Financial Institutions Law Alert

Today, FINRA released its 2019 Report on Examination Findings and Observations, which provides important lessons learned from the prior year’s examination, surveillance and risk monitoring programs. The 2019 Report marks FINRA’s third effort to provide member firms with more transparency and opportunity to improve procedures and controls in advance of examinations. This year, FINRA added “Observations” to the title in order to distinguish more clearly between findings (i.e., a determination of a violation) and suggestions for improving systems and practices. The Report is divided into four main topics: (i) Sales Practice and Supervision, (ii) Firm Operations, (iii) Market Integrity, and (iv) Financial Management. These topics are discussed below with FINRA’s key findings and observations.

1. Sales Practice and Supervision

  • Supervision. The Report includes the following findings:
    • Insufficient WSPs that fail to address new requirements, such as fixed income mark-up disclosures; new trusted contact person information requirements; temporary holds, supervision and record retention under new Rule 2165; and compliance with the amended AML Rule 3310, which incorporates new Customer Due Diligence obligations.
    • Supervision and internal inspections should be tailored to unique products and services offered at different branch and non-branch locations. FINRA found that many firms failed to both reduce branch inspections to written reports and follow through on the corrective actions reflected in those reports.
    • Inadequate supervision of account forms, including the failure to maintain accurate information in account documents such as statements and consolidated account reports, and the inadequate systems for preventing “accommodation forgeries” by registered representatives.
    • Insufficient supervision for restricted and insider accounts, margin accounts and options accounts. FINRA noted instances where firms failed to update watch and restricted lists, failed to detect unsuitable margin account activity, and failed to detect instances in which registered representatives circumvented sales limits through creating and cancelling fictitious orders.
  • Suitability. Similar to the supervisory findings, but specific to instances impacting customer suitability:
    • Inadequate supervision of product exchanges, such as the exchange of mutual funds, variable annuities and unit investment trusts;
    • Limited supervision to identify “red flags,” including patterns of recommendations across different risk profiles, time horizons and investment objectives and “unsolicited” transactions across customers in identical securities;
    • Changes to customer account information, particularly those contemporaneous with transactions that – but for the change – would have required greater supervisory scrutiny;
    • Churning – in particular, training supervisors to use exception reports to detect instances of excessive trading; and
    • Unsuitable, complex options strategies for unsophisticated customers. 
  • Digital Communications. With the increasing popularity of texting and social media use, FINRA found many firms faced similar challenges supervising and keeping records of certain forms of communication:
    • Firms should implement processes to detect the use of prohibited digital channel communications (e.g., WhatsApp, Facebook, etc.), such as advertising reviews, e-mail reviews and customer complaints.
    • Similarly, FINRA found instances of improper “electronic sales seminars” conducted by registered representatives through chatrooms or other digital forums.
    • Effective Practices: Firms should establish comprehensive governance to manage digital channels, define and control those channels that are deemed to be permissible, manage video content, implement mandatory training programs that clarify firm expectations and compliance, and appropriately discipline the misuse of digital communications. 
  • Anti-Money Laundering. The Report’s findings this year focused on transaction monitoring systems:
    • Inadequate transaction monitoring, including the failure to tailor monitoring systems to the firm’s business model, failing to consider securities trading as potentially suspicious activity, and improperly delegating AML duties to non-AML units (e.g., trading desks). In addition, FINRA highlighted the importance of detecting red flags arising from third-party wire transfers; and
    • Overreliance on clearing firms to monitor for suspicious transactions and file suspicious activity reports.
  • UTMA and UGMA Accounts. FINRA found that many firms failed to adequately know their customer, including the circumstances concerning the authority of a person acting on a minor’s behalf, and failed to take steps to monitor for and implement changes around the age of majority for a UTMA/UGMA client.
    • Effective Practices: FINRA recommends that firms track when each beneficiary reaches the age of majority, and notify custodians and registered representatives accordingly.

