2019 FINRA and SEC Examination Priorities

by FIG Marketing
Blog header about FINRA and SEC Priorities

This post on 2019 FINRA and SEC examination priorities sets to help you avoid a nightmare. One of the least favorite activities a firm goes through is a regulatory examination. Broker-dealers (BDs) and registered investment advisors (RIAs) know they’ll be examined by their regulatory authority. Ensuring their firms and their registered associates are prepared is key.

Each year, both FINRA and the SEC draft a list of key items their examiners will focus on in the new year. These lists are better known as “examination priorities”. It’s important to note that while a regulator issues a specific list of exam priorities, it doesn’t mean in any way this is all one could expect an examiner to look into if an examination occurs.

Examiners will look through everything, but they’ll pay particular attention to the items their regulatory authority called out in their annual exam priorities list. All that said, this article will cover the 2019 exam priorities for FINRA and the SEC and things you should be aware of, so you’re prepared in the event of a regulatory examination.

Let’s peruse the 2019 FINRA and SEC examination priorities.

FINRA Priorities Letter

FINRA officially issued their 2019 Risk Monitoring and Examination Priorities Letter on January 22, 2019, which can also be found on FINRA’s website. It covers some ongoing issues where they’ll continue their focus, as well as some new items.

FINRA’s primary focus, which is generally the primary focus of any regulator, is investor protection. I’ll cover some—but not all—of the ongoing and new areas of focus.


Sales practice issues have long been on FINRA’s list of concerns. Under FINRA’s regulations, Rule 2111 states the following three obligations for firms and registered representatives:

  • Reasonable-basis suitability: Requires a broker to have a reasonable basis to believe, based on reasonable diligence, that the recommendation is suitable for at least some investors. Reasonable diligence must provide the firm or associated person with an understanding of the potential risks and rewards of the recommended security or strategy.
  • Customer-specific suitability: Requires that a broker, based on a particular customer’s investment profile, has a reasonable basis to believe that the recommendation is suitable for that customer. The broker must attempt to obtain and analyze a broad array of customer-specific factors to support this determination.
  • Quantitative suitability: Requires a broker with actual or de facto control over a customer’s account to have a reasonable basis for believing that a series of recommended transactions, even if suitable when viewed in isolation, is not excessive and unsuitable for the customer when taken together in light of the customer’s investment profile.

In a nutshell, both the firm and the registered representative have obligations from a suitability perspective. Representatives must gather all of the necessary data from the customer in order to perform adequate due diligence to reasonably believe a transaction is suitable.

Related: 5 Simple Tips to Operate in Our Regulated Industry

The firm must then verify this recommendation is suitable, but also have an obligation to conduct a broader surveillance of a rep’s recommendations to ensure suitability.

While a particular recommendation may appear to be suitable for one investor at the time of the transaction, it’d be problematic if a broader review found that the same recommendation is made over and over for all customers. FINRA would question how this could be so.

Communications with the Public

The applicable FINRA rule for this topic is Rule 2210. FINRA will continue to:

  • Review communications for content
  • Ensure proper internal review procedures are followed
  • If applicable, proper filing requirements are followed
  • Adequate books and records are maintained

Anti-Money Laundering

Firms must continue to review and develop their anti-money laundering (AML) programs as well as their AML policies and procedures as criminals are becoming more sophisticated. As a reminder, an independent auditor must review AML programs.

Firms should continue to require their associates to complete annual AML training. This training ensures associates have skills to identify and escalate issues related to money laundering.


This comes in all shapes and sizes. Firms must ensure their compliance departments have the resources necessary to conduct adequate oversight of trading and customer account activities.

Risk Management

Most examinations nowadays are risk-based examinations. This means that regulatory authorities use data such as regulatory filings, customer complaints, litigations, product mix, and business strategies to determine risk levels and risk areas to focus on.

A firm that has minimal or no customer complaints, no past regulatory findings, and has a simple business model, may have lower perceived risk from a regulatory perspective than a firm that does have or has had these types of issues.

Firms should also look at their compliance activities (surveillance, reporting, and audit) and take a risk-based approach in reviewing the activities of their associated individuals as well as the firm as a whole.

Additionally, firms have their own business risks to consider. These risks include operational risks, sales practice risks, market risks, and financial risks. Firms should identify all risks and incorporate a risk management process to ensure their risks are understood and mitigated where they can be.

Past Regulatory History

FINRA has long focused on individuals who’ve had past regulatory issues and will continue this focus in 2019. Specifically, FINRA will focus on how firms address the risks associated with hiring individuals with U4 (interpretive questions and answers form) issues and how they manage those risks. Any firms who employ individuals with U4 issues can expect FINRA to dig deeper for information.

Sales to Senior Investors

We all know the US population is aging at a rapid rate. The Baby Boomer generation represents a large chunk of our overall population, and most are at or nearing retirement. In the next five years, all of this generation will be over the age of 60 and the majority will be over the age of 70!

Seniors are more susceptible to fraud, abuse, exploitation, and high-pressure sales tactics. That said, FINRA will continue to focus on the ages of one’s clients.

Related: Compliance Corner: Sales to Seniors

SEC Priorities Letter

The SEC Office of Compliance Inspections and Examinations (OCIE) issued their 2019 Examination Priorities letter on December 20, 2018. Similar to FINRA, they too will focus on AML and sales to seniors. As it related to senior investors, the SEC will key in on ensuring firms have adequate disclosures and calculations of advisory fees.

Additionally, the SEC will take a look at FINRA this year to ensure their examination process is fulsome and adequate. The SEC has also had concerns regarding digital assets and cryptocurrency, and will focus a great deal of energy in this area.

As you may know, FINRA reports directly to the SEC, so it should come as no surprise that both regulators would be aligned on many of their exam priorities. There’s one topic that regulators from all corners of the financial industry are keeping an eye on and that’s cybersecurity.

Both the SEC and FINRA have identified cybersecurity as a priority for many years now. Even other industries, such as the insurance industry, are showing much concern over cybersecurity. Firms must ensure that the systems they use and the systems their associated individuals use are locked down, tested, and vetted to ensure customer data is protected. It’s not enough to outsource technology to a third-party and point the finger at the third party if something goes wrong.

What This Means

2019 FINRA and SEC examination priorities will force firms to conduct due diligence of their third parties to ensure they handle customer data appropriately. This topic is never going away. As we become more dependent on technology to get our business done, we have to ensure our firms have tested safeguards in place to protect customer data from security breaches.

Regulators spend a lot of time in examinations assessing the risks a firm and its individuals may present. By understanding what your regulator is looking for and being prepared to address their concerns will put you on the right path for a successful examination.

Related: Compliance Corner: Cybersecurity

When in doubt, firms should engage compliance and legal consultants and, if necessary, get a second opinion to ensure they’re prepared not only for an examination, but most importantly, to protect their customers from risks that could’ve been mitigated—or eliminated.

We hope this overview of 2019 FINRA and SEC examination priorities will help you stay away from regulatory examination.

As always, should you have any compliance questions, we are always here to help. Please feel free to send an email to compliance@figmarketing.com.

You May Also Like