On January 4, 2017, the Financial Regulatory Authority (FINRA) started the new year with a bang as it published the Regulatory and Examination Priorities Letter (Exam Priorities Letter) for 2017. FINRA publishes the priorities letter annually to provide information to member firms about areas of concern that FINRA plans to review in its 2017 exam program for member firms.
It appears that FINRA intends to continue its focus on the compliance practices of FINRA member firms, and stay targeted on the basics. This is evidenced by both the extensive listing of issues and concerns, and also the comments of Robert Cook, President and CEO of FINRA in his cover letter to FINRA membership regarding the Exam Priorities Letter. He noted that “a common thread running throughout the Exam Priorities Letter is a focus on core “blocking and tackling” issues of compliance, supervision and risk management. Most of the topics addressed in this year’s letter have been highlighted in prior years, but specific areas of emphasis have been updated or modified based on recent observations and experience. Attention to the core regulatory requirements identified in the letter-and how to address them in light of new business challenges and market developments-will serve investors and markets well.”
With that in mind, while not indicative of the actual priority given to any one issue or concern by FINRA, the Exam Priorities Letter reflected that the top 6 issues and concerns that FINRA intends to focus on in 2017 include:
High-Risk and Recidivist Brokers
FINRA intends to devote particular attention to member firms’ hiring and monitoring of high-risk and recidivist brokers, including whether firms establish appropriate supervisory and compliance controls for such persons. To this end, FINRA noted that it is strengthening its already comprehensive approach to high-risk and recidivist brokers. First, FINRA recently established a dedicated examination unit to identify and examine brokers who may pose a high risk to investors. This group will rigorously review these brokers’ interactions with customers, including their compliance with rules regarding suitability, know-your-customer, outside business activities, private securities transactions, commissions and fees.
FINRA will also review firms’ supervisory procedures for hiring or retaining statutorily disqualified and recidivist brokers and examine firms’ due diligence on these individuals that will include determining whether, as part of the verification process, a firm or third-party service provider conducts a national search of reasonably available public records to verify the accuracy and completeness of the information contained in an applicant’s Form U4 and whether the supervisory plan implemented is reasonably tailored to detect and prevent future misconduct by a particular broker based on prior misconduct and regulatory disclosures.
Additionally, FINRA will continue to evaluate firms’ branch office inspection programs as well as their supervisory systems for branch and non-branch office locations, including, but not limited to, independent contractor branches. FINRA’s focus for these reviews will include the supervision of account activity; advertising and communications, including the potential use of unapproved email addresses for business; communications with customers, including through the use of social media, seminars, radio shows or podcasts; registered representatives’ websites; outside business activities; the use of consolidated account statements ; and operational activities such as distribution of funds and changes of address or investment objectives.
Sales Practices – Senior Investors
As Investor protection lies at the heart of FINRA’s mission, the Exam Priorities Letter noted that protecting senior investors will remain a top priority in 2017. FINRA will assess firms’ controls to protect senior investors from fraud, abuse and improper advice. FINRA has seen numerous cases where registered representatives have recommended that senior investors purchase speculative or complex products in search of yield, and while the quest for higher yield is not per se problematic, FINRA will assess whether such recommendations are suitable given an investor’s profile and risk tolerance, and whether firms have appropriate supervisory mechanisms in place to detect and prevent problematic sales practices.
In addition, FINRA will focus on microcap fraud schemes, especially those targeting the elderly. Microcap (or “penny”) stocks are particularly vulnerable to market manipulation given the lack of public information regarding the companies’ underlying business and management, as well as the lack of verifiable financial information. In 2015 and 2016, FINRA observed an increase in the use of aggressive boiler room tactics by unregistered persons in pump-and-dump schemes targeting elderly investors. There are a number of controls firms can implement to enhance protection for elderly clients from such financial exploitation. For example, firms can contact an elderly customer in instances where the customer has placed a purchase order for a speculative penny stock through the customer’s online brokerage account, can question a customer about inquiries to buy or sell penny stocks held outside the firm and can ask a customer about instructions to transfer funds to persons who may be tied in some way to the issuer.
Sales Practices – Product Suitability and Concentration
FINRA continues to observe instances where firms recommend products that are unsuitable for customers, including situations where customers and sometimes registered representatives do not understand important product features. For this reason, FINRA will assess how firms conduct reasonable-basis and customer-specific suitability reviews. This may include examining firms’ product vetting processes, supervisory systems and controls to review recommendations. Firms should be attentive to the adequacy of their supervision and training when new products come to market, new features of existing products are introduced or market conditions change in ways that could affect product performance. Firms that hire registered representatives who sell products with which the firm is not familiar should educate themselves on the products and then carefully evaluate their ability to supervise recommendations. Training should ensure that registered representatives, compliance and supervisory staff understand the objectives, risks and pricing factors of the products sold, including any changes in the features of those products.
In 2017, FINRA will also increase its focus on the controls firms use to monitor recommendations that could result in excess concentration in customers’ accounts. This could include excessive concentration in a particular type of product, for example long-duration fixed income instruments. Firms should be attentive to shifts in the interest rate environment and should be prepared to assess and discuss the possible impact of these changes on recommendations to clients. Firms should also monitor for excessive concentration in securities exposed to an industry sector.
In addition, over the last year FINRA observed these concerns particularly frequently with respect to complex or novel exchange-traded products (ETPs), structured retail products, leveraged and inverse exchange-traded funds, non-traded real estate investment trusts (REITs) and unlisted business development corporations (BDCs). While these products can be appropriate for some customers, certain non-traded REITs and unlisted BDCs, for example, may have high commissions and fees, be illiquid, have distributions that may include return of principal, have limited operating history, or present material credit risk arising from unrated or below investment grade products. Given these concerns, firms should make sure that they perform and supervise customer- specific suitability determinations. More generally, firms should carefully evaluate their supervisory programs in light of the products they offer, the specific features of those products and the investors they serve.
