FINRA Announces Its 2021 Risk Monitoring and Examinations Report

Publish Date


Compliance Alert


  • Compliance

On February 1, 2021, FINRA released the FINRA Risk Monitoring and Examination Activities Report. The report provides guidance on FINRA’s current examination priorities and describes its examination findings during the past year.

The report focuses on four key topics:

  • Firm operations
  • Communications and sales
  • Market integrity
  • Financial management

Each topic area is broken down into subtopics addressed in terms of the following areas:

  • Related considerations and regulatory obligations – In these areas, FINRA identifies the regulations relevant to each subtopic and describes the types of questions FINRA might ask while examining that area.
  • Exam findings and effective practices – Here, FINRA summarizes “noteworthy” findings from recent examinations, which includes noting emerging risks, and lays out effective practices for improving controls in certain areas.
  • Additional resources – For each subtopic, FINRA lists the relevant regulatory notices and other related tools.

The report also highlights several additional emerging risk areas and lists several actions broker-dealers might consider taking to address potential issues.

We've compiled salient information from the report for FINRA’s topics and subtopics regarding related considerations, exam findings, effective practices, and/or emerging risks.

Firm operations

Anti-money laundering (AML)

Related considerations: Through its questions, FINRA suggests that firms should review their AML programs to ensure they are tailored to their businesses and have adequate resources. Firms should also make sure their AML programs include reviews of surveillance system data integrity, independent testing, and effective “red flag” reviews to identify suspicious activity and assure that Suspicious Activity Reports (SARs) are filed when necessary.

Exam findings: During its examinations, FINRA found inadequate transaction monitoring and gaps in surveillance system data integrity. In addition, some firms inadequately monitored foreign account activity, conducted insufficient AML testing, and failed to document investigations of suspicious activity.

Effective practices: The report lists several effective practices for AML programs. These include testing the overall AML program, especially the monitoring and surveillance systems’ Customer Identification Program; conducting risk assessments; and monitoring for fraud from the inception of customer relationships. FINRA also emphasizes the importance of training for AML personnel and for non-AML personnel with responsibilities that contain AML risk.

Emerging risks: For this subtopic, FINRA points out areas of emerging risk such as fraud related to penny and microcap securities activity, securities issuers located in restricted markets, and the issuance of special purpose acquisition companies (SPACs).

Cybersecurity and technology governance

Related considerations: In its queries, FINRA highlights the following cybersecurity areas for firms’ attention: IT program governance, new process testing before implementation, branch-office-specific cybersecurity, and vendor cybersecurity program evaluations conducted by firms as part of their due diligence.

Exam findings: From its examinations, FINRA notes instances of missing or inadequate branch office cybersecurity programs, failures to protect customer information, inadequate processes for granting access to data, and failures to train personnel on the cybersecurity risks related to their job responsibilities.

Effective practices: The cybersecurity effective practices FINRA lists include implementing regular IT system maintenance such as hardware and software upgrades and patches as needed to protect nonpublic information and firm services. It also recommends establishing and testing risk management procedures to prevent and detect internal and external threats along with creating written formal cybersecurity incident response plans.

Emerging risks: The emerging risks FINRA identifies in cybersecurity and technology include ransomware, fraudulent wire requests, and email and account takeovers.

Outside business activities (OBAs) and private securities transactions (PSTs)

Related considerations: Through its questions, FINRA highlights how firms should confirm that their controls cover notification and approvals of OBAs and PSTs, annual attestations, and processes for detecting unreported OBAs and PSTs. The queries also indicate that broker-dealers ensure they have satisfied their regulatory obligations regarding digital asset OBAs and PSTs and have documented policies and procedures in place to supervise PSTs and record them on their books and records.

Exam findings: FINRA notes from its exams that some firms did not report OBAs or PSTs that may not contain direct compensation but include noncash compensation or other financial benefits. Other firms had registered persons who failed to notify them of digital asset activities or had written supervisory procedures that did not mandate such notifications. Still other firms did not maintain documentation demonstrating their compliance with their PST supervisory and recording obligations and/or failed to monitor the limitations placed on activity in approved PSTs.

