Appendix – Using FINRA Reports in Your Firm’s Compliance Program
Firms have shared the following ways they have used prior FINRA publications, such as Exam Findings Reports, Priorities Letters and Reports on FINRA’s Examination and Risk Monitoring Program, to enhance their compliance programs. We encourage firms to consider these practices, if relevant to their business model, and continue to provide feedback on how they use FINRA publications.
- Assessment of Applicability: Performed a comprehensive review of the findings, observations and effective practices, and identified those that are relevant to their businesses.
- Risk Assessment: Incorporated the topics highlighted in our reports into their overall risk assessment process and paid special attention to those topics as they performed their compliance program review.
- Gap Analysis: Conducted a gap analysis to evaluate how their compliance programs and WSPs address the questions noted in Priorities Letters and the effective practices in Exam Findings Reports, and determined whether their compliance programs have any gaps that could lead to the types of findings noted in Exam Findings Reports.
- Project Team: Created interdisciplinary project teams and workstreams (with staff from operations, compliance, supervision, risk, business and legal departments, among other departments) to:
- assign compliance stakeholders and project owners;
- summarize current policies and control structures for each topic;
- engage the legal department for additional guidance regarding regulatory obligations;
- develop plans to address gaps; and
- implement effective practices that were not already part of their compliance program.
- Circulation to Compliance Groups: Shared copies of the publications or summaries of relevant sections with their compliance departments.
- Presentation to Business Leaders: Presented to business leadership about their action plans to address questions, findings, observations and effective practices from our reports.
- Guidance: Used reports to prepare newsletters, internal knowledge-sharing sites or other notices for their staff.
- Training: Added questions, findings, observations and effective practices from our reports, as well as additional guidance from firms’ policies and procedures to their Firm Element and other firm training.