2020 Risk Monitoring and Examination Priorities Letter
Each year, FINRA publishes its Annual Risk Monitoring and Examination Priorities Letter to highlight issues of importance to FINRA's regulatory programs.
Cover Letter From FINRA President and CEO, Robert Cook
January 9, 2020
We are pleased to release FINRA’s 2020 Risk Monitoring and Examination Priorities Letter, which describes areas of focus for FINRA’s 2020 risk monitoring, surveillance and examination programs. These programs are cornerstones in FINRA’s execution of its investor protection and market integrity mission. The letter discusses in greater detail significant new areas of emphasis for these programs in the coming year and summarizes other areas that have been described thoroughly in prior letters.
The coming year will mark an important inflection point in FINRA’s risk monitoring and examination program. As recently announced, and informed by insights from FINRA360, FINRA has integrated three different examination programs into a single framework designed to better direct and align examination resources to the risk profiles and business models of member firms. As part of the new program, all FINRA member firms are grouped into one of five main firm business models: Retail, Capital Markets, Carrying and Clearing, Trading and Execution, and Diversified. Each of these groupings has several sub-groups to more precisely categorize firms with similar business models and activities. In addition, each firm will be assigned a single point of accountability, a senior leader who has ultimate responsibility for the ongoing risk monitoring, risk assessment, planning and scoping of examinations tailored to the risks of the firm's business activities. This consolidation will enhance the effectiveness of our risk monitoring and examination activities, enabling us to better serve our mission.
In addition to our ongoing oversight activities, FINRA continues to identify new ways to provide firms with information they can use to assess and, if necessary, strengthen their compliance, supervisory and risk management programs. For example, this year’s letter includes a list of practical considerations and questions that firms may use in evaluating these programs, as well as a new appendix with links to additional FINRA and other resources for each priority. In October last year, we published the 2019 Report on Examination Findings and Observations, which provides a summary of key findings, observations and effective practices identified during recent FINRA examinations.
FINRA also holds conferences to highlight certain important compliance obligations, as well as emerging industry developments, that are important for firms’ business activities. This year, these included the RegTech, Senior Investor and Advertising Regulation conferences and, most recently, the Regulation Best Interest Conference. We will continue these efforts next year, starting in January, with the 2020 FINRA Cybersecurity Conference.
We also continue to explore new ways to expand our dialogue with firms about risks and trends facing the industry. For example, in 2019 we issued three alerts to make firms aware of selected cybersecurity threats that affected some members, and next year we will engage with firms to understand better their plans to address the London Interbank Offered Rate (LIBOR) transition.
In 2020, we also will continue to work with firms and other stakeholders to identify additional opportunities to strengthen FINRA’s ability to execute our regulatory mandate. As always, I welcome your ongoing input regarding our regulatory programs, and I appreciate the dialogue we have with all our stakeholders. And I want to thank FINRA staff for everything they do, day-in and day-out, to further our mission of investor protection and market integrity.
Text of the 2020 Risk Monitoring and Examination Priorities Letter
January 9, 2020
Introduction
This 2020 Risk Monitoring and Examination Priorities Letter describes the areas of focus for FINRA’s risk monitoring, surveillance and examination programs in the coming year. Continuing the approach we started in 2019, the letter addresses new and emerging areas in greater depth, and ongoing priorities with shorter summaries. (Information on the latter is available in previous annual priorities letters.)
In addition, we recognize the significant efforts that firms make to comply with federal securities laws and regulations, as well as FINRA rules. To support firms in this important endeavor, the letter includes a list of practical considerations and questions for each of the highlighted topics, which firms may use to evaluate the state of their compliance, supervisory and risk management programs. These considerations are not all-inclusive, may not apply to all firms, and should not be read to create obligations beyond those in federal securities laws and regulations and FINRA rules.
We also encourage firms to avail themselves of the resources offered in the endnotes and the appendix to refresh their understanding of their fundamental compliance obligations.
Sales Practice and Supervision
Introduction
FINRA will continue to evaluate firms’ compliance with sales practice obligations to their customers—as well as the supervision of those practices—in areas that we have discussed frequently in previous annual priorities letters, exam findings reports (Reports) and other FINRA publications. These areas of focus include complex products,1 variable annuities,2 private placements,3 fixed income mark-up/mark-down disclosures,4 representatives acting in certain positions of trust or authority5 and senior investors.6 In addition to these topics, FINRA will review firms’ compliance with obligations related to several new or emerging areas discussed below.
Regulation Best Interest (Reg BI) and Form CRS
On June 5, 2019, the U.S. Securities and Exchange Commission (SEC) adopted Reg BI, which establishes a “best interest” standard of conduct for broker-dealers and associated persons when they make a recommendation to a retail customer of any securities transaction or investment strategy involving securities, including recommendations of types of accounts. As part of the rulemaking package, the SEC also adopted new rules and forms to require broker-dealers to provide a brief relationship summary—Form CRS—to retail investors. Firms must comply with Reg BI and Form CRS by June 30, 2020.