Effective practices: FINRA suggests that, among other measures, firms should identify OBAs and PSTs during the personnel onboarding process, implement and maintain comprehensive annual attestations regarding individuals’ involvement in OBAs and PSTs, and monitor for red flags indicating potential involvements in unreported OBAs and PSTs. Firms should establish checklists to identify any digital asset activity that would require reporting as OBAs and PSTs.

Emerging risks: One such risk FINRA identifies is the possibility of personnel having received Paycheck Protection Program (PPP) loans related to OBAs that may have not been disclosed to their firms. As a precaution, firms should consider searching public PPP loan data for employees who might have received a loan related to an undisclosed OBA.

Books and records

Related considerations: In its list of considerations, FINRA raises concerns about whether firms have reviewed their Books and Records Rule policies and procedures to confirm they address all vendors, including cloud service providers. These queries remind broker-dealers that they must have measures in place to confirm that cloud service vendors that store required records comply with the Books and Records Rule and with electronic storage media (ESM) standards and notification requirements.

Exam findings: FINRA notes that some examined firms did not conduct adequate due diligence to ensure vendors can meet the electronic storage recordkeeping and notification requirements pursuant to Exchange Act Rule 17a-4(f)(3)(vii). In addition, some firms themselves failed to comply with the ESM notification requirements.

Effective practices: FINRA suggests that firms review, test, and confirm their third-party vendors’ capability to meet regulatory obligations under the Books and Record Rule and the ESM standards and notification requirements.

Regulatory events reporting

Related considerations: The listed considerations in this area emphasize that firms should be mindful of establishing requirements for and training their representatives on their reporting obligations regarding complaints, judgments, liens, and other reportable events. In addition, firms should make sure they have effective controls for monitoring red flags related to reporting complaints and other reportable items and ensure that their summary reports to FINRA on written customer complaints are accurate and timely.

Exam findings: FINRA notes that its exams revealed instances of representatives not reporting events to their firms. In similar fashion, some firms did not file reports or inaccurately reported certain events and thus failed to meet their reporting obligations. In addition, certain firms’ surveillance related to reportable events was deemed inadequate.

Effective practices: FINRA’s recommendations to firms regarding regulatory events reporting include implementing annual compliance questionnaires, conducting periodic searches of associated persons’ publicly available records, and performing email surveillance targeted toward identifying unreported complaints.

Fixed income markup disclosure

Related considerations: FINRA questions on this subtopic point to the importance of firms examining the frequency, scope, and depth of the reviews they conduct regarding trade confirmation accuracy, due diligence of confirmation vendors, and the consistency of fixed income disclosures when using multiple vendors, platforms, and trading desks.

Exam findings: In its exams, FINRA identified occasions where firms inaccurately determined the prevailing market price (PMP), inaccurately disclosed compensation and time of execution, and failed to include appropriate disclosures in TRACE-eligible structured notes.

Effective practices: FINRA suggest that firms regularly review their confirmation information, customer confirmation vendor due diligence, and disclosures included with certain product confirmations.

Communications and sales

Regulation Best Interest (Reg BI) and Form CRS

Related considerations: The considerations for this subtopic relate to developing compliance policies and procedures to address Reg BI and Form CRS requirements, including establishing, maintaining, and enforcing procedures to exercise reasonable diligence, care, and skill when making recommendations to customers; providing full and fair disclosures on customer relationships and potential conflicts of interest; addressing conflicts of interest; and achieving compliance with Reg BI. In addition, FINRA’s questions suggest firms ensure they have effective procedures for meeting the Reg BI and Form CRS recordkeeping requirements, as well as for drafting, filing, updating, and distributing the Form CRS.

Other considerations listed here include personnel training on Reg BI and the manner in which representatives determine best interest and document these determinations. Such documentation should include reviews for reasonably available alternatives and notations on whether representatives not registered with an investment adviser use adviser/advisor in their title.

Exam findings: FINRA will be publishing its Reg BI observations from examinations under separate cover. Meanwhile, the report points readers to the SEC virtual Roundtable on Regulation Best Interest and Form CRS for further information.

Communications with the public

FINRA’s general considerations in this area focus on the necessity for firms to ensure their communications with the public are fair and balanced and do not contain false, misleading, or promissory statements or claims.

