Novel Concerns in FINRA’s 2019 Risk Monitoring and Examination Priorities Letter | King & Spalding

On January 22, 2019, FINRA launched its 2019 Annual Risk Monitoring and Examination Priorities Letter (the “Priorities Letter”). Late final yr, as a part of FINRA360 – the group’s ongoing enchancment initiative – FINRA introduced its plans to consolidate its Examination and Risk Monitoring Programs, integrating three separate departments right into a uniform program. As mirrored in the title of the Priorities Letter, FINRA’s priorities apply to each its examination program and its danger monitoring tasks.

In previous years, FINRA’s priorities persistently centered on areas resembling suitability, exterior enterprise actions, personal securities transactions, personal placements, communications with the general public, anti-money laundering (“AML”), greatest execution, fraud, market manipulation, web capital necessities, buyer safety, commerce and order reporting, recordkeeping, danger administration, and supervision. This yr, with respect to gross sales observe dangers, FINRA emphasised that it’s going to proceed to overview and monitor corporations’ buyer suitability critiques, safety of senior buyers, and controls regarding exterior enterprise actions and personal securities transactions. FINRA will even proceed to prioritize market and monetary danger areas regarding greatest execution practices; manipulative buying and selling actions; compliance with Exchange Act Rule 15c3-5 danger administration controls; brief gross sales and brief tender actions; and credit score danger and liquidity.

Notably this yr, FINRA has highlighted 5 rising areas of concern, which we deal with in this alert: (1) on-line distribution platforms; (2) supervision of digital belongings enterprise; (3) compliance with FinCEN’s Customer Due Diligence Rule; (4) fixed-income mark-up and mark-down disclosure obligations; and (5) regulatory expertise.

Online Distribution Platforms

The first highlighted merchandise in the Priorities Letter pertains to securities provided via web sites, that are described as “online distribution platforms.” These forms of securities choices mostly facilitate capital elevating efforts underneath Rule 506(c) of Regulation D and Regulation A of the Securities Act of 1933. FINRA has noticed that broker-dealers are more and more concerned in the distribution of securities via on-line platforms, elevating issues that corporations usually are not complying with FINRA guidelines in the method. While FINRA has recognized various levels of broker-dealer participation in such platforms – starting from restricted involvement of broker-dealers performing slender features resembling custody, escrow, or back-office duties to full participation by broker-dealers that personal and function platforms – any agency participation in these actions shall be topic to enhanced regulatory overview. If a agency is related to promoting, recommending, or facilitating the sale of securities via a web-based platform, FINRA could consider how the agency:

  • Conducts reasonable-basis and customer-specific suitability analyses for shoppers investing in on-line choices. Depending upon the actual providing, a member agency could also be required to reveal that it evaluated every investor’s danger profile, tolerance, funding historical past, and targets.
  • Ensures compliance with AML obligations. In accordance with the actual information and circumstances of every providing, a member agency ought to get hold of applicable info concerning the buyers and sources of funding funds and decide how the transactions – each individually and in combination for your entire deal – shall be reviewed.
  • Evaluates the dangers related to providing paperwork and communications with the general public. Given the widespread circulation of promoting supplies focusing on potential buyers for participation in these choices, a member agency ought to make sure that every providing meets FINRA’s promoting regulation requirements of being honest, balanced, and not deceptive. This contains the disclosures contained in the providing supplies, which can not embody false or deceptive statements, or omit materials info.
  • Addresses the chance of gross sales to non-accredited buyers, particularly for choices underneath Rule 506(c) of Regulation D. Given the variance in dimension, construction, and necessities of those choices, guaranteeing participation by solely “accredited” buyers is important. A agency ought to apply a risk-based method when verifying that every investor qualifies as accredited (and thus allowed to take part in such choices).
  • Assesses the chance of extreme or undisclosed compensation preparations between corporations and issuers, particularly for choices underneath Regulation A. A member agency ought to make sure that potential buyers have entry to all the suitable info concerning the choices in which the agency participates, together with the place and how the funds are allotted.

