FINRA’s Annual Report Is Out – Here’s What You Need To Know

By Ed Wegener, Candy Palugi and Sarah Sutton

Water drop making ripple on multicolored base and black background

Each year, financial services industry regulators produce what are generally known as Exam Priorities. In this podcast episode, our Compliance experts review FINRA’s exam priorities – what’s new along with the highlights you should be aware of. This annual report is a helpful tool to identify what FINRA is seeing during their examinations and what areas FINRA will be focusing on in the coming year. Learn how broker-dealers can use this tool to assess their supervisory system and make sure it is addressing the areas on which FINRA will be focusing.


Transcript provided by TEMI

Libby Hall: Each year, industry regulators produce what are generally known as exam priorities. Today we’re going to go over FINRA’s priorities published in its annual report, what’s new, and some of the highlights you should be aware of so you can turn them into action items for your compliance program. With me today are some of Oyster’s, Governance, Risk and Compliance experts, Lisa Robinson, Candy Palugi, Sarah Sutton, and Ed Wegner. Ed will be leading our discussion today. So let’s get started. Ed.

Ed Wegener: Well, thank you Libby. And hello everyone. I am Ed Wegner and I am the Practice Lead for Governance Risk and Compliance at Oyster Consulting. It’s that time of year again, and FINRA’s issued their report on examinations and risk monitoring for 2023. And we’ve always found that these reports are a great tool for broker dealers to help identify what FINRA’s seeing during their examination and what areas they’ll be focusing on in the coming year. And you can use that as a tool to look at your supervisory system and make sure that you’re addressing all the areas that they’re focusing on. So we thought that it’d be a good idea today to highlight the areas that FINRA’s going to be focusing on in 2023, and then we can follow up in future discussions with deeper dives into specific areas of focus. I’m very fortunate to have joining me in today’s discussion, Sarah Sutton, Candy Palugi, and Lisa Robinson.

Sarah has 22 years of experience in the financial services industry on the revenue operations and compliance sides of the business. She provides a number of services for our clients, including ongoing compliance, program support, and compliance reviews. Candy has over 20 years of experience in the financial services industry as well and has extensive experience with broker dealer and RIA regulation and compliance. And Lisa is our newest member to the Oyster team. Lisa joins us from FINRA where she was most recently a senior director, and she spent over seven years as the head of FINRA’s membership application group. Lisa’s perspective as a former senior leader at FINRA, I think is going to be really helpful in today’s discussion. So really appreciate you all joining us. Let’s get into it. This year’s report is organized very similar to how it’s been organized in past years, but there are some differences. One of the differences is they’ve added a new category for financial crimes. And Lisa, I was wondering if, given your experience with FINRA, you can maybe talk about how that particular area has developed and, what types of things are focusing with respect to financial crimes.

Lisa Robinson: Sure, Ed thanks and I’m happy to be here. As you may know, not too long ago, FINRA formed NCFC -National Cause Financial Crimes Group within the Department of Member Supervision. Within this group are a team of specialists that focus on areas of AML, cyber, financial, intelligence  and fraud amongst other areas. The topics listed under this new financial crime section are cyber security and technology governance, AML, fraud and sanctions, and manipulative trading, which is also a new category for the report.  FINRA notes that they brought in the content of the report with this new financial crimes area to highlight the increased focus on protecting investors against these ongoing threats. Also, there is clearly a nexus across the topics and units within a broker dealer should work with the business to help identify and escalate red flags. It’s just another example of how the report is meant to evolve and help member firms strengthen their compliance program.

There are just a few items I wanted to highlight that are in this new financial crime section one for AML. I think it’s great that as an effective practice FINRA noted for firms to conduct formal written AML risk assessments, I think it’s really helpful for firms to have that. Also, I mentioned the manipulative trading is a new category for the report. Some of the observations and effective practices in this category cover items such as ensuring your firm surveillance systems are monitoring for patterns of suspicious trading activity. Red flags, taking a better look at firm surveillance thresholds and monitoring activity occurring across related multiple platforms that may also involve related financial instruments. So just a lot of really good information under this new financial crime section.

Ed Wegener: That’s great, Lisa. You know, one of the things you had highlighted is fin risk discussion around the AML risk assessments. And one of the services that we offer to our clients is conducting AML testing. And as part of that testing, one of the things that we look for is to see if firms are doing regular AML risk assessments. And one of the questions that comes up often is, is there a rule that requires these risk assessments? And while the rule doesn’t specifically require that firms do risk assessments, it in discussions with FINRA, they really think that it’s implied in the rules themselves because the rules do require that you have a risk-based AML compliance program. And in order for a compliance program to be risk-based, you really have to understand where those risks are.

