JANUARY 12, 2016
SIDLEY UPDATE
Financial Industry Regulatory Authority 2016 Exam Priorities
On January 5, the Financial Industry Regulatory Authority (FINRA) released its annual Regulatory and
Examination Priorities Letter (Letter) to highlight risks that FINRA believes could adversely affect investors and
market integrity. This year’s Letter differs from those in the past in focusing on three broad, principle-based
concerns in addition to the usual list of narrowly focused areas that examiners will certainly review. These broad
areas are 1) culture, conflicts of interest and ethics; 2) supervision, risk management and controls; and
3) liquidity. The discussion is helpful because it explains FINRA’s overarching concerns, philosophy and its
potential basis for pursuing enforcement actions. Firms should read this discussion carefully and internalize its
principles. Firms should be able to document and demonstrate to FINRA their appropriate regulatory and
ethical culture and how they actively identify and manage potential conflicts of interest. Likewise, in today’s
highly automated and data-dependent markets, firms must be able to demonstrate that their procedures and
policies related to cybersecurity, technology management and data quality are up to date, adequately resourced
and strictly followed.
We do not believe this is an academic discussion; it is a warning that these fundamental concerns will be a core
part of FINRA’s examinations and investigations and that deficiencies in these areas will likely justify increased
sanctions for other violations. We would hope that the opposite is also true, that a firm that can demonstrate an
appropriate culture and ethics would not be subject to as harsh discipline or perhaps any formal discipline when
a potential issue is detected and appropriately addressed.
As in the past, the Letter also discusses many of the same issues addressed in prior years, including suitability,
cybersecurity, anti-money laundering (AML), senior investors, and financial and operational priorities. As
always, firms should use the Letter to review their compliance and supervisory procedures carefully and make
any necessary revisions. Firms also should be prepared to address the firm’s compliance and supervisory policies
in these areas in their upcoming FINRA examinations. The following is a discussion of some of the more
important points of the FINRA Letter. A copy of the Letter is available here.
Culture, Conflict of Interest and Ethics
FINRA’s letter emphasizes that firm culture has a profound influence on how a firm conducts its business and
manages conflicts of interest. The focus on firm culture is similar to the approach that has become standard from
banking regulators. For 2016, FINRA provides notice that its examiners will formally assess firm culture to
determine how it affects compliance and risk management while continuing to focus on conflicts of interest and
ethics. Specifically, FINRA identifies the following five indicators that it will use to assess a firm’s culture:
1.
whether control functions are valued within the organization,
Sidley Austin provides this information as a service to clients and other friends for educational purposes only. It should not be construed or relied on as legal advice or to create a
lawyer-client relationship. Attorney Advertising - For purposes of compliance with New York State Bar rules, our headquarters are Sidley Austin LLP, 787 Seventh Avenue, New York,
NY 10019, 212.839.5300; One South Dearborn, Chicago, IL 60603, 312.853.7000; and 1501 K Street, N.W., Washington, D.C. 20005, 202.736.8000.
SIDLEY UPDATE
Page 2
2. whether policy or control breaches are tolerated,
3. whether the organization proactively seeks to identify risk and compliance events,
4. whether immediate managers are effective role models of firm culture and
5. whether subcultures that may not conform to overall corporate culture are identified and addressed.
FINRA notes that a firm’s culture is a product of its supervisory system and that firms should take visible actions
to help mitigate conflicts of interest and promote the fair and ethical treatment of its customers.
Supervision, Risk Management and Controls
FINRA reiterates its belief that a firm’s supervisory, risk management and control systems are essential
safeguards to protect and reinforce a firm’s culture. FINRA has observed recurring challenges in four areas that
affect a firm’s business conduct and the integrity of the markets. Those areas are management of conflict of
interest, technology, outsourcing and AML.
Management of Conflict of Interest
FINRA will continue to focus on compensation plans for registered representatives and will complete the
targeted examination it launched late last year regarding incentive structures and conflicts of interest in
connection with firms’ retail brokerage business. In addition, FINRA reminds firms that it recently filed
proposed Rule 2273 with the Securities and Exchange Commission (SEC), which would require firms to deliver
educational communications in connection with its recruiting practices highlighting whether financial incentives
received by registered representatives may create a conflict of interest.
FINRA also remains concerned about violations of its research rules and warns that firms may not use research
analysts or the promise of offering favorable research to win investment banking business. FINRA intends to
assess whether firms’ research analysts are inappropriately involved in seeking investment banking business and
whether banking personnel exercise undue influence on analysts.
For 2016, FINRA maintains its long-held interest in regard to how firms identify, minimize and mitigate
information leakage within or outside the firm. FINRA identifies a variety of situations in which information
leaking could occur, e.g., between a firm’s trading activities and other parts of a firm, and noted its intent to
examine for such situations. Firms are encouraged to review the adequacy of information barrier controls
established to prevent information leakage.
