On February 9, 2022, the Financial Industry Regulatory Authority (FINRA) published its 2022 Report on its Examination and Risk Monitoring Program (the Report).1 The 60-page Report includes five new topic areas for 2022, flagged as such in the Report’s table of contents: (1) firm short positions and fails-to-receive in municipal securities, (2) trusted contact persons, (3) funding portals and crowdfunding offerings, (4) disclosure of order routing information, and (5) portfolio margining and intraday trading.
FINRA highlights seven topic areas that received industry and public attention and were addressed through FINRA’s exam and risk monitoring program: (1) Reg BI and Form CRS, (2) the Consolidated Audit Trail, (3) order handling, best execution, and conflicts of interest, (4) mobile apps, (5) special purpose acquisition companies (SPACs), (6) cybersecurity, and (7) complex products.
The Report also includes the perennial topic areas of past reports including anti-money-laundering, outside business activities, net capital, and books and records. The appendix includes specific examples of how firms have used prior FINRA reports and guidance to enhance their own compliance programs.
Sidley’s Takeaways
While the Report covers more than 20 regulatory areas, some common themes emerge throughout.
First, the Report places a greater emphasis than past reports on topic areas in involving market integrity. This comes as no surprise given the volatility experienced in the markets during 2021. Firms should expect continued attention to best execution and compliance with the order routing disclosure requirements of Rule 606 of Regulation NMS. FINRA emphasizes wholesale market maker best execution obligations and notes that best execution is one of the “cornerstones” of FINRA’s oversight activities. The Report informs us that FINRA, like the Securities and Exchange Commission, is focused on questions of potential conflicts of interest in payment for order flow arrangements with a clear shift in focus to firms with a zero-commission model. The findings from the 2020 targeted exam of zero-commission firms are still pending. Firms also should be prepared for CAT reporting compliance to be front and center in examinations this year, particularly as the final phases of rollout are completed. FINRA already has identified particular areas of noncompliance.
Second, as the industry changes the ways in which it offers services, the Report suggests that FINRA is increasingly focusing attention on online platforms and digital communications through which newer investors are often opening brokerage accounts. The manner in which firms are communicating through mobile apps, social media, and other digital platforms all have drawn FINRA’s attention and look to be in sharp focus in 2022. FINRA likely will look to hold communications on these platforms to the same standards of any other platform.
Last, but not least, 2022 will be the second full year of examinations for Reg BI compliance. As discussed below, firms should be prepared for examinations to include more substantive questions of Reg BI compliance in connection with specific recommendations such as private placements or complex products as well as examination of communications and whether they rise to the level of “recommendation,” particularly in connection with online broker-dealer models.
The Report is intended to provide broker-dealers with information to use to prepare for examinations and to review and assess compliance and supervisory procedures related to business practices, compliance, and operations. It also is an important preview of areas that may garner the interest of FINRA Enforcement.
Key Report Highlights
We summarize some key highlights of the Report below.
Reg BI and Form CRS
The Report provides extensive feedback for firms on Reg BI and Form CRS compliance exam findings. In particular, FINRA flags concerns about firms failing to update written supervisory procedures to address these ne requirements, in particular in the areas of
- identifying the individual(s) responsible for Reg BI and Form CRS compliance
- providing adequate detail regarding how the firm is complying with new requirements
- addressing costs and potential alternatives in making recommendations
- addressing recommendations of account types
- addressing conflicts of interest and incentives
- including recordkeeping and testing requirements
- memorializing processes or controls developed to address Reg BI and Form CRS
FINRA also found that some firms had inadequate training, failed to comply with duty of care obligations, and failed to provide “full and fair” disclosure of material facts related to the scope and terms of the customer relationship. Form CRS filings that exceeded the prescribed page length, omitted material facts or otherwise contained inaccuracies or omissions, and were not properly posted on firm websites were among other specific Form CRS observations in the Report. Firms will want to review carefully this section and pay close attention as FINRA is looking beyond basic procedures compliance and will review the supervision of the marketing and recommendations of accounts and particular product types through the lens of Reg BI compliance.
Order Handling, Best Execution, and Conflicts of Interest
Compliance with FINRA’s best execution rule, Rule 5310, is a perennial focus area for FINRA. This year the Report reinforced FINRA’s focus on payment for order flow (PFOF) arrangements and noted that it has been conducting a target review of wholesale market makers to evaluate their own execution quality reviews, whether PFOF arrangements influence their order handling practices, and any changes made in order handling practices during periods or market volatility. As the Report notes, FINRA examinations also found that some firms failed to assess execution in competing markets and failed to evaluate certain factors identified in Rule 5310 during “regular and rigorous reviews” such as speed of execution, price improvement, and the likelihood of execution of limit orders.