In the first part of the year, FINRA will review firms’ preparedness for Reg BI to gain an understanding of implementation challenges they face and, after the compliance date, will examine firms’ compliance with Reg BI, Form CRS and related SEC guidance and interpretations.7 FINRA staff expects to work with SEC staff to ensure consistency in examining broker-dealers and their associated persons for compliance with Reg BI and Form CRS.
FINRA may take the following factors, among others,8 into consideration when reviewing for compliance with Reg BI after June 30, 2020:
- Does your firm have procedures and training in place to assess recommendations using a best interest standard?
- Do your firm and your associated persons apply a best interest standard to recommendations of types of accounts?
- If your firm and your associated persons agree to provide account monitoring, do you apply the best interest standard to both explicit and implicit hold recommendations?
- Do your firm and your associated persons consider the express new elements of care, skill and costs when making recommendations to retail customers?
- Do your firm and your associated persons consider reasonably available alternatives to the recommendation?
- Do your firm and your registered representatives guard against excessive trading, irrespective of whether the broker-dealer or associated person “controls” the account?
- Does your firm have policies and procedures to provide the disclosures required by Reg BI?
- Does your firm have policies and procedures to identify and address conflicts of interest?
- Does your firm have policies and procedures in place regarding the filing, updating and delivery of Form CRS?
Communications with the Public
FINRA will continue to assess firms’ compliance with obligations relating to FINRA Rule 2210 (Communications with the Public), as well as related supervisory and recordkeeping requirements set forth in FINRA Rule 3110(b)(4) (Supervision), FINRA Rule Series 4510 (Books and Records Requirements) and Securities Exchange Act of 1934 (Exchange Act) Rules 17a-3 and 17a-4 (Books and Records Requirements).
In addition to ongoing reviews for compliance with these core obligations, FINRA will also focus on the following two areas:
- Private Placement Retail Communications – FINRA will review how firms review, approve, supervise and distribute retail communications regarding private placement securities via online distribution platforms9, as well as traditional channels.
When reviewing a firm’s communication materials, FINRA may consider the following:- Do they omit material information necessary to make the communications fair and not misleading by failing to, for example, explain that private placements may involve a high degree of risk, are not liquid and that investors may lose money?
- Do they balance promotional content with the key risks specific to the issuer offered?
- Do they contain false, misleading or promissory statements or claims, such as the likelihood of a future public offering of the issuer, claims about the future success of the issuer’s new or untried business model, or inaccurate or misleading assertions concerning the regulation or relative risk of the offering?
- When forecasting issuer metrics, such as revenue, are the presentations reasonable and accompanied by clear explanations of both the assumptions used to create the forecasts and the risks that might impede achievement of such forecasts?
- Do they contain predictions or projections of investment performance to investors that are generally prohibited by FINRA Rule 2210(d)(1)(F) (Communications with the Public), unless they meet the stated criteria in the rule?
- Communications via Digital Channels – Firms’, registered representatives’ and customers’ use of an increasingly broad array of digital communication channels (e.g., texting, messaging, social media or collaboration applications) may pose challenges to firms’ ability to comply with obligations related to the review and retention of such communications.
FINRA may consider the following, among other factors, when reviewing firms’ use and supervision of digital channels:- Does your firm have a process in place to evaluate new tools available to your registered representatives to determine whether there are digital communications channels that should be captured, included in your firm’s routine electronic communications supervisory reviews and stored in accordance with books and records requirements?
- Is your firm periodically testing its systems to ensure these communications are being captured for review and retention?
- Do your firm’s supervisors know the “red flags” they should keep in mind during their routine supervisory reviews and which indicate a registered representative may be communicating through unapproved communication channels? Are your firm’s supervisors following up on such red flags, which include, but are not limited to:
- email chains that include non-approved email addresses for registered representatives;
- references in emails to communications with a registered representative that occurred outside approved firm channels; or
- customer complaints mentioning such communications?10
Cash Management and Bank Sweep Programs
As commission practices change, cash management services that sweep investor cash into firms’ affiliated or partner banks or money market funds (Bank Sweep Programs) have taken on a greater significance. Firms’ Bank Sweep Programs may offer retail investors a variety of additional services, such as check writing, debit cards and ATM withdrawals.
While these Bank Sweep Programs may offer useful features to customers—and in some but not all cases, offer higher-than-average interest rates—they have also raised several concerns about firms’ compliance with a range of FINRA and SEC rules. FINRA will evaluate these firms’ compliance with, for example, FINRA Rules 1017 (Application for Approval of Change in Ownership, Control, or Business Operations),11 2010 (Standards of Commercial Honor and Principles of Trade), 2210 (Communications with the Public), Exchange Act Rule 15c3-1 (Net Capital Rule) and Exchange Act Rule 15c3-3 (Customer Protection Rule).
