms can use the Report in their compliance programs.
FINRA will continue to monitor Firms’ compliance with FINRA Rule 3310 (Anti-Money Laundering (AML) Compliance Program). Additionally, Firms should remain current on their compliance with the Financial Crimes Enforcement Network’s (FinCEN) Customer Due Diligence rule, which requires firms to identify beneficial owners, understand the nature and purpose of customer accounts, and identify and report suspicious transactions. FINRA also points out that the recently passed Anti-Money Laundering Act of 2020 may result in material changes to current FINRA rules and/or additional rules regarding AML compliance.
Cybersecurity and Technology Governance
SEC Regulation S-P Rule 30, which requires written policies and procedures to safeguard custom records and information, and FINRA rule 4370 (Business Continuity Plans and Emergency Contact Information) will remain a focus of FINRA examination. Cybersecurity remains one of the largest operational risks for firms, and technological problems can hinder not only compliance with specific information security rules but also many other general SEC and FINRA rules.
Outside Business Activities and Private Securities Transactions
FINRA will monitor regulatory obligations under Rules 3270 (Outside Business Activities of Registered Persons) and 3280 (Private Securities Transactions of an Associated Person). These rules assist Firms in determining whether to limit or allow such activities.
Books and Records
Exchange Act Rules 17a-3 and 17a-4 and FINRA Rule 3110(b)(4) (Review of Correspondence and Internal Communications) and FINRA Rule Series 4510 (Books and Records) continue to require that Firms create and preserve in easily accessible locations originals of all communications received and sent relating to “business as such.” Firms are reminded that such rules contain specific protocols on electronic storage media (ESM) that include that the date be “non-rewriteable and non-erasable.” Relatedly, Firms should consider what cloud vendors they may use to remain in compliance with books and records rules and ensure that their policies address such vendors.
Regulatory Events Reporting
Firms must continue to promptly report to FINRA specified events contained in Rule 4530 (Reporting Requirements). Additionally, this rule requires that associated persons report such events to their Firms.
Fixed Income Mark-up Disclosure
Amendments to FINRA’s Rule 2232 (Customer Confirmations) and Municipal Securities Rulemaking Board’s Rule G-15 in 2018 continue to require that Firms provide additional transaction-related information to retail customers for certain trades in corporate, agency and municipal debt securities (other than municipal fund securities). Additionally, for all retail trades in these securities Firms must disclose on the confirmation the time of execution and a security-specific link to the FINRA or MSRB website for additional information. Such disclosed mark-ups and mark-downs must be expressed as both a total dollar amount for the transaction and a percentage of prevailing market Price (PMP).
Communications and Sales
Regulation BI and Form CRS
FINRA will look into the policies, procedures, and controls in place to assess compliance with and practice of Regulation Best Interest (Reg BI) for making recommendations to retail customers on any securities transaction or investment strategy involving securities. FINRA will also ensure compliance providing retail customers Form CRS, which describes the types of client, customer relationships, and services the Firm offers.
Communications with the Public
Public Communications will remain an area of FINRA focus. Rule 2210 (Communications with the Public) categorizes all communications into three categories: correspondence, retail communications, or institutional communications. It then sets content standards designed to apply to ongoing developments in technology and practice. FINRA will ensure that, as required by the rule, all communications are based on principles of “fair dealing and good faith” and that the communications are not false or misleading.
Firms will continue to be required to conduct a “reasonable investigation” under FINRA Rules 2111 (Suitability) and 3110 (Supervision) of an issuer and its management; the business prospects of the issuer; the assets held by or to be acquired by the issuer; the claims being made; and the intended use of proceeds of the offering. Reg BI considerations will also be implicated in relation to private placements.
FINRA will continue to ensure compliance with FINRA Rule 2230 (Members’ Responsibilities Regarding Deferred Variable Annuities), which establishes sales practice standards regarding recommended purchases and exchanges of deferred variable annuities.
FINRA will ensure that Firms are following Exchange Act Rule 613 and the CAT NMS Plan FINRA Rule 6800 Series (Consolidated Audit Trail Compliance Rule), which regulate reporting to the CAT. This includes clock synchronization, time stamps, connectivity and data transmission, development and testing; recordkeeping; timeliness, accuracy and completeness of data; and compliance dates.
Firms will be expected to follow FINRA Rule 5310 (Best Execution and Interpositioning) and to ensure favorable customer prices under prevailing market conditions. This will require that Firms conduct “regular and rigorous” review of the execution quality of customer orders if such review is not conducting on a by-order basis.
Large Trader Reporting
FINRA will continue to require that Firms identify themselves as “large traders” to the SEC and other Firms under Exchange Act Rule 13h-1 (Large Trader Rule). Additional measures to comply with this rule may require additional filing, recordkeeping, and reporting.
Firms that are broker-dealers with market access or that provide market access to customers must continue to heed Exchange Act Rule 15c3-5 (Market Access Rule) to “appropriately control the risks associated with market access so as not to jeopardize their own financial condition, that of other market participants, the integrity of trading on the securities markets, and the stability of the financial system.”
Vendor Display Rule
Broker-Dealer Firms will be expected to comply with Rule 603 of Regulation NMS (Vendor Display Rule), which generally requires providing a consolidated display of market data for NMS stocks for which quotation information is provided to customers. The consolidated display must include the prices, sizes, and market identifications of the national best bid and national best offer for a security and consolidated last sale information for a security.
FINRA will ensure that Firms have and maintain at all times net capital at specific levels to protect customers and creditors from monetary losses than can occur if Firms fail in reliance on Exchange Act Rule 15c3-1 (Net Capital Rule). Additionally, Firms must notify FINRA in the event that their net capital fails below the minimum amount required by Exchange Act Rule 17a-11.
Firms will be expected to maintain effective liquidity controls under Exchange Act Rule 17a-3(a)(23). These controls require making and keeping current records documenting certain risk management controls established by Firms to assist in analyzing and managing the risks associated with their business.
Credit Risk Management
FINRA will look into whether Firms properly capture, measure, aggregate, manage and report credit risk, including non-readily-apparent risks under the financial responsibility rules. FINRA also suggests Firms maintain a robust internal control framework where credit risk is managed, and all relevant risks related to extension of credit are addressed and identified.
Segregation of Assets and Customer Protection
FINRA will continue to enforce Exchange Act Rule 15c3-3 (Customer Protection Rule) in order to protect customer funds and securities. Firms are obligated to maintain custody of customer securities and safeguard customer cash by segregating those assets from company assets.
In spite of the pandemic, FINRA continues to ensure Firms perform their duties and comply with FINRA, SEC, and other rules required of them. Firms should be aware that this list of priorities, while thorough, is not exhaustive and that priorities and focus are subject to change due to current events and/or changes in the law.