On Feb. 9, 2022, the Financial Industry Regulatory Authority (FINRA) released its 2022 Report on FINRA’s Examination and Risk Monitoring Program (Report), in which it identifies its areas of examination focus for FINRA Member Firms (Firms) in 2022. This is the second year of FINRA’s new reporting system, which replaced the prior format for examination focus – the Risk Monitoring and Examination Program Priorities Letter. The Report builds on last year’s report by adding new areas (see February 2021 GT Alert) of focus and new materials related to established areas of focus.
The Report addresses several key topics from four distinct categories: Firm Operations, Communications and Sales, Market Integrity, and Financial Management. Highlighted areas from these four categories were:
- Regulation Best Interest (Reg BI) and Form CRS
- Consolidated Audit Trail (CAT)
- Order Handling, Best Execution, and Conflicts of Interest
- Mobile Apps
- Special Purpose Acquisition Companies (SPACs)
- Cybersecurity
- Complex Products
A more thorough discussion of these highlighted topic follows below. The Report also contains an Appendix that describes how Firms can use the Report in their compliance programs.
Reg BI and Form CRS
During the first full year of implementation of Reg BI and Form CRS, FINRA expanded the scope of its reviews of Firm practices, processes, and conduct in relation to both. This included establishing and enforcing adequate written supervisory procedures (WSPs); filing, delivering, and tracking accurate Forms CRS; making recommendations that adhere to Reg BI’s Care Obligation; identifying and mitigating conflicts of interest; and providing effective training to staff. In the Report FINRA further notes its initial findings from its Reg BI and Form CRS reviews during the past year and promises to share additional findings at a future date.
CAT
FINRA continued to evaluate Firms that receive or originate orders in National Market System (NMS) stocks, over-the-counter (OTC) equity securities, and listed options for compliance with Securities Exchange Act of 1934 (Exchange Act) Rule 613 and the CAT NMS Plan FINRA Rule 6800 Series (Consolidated Audit Trail Compliance Rule) (collectively, CAT Rules). The Report addresses compliance with certain obligations related to CAT, including reporting CAT information to the Central Repository and maintaining an effective supervision process (including clock synchronization performed by third-party vendors).
Order Handling, Best Execution, and Conflicts of Interest
FINRA also continued to evaluate Firm compliance with their best execution obligations under FINRA Rule 5310 (Best Execution and Interpositioning). FINRA says such oversight is a “cornerstone” of their monitoring programs and acknowledges it has evolved with changes in Firm business models, including but not limited to the “zero commission” model.
As noted in last year’s Report, FINRA launched a targeted exam that it carried out to “evaluate the impact that not charging commissions has or will have on the Firm order-routing practices and decisions, and other aspects of Firms’ business,” about which it expects to share findings at a later date.
In addition, FINRA is focusing on Firm compliance with Rule 606 of Regulation NMS, which requires broker-dealers to disclose information regarding the handling of their customers’ orders in NMS stocks and listed options. FINRA believes that the information provides transparency to customers and can help them in many ways including: understanding their Firm’s order routing and handling; assessing quality of order handling services provided by their Firm; and determining whether their Firm is effectively managing potential conflicts of interest that may impact their Firm’s routing decisions.
Mobile Apps
FINRA acknowledges the impact of mobile apps in relation to Firms attracting and interacting with customers. FINRA believes that such innovations can benefit investors in several ways, including increasing market participation; expanding product availability; and bolstering financial concept educating. However, FINRA also notes that these apps raise novel questions and potential concerns, such as encouraging retail investors to engage in trading activities and strategies inconsistent with their investment goals or risk tolerance, and questions about the apps’ interface designs and how that could influence investor behavior.
FINRA states it has identified significant problems with some mobile apps’ communications with customers and Firm supervision of activity on those apps (particularly controls around account openings). FINRA also has observed social media use of mobile apps to acquire customers, and recently initiated a targeted exam to assess Firm practices in this area. These targeted exams include Firm management of their obligations related to information collected from those customers and other individuals who may provide data to firms. Like many of the other highlighted topics, FINRA will share its mobile app review findings at a later date.
SPACs
FINRA also focused on SPACs due to the increased use of such vehicles – more than doubling from 2019 to 2021 – to bring companies public. While FINRA recognizes how SPACs can provide companies with access to diverse funding mechanisms and allow investors to access new investment opportunities, it has nevertheless increased its focus on broker-dealer compliance with regulatory obligations in executing SPAC transactions commensurate with their increased use. FINRA launched a targeted exam in October 2021 to explore a range of issue regarding SPACs, including how Firms manage potential conflicts of interest in SPACs, whether Firms are performing adequate due diligence on merger targets, and if Firms are providing adequate disclosures to customers. As with the rest of the highlighted areas of focus currently under review, FINRA will share its exam findings with Firms at a later date.
Cybersecurity
Cybersecurity threats are one of the primary risks to Firms and customers, and FINRA has observed increases in the frequency and sophistication of such threats. Two recent notable cybersecurity threats included phishing emails that fraudulently claimed to be from FINRA and new customers engaging in Automated Clearing House “instant funds” abuse. Additional cybersecurity threats FINRA has released guidance on concern increased use of bad actors using compromised registered representative or employee email accounts to execute transactions or move money; using customer information to gain unauthorized entry to customer email accounts, online brokerage accounts or both (i.e., customer account takeover (ATO) incidents); and using synthetic identities to fraudulently open new accounts. FINRA will continue to assess Firm cybersecurity programs to protect sensitive customer and Firm information. They will also share information on effective practices Firms can employ for themselves and customers and will share threat information as appropriate.
Complex Products
FINRA will continue to review Firm communications and disclosures made to customers in relation to complex products. Further, it will review customer account activity to assess whether Firm product recommendations are in the best interest of the retail customer, taking into account their investment profile and potential risks, rewards and costs associated with the product recommendations. In August 2021, FINRA launched a targeted exam to review Firm practices and controls related to the opening of options accounts that may potentially be used to engage in complex strategies involving multiple options (such as spreads). As with the rest of the FINRA exam targets, it will share its findings from the targeted exams at a future date.
Conclusion
FINRA continues to ensure Firms perform their duties and comply with FINRA, SEC, and other rules. Stakeholders should be aware that this list of priorities, while thorough, is not exhaustive, and that priorities and focus are subject to change due to current events and/or changes in the law.