This post on 2019 FINRA and SEC examination priorities sets to help you avoid a nightmare. One of the least favorite activities a firm goes through is a regulatory examination. Broker-dealers (BDs) and registered investment advisors (RIAs) know they’ll be examined by their regulatory authority. Ensuring their firms and their registered associates are prepared is key. <\/p>\n\n\n\n
Each year, both FINRA and the SEC draft a list of key items\ntheir examiners will focus on in the new year. These lists are better known as\n\u201cexamination priorities\u201d. It\u2019s important to note that while a regulator issues\na specific list of exam priorities, it doesn\u2019t mean in any way this is all one\ncould expect an examiner to look into if an examination occurs. <\/p>\n\n\n\n\n\n\n\n
Examiners will look through everything<\/em>, but they\u2019ll pay particular attention to the items their regulatory authority called out in their annual exam priorities list. All that said, this article will cover the 2019 exam priorities for FINRA and the SEC and things you should be aware of, so you\u2019re prepared in the event of a regulatory examination. <\/p>\n\n\n\n Let’s peruse the 2019 FINRA and SEC examination priorities.<\/p>\n\n\n\n FINRA officially issued their 2019 Risk Monitoring and Examination Priorities Letter on January 22, 2019, which can also be found on FINRA\u2019s website. It covers some ongoing issues where they\u2019ll continue their focus, as well as some new items. <\/p>\n\n\n\n FINRA\u2019s primary focus, which is generally the primary focus of any regulator, is investor protection. I\u2019ll cover some\u2014but not all\u2014of the ongoing and new areas of focus.<\/p>\n\n\n\n Sales practice issues have long been on FINRA\u2019s list of concerns. Under FINRA\u2019s regulations, Rule 2111 states the following three obligations for firms and registered representatives:<\/p>\n\n\n\n In a nutshell, both the firm and the registered representative have obligations from a suitability perspective. Representatives must gather all of the necessary data from the customer in order to perform adequate due diligence to reasonably believe a transaction is suitable. <\/p>\n\n\n\n The firm must then verify this recommendation is suitable, but also have an obligation to conduct While a particular recommendation may appear to be suitable for one investor at the time of the transaction, it\u2019d be problematic if a broader review found that the same recommendation is made over and over for all customers. FINRA would question how this could be so.<\/p>\n\n\n\n The applicable FINRA rule for this topic is Rule 2210. FINRA will continue to:<\/p>\n\n\n\n Firms must continue to review and develop their anti-money laundering (AML) programs as well as their AML policies and procedures as criminals are becoming more sophisticated. As a reminder, an independent auditor must review AML programs. <\/p>\n\n\n\n Firms should continue to require their associates to complete annual AML training. This training ensures associates have skills to identify and escalate issues related to money laundering. <\/p>\n\n\n\n This comes in all shapes and sizes. Firms must ensure their compliance departments have the resources necessary to conduct adequate oversight of trading and customer account activities.<\/p>\n\n\n\n Most examinations nowadays are risk-based examinations. This\nmeans that regulatory authorities use data such as regulatory filings, customer\ncomplaints, litigations, product mix, and business strategies to determine risk\nlevels and risk areas to focus on. <\/p>\n\n\n\n A firm that has minimal or no customer complaints, no past regulatory findings, and has a simple business model, may have lower perceived risk from a regulatory perspective than a firm that does have or has had these types of issues. <\/p>\n\n\n\n Firms should also look at their compliance activities (surveillance, reporting, and audit) and take a risk-based approach in reviewing the activities of their associated individuals as well as the firm as a whole.<\/p>\n\n\n\n Additionally, firms have their own business risks to consider. These risks include operational risks, sales practice risks, market risks, and financial risks. Firms should identify all risks and incorporate a risk management process to ensure their risks are understood and mitigated where they can be.<\/p>\n\n\n\n FINRA has long focused on individuals who\u2019ve had past regulatory issues and will continue this focus in 2019. Specifically, FINRA will focus on how firms address the risks associated with hiring individuals with U4 (interpretive questions and answers form) issues and how they manage those risks. Any firms who employ individuals with U4 issues can expect FINRA to dig deeper for information.<\/p>\n\n\n\n We all know the US population is aging at a rapid rate. The Baby Boomer generation represents a large chunk of our overall population, and most are at or nearing retirement. In the next five years, all of this generation will Seniors are more susceptible to fraud, abuse, exploitation, and high-pressure sales tactics. That said, FINRA will continue to focus on the ages of one\u2019s clients.<\/p>\n\n\n\n The SEC Office of Compliance Inspections and Examinations\n(OCIE) issued their 2019 Examination Priorities letter on December 20, 2018.\nSimilar to FINRA, they too will focus on AML and sales to seniors. As it\nrelated to senior investors, the SEC will key in on ensuring firms have\nadequate disclosures and calculations of advisory fees. <\/p>\n\n\n\n Additionally, the SEC will take a look at FINRA this year to\nensure their examination process is fulsome and adequate. The SEC has also had\nconcerns regarding digital assets and cryptocurrency, and will focus a great\ndeal of energy in this area.<\/p>\n\n\n\n As you may know, FINRA reports directly to the SEC, so it\nshould come as no surprise that both regulators would be aligned on many of\ntheir exam priorities. There\u2019s one topic that regulators from all corners of\nthe financial industry are keeping an eye on and that\u2019s cybersecurity. <\/p>\n\n\n\n Both the SEC and FINRA have identified cybersecurity as a priority for many years now. Even other industries, such as the insurance industry, are showing much concern over cybersecurity. Firms must ensure that the systems they use and the systems their associated individuals use are locked down, tested, and vetted to ensure customer data is protected. It\u2019s not enough to outsource technology to a third-party and point the finger at the third party if something goes wrong. <\/p>\n\n\n\n 2019 FINRA and SEC examination priorities will force firms to conduct due diligence of their third parties to ensure they handle customer data appropriately. This topic is never going away. As we become more dependent on technology to get our business done, we have to ensure our firms have tested safeguards in place to protect customer data from security breaches.<\/p>\n\n\n\n Regulators spend a lot of time in examinations assessing the\nrisks a firm and its individuals may present. By understanding what your\nregulator is looking for and being prepared to address their concerns will put\nyou on the right path for a successful examination. <\/p>\n\n\n\n When in doubt, firms should engage compliance and legal consultants and, if necessary, get a second opinion to ensure they\u2019re prepared not only for an We hope this overview of 2019 FINRA and SEC examination priorities will help you stay away from regulatory examination. <\/p>\n\n\n\nFINRA Priorities Letter<\/strong><\/h2>\n\n\n\n
Suitability<\/strong><\/h3>\n\n\n\n
Related: 5 Simple Tips to Operate in Our Regulated Industry<\/a><\/h4>\n\n\n\n
Communications with the Public <\/strong><\/h3>\n\n\n\n
Anti-Money Laundering <\/strong><\/h3>\n\n\n\n
Fraud <\/strong><\/h3>\n\n\n\n
Risk Management <\/strong><\/h3>\n\n\n\n
Past\nRegulatory History<\/strong><\/h3>\n\n\n\n
Sales to Senior Investors <\/strong><\/h3>\n\n\n\n
Related: Compliance Corner: Sales to Seniors<\/a><\/h4>\n\n\n\n
SEC Priorities Letter<\/strong><\/h2>\n\n\n\n
What This Means<\/strong><\/h2>\n\n\n\n
Related: Compliance Corner: Cybersecurity<\/a><\/h4>\n\n\n\n
\n\n\n\n