On December 6, the Financial Industry Regulatory Authority (FINRA) released a summary of findings from its examinations of broker-dealers (Summary Report). As part of FINRA’s mission of investor protection and market integrity, FINRA conducts regular examinations of its broker-dealer members, with each broker-dealer being examined at least once every four years. FINRA prepares a report—which is only available to the examined FINRA member—based upon the examination findings, and the members are required to address issues identified in this report.
FINRA issued the Summary Report in response to member requests that FINRA make available an anonymous summary of observations from the examination program, so that members can further improve their compliance functions based upon the experiences of other members, and better anticipate and address potential areas of concern before their own examinations occur. The Summary Report contains selected observations from recent examinations that FINRA considers worth highlighting due to their potential impact on investors and markets or the frequency with which they occur.
Some highlighted observations set forth in the Summary Report include:
Cybersecurity: FINRA identified various areas in which member firms could improve their cybersecurity programs, such as enhancing system access management controls, implementing a formal risk assessment process and strengthening data loss prevention measures (such as prohibiting transmission of social security numbers and establishing thresholds to flag or block large file transfers to outside or untrusted recipients);
Outside Business Activities (OBA) and Private Securities Transactions (PST): Problems observed by FINRA in this area include individuals failing to notify the member firm of their OBAs and PSTs and weaknesses in certain firms’ OBA and PST reviews (such as failing to collect/maintain supporting documents or failure to execute reviews in sufficient depth);
Anti-Money Laundering (AML) Compliance Program: Problems observed by FINRA in this area include failure to maintain adequate AML policies and procedures (such as failing to expand the AML program with a business or as the business evolved), placing AML program responsibilities with inadequately trained personnel, lack of adequate resources provided to AML departments and failure to ensure the independent testing required under FINRA Rule 3310(c) included a review of how the firm’s AML program was implemented;
Best Execution: FINRA found that some firms failed to implement and conduct an adequate regular and rigorous review of the quality of the executions of their customers’ orders (such as failing to compare the quality of order routing obtained by a firm’s order routing and execution arrangements with competing markets, failing to conduct reviews of certain types of orders and failing to consider factors, such as speed of execution, price improvement and the likelihood of execution, when conducting regular and rigorous review); and
Market Access Controls: Problems observed by FINRA in this area include failure to establish reasonable pre-trade financial thresholds or perform adequate due diligence to substantiate firm-assigned thresholds; failure to consider capital and credit usage in the aggregate; failure to tailor erroneous or duplicative order controls to particular products, situations or order types; failure to consider the character of the market at the time of order entry; and allowance of an alternative trading system to set capital thresholds for fixed income orders (with some firms unsure of what their thresholds are and no means of monitoring their usage during the trading day).
In addition to the highlighted observations, FINRA also observed problems relating to product suitability, unit investment trusts, multi-share class and complex products, training and several other areas. FINRA expects that the Summary Report will evolve over time as it works to support members’ compliance and supervisory efforts.