Supervision of Digital Assets Business

Firms collaborating in actions associated to digital belongings are actually a key precedence for FINRA. The digital belongings enterprise encompasses cryptocurrencies, digital cash, tokens, and every other use of distributed ledger or blockchain expertise. In prior years, FINRA expressed issues concerning the potential for hurt to buyers in the cryptocurrency and preliminary coin providing (“ICO”) areas. This yr, FINRA has broadened its focus to your entire digital belongings sector. As a part of its efforts, on July 6, 2018, FINRA issued Regulatory Notice 18-20 which inspired corporations to inform FINRA in the event that they plan to have interaction in actions associated to digital belongings. Firms are requested to inform FINRA of their involvement by July 31, 2019, throughout which era broker-dealers could discover themselves topic to this yr’s examinations. In addition to complying with FINRA’s request for info, member corporations should make sure that their involvement in the digital belongings enterprise complies with FINRA Rules, together with these concerning custody, sale, valuation, and AML.

Customer Due Diligence and Suspicious Activity Reviews

This yr, FINRA will consider assessing corporations’ compliance with the Financial Crimes Enforcement Network’s (“FinCEN”) ultimate rule on Customer Due Diligence Requirements for Financial Institutions (the “CDD Rule”). The CDD Rule provides a “fifth pillar” to the Bank Secrecy Act (“BSA”) and is meant to each make clear buyer due diligence necessities for coated monetary establishments[i] and strengthen their skill to detect, stop, and report illicit actions. The CDD Rule codifies and expands upon current BSA/AML necessities by explicitly requiring coated monetary establishments to: (i) determine and confirm the identities of the useful house owners of authorized entity prospects; (ii) perceive the character and function of buyer relationships in order to develop buyer danger profiles; and (iii) conduct ongoing monitoring for suspicious transactions and, on a risk-basis, keep and replace buyer info.[ii]

Previously, the BSA required coated monetary establishments to develop written AML compliance applications that, at a minimal, consisted of the next 4 pillars: (i) a system of inside controls to make sure ongoing BSA/AML compliance; (ii) impartial testing for compliance; (iii) a delegated individual or individuals liable for implementing and monitoring the operations and inside controls of the AML program; and (iv) ongoing coaching for applicable individuals. Consistent with these necessities, FINRA adopted Rule 3310 (previously NASD Rule 3011) requiring all member corporations to keep up AML applications and procedures that fulfill the 4 pillars of the BSA, in addition to put in place insurance policies and procedures that may moderately be anticipated to detect and trigger the reporting of suspicious transactions. Because the CDD Rule requires corporations to keep up applicable risk-based procedures for conducting ongoing buyer due diligence as a required “fifth pillar” for ample AML compliance applications, FINRA is contemplating whether or not FINRA Rule 3310 ought to be amended to extra carefully align with FinCEN’s CDD Rule.[iii]

FinCEN carried out the CDD Rule on May 11, 2016, and it turned efficient on July 11, 2016.[iv] Covered monetary establishments had till May 11, 2018 to adjust to the brand new provisions. Prior to May 11, 2018, underneath the BSA, coated monetary establishments have been required to create buyer identification applications that included procedures to conduct due diligence on each people and authorized entities opening new accounts. However, corporations weren’t explicitly required to carry out buyer due diligence on the useful house owners of authorized entity prospects. Now, included into the fifth pillar of the BSA, the CDD Rule requires corporations to keep up written AML procedures which can be moderately designed to determine and confirm the id of any particular person who owns 25 % or extra of a authorized entity buyer, and not less than one particular person who controls the authorized entity (i.e. the authorized entity buyer should determine its final useful proprietor or house owners and not “nominees” or “straw men.”).[v]

With respect to the CDD Rule, FINRA indicated in its Priorities Letter that it’s going to consider the “data integrity [of a firm’s] suspicious activity monitoring systems, as well as the decisions associated with changes to those systems.” Because FinCEN allowed corporations a prolonged two-year interval to adjust to the CDD Rule, most corporations ought to have already got in place methods that incorporate these new buyer due diligence obligations. Nonetheless, some greatest practices for corporations in search of to make sure compliance with the CDD Rule embody the next:

