Not Fake News: FINRA 2018 Priorities
Elin Cherry, CEO, ElinphantAdaptions and “CliffsNotes” version of FINRA 2018 Priorities.All opinions are my views and do not necessarily reflect FINRA guidance. My recommendations offer proactive advice to address FINRA priorities in anticipation of a FINRA examination, sweep letter or inquiry.
I adjusted the topic structure to emphasize the priorities that I believe are newer, difficult to address or are more timely. I prioritized based on the current federal administration's focus on reducing regulations, as well as the recent DJIA records.“There is some laxity coming,” Mr. (Barney) Frank said. “Some bank regulators are probably more willing to trust the banks not to get in trouble. But the rules to prevent them from getting in trouble will still be there.” Trump Leads Deregulatory Charge. Hence, FINRA’s priorities may not be enforced as they were in the past, but the regulations will still be there.For some, the recent record-setting market highs are beginning to indicate a coming market correction. Seeking Alpha compares the current markets to Alan Greenspan’s “Irrational Exuberance” The Greatest Bubble Ever. If a significant market correction occurs, market integrity and financial operational rules will be back into focus as they were after the bear market of 2007 - 2009. Therefore, the order of priorities I’ll discuss in this blog post are: Operational and Financial Risk, Market Integrity, Fraud, Sales Practices, and High-Risk Firms and Brokers.The themes of the 2018 FINRA priorities are: trend technology, data integrity, cybersecurity, effective controls and cross market surveillance.
Operational and Financial Risks
| FINRA Commentary |
Recommended Action |
| Liquidity RiskTheir focus is on liquidity planning, strengths and weaknesses across firms, as well as adequacy of stress testing. FINRA will also consider whether the scenarios are consistent with its collateral resources and client activity. |
Note that FINRA will be comparing firms’ liquidity planning. Will this be done in examinations and/or sweep letters? At least ensure that your plan meets the elements laid out in Regulatory Notice 15-33. |
| Customer Protection and Verification of Assets and LiabilitiesFINRA always reviews firms’ net capital and reserve computations. This year they will focus on data integrity and accuracy as well as controls and supervision. They will also zero in on securities held by foreign custodians. |
Are you testing data and formulas? When was the last time you looked at financial reporting data integrity? Does some of your reporting rely on multiple system feeds, manual entries or spreadsheets? Consider vendor solutions that can consolidate this data and remove manual processes. If you have been using the same vendor for years, perhaps consider newer and more adept solutions (ones that can manage financials across market platforms). |
| CybersecurityIt’s not news, but cybersecurity is still an emphasis for FINRA and all regulators. What’s more interesting is that FINRA will review for suspicious activity reports (SARs) filed for cybersecurity breaches. |
Attend FINRA’s Cybersecurity Conference: I’m a fan of consistency, if applicable. For business continuity planning and cybersecurity, a firm will take many similar actions for both. When possible, use the same action. This helps not only when updating policies, but when carrying out drills or unfortunately, responding to an event. |
| TechnologyGovernanceChange management policies and procedures for information technology becomes more germane every year. Firms should maintain strong controls to prevent inaccurate, incomplete, untested or unauthorized changes to production environments. |
Review every system for testing capabilities prior to production. Testing environments can be expensive, so how do you test without a testing environment? Can you test in controlled productions? In terms of unauthorized access, consider a technology solution to ensure that access is regularly updated. Relying on a manual process, such as managers reviewing access annually, is risky. |
| Business Continuity PlanningHurricanes Harvey and Maria were a lesson for Texas and Puerto Rico member firms to review their plans. FINRA reminds firms to make their plans reasonable and operational. |
Take heed of global warming and update your natural disaster business continuity plan. Do you review your plan for terrorism threats? Terrorist tactics continue to evolve, and those changes should be incorporated into your plan. Your systems and personnel should be categorized correctly to identify mission critical functions during any emergency. |
| Anti-MoneyLaunderingFINRA continues to find deficiencies in firms’ anti-money laundering (AML) programs. FINRA is targeting, detecting and reporting suspicious AML activity. FINRA is interested in surveillance of accounts opened for affiliates, and accounts used in connection with security-backed lines of credit (SBLOC). |
A Brief History of AML Categorization in FINRA Annual Priorities Letter: 2018 - Operational and Financial Risks 2017 - Operational Risk 2016 - Supervision and Risk Management 2015 - Sales Practice 2014 - Business Conduct 2013 - Business Conduct 2012 - Not listed as a priority Notice that AML changed from a conduct risk to an operational risk. AML is no longer viewed as a sales problem, but a systems problem (controls and monitoring). Keep this in mind when reviewing and updating your program. Also consider the specific training required for technologists and operational employees, that is different than salesperson training. What action has your firm taken to address the new beneficiary rule? And if you are the Head of AML, why would you accept a rubber stamp independent test? With personal liability on the line, and of course the firm's interest in mind, encourage your firm to invest in quality independent testing. |
