2024 FINRA Regulatory Oversight Report
On January 9, 2024, the U.S. Financial Industry Regulatory Authority (FINRA) released its Annual Regulatory Oversight Report providing member firms with insight into findings from FINRA’s Member Supervision, Market Regulation, and Enforcement programs.
The report focuses on the following items:
- Relevant rule(s)
- Key considerations for member firms’ compliance programs
- Noteworthy findings or observations from recent oversight activity
- Effective practices observed
- Additional resources
The 2024 report builds on previous reports with five returning topics and 17 subtopics. The following key topics remain a priority this year as in previous years:
Anti-Money Laundering (AML), Fraud, and Sanctions
FINRA Rule 3310 requires firms to develop and implement an AML program that is well designed to monitor for compliance with the Bank Secrecy Act and other AML regulations. This would include Customer Identification Programs, verifying the identity of legal entity customers, and responding timely to Financial Crimes Enforcement Network (FinCEN) information requests.
In the report, it is important to note that FINRA called out that firms mischaracterized certain formal relationships, inadequately verified customer identities, inadequately responded to red flags, and inadequately handled FinCEN information requests. It also observed that conducting formal risk assessments, delegating, and communicating AML responsibilities, and incorporating additional methods for verifying customer identities are effective practices to mitigate risks.
Exchange Act Rule 17a-4(b) and FINRA Rule 3110(b) require firms to maintain original communications that are sent and received related to their “business as such” in an easily accessible place. FINRA noted in the report that many firms failed to maintain electronic communications, and therefore this has become a particular focus area for the regulator.
FINRA is conducting risk-based reviews of how firms capture, monitor, and maintain business-related communications and will share any helpful observations and effective practices as they emerge from these reviews.
Regulation Best Interest (Reg BI)
Reg BI established a standard of conduct for firms and their associated persons regarding making recommendations to retail customers, including account recommendations. Reg BI requirements comprise of a care obligation, a conflict-of-interest obligation, a disclosure obligation, and a compliance obligation. It also requires firms to provide a Form CRS to retail customers, regardless of whether recommendations were made.
In the report, FINRA noted that firms failed to comply with the care obligation by recommending complex or illiquid products that were inconsistent with customers’ investment profiles. It also indicated that firms failed to properly deliver Form CRS by placing a CRS link in an email folder or including the form and other disclosures in a zip file attachment.
FINRA observed that creating notes to assess transactions that were recommended, including factors to consider when evaluating costs, reasonable alternatives, and updating customer information in client relationship management tools, is an effective practice to meet the care obligation. It also noted that implementing tracking systems for the Form CRS delivery is also a good practice.
The 2024 report also adds one new topic and three new subtopics within Market Integrity outlined below:
FINRA reminds member firms that seek to engage in crypto-asset–related activities to identify and address relevant regulatory and compliance challenges and risks. FINRA provided guidance in assessing a firm’s proposed crypto-asset securities business lines including cybersecurity, AML compliance, and customer communications. It also reminds member firms of their responsibility to supervise associate persons’ involvement in crypto-assets outside business activities and private securities transactions.
FINRA’s Advertising Regulation Department noted that crypto-asset–related communications have had a noncompliance rate significantly higher than that of other products. In response, FINRA began a targeted examination in November 2022 and, upon completion, will publish an update on findings and effective practices.
OTC Quotations in Fixed-Income Securities
The U.S. Securities Exchange Commission (SEC) issued a number of no-action letters providing relief, expiring January 4, 2025, from the requirement to review current issuer information for firms offering quotations for fixed-income securities.
In the report, FINRA noted supervisory control failures of firms offering quotations for fixed-income securities, including failing to conduct an analysis to confirm whether its quotations were exempt. It also observed that front-end surveillance, self-assessments, and effectively using third-party vendors are effective practices for managing quotations in fixed-income securities.
FINRA Rule 5120 prohibits the publishing or circulation of communications that purport to report transactions as a purchase or sale unless the firm believes the transaction was a bona fide purchase or sale.
In the report, FINRA noted member firms are overstating or inflating trading volume as a result of technological or procedural failures. Firms also failed to establish systems to supervise trading information that was disseminated by third-party service providers. It also observed that monitoring and reviewing reported trade data, and disseminated trade volumes are effective practices to avoid misrepresenting trade information.
Market Access Rule
Exchange Act Rule 15c3-5 requires firms to appropriately control the risks associated with market access to avoid jeopardizing their own financial condition, or the condition of market participants. The controls should also assure the integrity of trading on the securities markets.
In the report, FINRA observed member firms with insufficient controls related to order limits, capital thresholds, and erroneous orders. Other issues included no exclude types of orders like limit on close orders from a firm’s price control. Some firms also did not have sufficient controls around aggregated daily limits or credit limits. FINRA also found that some firms had an overreliance on their vendors. FINRA noted that pre-trade fixed-income financial controls, intra-day ad hoc adjustments, duplicate soft-block order controls, and controls testing are effective practices to mitigate risks.
FINRA advises firms to review the report and consider incorporating relevant elements into their compliance program in a manner tailored to their businesses. Some common elements of such reviews include the following:
- Applicability Assessments: Conduct a comprehensive review to identify report topics relevant to the firm’s business
- Risk Assessments: Incorporate report topics into the firm’s overall risk assessments
- Gap Analyses: Evaluate whether the firm’s compliance programs and procedures address report topics
- Project Team Reviews: Have the firm’s interdisciplinary teams review and address report topics
- Compliance Group Inclusion: Share copies of relevant report sections with compliance personnel
- Presentations to Business Leaders: Share action plans to address report topics
- Guidance: Provide notices to firm staff about key report topics
- Training: Add report topics to the Firm Element and other firm training events
In its report, FINRA provides the industry with guidance for its areas of concern for 2024. However, this report does not include all areas that the regulator will review during examinations. As part of their planning for 2024, it is important for firms to identify the risk areas pertinent to their business lines and review these areas for compliance with applicable rules and regulations. This priority list will provide a baseline for firms to confirm that their controls address key regulatory areas.
How we help
Broker-dealers have a number of obligations for FINRA, the SEC, and other regulators. ACA Signature can help.
ACA Signature is a scalable solution curated to suit your firm’s unique compliance needs. We combine compliance advisory, innovative technology, managed services, and cybersecurity to effectively address regulatory commitments and day-to-day responsibilities.
Reach out to your ACA consultant, or contact us to find out how we can help transform your firm’s compliance program.