2. Firm Operations

  • Observations on Cybersecurity.
    •  Firms should maintain branch-level written cybersecurity policies and policies governing third-party vendor management; use formal incident response plans; encrypt confidential data; use system security patches for electronic resources; limit system and data access; manage an inventory of information technology assets; implement data loss prevention controls for sensitive information; provide cybersecurity training that is tailored to individual roles and responsibilities; and implement change management procedures. 
  • Business Continuity Plans. FINRA found that many firm BCPs failed to address the following topics:
    • Identity of all mission-critical systems, such as order management and vendor systems that process and manage financing transactions;
    • Insufficient capacity to handle increased customer activity during a business disruption;
    • Updates after significant operational changes at the firm;
    • Outdated emergency contact information;
    • Storage of critical working documents on local firm network; and
    • Failure to maintain registered principal registrations for those responsible for BCP review.
    • Effective Practices: FINRA recommends that firms engage in annual testing of BCPs to confirm updates, evaluate effectiveness, identify weaknesses, and incorporate lessons into employee training. 
  • Fixed Income Mark-up Disclosure. The Report reiterates the findings from FINRA’s 2018 Report and discusses the following additional issues:
    • Failure to include all firm compensation in the reported price of a transaction and when disclosing mark-ups and mark-downs;
    • Disclosure of sales credits and concessions as separate line items on confirmations in addition to mark-ups or mark-downs, creating confusion about the disclosed information;
    • Incorrect Prevailing Market Price determinations for fixed income transactions and inaccurate applications of the “contemporaneous” cost requirements of FINRA Rule 2121; and
    • Failure to display the accurate time of execution on confirmations and display of times that did not match trade times disseminated by EMMA and TRACE.

3. Market Integrity

  • Best Execution. The Report findings focus on execution quality reviews and conflicts of interest:
    • Firms should compare the quality of execution that could have been obtained from competing venues.
    • Firms must review execution on a “type of order” basis (i.e., market, limit, etc.).
    • Firms failed to evaluate all required factors for execution reviews, such as speed of execution, price improvement opportunities, and likelihood of execution of limit orders.
    • Firms must consider and address conflicts of interest relating to orders routed to affiliated trading systems and conduct “regular and rigorous” reviews of such systems.
    • Inadequate SEC Rule 606 disclosures, including the material aspects of the non-directed order flow routed to the Firm’s own trading desk, and material aspects of the Firm’s relationships with the venues on the Firm’s order routing reports (e.g., the amounts of payment for order flow and profit sharing relationships). 
  • Direct Market Access Controls. Recurring themes from both the 2017 and 2018 Reports:
    • Insufficient controls to address pre-trade order limits, pre-set capital thresholds, and controls for accessing alternative trading systems;
    • Inadequate financial risk management controls that address capital thresholds for trading desks and aggregate daily limits or credit limits on institutional clients and counterparties;
    • CEO certifications without adequate risk-management controls in place;
    • Inaccurate intra-day (ad hoc) adjustments that, in part, failed to return an adjusted financial limit to its original value;
    • Ineffective erroneous trading controls for duplicative and erroneous orders; and
    • Insufficient post-trade controls and surveillance that fail to aggregate records from multiple systems, thereby inhibiting a firm’s ability to conduct post-trade and supervisory reviews for market manipulation.
  • Short Sales.
    • Continuous net settlement deficiencies including the timely close out of age fails and the inaccurate calculation of pre-fail credits.
    • Effective Practices: Firms should periodically review their policies on rates charged in connection with short sales, and monitor the aging of short positions to determine whether original rates continue to be appropriate.

4. Financial Management

  • Liquidity and Credit Risk Management Observations.
    • Liquidity contingency plans for operating in a stressed environment should identify responsible staff and a defined process for accessing liquidity during a stress event.
    • Liquidity risk management plans should be updated to account for new or updated business activities.
    • Regularly conducted stress tests should consider off-balance sheet factors.
    • Periodic review and evaluation of the credit risk management control framework to confirm that it accurately captures the firm’s exposure to credit risk.
  • Segregation of Client Assets. Another recurring topic from the 2018 Report, FINRA’s findings in 2019 highlight check-forwarding and possession or control:
    • Omitted or inaccurate blotter information that fails to demonstrate, among other things, that checks were forwarded in a timely manner;
    • Inadequate possession or control processes, including (i) failure to obtain no lien letters from custodians and issuers; (ii) inability to identify deficits in fully paid and excess margin securities due to errors in formulas; (iii) failure to confirm segregation of fully paid securities at custodian banks; and (iv) failure to combine balances and positions for related customers to analyze whether carried securities exceed 140% of the customers’ debit balance;
    • Inaccurate reserve formula calculations that do not exclude concentrated margin debit balances; and
    • Coding errors for accounts held by joint customers, firm officers and foreign banks.

FINRA expects that the 2019 Report will enable firms to reinforce their control environments and address potential deficiencies before their next exam. A copy of the report is available here.

Practice Areas

Jump to Page