FINRA may take the following factors, among others, into consideration when reviewing your firm’s Bank Sweep Programs:
- Does your firm clearly communicate the nature of the sweep arrangement?
- Does your firm clearly communicate the alternatives for cash management available to customers, the terms provided by the Bank Sweep Program and any alternatives?
- Has your firm incorrectly implied that a brokerage account is similar to or the same as a “checking and savings account” at a bank?
- Has your firm incorrectly implied that the brokerage accounts themselves are bank deposit accounts insured by the Federal Deposit Insurance Corporation (FDIC)?
- Do your firm’s customer statements clearly disclose that the Bank Sweep Program deposits are obligations of the destination bank, and not cash balances held by your firm?
- Does your firm have a documented process to perform reconciliations of customer balances held at each destination bank in the Bank Sweep Program?
- Does your firm include in the Bank Sweep Program customer balances not yet swept into a destination bank as a customer credit in the reserve formula computation?
- Has your firm omitted or misrepresented material information concerning the:
- amount of FDIC insurance coverage for the deposits;
- nature and structure of the accounts;
- relationship of the brokerage accounts to any partner banks in the Bank Sweep Program;
- amount of time it may take for customer funds to reach the bank accounts;
- nature and terms of the arrangements; or
- risks of participating in such programs?
Sales of Initial Public Offering (IPO) Shares
As the IPO market has grown and received additional attention over the past year, FINRA is focusing its attention on firms’ obligations under FINRA Rules 5130 (Restrictions on the Purchase and Sale of Initial Equity Public Offerings) and 5131 (New Issue Allocations and Distributions).12
FINRA may consider the following factors, among others, when reviewing your firm’s IPO practices:
- Does your firm have procedures in place to detect and address potential instances of flipping?
- When acting as book-running lead manager, does your firm provide reports of aggregate retail demand to issuers’ pricing committees? How does your firm calculate this aggregate demand?
- How does your firm develop and implement its IPO allocation methodologies?
- What controls does your firm have to prevent allocations to restricted persons?
- What controls does your firm have to detect and address potential instances of “spinning”?
- How does your firm obtain, record and verify customer information for individuals receiving IPO allocations?
Trading Authorization
FINRA will assess whether firms maintain reasonably designed supervisory systems relating to trading authorization, discretionary accounts and key transaction descriptors, such as solicitation indicators. FINRA will review whether firms have reasonably designed supervisory systems to detect and address registered representatives exercising discretion without written authorization from the client, as required under FINRA Rule 3260 (Discretionary Accounts).13
FINRA may take the following factors, among others, into consideration when reviewing your firm’s procedures and controls:
- How does your firm surveil for potential red flags of registered representatives exercising discretion without written authorization?
- Do your firm’s supervisors know the types of red flags that may indicate that registered representatives are exercising discretion without written authorization (e.g., trading in unrelated accounts in the same security in a certain time period, large numbers of trade reneges in the same security in a certain time period)?
- If a red flag is identified, what follow-up steps do your supervisors take to investigate them further (e.g., phone log, email or other digital communication reviews to look for evidence of communications between the customer and the registered representative; non-complaining customer reach-outs)?
- How does your firm identify instances where registered representatives may be marking trades as unsolicited even though they are, in fact, solicited?
Market Integrity
Introduction
In addition to the areas of focus described in greater detail below, we will continue to review firms’ compliance with the ongoing obligations discussed in prior years’ letters, such as market manipulation, Trade Reporting and Compliance Engine (TRACE) reporting,14 short sales15 and short tenders.16
Further, FINRA reminds certain firms that they will be required to begin reporting to the Consolidated Audit Trail (CAT) in April 2020. We will continue to work with firms to answer their questions as they prepare for reporting. Once reporting begins, we will initiate our surveillance and investigative program to review firms’ compliance with CAT reporting requirements.
We also remind firms to continue devoting necessary resources to ensure continually high levels of accuracy in their Order Audit Trail System (OATS) reporting. At this time, OATS remains a critical part of the audit trail data that FINRA uses to operate its cross-market equity surveillance program and meet its regulatory obligations.
Direct Market Access Controls
The continued growth in automated and high-speed trading increases potential risks to the financial condition of firms, the integrity of trading on the securities markets and the stability of the financial system. We will assess firms’ compliance with Exchange Act Rule 15c3-5 (Market Access Rule),17 focusing on issues relevant to firms’ business activities and associated risks.
FINRA may take the following factors, among others, into consideration when reviewing your firm’s direct market access controls:
- If your firm is highly automated, how does it manage and deploy technology changes for systems associated with market access, and what controls does it use, such as kill switches, to monitor and respond to aberrant behavior by trading algorithms or other impactful marketwide events?
- How does your firm make adjustments to credit limit thresholds for institutional customers (whether temporary or permanent)?18
- Does your firm use any automated controls to timely revert ad hoc credit limit adjustments?
