On January 9, 2020, FINRA released its 2020 Risk Monitoring and Examination Priorities Letter. While many of the priorities are continuations from previous years and all areas are important, the recent Letter pointed to some new or refined focus areas:
Regulation Best Interest: There are still many firms that have not started the implementation process, and others are in varying stages of implementation. Both categories should note that according to the Letter, prior to the implementation date of June 30, 2020 FINRA examinations will review for progress made on compliance. Post-implementation reviews will test actual good faith efforts by firms to comply with the regulation.
Cash Management and Bank Sweep Programs: Bank Sweep Programs may offer useful features to customers, including check writing and debit cards, and in some cases, may offer higher-than-average interest rates. FINRA’s exams will focus on concerns about firms’ compliance around communicating all aspects of and alternatives to these accounts.
Sales of Initial Public Offering (IPO) Shares: FINRA will review firms’ obligations under FINRA Rules 5130 (Restrictions on the Purchase and Sale of Initial Equity Public Offerings) and 5131 (New Issue Allocations and Distributions), particularly controls to prevent “spinning,” aggregate demand calculations and reporting, and allocation methodologies and procedures.
Consolidated Audit Trail (CAT): Once firms begin reporting in April 2020, FINRA will initiate surveillance and investigative programs to review firms’ compliance with CAT.
Direct Market Access Controls: FINRA will assess firms’ compliance with Exchange Act Rule 15c3-5 (Market Access Rule), focusing on issues relevant to firms’ business activities and associated risks.
Digital Assets: New Member Applications and Continuing Member Applications are being received from firms seeking to engage in activities related to digital assets. FINRA will continue to work closely with the SEC to understand firms’ business plans and determine how securities laws apply to those plans.
Cybersecurity: Cybersecurity has become an increasingly large operational risk. Firms should expect that FINRA will be assessing whether their policies and procedures are reasonably designed to protect customer records and information.
Technology Governance:Reliance on technology for many aspects of firms’ customer-facing activities, trading, operations, back-office and compliance programs exposes them to technology-related, compliance, and other risks. Issues with change- and problem-management practices can expose firms to operational failures that may compromise their ability to comply with Business Continuity Plans, Supervision rules, and regulations. FINRA will be looking at modifications to Business Continuity Plans, mitigation controls, testing and procedures for tracking and remediation.