And so I think the expectation of FINRA is that you’re doing ongoing risk assessments and knowing where your risks are in order to have an effective AML program. But it is one of the areas that we have a lot of discussion with our clients. So I’m glad that they raised that at least as an effective practice and really think it’s something that firms should focus on as part of their AML programs. So Sarah, I wonder if you could talk a little bit about one of the other areas that they have focused on and that’s firm operations. What are they looking at when they talk about their expectations with respect to firm operations?

Sarah Sutton: Sure, thanks, Ed. They list six different items. They’ve got outside business activities, private security transactions, books and records, regulatory events, reporting along with firm short positions and fails to receive in municipal securities, trusted contact persons along with funding portals and crowdfunding offerings. A couple of the items, we can’t dive into all of them today, but with outside business activities and private security transactions, this has been something that that folks and registered individuals have been reporting for a long time. And just making sure that you have a process in place to ensure that you’re obtaining this information is half the battle. So having the proper questionnaires in place, having due diligence around those, once the outside business activities are provided to you by the employee, actually really looking to see what they’re involved in, not just signing a sheet of paper as a lot of firms have over the years.

If you look at the findings that FINRA posted, they didn’t really look at the compensation side of some of these outside business activities. And that also applies to the personal securities transactions as well. Another item that they noted in their findings is no documentation or limited documentation. Another item is following up. If an employee has an outside business activity or a private security transaction today, it may look different a year from now, two years from now, or five years from now. So does your firm have a process for going in and looking under the hood to see what’s really involved in that activity or in that transaction that the employee’s involved in? Knowing that I think is half the battle and making sure that you have the proper documentation in place is very important as well. One of the things too that we notice is compensation.

A lot of the times, over time an activity or a transaction will look different. So one thing firms have not been doing and some of the things that FINRA has noted are, is the firm looking at the compensation that the employee’s receiving as part of that activity? And I think those are important things to make sure are noted in the procedures part of the due diligence and also part of training for their employees. Another one of the six items that I know has come up this, this is fairly new, is the trusted contacts. FINRA requires firms to make a reasonable effort to obtain a trusted contact for its retail clients. So one of the things with trusted contacts is for the reasonable effort, it’s included in our custodians new account documentation. But I feel it’s just as important as making sure you have all the proper documentation when you open an account.

Best practice to ensure that you are getting this information for your clients is to just incorporate it into either an annual reported review. So when you’re reviewing the client’s account information and looking at their beneficiaries that they have listed, one of the things is just to also go over their trusted contacts that they have or may not have yet listed. One of the things to really kind of hone in on is, I think, training has to be a part of a firm’s process in making sure that they have the trusted contact information. Because I think a lot of the time people think, oh, I don’t want to put someone on my account that’s going to be able to find out information about me. But if you truly look at what a trusted contact can do, it’s very, very limited in scope and it’s more for just an additional resource for a firm to be able to handle and take care of our clients.

Another item that they mentioned is the financial exploitation of specified adults. So by having that trusted contact, that gives you that additional layer of help to be able to, number one, get a hold of someone that knows the client, and also gives you the ability to place temporary holds on specific situations that you feel are not in the best interest of the client. Some of the findings that FINRA notes are firms that are just not attempting to get this trusted contact person information – no written disclosures, no training. So these are all things that are very easily rectified. It’s more of just making sure that everyone is aware. I think half the battle is just making sure that the clients are aware. I think when you’re adding another individual to their account, putting their information along with their personal information on the new account application, making sure that they understand what the trusted contact means and what information they have access to is very important.

Ed Wegener: Thanks, Sarah. Those are really important areas, especially senior exploitation. It’s a major area of focus for regulators and something that people should really be paying a lot of attention to. They’re very much focused on senior issues when they conduct their examinations, and we’ll be looking to see what efforts firms are taking to identify trusted contacts. So it’s important that at a minimum that you document your efforts there. Candy, with respect to sales and communications, what are areas that they’re focusing on? Not surprisingly, it looks like they’re spending a lot of time focused on Reg BI.