The report also addresses the following subtopics in more detail:

  • Digital communication channels

    Related considerations: Through its queries, FINRA recommends that firms ensure their digital communication policy addresses all permitted and prohibited communications channels. For example, if a channel includes interactive elements, does the information provided constitute a recommendation that would be subject to Reg BI requirements? Also, FINRA asks firms to consider whether their use of digital platforms includes measures to meet the relevant recordkeeping requirements of securities regulations.

    Exam findings: FINRA indicates that some firms adopted inadequate recordkeeping procedures and controls and insufficient supervision and surveillance of representative activity on approved and unapproved digital platforms.

    Effective practices: FINRA suggests that firms establish and enforce protocols for using permitted channels and video content, train representatives on these protocols, and monitor activity on digital channels for adherence to these protocols.
  • Digital asset communications

    Related considerations: FINRA’s queries make clear that firms should assess whether their digital asset marketing materials are fair and balanced and whether they imply that affiliated entity offerings are products offered by the broker-dealer.

    Exam findings: The report identifies an issue with digital asset marketing materials not being fair and balanced and omitting references to risks. FINRA also notes failures to provide appropriate disclosures.

    Effective practices: Among its recommendations, FINRA suggests that firms implement and maintain digital asset policies and procedures that prominently describe the risks associated with such assets.
  • Cash management accounts communications

    Related considerations: The considerations listed in this area suggest that firms clearly communicate the terms of cash management accounts, including whether the deposited funds are obligations of the destination bank. They should also differentiate the benefits of these accounts from those of brokerage accounts and confirm that communications do not state or imply that FDIC insurance covers brokerage accounts.

    Exam findings: FINRA found various misrepresentations regarding cash management accounts in digital communications.

    Effective practices: FINRA advises that firms review their policies, procedures, and systems to ensure they can adequately meet cash management program requirements.

FINRA’s report also lists issues related to policies and procedures addressing the controls for using “Doing Business As” or other names that differ from the firm’s name.

In its exams, FINRA identified certain emerging digital communication risks related to firms with digital platforms that include interactive communications and “game-like” features. Broker-dealers need to ensure these platforms adhere to the FINRA’s communications requirements. Doing so would involve, among other things, developing a supervisory system to ensures that no false, misleading, or exaggerated statements are made. Firms also need to make sure they comply with the Reg BI and Form CRS requirements. FINRA also emphasizes the importance of adhering on these platforms to retail communication disclosure requirements as such communications may be considered to be recommendations.

Private placements

Related considerations: FINRA’s queries indicate that firms should make sure their policies and procedures address how due diligence is conducted internally on private placements and how the firm uses and evaluates third-party due diligence reports. These policies and procedures should also address the regulatory requirements for private placement filings, including those, if applicable, for Regulation A offerings and SPACs.

Additionally, FINRA Notice 20-21 (RN 20-21) includes clarified guidance for calculating and presenting internal rates of return (IRR) for use in retail communications by FINRA member firms. The notice allows the use of IRR for investments or funds that have been fully realized but further requires utilizing the calculation methodologies of the Global Investment Performance Standards (GIPS®) for investment programs/funds that include both realized and unrealized holdings and includes additional GIPS-required metrics such as paid-in capital, committed capital and distributions paid to investors.

Exam findings: From its examinations, FINRA identified instances where firms did not address buyout offers, maintained inadequate supervision of variable annuity exchanges, and failed to conduct training on variable annuity product features and risks.

Effective practices: FINRA suggests effective practices for buyout offers and for exchanges. For the offers, these recommendations cover policies and reviews, training, conflicts of interest, additional disclosures, and additional post-transactions reviews. For exchanges, the recommendations cover implementing automated tools for monitoring exchanges, requiring representatives to provide written rationales for exchanges, standardizing exchange rate threshold reviews, and establishing measures to ensure data integrity. FINRA members will also need to ensure policies and procedures around demonstrating IRRs are calculated utilizing the methodologies of the GIPS standards.