| Short SalesReview your short sales policies and procedures and monitor your fees. |
Confirm that the stated fees in your policies and procedures are the actual fees you charge. If compliance is not responsible for short sale fees, coordinate with operations. |
Market Integrity
| FINRA Commentary |
Recommended Action |
| Fixed IncomeData IntegrityData integrity is a priority for fixed income surveillance and trading (as it is with all trading, surveillance, financial reporting and books and records). In conjunction with Treasury securities reporting to TRACE, FINRA developed a suite of data integrity programs to monitor firms’ transaction reporting in Treasury securities. |
Order and trade management systems for all fixed income securities need to be automated. Manually entering trades into systems that may or may not connect to the back office are no longer acceptable. TRACE data by nature is more difficult to report. Firms need to automate fixed income orders and trades, not only for data integrity, but also for best execution reviews. |
| ManipulationCross market surveillance is the new buzz phrase. FINRA is looking at market manipulation across all products and markets. |
Your equity order management system (OMS) surveillance can no longer be the firm’s only trade surveillance tool. Manual data, accurate data and data transparency are all significant obstacles to creating a cross market surveillance system. While Fintech and Regtech vendors are working to address this cross market requirement, it has proven difficult to create software with the ability to ingest, digest and produce reliable surveillance from cross market activity. Firms should continue to monitor Regtech solutions that can handle cross market surveillance concerns. |
| Alternative Trading System SurveillanceFINRA will review alternative trading systems’ supervisory abilities for surveillance alerts related to potential manipulative activity. |
FINRA continues to develop and improve on its surveillance systems that create alerts. Firms can expect to see more regulatory inquiries, and they should be able to detect these alerts prior to FINRA’s detection. |
| OptionsFINRA has developed a surveillance to detect potential front running in correlated options products and will remain focused on this area. |
As with all other market integrity categories, the theme is market surveillance. FINRA expects firms to discover potentially fraudulent behavior before they do. |
| Regulation SHOOnce again FINRA is emphasizing Reg SHO. |
If there’s a market correction, you don’t want to be caught with your “shorts down.” Check your short sale procedures. Review your automated controls and ensure that they’re effective. Demonstrate that you have tested and reviewed your process and systems. |
| Market AccessFINRA will continue to review market access policies, procedures and controls. |
Ensure that you’ve done your annual review. Have you actually tested your policies, or just drafted them? In our recent experience, trader limits as well as annual market access testing, are weaknesses for many firms. In the case of a market disruption, lacking market access controls could be detrimental to a firm's financial stability. |
| Best ExecutionFINRA is expanding its equity best execution surveillance program to assess the degree to which firms provide price improvement when routing or internalizing customer orders. |
How often does your best execution committee meet? Do your best execution reviews contain relevant information that can be deciphered, or are exceptions like finding a needle in a haystack? If you utilize a vendor, when is the last time they tested the system? Are they able to respond in a timely manner to questions on exceptions or data? Make sure that you’re monitoring and supervising your best execution reporting vendor. |
| FraudFirms should submit a SAR for illicit activity involving exploitation of senior investors. FINRA will continue to review schemes targeting senior investors. |
Update your AML program and training to include reporting of illicit activity involving the senior investor exploitation. If you already specify certain types of suspicious activity within your policies/training, include ‘defrauding senior investors.’ Most importantly, ensure that your monitoring section references potential AML responsibilities. Review the FINRA 2017 examination and priorities letter and ensure you’ve implemented the referenced controls in your compliance program. |
Sales Practice Risks
| FINRA Commentary | Recommended Action | |||
| Initial Coin Offerings (“ICOs”) and CryptocurrenciesFINRA will continue monitoring developments in this cryptocurrency and ICOs, and refer ICO concerns to the SEC. |
Understand how cryptocurrencies, their exchanges and their futures operate, behave and interact. Determine your firm’s activity. Are your customers investing in cryptocurrencies directly through your firm? Are your sales people advising your customers on the purchase and sales of cryptocurrencies? Is your firm capital protected in case of severe volatility of cryptocurrency futures? Have you monitored and reviewed funds being sold to determine whether they include cryptocurrencies?