Candy Palugi: Yes, thanks, Ed. That’s right. No surprises really in this area. They highlight communications with the public, private placements and variable annuities along with Reg BI as some of their priorities, which you know, continue to be from prior years in communications. They are including communications related to options, municipal securities communications, as well as digital communication channels like texting. And as we all are aware, there have been several newsworthy enforcement actions taken against firms not really supervising digital communication channels as they should be. So that’s something that everyone should probably pay close attention to this year and ensure that they are compliant, truly compliant, and not just overlooking what’s going on by saying that they have prohibited it. And then of course there’s Reg BI and Form CRS, I believe is really the largest aspect in this category. FINRA has been examining firms implementation of Reg BI and form CRS since 2021.

Some of the findings that they note in this publication that they see recurring are insufficient training and guidance to associates on how exactly they can meet compliance objectives, such as evaluating costs, considering alternative products, and then where to document these reviews. They also have highlighted incomplete customer profiles. Not having the relevant information for your customers makes making a recommendation difficult and not completely disclosing conflicts of interest and another item that keeps recurring, such as revenue sharing. They are also finding firms not enforcing their Reg BI procedures, even when they seem to have compliant procedures on the books. No one’s enforcing them or they don’t have details highlighting who’s responsible for enforcing those procedures at the firm. They have also found many firms are declaring regs beyond form CRS do not apply to them, which in most cases is not accurate.

Just because you don’t make recommendations on transactions maybe doesn’t mean that it doesn’t apply to you. So if there are firms that are declaring that, they should take a second look and look at all the guidance that’s been put out there related to that. FINRA also states that they expect firms to regularly review and update their approach to compliance with Reg BI and form CRS specifically considering any new guidance issued by the SEC and, of course, by FINRA. I think Ed, that we can expect this to continue to be a major focus of FINRA and the SEC for some time.

Ed Wegener: Thanks Candy. All very important issues with respect to sales and communications. Some of the other areas that they’re focused on broadly are market integrity and financial management with respect to market integrity. Some of the areas that they’re focusing on, that they focused on in past priorities letters, include the consolidated audit trail or CAT best execution. And regs show new things for this year with respect to market integrity include fair pricing of fixed income securities and trading and fractional shares. With respect to financial management, FINRA’s continuing to focus in on firms net capital and ensuring that they’re meeting their net capital requirements and that they’re computing it correctly. They’re focusing in on risk management with respect to liquidity and credit risk, focusing on portfolio margining and also importantly, customer protection and segregation of customer assets, all of which will be areas that they’ll be focusing in on in the coming year.

So really appreciate you all joining us today. Looking forward to, in future podcasts, doing deep dives into particular priorities, helping our clients to navigate the areas that the regulators are looking at. So really appreciate it. I would recommend too, if you have time, to go to our website and listen to earlier podcasts that we’ve done, including a recent podcast that we did on managing regulatory examinations and best practices around that. So thank you very much. Really appreciate it, and we’ll talk to you soon.

Libby Hall:  Thanks everyone for listening. If you’d like to learn more about our experts and how Oyster can help your firm, visit our website at And if you like what you heard today, follow us on whatever platform you listen to and give us a review.  Reviews make it easier for people to find us.  Have a great day.

About The Podcast Speakers
Photo of Ed Wegener

Ed Wegener

Ed Wegener is an innovative compliance, risk management and supervisory controls expert with deep understanding of Federal Securities Laws and the rules of self-regulatory organizations, as well as technology optimization and risk mitigation. Prior to joining Oyster, Ed held several posts in FINRA, most recently as  Senior VP and Midwest Regional Director.

Photo of Candy Palugi

Candy Palugi

Candy Palugi is a Financial Services professional with over 20 years of industry experience. Candy has extensive expertise in broker-dealer and RIA regulation, including FINRA, SEC, MSRB, DOL and state agencies. Her expertise also includes firm merger/acquisition process management and controls testing. Prior to working with Oyster, Candy served in various Compliance roles for B. Riley Wealth Management, a dually registered broker-dealer and investment advisory firm. Candy also served as Assistant Vice President, Product Manager and as Registered Options & Securities Futures Principal for Morgan Keegan & Co.

Photo of Sarah Sutton

Sarah Sutton

Sarah Sutton has over 20 years of experience in the financial services industry on both the revenue and compliance sides of the business. Her expertise includes compliance supervision, leading firm and regulatory examinations, regional and retail branch management, brokerage and clearing operations, developing and implementing advisor best practices along with technology training, financial planning delivery and implementation, advisor and firm transition management to new firms and channels, and project management for advisor and client solutions.

View Our Team