Technology
In the technology arena, cybersecurity remains a chief area of focus. FINRA points out that some firms have not
improved their cybersecurity defenses or their enhancements have been inadequate. Depending on a firm’s risk
profile, FINRA will examine one or more of the following cybersecurity areas: governance, risk assessment,
technical controls, incident response, vendor management, data loss prevention and staff training. In addition,
FINRA will focus on supervision and risk management related to technology management, including change
management to compliance and supervisory systems. A new focus for FINRA is on data quality and governance.
Firms are expected to have a process to oversee whether the data that feed their surveillance and supervisory
systems are accurate, complete, consistent and timely.
SIDLEY UPDATE
Page 3
Outsourcing
As part of its focus on the role of outsourcing, FINRA reminds firms to supervise covered activities, among other
things, even if those tasks have been outsourced to third-party vendors. Further, FINRA cautions firms not to
outsource functions that are required to be performed by qualified registered persons. Firms are encouraged to
conduct adequate initial and ongoing due diligence of outsourced providers to ensure compliance.
AML
FINRA examiners will focus on the adequacy of firms’ AML surveillance of high-risk customer accounts and
transactions. This surveillance should include activity that occurs in cash management accounts where banking
services are offered to brokerage customers. Moreover, for situations in which certain transactions have been
excluded from AML surveillance, FINRA warns that examiners will check to ensure that the rationale for any
such exclusion is documented. FINRA remains focused on high-risk activity involving microcap fraud and
stresses that firms should have systems in place to monitor for red flags indicative of suspicious or manipulative
trading activity.
Liquidity
FINRA examinations will also focus on firms’ efforts to manage funding and liquidity risk programs. As a
framework for its reviews, FINRA plans to use many of the effective practices contained in Regulatory
Notice 15-33, Guidance on Liquidity Risk Management Practices. Further, FINRA intends to focus on the
adequacy of high-frequency trading firms’ liquidity planning and controls.
Other Notable Areas of Focus in 2016
Sales Practice
Seniors and Vulnerable Investors: FINRA has observed repeated situations where seniors have been
victims of fraud and abuse and stresses that the treatment of seniors and other vulnerable investors is a priority.
FINRA examinations will include suitability and concentration concerns as well as recommendations regarding
higher-cost products that may drive unsuitable recommendations. FINRA urges firms to monitor investors’
accounts for red flags of possible abuse, such as overly aggressive investments or unusual asset movements,
including to recipients outside the country.
Sales Charge Discounts and Waivers: FINRA reiterates the concern expressed in its 2015 letter regarding
firms’ failures to provide appropriate volume discounts (breakpoints) or sales charge waivers for products such
as mutual funds, unit investment trusts, non-traded real estate investment trusts (REITs) and business
development companies (BDCs). FINRA points out that it brought multiple enforcement actions in 2015 that
resulted in millions of dollars in fines and restitution. FINRA believes that firms need to establish and maintain
controls to ensure that customers receive the volume discounts and fee waivers they are due.
Private Placements: FINRA continues to focus on firms’ private placement activities, particularly in light of
recent regulatory developments, including the ability to conduct general solicitations under SEC Rule 506(c) of
Regulation D and the crowdfunding rules that will become effective this year. FINRA notes that some
communications used by firms concerning private placements have not reflected the significant risks of loss of
principal and lack of liquidity associated with these investments. Firms should assure that where a
SIDLEY UPDATE
Page 4
communication addresses a specific investment benefit associated with a private placement offering, the key
risks also are adequately disclosed.
Other Issues: FINRA also indicated that offerings under new SEC Regulation A+ will be a focus of attention.
FINRA will examine firms’ compliance with the customer account statement and the Direct Participation
Program rules that become effective in April 2016, particularly with respect to non-traded REITs and BDCs.
FINRA also will focus on whether firms have adequately documented whether they have fully assessed the
potential for conflicts of interest before approving outside business activities.
Financial and Operational Controls
Internal Audit: A new focus for FINRA will be on the internal audit function. This focus is familiar from the
bank regulatory world but is notable because no FINRA rule even requires broker-dealers to have an internal
audit function. FINRA now states that an effective internal audit framework contributes to strong internal
controls and a robust corporate governance structure. FINRA’s review of internal audit will focus on the
following areas: its process for identifying and prioritizing risks; the interaction between internal audit and the
audit committee or the board of directors; the involvement of internal audit in committees and major projects;
and the execution of the audit plan specific to coverage of select business and control functions. FINRA will also
focus on how issues are tracked through resolution and evaluate how internal audit deficiencies are incorporated
into business risks.
Fixed-Income Prime Brokerage: For 2016, FINRA will focus on settlement practices for fixed-income
trades to understand how the operational and credit risks are managed when large trades are executed away
from the prime broker. In addition, FINRA will explore industry practices with respect to disaffirming trades
and the legal documentation that supports the settlement process and will consider financing practices for fixed
income where extensive leverage is offered.