|
|||
| Use of MarginFINRA will examine whether firms and registered representatives have adequately disclosed the risk of margin loans, and have controls in place to prevent excessive margin trading. |
Review margin disclosures. Have they perhaps “fallen off” documents or are the outdated? Test your margin surveillance to ensure its correctly calibrated. |
|||
| Securities Backed Lines of CreditFINRA will review sales practices and operational obligations applying to SBLOCs. These reviews will consider new tax obligations as well as a potential market downturn. |
Ensure trade and operations surveillance are coordinated to identify improper use of SBLOCs, as well as concentration levels. |
|||
| SuitabilityAs they do every year, FINRA will continue to assess firms’ adequacy of controls to meet their suitability obligations.FINRA reinforced new product reviews as well as complex product training. |
Bottom line, don’t swindle your customers. Sell good products at reasonable prices and disclose how your firm profits. Senior investors, complex products, DOL fiduciary rule, fee disclosures and reasonableness are all reviewed under FINRA suitability regulations. |
|||
| High-Risk Firms and BrokersFINRA will continue to review controls for outside brokerage activities. Hiring and supervisory practices related to high-risk activities and brokers will continue as a focus, as will selling speculative products. |
If you haven’t automated employee trading and outside business activities, you need to! It’s street practice, regulatory expectation and less expensive than manual reviews. Good practice is to require outside business activities to be reviewed by employees annually, but also supervisors should review all past approvals annually. Just as you did before, monitor your high-risk brokers and activities and surveille speculative and complex products. |
|||
Conclusion & Top 8 Pieces of Advice
FINRA provided its annual roadmap on what to expect when you’re expecting a FINRA inquiry. The takeaway is data integrity and system controls. FINRA is also continuing to increase the number of compliance tools for firms. Take a look at FINRA Tools. I highlighted the FINRA tools initiative in FINRA: How to Ace the Exam.
Our top 8 pieces of advice:
- Read the FINRA 2018 Priorities Letter.
- Identify the topics affecting your firm.
- Review each identified topic and document the review.
- Read the 2017 Report on Examination Findings:
- Consider Robert Cooks’ Cover Letter.
- Attend the FINRA Cybersecurity Conference
- Ensure FINRA report cards are included in WSPs and are reviewed on a regular basis.
- Review FINRA Rules to be implemented in 2018.
[author]About the Author: Elin is the CEO Elinphant, a financial compliance consulting firm. In her current role, Elin leads a team of seasoned compliance officers who are skilled and knowledgeable in relation to each client’s business and needs. She believes that clients are best served by employing skilled professionals to execute on projects and is known for looking at compliance challenges as well as marketing and sales in an innovative and direct manner. Elin possesses deep experience in compliance programs, regulatory relations, testing and monitoring, compliance audits and capital markets, among others. Elinphant has advised as well implemented Compliance Programs in start-up financial and FinTech Firms. Prior to founding Elinphant, Elin was a Principal and the Head of Capital Markets at Compliance Risk Concepts, (“CRC”). In that role, she grew a book of business generating half a million dollars in revenue. Elin was charged with relationship management and the execution of client mandates as well as hiring and managing consultants. Elin marketed the firm through articles, blogs, speaking engagements. Prior to CRC, Elin was Director and Head of Business Unit Compliance, for CIT Group Inc. In this role, she was a member of the Compliance senior management team with responsibility for the US business compliance programs, business unit compliance officers, broker-dealer compliance, as well as the CIT Bank team. Elin was also employed with Societe Generale for six years, serving as Managing Director, Head of Global Markets Compliance and Deputy Director to the Chief Compliance Officer. Further, she served in senior compliance roles at Deutsche Bank Securities Inc. and Banc of America Securities. Elin brings strong leadership skills and experience that benefit our Compliance team.Elin holds a J.D. from the University of Denver College of Law and received her B.A., cum laude, from the University of Colorado. [/author]