- If your firm uses third-party vendor tools to comply with its Market Access Rule obligations, does it review during vendor due diligence whether the vendor can meet the obligations of the rule, and how does your firm maintain direct and exclusive control of applicable thresholds?
- What type of training does your firm provide to individual traders regarding the steps and requirements for requesting ad hoc credit limit adjustments?
Best Execution
FINRA reaffirms the importance of firms’ compliance with their best execution obligations.19 FINRA will focus on whether firms use reasonable diligence to determine whether their customer order flow is directed to the best market given the size and types of orders, the terms and conditions of orders, and other factors as required by FINRA Rule 5310 (Best Execution and Interpositioning),20 focusing on:
- Routing Decisions – FINRA will continue to review for potential conflicts of interest in order routing decisions, including the impact of the recent increase in zero-commission brokerage activity. FINRA may review, for example:
- processes your firm implements to handle customer orders, particularly in light of remuneration received by the firm in the form of rebates or payment for order flow;
- how your firm incorporates enhanced order routing information in its “regular and rigorous” review pursuant to FINRA Rule 5310 (Best Execution and Interpositioning); or
- whether changing to the zero-commission model resulted in changes to your firm’s routing practices, execution quality, regular and rigorous review policies, or the level of trading rebates or payment for order flow. FINRA may also assess disclosures and advertisements related to zero commissions.
- Odd-Lot Handling – FINRA has observed a significant increase in odd-lot activity, which has also become an increasing portion of U.S. equity trading volume. Odd lots in listed securities are currently not included in the National Best Bid or Offer (NBBO) distributed by the Securities Information Processors (SIPs), but are included in proprietary data feeds from individual exchanges. FINRA will be assessing whether firms are filling customer odd-lot orders at the NBBO disseminated by the SIPs and offsetting these trades with odd-lot executions at superior prices reflected in the exchanges’ proprietary data feeds.
- U.S. Treasury Securities – FINRA will assess the reasonableness of firms’ policies and procedures for best execution and fair pricing for U.S. Treasury securities. In conducting this assessment, FINRA may consider whether your firm takes into account differences in these securities’ characteristics and liquidity, particularly if your firm includes them in more generally applicable fixed income policies and procedures.
- Options – FINRA has received complaints alleging large customer option orders received inferior execution prices. The complaints typically involve a number of small volume option executions at various prices (normally electronically), followed by a larger execution for the remainder of the order at inferior price levels for the customer. In response, FINRA initiated surveillance to identify this specific scenario, and we plan to expand our best execution surveillance to include additional scenarios to identify situations where customers may not be receiving best execution for their options orders.
Other considerations FINRA may take into account when reviewing your firm’s best execution practices include:
- If your firm engages in fixed income and options trading, has it established targeted controls to perform its best execution obligations for these products?
- Does your firm perform its best execution obligations with respect to trading conducted in both regular and extended trading hours?
- Does your firm consider the risk of information leakage when assessing the execution quality of orders routed to a particular venue?
Disclosure of Order Routing Information
The amended Regulation National Market System (NMS) Rule 606 bolstered the requirements for broker-dealers to publish reports on their routing of held orders in NMS stocks and listed options.21 The amended rule requires broker-dealers to provide new customer-specific reports for not held orders in NMS stocks. These disclosures serve an important role in enhancing the transparency of the U.S. securities markets with respect to broker-dealers’ handling and routing practices for both institutional and retail customer orders.
FINRA may take the following into consideration, among other factors, when reviewing firms’ compliance with amended Rule 606:
- Does your firm use the required layout and format and include all components of the detailed customer-specific not held order reports required by Rule 606(b)(3)?
- What policies and procedures does your firm have in place to address the accuracy and timeliness of published reports?
- If your firm claims an exemption from providing not held order reports required by Rule 606(b)(4) or (5), what policies and procedures does it have in place to determine if customers’ order activity falls below the relevant reporting thresholds?
- Has your firm considered whether it should assess and analyze its use of third-party order routing and execution services (e.g., algorithms and smart order routers) and determine how your firm’s traders use these services?
- Has your firm considered how it will obtain the necessary data from downstream venues to prepare the new reports?
Vendor Display Rule
Capturing and reporting the current consolidated NBBO helps customers evaluate firms’ routing decisions. Rule 603 of Regulation NMS (Vendor Display Rule) generally requires broker-dealers to provide a consolidated display of market data for NMS stocks for which they provide quotation information to customers. FINRA will evaluate the adequacy of firms’ controls and supervisory systems to provide their customers with the current consolidated NBBO as required by the Vendor Display Rule.
FINRA may take the following factors, among others, into consideration when reviewing your firm’s controls related to the Vendor Display Rule:
- Which firm systems or platforms provide quotation information to customers?
- How does your firm monitor whether the current quotation information is distributed to customers?
- Does your firm make the quotation information available to customers when they are placing their orders?