Client Onboarding: FINRA has observed that firms encountering capital and liquidity problems or shortfalls
generally have not used good practices to onboard professional clients, e.g., institutional, trading, hedge fund
and broker-dealer clients. FINRA intends to assess firms’ policies and controls related to onboarding clients and
correspondents. Moreover, FINRA will select some medium and small firms to understand how they assess
credit, liquidity and operational risks associated with onboarding new clients, among other things.
Market Integrity
Market Access: FINRA’s Letter indicates that it plans to deliver compliance report cards to firms early this
year. The report cards are derived from FINRA’s cross-market equity manipulation surveillance program.
FINRA also noted that it will begin publication of monthly report cards focused on layering and spoofing. The
report cards will capture potentially manipulative activity conducted solely through a firm as well as cross-firm
activity involving a particular firm. It is unclear how FINRA will identify as potentially manipulative on an
automated basis cross-firm activity without knowing the identity of the account(s) involved. FINRA will examine
how firms use this new information to identify and address potential misconduct. In this regard, firms should be
prepared to document their reasonable inquiry into the report card data and its ultimate course of action to
address the conduct, including any determination that no further action is required.
We cannot overstate the seriousness with which FINRA is conducting its examination of procedures to comply
with the Market Access Rule. We have seen very aggressive interpretations of the Rule’s requirements and
SIDLEY UPDATE
Page 5
referrals to enforcement for seemingly minor deficiencies immediately addressed during the examination. Firms
should be prepared for a very thorough and aggressive examination in this area.
Fixed Income: FINRA continues to surveil transactions in fixed-income securities actively for compliance with
order handling and fair pricing requirements. Later this year, FINRA is likely to begin surveiling for compliance
with the new best execution requirements of Municipal Securities Rulemaking Board (MSRB) Rule G-18, which
is scheduled to take effect by April 29. Both FINRA and MSRB recently issued guidance regarding firms’ best
execution obligations for transactions in fixed-income securities. (See Implementation Guidance on MSRB Rule
G-18, on Best Execution (Nov. 2015) and FINRA Regulatory Notice 15-46 (Nov. 2015).) The Letter also
announced that FINRA would enhance its best execution surveillance by implementing spread-based
surveillance patterns in 2016.
Regulation SHO: For 2016, FINRA will assess firms’ compliance with SEC Regulation SHO. FINRA stresses
that firms should appropriately close out fails to deliver by the designated close-out date pursuant to Rule 204 of
Regulation SHO. FINRA states that its surveillance and examinations continue to uncover deficiencies with
firms’ compliance with the requirement to be net flat or net long on the Rule 204 close-out date.
In its examinations, FINRA will assess whether firms are implementing supervisory processes to comply with
the net-flat or net-long position requirement of Rule 204 and whether they are correcting deficiencies.
Furthermore, FINRA will evaluate the adequacy of authorized participants’ (APs) controls on exchange-traded
products redemption orders. FINRA encourages APs to ensure that they (and their customers as required by
each specific AP agreement) have sufficient shares in their possession to prevent over-redemptions and potential
violations of Rule 204 for failures to deliver shares.
Conclusion
Not surprisingly, many of FINRA’s 2016 specific exam priorities are in step with those announced in 2015. Firms
are well served to review their written supervisory policies and procedures in each of the priority areas and to
make necessary amendments before FINRA arrives for an examination.
If you have any questions regarding this Sidley Update, please contact the Sidley lawyer with whom you usually work, or
Timothy B. Nagy
Counsel
+1 202 736 8054
[email protected]
W. Hardy Callcott
Partner
+1 415 772 7402
[email protected]
Michael D. Wolk
Partner
+1 202 736 8807
[email protected]
Sidley Securities & Derivatives Enforcement and Regulatory Practice
Sidley’s Securities & Derivatives Enforcement and Regulatory group advises and defends clients in a wide range of securities- and
derivatives-related matters. With more than 150 lawyers in 10 offices worldwide, we provide comprehensive regulatory,
enforcement, and litigation solutions in matters involving the Securities and Exchange Commission (SEC), the Commodity Futures
Trading Commission (CFTC), the Financial Industry Regulatory Authority (FINRA), self-regulatory organizations (SROs), state
attorneys general, and state securities regulators. Our team is distinctive in that it combines the strength of nationally recognized
enforcement lawyers with the skills of equally prominent counseling lawyers. We work collaboratively to provide our clients with
informed, efficient, and effective representation.
To receive Sidley Updates, please subscribe at www.sidley.com/subscribe.
BEIJING ∙ BOSTON ∙ BRUSSELS ∙ CENTURY CITY ∙ CHICAGO ∙ DALLAS ∙ GENEVA ∙ HONG KONG ∙ HOUSTON ∙ LONDON ∙
LOS ANGELES ∙ NEW YORK ∙ PALO ALTO ∙ SAN FRANCISCO ∙ SHANGHAI ∙ SINGAPORE ∙ SYDNEY ∙ TOKYO ∙ WASHINGTON, D.C.
Sidley and Sidley Austin refer to Sidley Austin LLP and affiliated partnerships as explained at www.sidley.com/disclaimer.
www.sidley.com