  • Confirm that every one AML written supervisory insurance policies and procedures are correctly up to date to include CDD Rule obligations. The procedures ought to element particular person tasks in reference to the CDD Rule, together with what occasion or events will overview and approve adjustments to a buyer’s danger profile. Procedures must also handle situations in which the agency has obtained inadequate or inaccurate buyer info.
  • Conduct ongoing coaching for compliance professionals on new CDD necessities, together with easy methods to correctly: (1) collect required buyer info; (2) confirm and file useful house owners of authorized entity prospects; (3) conduct applicable ongoing danger profiling; and (4) carry out periodic buyer critiques.
  • Confirm that every one inside and outsourced applied sciences used to carry out ongoing buyer due diligence are CDD Rule-compliant.
  • Verify that buyer due diligence reporting information is up-to-date and correct.
  • Confirm that buyer danger profile info and collected useful possession info is verified, recorded, and included into AML compliance screening applications, and getting used in reference to suspicious exercise reporting.
  • Check that present applications and procedures require the gathering of useful possession info for current shoppers that open new accounts.
  • Review all recordkeeping procedures for buyer danger profiles, and useful possession identification and verification info.
  • Periodically conduct a sampling of recent accounts opened and overview buyer information for compliance with the CDD Rule.

Fixed Income Mark-ups/Mark-downs on Trade Confirmations

Another focus for FINRA’s examination and danger monitoring applications this yr shall be corporations’ compliance with mark-up and mark-down disclosure obligations on fixed-income transactions with prospects, pursuant to final yr’s coordinated amendments to FINRA Rule 2232 (Customer Confirmations) and MSRB Rule G-15 (Confirmation, Clearance, Settlement and Other Uniform Practice Requirements with Respect to Transactions with Customers). Taken collectively, the amendments require member corporations to offer retail prospects with further transaction-related info for sure trades in company, company and municipal debt securities. Firms have been beforehand required to reveal transaction value info when appearing as principal with prospects for less than fairness trades, pursuant to Securities and Exchange Act Rule 10b-10. The amendments added comparable necessities for bond trades.

In its December 2018 Report on FINRA Examination Findings, FINRA famous sure crucial failings in some member corporations’ implementation of adjustments required underneath FINRA Rule 2232 and MSRB Rule G-15 as amended. FINRA has included mark-up and mark-down disclosure obligations underneath revised Rule 2232 in the “Highlighted Items” part of its 2019 Priorities Letter. FINRA’s repeated emphasis on corporations’ compliance with mark-up and mark-down disclosure obligations signifies that this can be a important space of concern that FINRA examination groups will scrutinize in the approaching yr.

FINRA Rule 2232 as amended requires member corporations to confide in retail prospects the quantity of mark-up or mark-down the client paid for a purchase order or sale in a company or company debt safety,[vi] if the member agency additionally executes a number of offsetting principal trades in the identical safety on the identical buying and selling day in an combination buying and selling dimension assembly or exceeding the dimensions of the commerce with the client.[vii] Mark-ups should be disclosed each as a complete greenback quantity for the transaction and as a share of the prevailing market value (“PMP”) for the safety – to be calculated pursuant to FINRA Rule 2121 (Fair Prices and Commissions). Rule 2232 additionally now requires buyer confirmations to comprise the time of execution of the commerce and a security-specific hyperlink (with CUSIP) to the FINRA or MSRB web site, the place the client can discover further particulars in regards to the transaction.[viii]

For disclosure functions, corporations should “look through” to offsetting principal trades exercised by affiliate broker-dealers if these trades didn’t happen at arm’s-length, and disclose the mark-up related to these trades. While the amendments to FINRA Rule 2232 comprise new disclosure obligations, there are two exceptions: i) member corporations needn’t disclose mark-ups for principal trades executed on a functionally separate buying and selling desk from the one which executes the client trades (so long as the agency’s insurance policies and procedures are designed to make sure that the functionally separate buying and selling desk has no information of the client trades); and ii) mark-up disclosure will not be required for bonds {that a} member agency obtained in a fixed-price providing and subsequently bought to a retail buyer on the identical providing value on the identical day.