Market integrity

Consolidated audit trail (CAT)

Related considerations: The questions FINRA asks in this area indicate, in general, that firms should develop policies and procedures to ensure timely, accurate CAT reporting. These policies and procedures should include daily and periodic reviews to verify compliance with CAT reporting requirements. In addition, the procedures should describe how the firms confirm that any parties reporting on their behalf do so on time and accurately.

Exam findings: As FINRA’s reviews of compliance with CAT reporting are still in the implementation phase, this report does not provide any exam findings or effective practices for this topic area. The agency encourages firms to review the published guidance regarding CAT implementation—for example, Regulatory Notice 20-31.

Best execution

Related considerations: FINRA’s questions on best execution suggest that firms make sure they conduct “regular and rigorous” reviews for best execution. In addition, their procedures should identify the controls they have in place to ensure order routing is based on best execution and not payment for order flow (PFOF) or other financial incentives. Other areas to consider include, for firms that engage in fixed income and options trading, reviewing the controls in place to make sure they meet their best execution obligations for these products.

Exam findings: FINRA notes that some firms did not review for quality of execution, best execution for certain order types, or conflicts of interest related to order routing. In addition, FINRA found instances of inadequate Rule 606 disclosures.

Effective practices: For firms to ensure best execution, FINRA suggests that broker-dealers perform exception and surveillance reporting, carry out PFOF order routing impact reviews, conduct regular and rigorous best execution reviews, quarterly at minimum, and continuously update their policies and procedures to address account, market, and technology changes.

This section of report also mentions FINRA’s 2020 Targeted Review of Zero Commissions. This review examined how zero-commission trading affected best execution and how firms were offsetting lost commission revenue with fees related to other products and services. FINRA is also looking at how firms communicated any limitations, including other fees, related to zero-commission trading.

Large trader reporting

Related considerations: Through its questions, FINRA advises firms to develop policies and procedures for addressing the Large Trader Rule. Among other things, these should cover monitoring their own large trader status, identifying customers as large traders, working with clearing firms on rule compliance, and meeting CAT reporting requirements.

Exam findings: FINRA notes instances where firms’ WSPs did not address the Large Trader Rule, where firms failed to monitor for unidentified large traders, and where firms did not report Large Trader IDs for applicable orders.

Effective practices: Among other suggestions, FINRA advises firms to create new WSPs or update their existing WSPs to address the Large Trader Rule, conduct Form 13H reviews, perform Large Trader checks, ensure that large traders identify themselves as such during new account onboarding, conduct daily large trader and customer account monitoring, and take the appropriate actions in dealing with unidentified large traders to ensure Large Trader Rule compliance.

Market access

Related considerations: FINRA’s questions suggest that firms with market access should develop controls and training to manage the risks associated with this business activity. These actions should include, for example, developing credit limits for customers and having procedures in place for handling ad hoc requests for trading limit increases.

Exam findings: FINRA’s exams found that some broker-dealers maintained inadequate controls regarding order limits, capital thresholds, and financial risk management. In addition, there appeared to be an overreliance on alternative trading system vendors’ controls for addressing these same risk areas.

Effective practices: FINRA’s recommendations include establishing pre-trade fixed income financial controls, implementing intra-day (ad hoc) adjustments, tailoring erroneous or duplicative order controls as needed, maintaining post-trade controls and surveillance, and testing financial controls.

Vendor display rule

Related considerations: FINRA’s queries in this area indicate that broker-dealers should ensure that systems and platforms provide accurate, timely quotation information to customers. Among other actions, firms should monitor their methods for distributing quotation information to ensure that customers receive it and confirm that such information meets relevant SEC rule requirements.

Exam findings: FINRA’s examinations noted instances of inadequate Vendor Display Rule policies and procedures and problems with the information provided to customers.

Effective practices: FINRA advises firms to consider implementing policies and procedures to confirm the adequacy of market data feeds, conduct customer platform reviews to ensure their functionality, monitor the consolidated display for delays or latency and take any corrective action needed, perform periodic SIP validations, and test and validate the consolidated display before and after customer platform upgrades or enhancements.

Financial management

Net capital

Related considerations: The questions in this area imply that firms should review how they classify assets for net capital purposes, identify and age failed-to-deliver contracts, and calculate applicable charges and deductions. They also indicate that firms with expense-sharing agreements should examine their methodology for determining expense allocations.