- Does your firm review the quotation information received from the SIP or vendors to determine whether that information is in compliance with all the requirements of Rule 603?
Financial Management
Introduction
In addition to our focus on the new areas noted below, FINRA will continue to evaluate firms’ compliance programs relating to Exchange Act Rule 15c3-3 (Customer Protection Rule) and Exchange Act Rule 15c3-1 (Net Capital Rule), as well as firms’ overall financial risk management programs.
Digital Assets
Digital assets raise novel and complex regulatory issues under federal securities laws and regulations,22 as well as FINRA rules.23 FINRA is receiving an increasing number of New Member Applications (NMAs) and Continuing Member Applications (CMAs) from firms24 seeking to engage in business activities related to digital assets. For example, some firms are seeking to facilitate private offerings of digital asset securities, operate secondary trading platforms or facilitate trades of indirect investment products, such as private funds investing in cryptocurrencies.25 Some firms’ proposals also involve clearance and settlement of securities transactions related to digital assets, even when the firm does not plan to provide custody.26
FINRA continues to work closely with the SEC to understand firms’ business plans and determine how securities laws apply to those plans. In July 2019, SEC and FINRA staff released a joint statement addressing certain non-custodial services, as well as challenges related to custody and critical Exchange Act Rule 15c3-3 obligations for digital assets.27
FINRA may take the following factors, among others, into consideration when reviewing your firm’s digital asset activities:
- If your firm is considering engaging in digital asset activities, has it filed a CMA with FINRA?
- Does your firm provide a fair and balanced presentation in marketing materials and retail communications, including addressing risks presented by digital asset investments, and not misrepresenting the extent to which digital assets are regulated by FINRA or the federal securities laws or eligible for protections thereunder (such as Securities Investor Protection Corporation coverage)?
- Do your firm’s communications misleadingly imply that digital asset services offered through an affiliated entity are offered through and under the supervision, clearance and custody of a registered broker-dealer?
- If your firm is engaging in digital asset transactions, what controls and procedures has it established to support facilitation of such transactions, including initial issuance or secondary market trading of digital assets?
Liquidity Management
FINRA will continue to review firms’ liquidity management practices, as they are a critical control function and should be documented in a firm’s books and records.28 FINRA will focus on areas that we have addressed in Regulatory Notice 15-33 (Guidance on Liquidity Risk Management Practices), as well as those that may create challenges for clearing and carrying firms’ contingency funding plans.
FINRA may take the following factors, among others, into consideration when reviewing your firm’s liquidity management practices:
- Do your firm’s liquidity management practices include steps to address specific stress conditions and identify firm staff responsible for addressing those conditions? Does your firm have a process for accessing liquidity during a stress event and determining how the funding would be used?
- Does your firm’s contingency funding plan take into consideration the quality of collateral, term mismatches and potential counterparty loss of your financing desks (in particular, in repo and stock loan transactions)?
- If your firm is also a Fixed Income Clearing Corporation (FICC) member, how would it manage operational risks—for example, different credit limits and trading hours—that may arise if it needs to rapidly move large amounts of bi-lateral or tri-party U.S. Government or agency securities financing trades to the FICC repo platform?
Contractual Commitment Arising From Underwriting Activities
FINRA will review firms’ compliance with their obligations under Exchange Act Rule 15c3-1(c)(2)(viii) when they engage in underwriting activities. FINRA may take the following into consideration when reviewing your firm’s compliance with these obligations:
- Does your firm understand the nature of the underwriting (in particular, best efforts versus firm commitment underwriting) and maintain a list of all deals in which it is involved?
- Does your firm maintain evidence of the appropriate contractual commitment charges?
- What processes does your firm use to assess moment-to-moment and open contractual commitment capital charges when it engages in underwriting commitments?
- How do your firm’s regulatory reporting groups track the appropriate net capital treatment of the underwritings in which your firm is involved?
- How is your firm documenting your compliance with the relevant requirements?
London Interbank Offered Rate (LIBOR) Transition
FINRA will engage with firms—outside the examination program—to understand how the industry is preparing for LIBOR’s retirement at the end of 2021,29 focusing on firms’ exposure to LIBOR-linked financial products; steps firms are taking to plan for the transition away from LIBOR to alternative rates, such as the Secured Overnight Financing Rate (SOFR); and the impact of the LIBOR phase-out on customers.
Firm Operations
Introduction
In addition to the new areas of focus described below, FINRA will also assess firms’ supervisory controls relating to Exchange Act Rule 10b-10 and FINRA Rule 2232 (Customer Confirmations) and firms’ compliance with FINRA Rule 3310 (Anti-Money Laundering Compliance Program)30.
Cybersecurity
As firms leverage technology for their business systems and infrastructure, as well as engaging with customers and business partners, cybersecurity has become an increasingly large operational risk. Firms should expect that FINRA will thoroughly assess whether their policies and procedures are reasonably designed to protect customer records and information consistent with Regulation S-P Rule 30. 31 FINRA recognizes that there is no one-size-fits-all approach to cybersecurity, but expects firms to implement controls appropriate to their business model and scale of operations.