Takeaways and potential pitfalls for member corporations in search of to adjust to FINRA Rule 2232 are as follows:

  • FINRA Rule 2121 defines PMP presumptively because the contemporaneous value incurred by the seller when buying the debt safety. When contemporaneous value will not be indicative of PMP, nonetheless, Rule 2121 units forth nuanced waterfall provisions dictating the way in which PMP should be calculated. Member corporations utilizing third-party distributors or automated methods to carry out such waterfall analyses will need to have an affordable foundation to consider that the ensuing PMP calculations are appropriate. The final duty for calculating PMP and disclosing mark-ups in compliance with Rule 2232 lies with member corporations.
  • Individual brokers ought to obtain ample coaching and supervision to make sure that they perceive what info to incorporate in buyer confirmations pursuant to Rule 2232, and the exceptions to the rule’s disclosure necessities. Firms must also take cheap steps to make sure that brokers don’t deliberately delay execution of buyer trades to keep away from triggering Rule 2232’s disclosure necessities.
  • Member corporations ought to contemplate periodically sampling and reviewing buyer confirmations falling underneath Rule 2232’s fastened revenue mark-up disclosure provisions to make sure that the knowledge contained therein is full and correct.

Regulatory Technology

Like others in many industries, broker-dealers are turning to new and progressive expertise to help them in assembly their regulatory and compliance obligations. FINRA has recognized Regulatory Technology as one other highlighted space of focus in 2019. The Priorities Letter incorporates by reference a white paper FINRA printed in September 2018 titled “Technology Based Innovations for Regulatory Compliance (“RegTech”) in the Securities Industry,” which contained an in depth dialogue of frequent purposes and implications for corporations utilizing RegTech to make compliance methods extra environment friendly and efficient. In doing so, FINRA recognized 5 areas in which it noticed member corporations making use of RegTech instruments to conduct conventional compliance actions: (1) surveillance and monitoring; (2) buyer identification and AML compliance; (3) regulatory intelligence; (4) reporting and danger administration; and (5) investor danger evaluation. FINRA famous that changing conventional compliance features with RegTech instruments could current heightened danger to supervisory management methods, buyer information privateness, and cybersecurity, amongst different areas.

Given the huge alternatives introduced by RegTech, together with improved surveillance high quality and diminished prices, how are corporations to resolve which applied sciences to undertake and how aggressively to embrace these improvements? What are the recognized pitfalls to be prevented? What further concerns ought to corporations and compliance officers weigh? We present the next 4 instructed tricks to reduce regulatory publicity when implementing RegTech instruments:

  • Maintain an Integration Plan

Firms that see the long-term advantages of using RegTech instruments to automate compliance methods have to develop a risk-based integration plan. In the short-term, this possible means duplicating sure compliance efforts. Leaving outdated methods in place and evaluating conventional information with outcomes achieved via automated methods will allow corporations to know each advantages and shortcomings of recent expertise. In addition, to the extent instruments have interaction in so-called “machine learning” to refine processes and improve output high quality, these methods ought to be given an extended sufficient studying curve to investigate what information falls away as false positives or noise. Firms must also conduct ongoing and rigorous testing of automated compliance methods to make sure efficacy.

Firms must also respect the disconnect between what FINRA calls structured and unstructured information when implementing RegTech instruments. Marrying collectively information from disparate sources requires a well-planned long-term method and could require protecting conventional compliance methods in place for years till a holistic RegTech system may be carried out and examined throughout all of a agency’s enterprise strains and info sources.

Though there have but to be any RegTech-related enforcement actions taken by FINRA, a agency is extra prone to keep away from formal self-discipline if it takes a affected person method to implementation and makes a number of distinct efforts to determine blind spots earlier than abandoning conventional compliance methods.

