On February 1, the Financial Industry Regulatory Authority (FINRA) published its 2021 Report on FINRA’s Examination and Risk Monitoring Program (Report). The annual Report summarizes various findings and observations from recent FINRA examinations of its member firms on a range of topics and notes certain areas of the future focus of FINRA examinations in 2021. These included the following:
- Regulation Best Interest (Reg BI) and Form CRS – The Report notes FINRA’s focus on assessing whether member firms have established and implemented policies, procedures, and a system of supervision reasonably designed to comply with Reg BI and Form CRS. The Report notes that in 2021, FINRA intends to expand the scope of Reg BI and Form CRS reviews and testing to effect a more comprehensive review of firm processes, practices and conduct.
- Consolidated Audit Trail (CAT) – As noted in FINRA’s Regulatory Notice 20-31 (Notice 20-31), all member firms that receive or originate orders in National Market System (NMS) stocks, over-the-counter (OTC) equity securities or listed options must report to CAT. FINRA notes that, while it is in the early stages of reviewing for compliance with certain CAT obligations, member firms should review the list of recommended steps provided in Notice 20-31 in assessing the adequacy of their CAT compliance programs.
- Cybersecurity – The Report notes that member firms’ ongoing and increasing reliance on technology for many customer-facing activities, communications, trading, operations, back-office and compliance programs — especially in our current remote work environment — requires them to address new and existing cybersecurity risks, including risks relating to cybersecurity-enabled fraud and crime. FINRA reminds firms to review cybersecurity programs for compliance with business continuity plan requirements, as well as the SEC’s Regulation S-P Rule 30, which requires member firms to have policies and procedures addressing the protection of customer records and information. FINRA notes in its exam observations that issues occurred relating to (1) data loss prevention programs; (2) branch policies; (3) vendor controls; (4) training; (5) access management; (6) inadequate change management supervisions; and (7) limited testing and system capacity.
- Communications with the Public – The Report notes that FINRA continues to evaluate member firms for compliance with FINRA Rule 2210, which includes principles-based content standards that are designed to apply to ongoing developments in communications technology and practices. FINRA notes that it is increasingly focused on communications relating to certain new products and how member firms supervise, comply with recordkeeping obligations, and address risks relating to new digital communication channels. Specifically, the Report notes the focus includes risks associated with app-based platforms with interactive or “game-like” features that are intended to influence customers, their related forms of marketing, and the appropriateness of the activity that they are approving clients to undertake through those platforms. FINRA notes in its exam observations that issues occurred relating to (1) deficient digital assets communications; (2) misrepresentations in cash management accounts communications; (3) insufficient supervision and recordkeeping for digital communication; and (4) no written supervisory procedures (WSPs) and controls for communications that use non-member or “doing business as” names.
- Best Execution – The Report notes that FINRA conducted a targeted review of member firms that do not charge commissions for customer transactions (“zero commission” trading) to evaluate the impact that not charging commissions has or will have on member firms’ order-routing practices and decisions, and other aspects of member firms’ business. FINRA notes in its exam observations that issues occurred relating to (1) not comparing the quality of the execution obtained via firms’ existing order-routing and execution arrangements against the quality of execution they could have obtained from competing markets; (2) no review of certain order types; (3) no evaluation of required factors; (4) not considering and addressing potential conflicts of interest relating to routing of orders; and (5) not providing material disclosures in order-routing reports, such as the specific, material aspects of the non-directed order flow routed to firms’ trading desks.
- Variable Annuities – The Report notes that FINRA continues to evaluate variable annuity exchanges under FINRA Rule 2330 and, when applicable, under Reg BI. In early 2020, FINRA engaged in an informal review of buyout WSPs, training, and disclosures for member firms whose customers were impacted by a recent announcement from an insurer with sizable variable annuity assets, stating it will terminate servicing agreements, cancel certain trail commissions for registered representatives, and provide buyout offers to its variable annuity customers. FINRA notes in its exam observations that issues occurred relating to (1) not addressing buyouts within firms’ systems of supervision; (2) not reasonably supervising recommendations of exchanges that were inconsistent with the customer’s objectives and time horizon; (3) not performing sufficient review of source of funds used to purchase new variable annuities; and (4) not conducting training for registered representatives and supervisors.