Technology Governance
Firms’ increasing reliance on technology for many aspects of their customer-facing activities, trading, operations, back-office and compliance programs creates a variety of potential benefits, but also exposes firms to technology-related compliance and other risks. In particular, problems in firms’ change- and problem-management practices, for example, can expose firms to operational failures that may compromise firms’ ability to comply with a range of rules and regulations, including FINRA Rules 4370 (Business Continuity Plans and Emergency Contact Information), 3110 (Supervision) and 4511 (General Requirements), as well as Exchange Act Rules 17a-3 and 17a-4.
FINRA may take the following into consideration, among other factors, when reviewing your firm’s technology governance programs:
- If there have been material changes in your firm’s business, what modifications, if any, has it made, or considered, to its BCP?
- During a BCP event, how will your firm maintain customers’ access to their funds and securities, as well as manage back-office operations, to prevent delays or inaccuracies relating to settlement, reconciliation and reporting requirements?
- What controls does your firm implement to mitigate system capacity performance and integrity issues that may undermine its ability to conduct business and operations, monitor risk or report key information?
- How does your firm document system change requests and approvals?
- What type of testing does your firm perform prior to changes being moved into a production environment?
- What are your firm’s procedures for tracking information technology problems and their remediation? Does your firm categorize problems based on their business impact?
If you have general comments regarding this letter or suggestions on how we can improve it, please send them to Steven Polansky, Member Supervision, at [email protected], or Elena Schlickenmaier, Member Supervision, [email protected].
Endnotes
1 See also the Product Suitability section of the 2017 Report on Examination Findings (2017 Report); Suitability for Retail Customers section of the 2018 Report on Examination Findings (2018 Report); Suitability Topic Page.
2 See also FINRA Rule 2320 (Variable Contracts of an Insurance Company); FINRA Rule 2330 (Members’ Responsibilities Regarding Deferred Variable Annuities); Suitability for Retail Customers section of the 2018 Report; Variable Annuities Topic Page.
3 See Regulatory Notice 10-22 (Obligations of Broker-Dealers to Conduct Reasonable Investigations in Regulation D Offerings); Reasonable Diligence for Private Placements section of the 2018 Report; Private Placements Topic Page.
4 See FINRA Rule 2232 (Customer Confirmations); MSRB Rule G-15; Regulatory Notice 17-24 (FINRA Issues Guidance on the Enhanced Confirmation Disclosure Requirements in Rule 2232 for Corporate and Agency Debt Securities); Regulatory Notice 17-08 (SEC Approves Amendments to Require Mark-up/Mark-down Disclosure on Confirmations for Trades With Retail Investors in Corporate and Agency Bonds); Fixed Income Confirmation Disclosure: Frequently Asked Questions (FINRA); Confirmation Disclosure and Prevailing Market Price Guidance: Frequently Asked Questions (MSRB); Fixed Income Mark-up Disclosure section of the 2018 Report; Fixed Income Mark-up Disclosure section of the 2019 Report on Examination Findings and Observations (2019 Report); Municipal Securities Topic Page; Fixed Income Topic Page.
5 See Abuse of Authority section of the 2018 Report; Regulatory Notice 19-27 (FINRA Requests Comment on Rules and Issues Relating to Senior Investors); Regulatory Notice 19-36 (FINRA Requests Comment on a Proposed Rule to Limit a Registered Person from Being Named a Customer’s Beneficiary of Holding a Position of Trust for or on Behalf of Customer).
6 See also Regulatory Notice 19-27 (FINRA Requests Comment on Rules and Issues Relating to Senior Investors); Frequently Asked Questions Regarding FINRA Rules Relating to Financial Exploitation of Senior Investors; Senior Investors Topic Page.
7 For additional considerations, please see the SEC’s Federal Register notices for Reg BI, Form CRS and
Interpretation of Solely Incidental.
8 See also, FINRA’s Reg BI and Form CRS Firm Checklist.
9 See also, Online Distribution Platforms section of 2019 Annual Risk Monitoring and Examination Priorities Letter (noting concerns relating to certain online distribution platforms that are operated by unregistered entities, which may use member firms as selling agents or brokers of record, or to perform activities such as custody, escrow, back-office and financial technology (FinTech)-related functions).
10 See also Digital Communication section of the 2019 Report.
11 FINRA notes that Bank Sweep Programs or bank-like cash management services may require FINRA review, as they may be considered changes to firms’ “business operations.”
12 See also Regulatory Notice 19-37 (SEC Approves Amendments to FINRA Rules 5130 and 5131 Relating to Equity IPOs).
13 For additional discussion of FINRA’s concerns about discretionary accounts, see Abuse of Authority section of the 2018 Report.