  • Envision the Worst-Case Scenario

Firms ought to consider the impression automation has on their compliance methods underneath a worst-case state of affairs. When implementing new compliance methods, corporations ought to decide the potential hurt that may consequence from a system failure. For instance, corporations ought to ask whether or not the system impacts excessive regulatory priorities like defending retail buyers, attaining anti-money laundering compliance or effecting regulatory reporting. Firms must also decide the scope of a possible system failure – is hurt restricted to a damaged commerce or failed wire transmission or would it not have a widespread impression on market exercise? Developing a danger matrix that accounts for some of these questions will allow corporations to use sources to the methods with the best potential for hurt in areas of excessive regulatory precedence.

  • Appreciate the Dangers of Outsourcing to Third-Parties

Many of the early entrants in the RegTech instrument growth area are expertise start-ups that provide merchandise to monetary establishments via third-party vendor help. This introduces dangers regarding third-party information breaches and different information privateness issues. FINRA has particularly cautioned that corporations stay “ultimately responsible for compliance with all applicable securities laws and regulations and FINRA rules” in reference to outsourced actions or features.

Step one for minimizing dangers associated to third-party distributors is to conduct cheap preliminary and ongoing vendor due-diligence. Firms ought to make sure that distributors are technically, operationally and financially sound, and have ample cybersecurity methods in place to safeguard information. Further, corporations ought to be happy that they will adequately supervise the outsourced features and that distributors perceive regulatory necessities for file retention.

Firms should even be vigilant in defending buyer information. Whenever doable, corporations ought to restrict information offered to distributors to the minimal info important to realize the outsourced exercise. For instance, if a vendor conducts transaction overview that isn’t associated to buyer id, corporations ought to make sure that the seller can not entry customer-specific info. Firms must also make sure that prospects present consent as wanted when new or further info is collected by or shared with a third-party vendor.

  • Don’t Be Afraid to Maintain a Dialogue with FINRA and Other Regulators

FINRA has expressed a powerful need to foster an open dialogue with its members to assist work via rising pains of rising applied sciences. Consistent with this method, FINRA has beforehand invited member corporations and different events to submit feedback to determine advantages and dangers related to new monetary applied sciences. FINRA persistently encourages stakeholders to actively have interaction with it on areas the place further steerage will help adoption of recent applied sciences.

Member corporations ought to benefit from FINRA’s willingness to pay attention and have interaction in energetic dialogue regarding RegTech by, amongst different issues, notifying their regulatory level of contact when contemplating upgrading conventional compliance methods with new expertise instruments. Cooperating with regulators to determine potential expertise failings not solely will increase the probability of “getting it right” but in addition helps make the case in opposition to formal motion if one thing goes mistaken.

FINRA’s Priorities Letter, taken along with different current notices and publications by the regulator, places member corporations on discover of the necessity to overview and revise as applicable their FINRA compliance applications each in areas of longstanding concern and in rising areas of danger that FINRA took care to underscore. Firms ought to count on an elevated focus by FINRA in examinations and danger monitoring in the highlighted areas of concern.

[i] The time period “covered financial institution” contains U.S. banks, registered brokers or sellers in securities, mutual funds, and future fee retailers and introducing brokers in commodities.  See 31 CFR § 1010.605(e)(1).

[ii] See 31 CFR §§ 1023.210(b)(5)(i) and (ii).

[iii] See FINRA Regulatory Notice 17-40, November 21, 2017 (The CDD Rule doesn’t change the necessities of FINRA Rule 3310, however as an alternative “amends the minimum statutory requirements for member firms’ AML programs by requiring such programs to include risk-based procedures for conducting ongoing customer due diligence.”).


[v] 31 CFR § 1023.210.

[vi] The safety should even be a TRACE-Eligible Security required to be reported to TRACE underneath FINRA Rule 6730.

[vii] Because prospects buy bonds from member corporations extra usually than promote them to member corporations, for ease of reference our dialogue going ahead will refer solely to mark-ups.

[viii] Firms should additionally embody in the client affirmation a quick description of the knowledge out there on the related web site.

Original Post by

Share your thoughts & Earn 360 Coins by Commenting below...

      Leave a reply

      Cryptocurrency 360