Just as regulators conduct risk assessments to determine what will be the focus of examinations each year, there is an expectation that industry firms will have risk assessment programs on a firm-wide and/or specific program level, including Anti-Money Laundering. For firms that have branch offices, the branch office examination program should be included in the risk assessment.
As the industry and regulators discuss the post-pandemic return to some form of on-site branch office examination program, firms should evaluate the risk associated with branch office activity and should conduct effective branch office examinations. Regardless of the branch office examination regulatory requirement in 2024, these requirements are the minimum requirements; a substantial number of firms adopt policies and procedures which exceed the minimum requirements. Oyster is aware that some firms did not avail themselves of the remote branch office examination program authorized by FINRA beginning in March 2020, and continued to conduct on-site branch office examinations.
Areas to include in a branch office risk assessment
- Does the firm have adequate technological resources to capture and analyze branch activity?
- Does the firm have cybersecurity and office security measures in place, such as entry code door locks and a “clean desk policy‘’ at the end of the day, to protect client information?
- Is the office an OSJ location which supervises non-OSJ or non-office locations?
- Do the demographics of branch office clients include a high percentage of elderly/vulnerable clients?
- Do RRs/IARs have significant disciplinary histories/client complaints?
- Are any individuals on heightened supervision/restrictions?
- Does the branch sell complex products?
- Do RRs/IARs have OBAs or engage in private securities transactions?
- Has a branch or number of branch offices been acquired from another firm?
- Did the previous on/off-site review, by the firm or a regulator, note an excessive number of compliance issues or lackluster response to corrective measures to address the issues?
- Does the branch office share office space with another company? If so, are there adequate barriers for privacy (such as phone calls or in-person office meetings with clients) and branch office records access?
- Are there policies and procedures around the use of approved/non-approved social media programs?
It is important to note that like policies and procedures, risk assessments are different for every firm, and should be designed based upon the products and services offered by the firm with the intent of protecting both the clients’ and firms’ interests. Also, like policies and procedures, risk assessments must be monitored and amended when necessary. Regulators have been approaching their exams and regulatory requirements from a risk-based perspective and use those assessments to evaluate how firms are controlling for the risks they have. The current regulatory environment places significant emphasis on customizing certain aspects of your compliance program based on the risks associated with your business model. A formal risk assessment allows for the Compliance and Supervision efforts to be more targeted to the higher-risk issues, protecting the firm as well as the investors. If you have not considered implementing a risk assessment, there is no time like the present.
Oyster consultants combine their knowledge to provide a comprehensive view of operations, trading, technology, finance and regulation. In addition to identifying and ranking the risks associated with the types of business at your firm, Oyster will provide recommendations for policy and procedural enhancements to achieve industry best practices for efficiently controlling those risks.
Oyster Solutions compliance software provides the tailored workflows you need to ensure your compliance program procedures, including branch exams, are being met consistently, that your results are documented, and follow-up actions are completed. Oyster Solutions also provides a customizable risk assessment, allowing you to prioritize your team’s efforts and work as efficiently as possible.
