FINRA Issues Its 2017 Exam Priorities

Sales Practices

Senior Investors

The protection of senior investors remains a top priority for FINRA in 2017. This year’s Letter highlights two areas in which FINRA observes problematic behavior: the recommendation of unsuitable investment products to senior investors and microcap (penny) stock fraud schemes targeting the elderly. FINRA will review instances in which a registered representative has recommended that a senior investor purchase speculative or complex products to determine whether the recommendation fits the senior investor’s profile and risk tolerance. It will also assess whether the firm has appropriate supervisory mechanisms in place to detect and prevent problematic sales practices. Additionally, FINRA will aim to combat the rise in recent years of aggressive “boiler room” tactics by unregistered persons who target senior investors with “pump-and-dump” schemes. FINRA reminds firms that they can implement a number of controls to protect elderly clients, such as contacting elderly customers when they place speculative penny stock orders through an online brokerage account, questioning customers about inquiries to buy or sell penny stocks held outside the firm, and asking customers about instructions to transfer funds to an individual who may be tied to the issuer.

Product Suitability and Concentration

FINRA has observed recurring instances of firms recommending products that are unsuitable for customers, at times because the registered representatives themselves do not adequately understand the product’s features. FINRA cites as examples complex or novel exchange-traded products (ETPs), structured retail products, leveraged and inverse exchange-traded funds, non-traded real estate investment trusts (REITs) and unlisted business development corporations (BDCs). FINRA will assess firms’ reasonable-basis and customer-specific suitability review processes, including product vetting processes, supervisory systems and controls to review recommendations. FINRA will also increase its scrutiny of the controls firms use to monitor for excess concentration, whether in a particular type of product or through disproportionate exposure to a particular industry sector.

Excessive and Short-Term Trading of Long-Term Products

In September 2016, FINRA launched a targeted exam that focuses on unit investment trust (UIT) rollovers at select firms and will continue to review other firms’ UIT sales and surveillance practices. FINRA has observed instances in which registered representatives recommended that their clients trade long-term products on a short-term basis. FINRA believes this trading to be detrimental to clients, due to the potential for missed dividend payments (in the case of UITs) or diminished investment returns because of increased costs from commissions, underwriting fees or creation and development fees.

FINRA also emphasizes that firms should evaluate whether their supervisory systems can detect activity intended to evade automated surveillance for excessive switching activity, such as where registered representatives switch customers across products so as to evade surveillance that focuses on switching within a single product class.

Financial Risks

Liquidity Risk

In 2017, FINRA will assess whether firms are adequately evaluating their liquidity needs related to market-wide and idiosyncratic stresses, developing contingency plans that provide sufficient liquidity to endure those stresses and conducting stress tests to gauge the effectiveness of those plans. This effort follows FINRA’s 2016 assessment of liquidity management practices, which found that many firms’ contingency plans relied on committed secured and unsecured loan facilities whose contract provisions (such as restrictive covenants) could compromise or delay funding availability during a stress event.

FINRA will also review how clearing firms incorporate the funding needs of large introducing firms and clients into their contingency plans where such entities rely on the clearing broker for funding during a stress event. FINRA urges firms to consider the practices discussed in Regulatory Notice 15-33 when evaluating their liquidity management plans.

Financial Risk Management

In 2017, FINRA will engage a group of firms to explain how they would react to a specific stress scenario that affects a firm’s market, credit and liquidity risks. FINRA will assess these firms’ risk management practices, including readiness, communication plans, risk metrics and triggers, and contingencies. FINRA aims to understand whether the firms’ approaches appear reasonable in light of the firms’ respective businesses, but will not seek to specify a single “right way” to deal with the scenario.

Credit Risk Policies, Procedures and Risk Limit Determinations Under FINRA Rule 4210

In 2017, FINRA will review firms’ implementation of their new obligations under the first phase of the amendments to FINRA Rule 4210, establishing margin requirements for covered agency transactions. FINRA will assess firms’ written risk policies, procedures and risk limit setting processes, as well as how firms establish and supervise compliance with the new requirements. FINRA advises firms to review the new requirements so that they have appropriately tailored their risk policies and limits to their counterparties and covered agency transactions.

Operational Risks

Cybersecurity

The Letter notes that cybersecurity remains “one of the most significant threats” faced by firms. FINRA will review firms’ cybersecurity programs based on each firm’s business model, size and risk profile. FINRA may review firms’ methods for preventing data loss, data flow through the firm (and possibly to vendors), controls used to monitor and protect data, and management of vendor relationships and associated controls. FINRA states that such controls should be informed by a number of factors, including the types of customer or employee personally identifiable information or sensitive firm information that vendors might be able to access. FINRA may also examine firms’ controls to protect sensitive information from insider threats.

FINRA identifies two areas in which it has observed repeated shortcomings: cybersecurity controls at branch offices and failure to fulfill obligations under Securities Exchange Act of 1934 (SEA) Rule 17a-4(f), requiring, among other things, that firms preserve records in “write once read many” or “WORM” format.

