Compliance Deficiencies Targeted in FINRA’s 2018 Examination Findings Report

The Financial Industry Regulatory Authority (“FINRA”) recently issued its 2018 Examination Findings Report that reflects a summary of its examination findings for broker-dealers (“firms” or “members”) in 2018.   For members, the report gives a view of what FINRA has focused on in 2018, and what can be expected to been seen in FINRA’s 2019 examination program.

Ultimately, the Examination Findings Report focuses on selected observations from recent FINRA examinations that were considered worthy of highlighting, due to their potential impact on investors and markets, or the frequency with which they occur.  To this end, the Examination Findings Report describes practices the organization has observed to be effective in certain circumstances. Specifically, the report focuses on suitability for retail customers, fixed income mark-up disclosure, reasonable diligence for private placements and abuse of authority, followed by a summary of additional observations.  The following summarizes a number of the pertinent aspects of the report.

Suitability for Retail Customers

With respect to retail customer suitability issues, FINRA observed that a number of firms had an overconcentration in complex structured notes or sector-specific investments, as well as illiquid securities, such as non-traded real estate investment trust (REITs), which were unsuitable for customers and resulted in significant customer losses. Additionally, excessive trading became issues where firms failed to establish and enforce an adequate supervisory system reasonably designed to identify and prevent potentially excessive trading in customer accounts.  Another area of concern included the unsuitable variable annuity recommendations.  To this end, FINRA observed that some firms failed to establish, maintain and enforce supervisory systems and WSPs reasonably designed to ensure that representatives’ recommendations of variable annuities complied with suitability obligations.

The examinations of volatility-linked products included a focus on unsuitable recommendations, firms’ lack of due diligence that addressed volatility-linked products’ unique characteristics and risks, such as the potentially magnified impact volatility in the VIX index and VIX futures, as well as operational features of the volatility-linked products themselves, which could affect the products’ performance. Additionally, FINRA noted that some firms had insufficient systems and controls in that firms did not address the risks of offering complex leveraged, inverse and volatile products, including volatility-linked products, to retail customers.

Due Diligence on Private Placements

FINRA observed that there was a lack of reasonable due diligence for private placements.   The exam deficiencies included a lack of reasonable diligence, an overreliance on third-party due diligence consultants, experts or other third-party vendors and use of potentially conflicted third-party due diligence.

Fixed Income Mark-up Disclosure

FINRA observed that, in implementing the changes required by the amended FINRA and MSRB rules, some firms faced challenges relating to their confirmation review processes, systems and vendors.  Of interest was the observation that some firms failed to provide disclosures to certain customers because they identified those customers’ accounts as “institutional” even though they did not meet that definition in FINRA Rule 4512(c) (Customer Account Information) or MSRB Rule G-8(a)(xi).  Additionally, firms utilized improper security-specific hyperlinks and brief descriptions.  FINRA also noted that some vendors did not always identify the correct PMP from which to calculate mark-ups and mark-downs. For example, instead of using the prices of a firm’s own contemporaneous trades, which were available to be considered, a vendor’s program incorrectly identified PMPs using lower levels of the “waterfall” as described in FINRA Rule 2121.02 (Fair Prices and Commissions) or MSRB Rule G-30.06. As noted in FINRA Fixed Income Confirmation Disclosure: Frequently Asked Questions (FAQ) Section 3.6 and MSRB Confirmation Disclosure and Prevailing Market Price Guidance Frequently Asked Questions Section 3.6, whenever firms engage third-party vendors to determine PMP on their behalf, firms retain compliance responsibility and must exercise due diligence and oversight.

Abuse of Authority

FINRA has observed situations where some firms or registered representatives exposed investors to unnecessary risks and firms had not established controls—including those to comply with obligations under NASD Rule 2510 (Discretionary Accounts)—to mitigate those risks.  No authorization was an issue where registered representatives exercised discretion in customer accounts without the customers’ prior written authorization or the firm’s approval of the discretionary account.  Expired authorizations were also problematic where registered representatives exercised discretion after the authority to do so had expired.  Additionally, the mismarking of order tickets was an issue where registered representatives mismarked order tickets to obscure unauthorized discretionary trading by indicating that trades were executed in a solicited capacity, when, in fact, customers did not initiate the transactions and were unaware of the trading occurring in their accounts.  In other instances, registered representatives made false statements on the firm’s compliance questionnaires and attestations regarding discretionary authorization, or had customers sign blank suitability or new account forms.  Finally, the abuse of trustee status occurred when registered representatives convinced senior investors to establish trusts and name the representatives as trustees or co-trustees in order to take control of the trust assets and direct funds to themselves.

Additional Observations

Anti-Money Laundering.  FINRA continues to observe challenges in some firms’ compliance with their anti-money laundering (AML) obligations pursuant to FINRA Rule 3310 (Anti-Money Laundering Compliance Program), the Bank Secrecy Act (BSA) and U.S. Department of the Treasury regulations.  Further, FINRA notes that FinCEN’s Customer Due Diligence (CDD) rule became effective on May 11, 2018, and requires that firms identify beneficial owners of legal entity customers, understand the nature and purpose of customer accounts, conduct ongoing monitoring of customer accounts to identify and report suspicious transactions, and—on a risk basis—update customer information.

A number of the issues observed in the AML examination program included questionable ownership status of foreign legal entity accounts, lack of documentation of investigations of potentially suspicious activity and irregular and or undocumented 314(a) Searches.

Accuracy of Net Capital Computations.  The exam findings related to net capital computations included insufficient documentation regarding expense-sharing agreements, incorrect inventory haircuts and inaccurate operational charges.

Operations Professional Registration.  FINRA has observed that some firms continued to permit unregistered staff to engage in certain activities that would require Operations Professional registration, including firms designating unregistered individuals to approve general ledger journal entries; firms designating unregistered individuals to act as supervisors of various financial functions, including disbursement of funds, settlements, buy-ins and fails and possession or control; and firms allowing unregistered staff to approve the business requirements of trading systems related to covered functions.

DBAs and Communications with the Public.  FINRA observed deficiencies relating to FINRA Rule 2210 (Communications with the Public) at some firms that permit their registered representatives to conduct firm business activities using a DBA name. Some firms using the independent contractor business model faced additional challenges because of the relative autonomy of their registered representatives and branches. In particular, FINRA observed that certain firms did not maintain sufficient WSPs and controls, or provide adequate disclosures regarding the use of DBA names. Additionally, some registered representatives’ retail communications and correspondence concerning firm business did not comply with FINRA Rule 2210(d)(3) (Communications with the Public) because those communications included the representative’s DBA name, but did not prominently disclose the firm’s name and the fact that securities were offered through the firm. Finally, it was observed by FINRA that some registered representatives’ websites did not contain a “readily apparent reference” and hyperlink to FINRA’s BrokerCheck on the web pages that included the representatives’ professional profiles, as FINRA Rule 2210(d)(8)(A) (Communications with the Public) requires.

Takeaways From the 2018 Examination Findings Report

The examination findings report does not purport to represent a complete inventory of the observations about the industry that FINRA made during 2018; however, the observations should be helpful to members so as to allow them to improve their compliance practices and processes based on the experiences of other firms.  The observations should also allow members to better anticipate and address potential areas of concern in advance of their own examinations. With that in mind, member firms should review their current regulatory compliance program and determine if they are impacted by any of the item noted by FINRA.  If so, action will be needed to address those deficiencies to ensure that they don’t become an examination statistic for 2019.