Exam findings: FINRA noted from its exams instances of asset, liability, and revenue misclassifications, as well as inaccurately computed capital charges related to fails and underwriting commitments. It also noted instances where firms used cash instead of accrual accounting.

Effective practices: FINRA’s suggestions for firms to improve in this area included performing net capital assessments and agreement reviews, developing appropriate training and guidance regarding the Net Capital Rule requirements, double-checking aged Fail contract charges and any related net capital deductions for correctness, and ensuring their WSPs specifically define clearing firm responsibilities regarding net capital requirements.

Liquidity management

Related considerations: In this area, FINRA’s considerations suggest that firms should comprehensively review their policies and procedures for liquidity risk management. The specific focuses mentioned include liquidity management plan reviews and adjustments, preparedness for stress events, types of stress testing conducted, and adequacy of contingency funding plans.

Exam findings: From its examinations, FINRA noted instances where firms failed to develop contingency plans to address certain stress situations or failed to incorporate stress test results into their business model.

Effective practices: In this topic area, FINRA provides detailed suggestions related to liquidity risk management updates and stress tests. The former centers on updating liquidity risk management practices to reflect the firm’s current business activities. The latter emphasizes conducting stress tests in a manner and frequency appropriate to the firm’s business model.

Credit risk management

Related considerations: For this topic, FINRA indicates that firms should consider developing a robust internal control framework “to capture, measure, aggregate, manage, supervise, and report credit risk.”

Examination findings: FINRA noted from its examinations instances where firms failed to review their credit risk management and control processes to confirm that these processes accurately captured credit risk exposure. It also noted failures in the areas of approvals and documentation regarding credit limits and monitoring for exposure to affiliated counterparties.

Effective practices: Regarding credit risk management, FINRA provides detailed recommendations for developing a comprehensive internal control framework, maintaining approvals for and documentation of credit limit increases or other changes, and monitoring counterparty exposure.

Segregation of assets and customer protection

Related considerations: FINRA’s questions in this area suggest firms should consider developing effective procedures and controls to meet Customer Protection Rule requirements. These procedures and controls cover, among other things, deficits in violation of the rule, claiming an exemption from the rule, staff training on rule requirements, and handling of digital asset transactions.

Exam findings: FINRA’s exams unveiled instances where firms prepared inaccurate reserve formula calculations, employed inadequate check-forwarding processes, or maintained insufficient and/or inaccurate blotter information.

Effective practices: For asset segregation and customer protection, FINRA suggested effective practices in the areas of engaging compliance and legal departments to help ensure rule compliance, avoiding conflicts of interest, forwarding checks, and creating and reviewing check-forwarding blotters.

Our guidance

ACA encourages firms to review FINRA’s “Examination and Risk Monitoring Program” report in its entirety, especially the areas relevant to their businesses. Also, as noted above, FINRA is reviewing its examinations regarding Reg BI, Form CRS, and CAT compliance and will be providing its findings in subsequent publications. Meanwhile, firms should review the “Related Considerations” posted in FINRA’s report and summarized here to ensure they can address or have addressed FINRA’s concerns.

Listen to our webcast: FINRA priorities and hot topics 2021

Join us March 11 at 11:00am EST / 8:00am PST to learn how these priorities might impact your compliance program. 

During this webcast, we'll discuss:

  • FINRA's 2020 examination findings
  • FINRA's 2021 examination priorities and focus areas such as:
    • Reg BI and Form CRS
    • Communications with the public
    • Remote branch inspections
    • Private placements
    • Digital assets
    • AML emerging risks
    • Cybersecurity
  • Broader FINRA themes for 2021

Click here to register.

How we help

Broker-dealers must meet various FINRA and SEC requirements or else face potential monetary penalties and reputational damage. ACA's experienced team of compliance professionals can help your firm develop and maintain a high-quality compliance program that is customized to your unique regulatory requirements, business demands, and operational challenges. In addition, our regulatory filings specialists can help your firm draft, review, and file applicable filings on your firm’s behalf.

Click here to learn more about our services for broker-dealers.

For more information

For more information, please reach out to your regular ACA consultant or contact us here.