Consolidated Audit Trail (CAT)
According to the Report, CAT compliance is top of mind for FINRA. The Report identifies several findings of deficiencies including the submission of incorrect or incomplete reports. Exam findings also noted late resolution of repairable CAT errors and inadequate vendor supervision. As the final stages of the CAT rollout complete this summer, it will be important for broker-dealers to have effective supervisory procedures reasonably designed to achieve compliance with CAT reporting requirements that include using CAT report cards and considering a comparative review of CAT submissions against firm order records.
Mobile Apps
FINRA has increased its focus on educating newer investors entering the market through self-directed accounts and issued a special notice on June 30, 2021, requesting comments on effective ways to educate those new investors. The Report advises that firms using mobile apps must establish and implement a comprehensive supervisory system for communications on mobile apps so that statements are fair and balanced and do not contain false, misleading, or promissory statements. The Report also indicates that a false or misleading statement on one screen of a mobile app is not cured by a “one-click away” corrective disclosure. Given the Report’s focus on mobile apps, expect FINRA to scrutinize all mobile app disclosures and communications in the same manner as any other written communication.
FINRA notes that firms using mobile apps to conduct business with their customers need to pay attention to whether information provided to customers via the app constitutes a “recommendation” that Reg BI would cover. Firms offering self-directed accounts will want to give particular attention to this issue.
Digital Communication Channels
FINRA advises firms to review policies on digital communications to address all permitted and prohibited communication channels and features. This comes on the heels of increased regulatory scrutiny in 2021 of record-retention practices for digital communications. FINRA also notes that firms should have processes to review for red flags of registered representatives’ communication through unapproved digital channels and should review whether content on approved digital platforms, including social media, meets the standards of FINRA Rule 2210. For firms with mobile apps and other forms of digital communication, firms should be testing the accuracy of account and other information displayed in the mobile apps to confirm accuracy.
For those firms also engaged in digital asset activities, the Report notes that they should be confirming that there is a fair and balanced presentation addressing risks of digital assets and not misrepresenting the extent to which digital assets are regulated by FINRA or securities laws or eligible for SIPC or other protections thereunder.
Cybersecurity and Technology Governance
In 2021, mitigating the risk of online account takeovers and potential cyberintrusions through third-party vendors garnered FINRA’s attention. FINRA observed that some firms did not have an adequate risk assessment process in place including failing to conduct regular penetration testing. Some firms also failed to encrypt all confidential data and sensitive firm information. Technology governance has been a key examination and enforcement focus for FINRA for some time. The Report shares key questions firms should consider in its technology governance, including what controls the firm implements to mitigate system capacity performance and integrity issues, how firms test system changes prior to being moved to a production environment, and postimplementation quality assurance. FINRA observed system capacity issues at firms during market volatility periods in 2021, and firms can expect that the regulator will remain watchful in this area throughout the next year.
Complex Products
Not surprisingly, the Report makes clear that FINRA will continue to look to risk disclosure and communications with customers about complex products. The Report turns particular focus to supervision and suitability of complex options strategies and approval for options trading. FINRA issued a regulatory notice on the topic, RN 21-15, in April 2021, followed by the launch of an ongoing targeted examination on options supervision and suitability in August 2021. The Report highlights conservation donation transactions as an area of concern as well as FINRA’s longstanding interest in variable annuity transactions.
SPACs
SPACs make a reappearance in this year’s Report where FINRA notes that over 70% of initial public offerings in the first quarter of 2021 were accomplished through SPACs. In October 2021, FINRA launched a targeted exam to explore a range of issues with SPACs including whether firms perform adequate due diligence on merger targets, whether adequate disclosures are provided to customers, and how firms are managing potential conflicts of interest in SPACs. FINRA will release its findings from this sweep at a later date.
The Report provides a thorough roadmap to FINRA’s examination findings in key program areas. Firms should consider and implement, as necessary, practices and procedures in each of the areas and be prepared to address them in future examinations.
1A copy of the complete Report is available at https://www.finra.org/rules-guidance/guidance/reports/2022-finras-examination-and-risk-monitoring-program.
Sidley Austin LLP provides this information as a service to clients and other friends for educational purposes only. It should not be construed or relied on as legal advice or to create a lawyer-client relationship.
Attorney Advertising - For purposes of compliance with New York State Bar rules, our headquarters are Sidley Austin LLP, 787 Seventh Avenue, New York, NY 10019, 212.839.5300; One South Dearborn, Chicago, IL 60603, 312.853.7000; and 1501 K Street, N.W., Washington, D.C. 20005, 202.736.8000.