14 See TRACE Reporting section of the 2017 Report; TRACE Reporting section of the 2018 Report; Trade Reporting Notice – 7/19/19 (FINRA Reminds Firms of Their Obligations Regarding TRACE Reporting).
15 See Regulation SHO section of the 2017 Report; Short Sales section of the 2019 Report.
16 See Exchange Act Rule 14e-4.
17 The Market Access Rule requires firms that provide access to trading in securities on an exchange or alternative trading system (ATS) to “appropriately control the risks associated with market access so as not to jeopardize their own financial condition, that of other market participants, the integrity of trading on the securities markets, and the stability of the financial system.” U.S. Securities and Exchange Commission, Risk Management Controls for Brokers or Dealers With Market Access, Exchange Act Release No. 63,241, 75 Fed. Reg. 69,792 (Nov. 15, 2010); see also U.S. Securities and Exchange Commission, Division of Trading and Markets, Responses to Frequently Asked Questions Concerning Risk Management Controls for Brokers or Dealers with Market Access (Apr. 15, 2014).
18 See Direct Market Access Controls section of the 2019 Report.
19 See Best Execution section of the 2019 Report.
20 See also Regulatory Notice 15-46 (Guidance on Best Execution Obligations in Equity, Options and Fixed Income Markets).
21 See also SEC Division of Market Regulation Staff Legal Bulletin 13A and SEC Division of Trading and Markets Responses to Frequently Asked Questions Concerning Rule 606 of Regulation NMS.
22 See, e.g., Exchange Act Regulation D, Regulation S, Regulation A, Rule 15c3-1 (Net Capital Rule), Exchange Act Rule 15c3-3 (Customer Protection Rule), Exchange Act Rule 17a-5 (Financial Reporting Rule), Exchange Act Rule 17a-13 (Quarterly Securities Count Rule), as well as Exchange Act Rule 17a-3 and Rule 17a-4 (collectively, the Recordkeeping Rules).
23 See, e.g., FINRA Rules 3110 (Supervision), 2210 (Communications with the Public) and 3310 (Anti-Money Laundering Compliance Program).
24 In addition, some registered representatives are engaging in outside business activities involving digital assets.
25 As discussed in Regulatory Notice 19-24 (FINRA Encourages Firms to Notify FINRA if They Engage in Activities Relating to Digital Assets), we note that firms should inform FINRA if they plan to engage in digital asset transactions.
26 FINRA notes that the extent to which a broker-dealer comes into contact with customer funds and securities may impact its Net Capital Rule requirements and implicate the Customer Protection Rule for any assets received, held or deemed to be under the control of the broker-dealer.
27 See U.S. Securities and Exchange Commission, Division of Trading and Markets, Financial Industry Regulatory Authority, Office of General Counsel, Joint Staff Statement on Broker-Dealer Custody of Digital Asset Securities (July 8, 2019).
28 See Exchange Act Rule 17a-3(a)(23).
29 See U.S. Securities and Exchange Commission Division of Corporation Finance, Division of Investment Management, Division of Trading and Markets, and Office of the Chief Accountant, Staff Statement on LIBOR Transition (July 12, 2019).
30 See also Regulatory Notices 19-18 (FINRA Provides Guidance to Firms Regarding Suspicious Activity Monitoring and Reporting Obligations) and 17-40 (FINRA Provides Guidance to Firms Regarding Anti-Money Laundering Program Requirements Under FINRA Rule 3310 Following Adoption of FinCEN’s Final Rule to Enhance Customer Due Diligence Requirements for Financial Institutions).
31 Regulation S-P Rule 30 requires firms to have written policies and procedures that address administrative, technical and physical safeguards for the protection of customer records and information that are reasonably designed to: (1) ensure the security and confidentiality of customer records and information; (2) protect against any anticipated threats or hazards to the security or integrity of customer records and information; and (3) protect against unauthorized access to or use of customer records or information that could result in substantial harm or inconvenience to any customer. Regulation S-P also requires firms to provide initial and annual privacy notices to customers describing information sharing policies and informing customers of their right to opt-out of information sharing. Further, FINRA Rule 3110 (Supervision) requires firms to establish and implement a system that is reasonably designed to comply with Regulation S-P Rule 30, as well as related policies and procedures.
