FINRA 2022 Risk Monitoring and Examination Priorities

Publish Date

Type

Compliance Alert

Topics
  • Compliance

On February 9, 2022 the Financial Industry Regulatory Authority (FINRA) released its 2022 Report on FINRA’s Examination and Risk Monitoring Program. FINRA has updated the report’s format from previous years to highlight the agency’s newly identified risk areas and their related considerations. Organized by topic, the report identifies the applicable rules and key related considerations for broker-dealers’ compliance programs, summarizes findings from recent examinations, and describes best practices observed during FINRA exams. In addition, it suggests resources that firms may find helpful.

The 2022 report introduces the following new topics:

  • Firm Short Positions and Fails-to-Receive in Municipal Securities
    This new focus for 2022 reflects Regulatory Notice 15-27. Specifically, for firms that engage in municipal securities transactions, FINRA examiners have found that a lack of supervisory controls and procedures to detect and resolve firm short positions and fails-to-receive could lead to customers with taxable interest. FINRA’s exam findings and effective practices recommend compliance with the Municipal Securities Rulemaking Board Rule G-12, and the development of reports and processes to remediate settlements and identify risks.
  • Trusted Contact Persons
    FINRA added this exam priority for 2022 for firms with non-institutional accounts based on Rule 4512, Customer Account Information. The rule states that firms must make a reasonable effort to obtain contact information for a “trusted contact person” (TCP) who can be reached regarding a customer account. In its exams, FINRA will consider a firm’s supervision and education of registered representatives regarding obtaining TCP information. In its past exams, FINRA noted that it had observed inadequate attempts to collect such information and a lack of written disclosures explaining the circumstances under which firms may contact TCPs when seeking to obtain TCP information.
  • Funding Portals and Crowdfunding Offerings
    This new priority is based on the SEC Regulation Crowdfunding, which applies to funding portals and firms engaging in securities offered or sold through crowdfunding. FINRA’s considerations in this area involve ensuring that firms make issuer information publicly available on their platforms and correctly assess their operational needs regarding capital raises.
  • Disclosure of Routing Information
    Considerations for this new focus area involves a firm’s compliance with Rule 606 of Regulation NMS. In future exams, FINRA will check whether firms maintain appropriate reports, supervisory procedures, and assessments of routing decisions. In its findings summary, FINRA noted that often firm communications were inaccurate or incomplete and that procedures did not sufficiently address the new requirements.
  • Portfolio Margin and Intra-day Trading
    FINRA introduced this new priority to address Rule 4210(g), Margin Requirements. This rule applies to the handling of customer’s portfolio margin accounts. FINRA’s exam findings identified “insufficient WSPs,” inadequate risk monitoring processes, and failures to promptly escalate incidents related to elevated risk exposure.

Exam Highlights

The “Selected Highlights” section of the 2022 report noted the following key areas, which FINRA identified as areas of “considerable industry, and in some cases public, attention…that FINRA also addressed through its exam and risk monitoring program”:

  • Cybersecurity and Technology Governance
    FINRA observed that complex cybersecurity threats, such as phishing campaigns and online account takeover attempts from bad actors, have increased. FINRA noted concerns regarding how firms assessed cybersecurity and technology risk, their conduct of penetration testing of their systems, and their cybersecurity training procedures. These priorities reflect FINRA’s findings, among other deficiencies, that firms lacked policies and procedures to protect customer information in branch office locations and failed to implement data-loss prevention programs.
  • Regulation Best Interest (Reg BI) and Form CRS
    FINRA added substantially to this topic from last year’s report, broadening the scope of examinations with a particular focus on Special Purpose Acquisition Companies (SPACs). In the related considerations, FINRA addressed the need for supervisory procedures, disclosures, and documenting how the firm acted in the best interest of its retail customers. The exam findings revealed insufficient WSPs for compliance with Reg BI and Form CRS, inadequate training and filings of Form CRS, and failures to comply with the Care Obligation. The effective practices noted by FINRA centered on defining and eliminating conflicts of interest and implementing new processes to maintain compliance.

    Due to the increased use of SPACs, FINRA has begun to examine firms’ practices of selling SPACs. The subject areas include due diligence conducted at the initial public offering and merger stages, compliance with Reg BI, firm disclosures, net capital requirements, procedures, and training.
  • Communications with the Public
    Based on the heightened use of mobile apps and complex products, including communications of municipal securities, FINRA identified communications as an area of concern. These concerns included how firms assessed their supervisory procedures for communications with and the information they provided to customers. The examinations found incorrect and misleading information in mobile apps and on municipal securities and digital assets. FINRA emphasized that firms should maintain comprehensive procedures for supervising communications and ensuring cash management account capabilities.
  • Consolidated Audit Trail (CAT)
    In its examinations, FINRA found a lack of supervisory procedures for third-party vendors, errors in CAT order reports to the Central Repository, and subsequent late resolutions. FINRA described effective practices for recordkeeping and the supervision of the reporting of transactions by third-party vendors.

Our Guidance

FINRA’s observations do not provide an exhaustive list of what regulators will review during examinations. As part of a firm’s planning for 2022, it is important to identify the risk areas pertinent to the firm's business activities and review the compliance practices that have been established to meet applicable rules and regulations. The resulting prioritized list will provide, at the least, a baseline that firms can use to confirm the effectiveness of their controls in addressing key regulatory areas.

Tune in to our live webcast

Join us April 13, 2022 at 1:00pm ET as we review key priorities and emerging risks identified by FINRA, share perspective on key challenges firms are facing in these areas, and effective practices firms can implement to be well positioned for a successful 2022.

Register

How we help

We have a number of solutions to help broker-dealers build and maintain an effective compliance program. We help our clients manage regulatory compliance, cybersecurity and risk, and performance verification through our consulting, outsourcing, and technology solutions.

If you have questions about FINRA's 2022 Examination Priorities, or would like to find out more about our services, please reach out to your ACA consultant, or contact us here.

Additional resources

The below resources may be helpful as your firm adjusts its compliance program to meet the concerns FINRA outlined in their report.