Sales Practices – Excessive and Short-term Trading of Long-term Products
FINRA noted in the Exam Priorities Letter that it intends to evaluate member firms’ ability to monitor for short-term trading of long-term products. They have observed instances of registered representatives recommending that their clients trade long-term products-such as open- and closed-end mutual funds, variable annuities and unit investment trusts (UITs}–on a short-term basis. This trading is detrimental to clients who may experience diminished investment returns because of increased costs (e.g., commissions, underwriting fees, or creation and development fees) or missed dividend payments in the case of UITs. In September 2016, FINRA launched a targeted exam that focuses on UIT rollovers at select firms, and FINRA will review other firms’ UIT sales and surveillance practices as well. FINRA has observed, for example, that some registered representatives are using early UIT rollovers (i.e., rollovers prior to the last 30-60 days of the UIT’s term) to increase their sales credits to the detriment of clients.
In addition, FINRA urges firms to evaluate whether their supervisory systems can detect activity intended to evade automated surveillance for excessive switching activity. For example, they have observed situations where registered representatives switch customers across products to evade surveillance that focuses on switching within the same product class. Similarly, FINRA has observed situations where registered representatives switch customers through several investments to conceal the source of funds from switching surveillance tools.
Outside Business Activities and Private Securities Transactions
FINRA will continue to focus on member firms’ obligations with respect to their registered representatives’ outside business activities and private securities transactions. FINRA intends to continue to evaluate firms’ procedures to review registered persons’ written notifications of proposed outside business activities, including firms’ consideration of whether the proposed outside business activities may compromise a registered person’s responsibilities to the firm’s clients or be viewed as part of the firm’s business. To this end, FINRA will also focus on firms’ procedures for handling associated persons’ notifications of proposed private securities transactions and firms’ ongoing supervision over associated persons’ approved private securities transactions for compensation.
Social Media and Electronic Communications Retention and Supervision
FINRA will continue its focus on the review of member firms’ compliance with their supervisory and record-retention obligations with respect to social media and other electronic communications in light of the increasingly important role they play in the securities business. FINRA noted that these obligations apply to business communications irrespective of the medium or device used to communicate. Under U.S. Securities and Exchange Commission (SEC) and FINRA record-retention requirements, firms must ensure the capture of business-related communications regardless of the devices or networks used. To that end, member firms must capture and maintain all business-related communications in such a way that the firm can review them for inappropriate business conduct.
Additional Issues and Concerns
Cybersecurity
FINRA noted that cybersecurity threats remain one of the most significant risks many firms face, and in 2017, and to that end, FINRA intends to continue to assess member firms’ programs to mitigate those risks. While FINRA acknowledged that there is no one-size-fits-all approach to cybersecurity, they will continue to tailor their assessment of cybersecurity programs of each firm based on a variety of factors, including its business model, size and risk profile. Among the areas FINRA may review are firms’ methods for preventing data loss, including understanding their data (e.g., its degree of sensitivity and the locations where it is stored), and its flow through the firm, and possibly to vendors. FINRA may assess controls firms use to monitor and protect this data, for example, through data loss prevention tools. In some instances, they will review how firms manage their vendor relationships, including the controls to manage those relationships. The controls should be informed by a number of factors, including a clear understanding of any customer or employee personally identifiable information or sensitive firm information to which vendors have access. They may also examine firms’ controls to protect sensitive information from insider threats. The nature of the insider threat itself is rapidly changing as the workforce evolves to include more employees who are mobile, trusted external partnerships and vendors, internal and external contractors, as well as offshore resources.
FINRA noted two areas in which FINRA has observed repeated shortcomings in controls, and by inference, member firms should pay close attention to. First, cybersecurity controls at branch offices, particularly independent contractor branch offices, tended to be weaker than those at firms’ home offices. They have observed poor controls related to the use of passwords, encryption of data, use of portable storage devices, implementation of patches and virus protection, and the physical security of assets and data. Second, in multiple instances, member firms have failed to fulfill one or more of their obligations under Securities Exchange Act Rule 17a-4(f) that requires firms to, among other things, preserve certain records in a non-rewriteable, non-erasable format, commonly known as write once read many (WORM) format. This includes situations where vendor-provided email review and retention services did not fulfill SEA Rule 17a-4(f) requirements.. FINRA recently announced enforcement actions against 12 firms for, among other things, failure to preserve broker-dealer and customer records in WORM format.
Additional Industry Issues
While the top 6 priorities cover a lot of ground, FINRA also addressed a number of additional matters in the FINRA Exam Priorities Letter, including financial risks related to liquidity risk, financial risk management and credit risk policies, procedures and risk limit determinations under FINRA Rule 4210, supervisory controls testing, customer protection/segregation of client assets, AML and suspicious activity monitoring, municipal advisor registration and a number of market integrity issues, including market manipulation, best execution and market access.
Summary
Ultimately, based on the issues and concerns expressed by FINRA in the Exam Priorities Letter, it appears that 2017 brings FINRA member firms continued focused oversight by the financial industry regulators. To that end, the Exam Priorities Letter urges compliance staff, supervisors and senior business leaders to consider the topics addressed in the letter, and it’s clear that using the information as part of firms’ compliance, supervision and risk management practices can better protect member firms from FINRA. As a final note, the Securities and Exchange Commission is also releasing their 2017 list of exam priorities in the near future … it will be interesting to see how the two agencies exam priorities line up for 2017.