Appendix 1 – Additional Resources
Sales Practice and Supervision
Reg BI and Form CRS
- Regulatory Notice 19-26 (Regulation Best Interest: SEC Adopts Best Interest Standard of Conduct)
- Reg BI and Form CRS Firm Checklist
- Regulation Best Interest (Reg BI) Topic Page
Communications with the Public
- Regulatory Notice 19-31 (Disclosure Innovations in Advertising and Other Communications with the Public)
- 2018 Report – DBAs and Communications with the Public
- 2019 Report – Digital Communication
- Advertising Regulation Topic Page
- Private Placements Topic Page
Cash Management and Bank Sweep Programs
- 2017 Report – Net Capital and Credit Risk Assessments
- 2018 Report – Accuracy of Net Capital Computations
- 2018 Report – Segregation of Customer Assets
- 2019 Report – Observations on Liquidity and Credit Risk Management
- 2019 Report – Segregation of Client Assets
- Investor Alert – Cash Accounts: What They Are and How to Avoid Problems
- Update a Broker-Dealer Firm Registration
- Advertising Regulation Topic Page
Sales of Initial Public Offering (IPO) Shares
- Regulatory Notice 19-37 (SEC Approves Amendments to FINRA Rules 5130 and 5131 Relating to Equity IPOs)
- Regulatory Notice 17-14 (FINRA Requests Comment on FINRA Rules Impacting Capital Formation)
- Public Offerings Topic Page
Trading Authorization
- 2018 Report – Abuse of Authority
- 2019 Report – Suitability
- Suitability Topic Page
- Supervision Topic Page
- Books & Records Topic Page
Market Integrity
Direct Market Access Controls
- Regulatory Notice 15-09 (Guidance on Effective Supervision and Control Practices for Firms Engaging in Algorithmic Trading Strategies)
- Regulatory Notice 16-21 (SEC Approves Rule to Require Registration of Associated Persons Involved in the Design, Development or Significant Modification of Algorithmic Trading Strategies)
- 2017 Report – Market Access Controls
- 2018 Report – Market Access Controls
- 2019 Report – Direct Market Access Controls
- Algorithmic Trading Topic Page
- Market Access Topic Page
Best Execution
- Regulatory Notice 15-46 (Guidance on Best Execution Obligations in Equity, Options and Fixed Income Markets)
- 2017 Report – Best Execution
- 2018 Report – Best Execution
- 2019 Report – Best Execution
- Report Center, Equity Report Cards – FINRA’s Best Execution Outside-of-the-Inside Report Card
Disclosure of Order Routing Information
- Notice to Members 01-30 (Member Obligations to Provide Statistical Information About Order Routing Under SEC Rule 11Ac-6 of the Securities Exchange Act of 1934)
- Notice to Members 01-44 (SEC Issues Interpretive Guidance Concerning Exchange Act Rules 11Ac1-5 and 11Ac1-6)
- 2017 Report – Best Execution
- 2018 Report – Best Execution
- 2019 Report – Best Execution
- Report Center, Equity Report Cards section – FINRA’s Best Execution Outside-of-the-Inside Report Card
Vendor Display Rule
- Regulatory Notice 15-52 (SEC Staff Provides Insight Into Firms’ Obligations When Providing Stock Quote Information to Customers)
Financial Management
Digital Assets
- Regulatory Notice 19-24 (FINRA Encourages Firms to Notify FINRA if They Engage in Activities Relating to Digital Assets)
- Report on Distributed Ledger Technology: Implications of Blockchain for the Securities Industry
- FinTech Topic Page
Liquidity Management
- Regulatory Notice 15-33 (Guidance on Liquidity Risk Management Practices)
- Regulatory Notice 10-57 (Funding and Liquidity Risk Management Practices)
- 2018 Report – Liquidity
- 2019 Report – Observations on Liquidity and Credit Risk Management
- Funding and Liquidity Topic Page
Contractual Commitment on Underwriting Commitments
- 2019 Report – Net Capital Calculations
- Exchange Act Rule 15c3-1(a)/001 Moment to Moment Net Capital
- Exchange Act Rule 15c3-1(c)(vii)/10 Marketability of Nonconvertible Debt Securities Which Are Not Highly Rated
- Exchange Act Rule 15c3-1(c)(2)(viii)(C)/03 Haircuts on Contractual Commitments
- Exchange Act Rule 15c3-1(c)(2)(viii)(C)/031 Underwriting Commitments
- Exchange Act Rule 15c3-1(c)(2)(viii)(C)/032 Offsetting Sale Commitments
- Exchange Act Rule 15c3-1(c)(2)(viii)(C)/04 Selling Group Participations
- Exchange Act Rule 15c3-1(c)(2)(viii)(C)/06 Underwriting Backstop Agreement
Firm Operations
Cybersecurity
- Report on Cybersecurity Practices - 2015
- Report on Selected Cybersecurity Practices – 2018
- 2017 Report – Cybersecurity
- 2019 Report – Observations on Cybersecurity
- Small Firm Cybersecurity Checklist
- Core Cybersecurity Controls for Small Firms
- Common Cybersecurity Threats
- Customer Information Protection Topic Page
- Cybersecurity Topic Page
Technology Governance
- Regulatory Notice 19-06 (FINRA Requests Comment on the Effectiveness and Efficiency of Its Rule on Business Continuity Plans and Emergency Contact Information)
- Business Continuity Plan FAQs
- 2019 Report – Business Continuity Plans
- Small Firm Business Continuity Plan Template
- Business Continuity Planning Topic Page