FINRA: A New Advisory Approach

Regulators are doing more to help members comply with the rules, and looking closer at cybersecurity, AML and outside business activities

With the number of broker-dealers declining for the past several years, the Financial Industry Regulatory Authority (FINRA) has been making some changes focused on helping small broker-dealers stay in business while complying with regulations. These changes include focusing on centralizing enforcement actions and increasing transparency with common examination findings.

Consolidated enforcement approach

FINRA has also consolidated its enforcement approach last year. Enforcement used to be conducted by regions around the country, with each region, for the most part, managing violations with some autonomy which could create inconsistencies. What was treated as a minor infraction in one part of the country might have been treated as a serious violation in another area.

Under the new consolidated system, a single enforcement lead helps keep sanctions consistent across regions. In addition to leveling the playing field for broker-dealers regardless of physical location, this change also makes it easier for FINRA to publish examples of violations and sanctions.

Increased transparency

In addition, FINRA now publishes its most common findings from each year of exams (in particular, its most common exceptions that it wants to make members aware of). These may be findings that are potentially significant, or findings that appear frequently, or findings that could have a large impact on investors or market integrity. These published findings can help guide members awareness of common deficiencies, which may allow them to consider new processes or procedures they should implement – or existing ones they should reevaluate and possibly enhance.

This year, both FINRA and the Securities and Exchange Commission (SEC) are focusing their exam priorities around cybersecurity, anti-money laundering procedures, outside business activities, and private securities transactions.

Focus on cybersecurity

For FINRA, the focus on cybersecurity is a continuation of past years. In 2016 FINRA responded to an uptick in cyberattacks by publishing a checklist that small firms can use to help conduct their own cybersecurity assessments. Using the checklist does not create a “safe harbor” with respect to FINRA’s rules; it’s just a place where small firms can start.

Today cyberattacks happen so often that it’s more a question of when than if a firm will be attacked. Firms are expected to think about whether they have the proper system and procedures in place to handle incident response following an attack so they can return to normal operations in a timely manner, and whether employees have been trained in activating that system. In examinations, regulators will be looking at firms’ establishment and implementation of cybersecurity policies and procedures as well as reviewing whether they have conducted assessments to identify weaknesses and implemented mitigating controls.

Broker-dealers should also be mindful of the sensitivity of client information and how easily a cyberattack could expose that information. Many firms, especially smaller ones, may not be paying enough attention to cybersecurity, and FINRA is looking for that to change.

Focus on anti-money laundering

Identifying and reporting suspicious activities has long been a  concern for FINRA. Recently, FINRA has concentrated on members’ supervision and reporting of potentially suspicious activity, and it especially pays attention to firms that don’t file suspicious-activity reports.

Firms are expected to implement reasonably designed AML programs, including surveillance of client’s overall activity; identify the money-laundering-related red flags that may arise in their particular line of business; and report suspicious activity. Oftentimes, firms review daily, weekly, and monthly reports, but don’t identify specific accounts that should be checked more holistically for potential red flags.

Focus on outside business activities

Finally, FINRA is emphasizing that member firms keep track of employees’ outside business activities and transactions and any related risks. Regulators will be looking at whether firms have policies and procedures in place to help identify potential conflicts of interest of such outside business activities and determine whether such activities may be considered as private securities transactions.

Contact me or another member of Kaufman Rossin’s risk advisory services team to learn more about FINRA compliance and how we can offer additional support to your compliance efforts, including strategic compliance solutions, internal controls development and assessment, risk assessment, and anti-money laundering independent testing. Your regulatory consultant can help with questions related to interpretive guidance, best practices, implementation and other business issues.