Supervisory Controls Testing

FINRA reiterates the importance of regular testing of internal supervisory controls and reminds firms of their obligation to conduct supervisory controls testing and chief executive officer certifications under FINRA Rules 3120 and 3130. FINRA has observed that a firm’s failure to identify and address gaps or inadequate controls can lead to systematic control breakdowns and may result in record-retention omissions and disclosure failures. FINRA observes that control gaps become more prevalent when firms increase the scale or scope of their business or change from legacy to new compliance systems.

Customer Protection/Segregation of Client Assets

In 2017, FINRA will evaluate whether firms have adequate controls and supervision procedures to protect customer assets pursuant to SEA Rule 15c3-3. FINRA will also assess whether firms have implemented control processes that are sufficient to identify the location of securities, as well as whether firms’ supervision and control processes are able to identify (and, where appropriate, prevent) manual overrides of automated possession or control calculations. Such overrides may include, for example, reductions to DTC Memo Seg instructions to make delivery of hard-to-borrow securities.

FINRA is also concerned that some firms may engage in transactions with little or no economic substance in order to reduce their reserve or segregation requirements under the financial responsibility rules. FINRA notes that such activity may put customers’ cash or securities at risk. FINRA will review for such behavior by focusing on the mechanisms firms use to identify, review and approve or disapprove such transactions, and reviewing client transactions that result in outsized profit and transactions that shift profit or loss between a broker-dealer and its affiliates that are not supported by the economics of the situation.

Regulation SHO – Close Out and Easy to Borrow

In light of recent SEC enforcement actions, FINRA will evaluate firms’ use of the easy-to-borrow list and assess the adequacy of firms’ automated locate models to determine whether firms have reasonable grounds to believe securities are available for borrowing prior to accepting a short sale. Firms should continue to monitor their close-out processes to appropriately close out fails-to-deliver by the designated close-out date pursuant to Rule 204 of Regulation SHO.

Anti-Money Laundering (AML) and Suspicious Activity Monitoring

In 2017, FINRA will place emphasis on areas of firms’ AML programs where FINRA has observed shortcomings, including gaps in firms’ automated trading and money movement surveillance systems resulting from data integrity problems, poorly set parameters, surveillance patterns that do not capture problematic behavior and weaknesses within systems that monitor foreign currency transactions and transactions that flow through suspense accounts. FINRA states that firms may monitor for AML activity using the trading surveillance they use for supervisory purposes; however, that surveillance must include alerts specifically tailored to the firm’s AML red flags.

FINRA will also continue to focus on firms’ controls for accounts held by nominee companies and expects firms to determine whether they need to implement policies and procedures to identify the accounts of such companies, as well as whether such accounts require heightened scrutiny.

Municipal Advisor Registration

FINRA has identified and will continue to monitor for instances of firms not registering correctly with both the SEC and Municipal Securities Rulemaking Board (MSRB), not properly updating their registration information, or not identifying all individuals engaged in municipal advisor activity as required for submission to EDGAR on SEC Form MA-I. FINRA also reminds firms that Series 50 Municipal Advisor Representative Qualification Examination became available September 12, 2016 and individuals engaging in municipal advisor activities have one year to pass the exam.

Market Integrity

Manipulation

The FINRA Letter announces several enhancements to FINRA’s surveillance program. FINRA has expanded its layering pattern to target larger groups of market participants that may be engaging in manipulation. FINRA also developed a cross-product surveillance pattern to detect layering in an underlying equity to influence options prices. In 2017, FINRA will expand its cross-product manipulation surveillance to include trading in ETPs and related securities, and improper trading strategies directed at unique attributes of ETPs. FINRA continues to issue Cross Market Equity Supervision Report Cards for layering and spoofing activity. FINRA also is monitoring whether market participants are trading in a potentially manipulative manner during the open or close by, for example, trading or quoting on one side of the market to benefit a position on the other side of the market.

Best Execution

FINRA reemphasizes that firms should consider how their order-handling decisions are affected both by the continuing automation of equity securities and standardized options markets and by advances in trading technology and communications in the fixed income markets. Firms should take these changes into account when reviewing the execution quality they provide customers. Firms should review the guidance in Regulatory Notice 15-46, Guidance on Best Execution Obligations in Equity, Options and Fixed Income Markets. FINRA also reminds firms of the importance of providing accurate payment for order flow disclosures. FINRA examiners are also concerned with the level of required detail of order flow disclosures. Consistent with FINRA’s sharing of key examination findings and assisting firms in their compliance efforts, it would be productive for FINRA to share best practices and provide guidance on this requirement.

Audit Trail Reporting Early Remediation Initiative and Expansion

FINRA will expand its Audit Trail Reporting Early Remediation Initiative in 2017 to areas including Regulation NMS trade-throughs and locked and crossed markets. The Initiative currently identifies and alerts firms to potential equity audit trail issues not otherwise detected through routine compliance reviews. FINRA urges firms to make use of the alerts and correct identified systems issues, noting that doing so may prevent a formal investigation so long as the issue is limited in scope and is promptly addressed. We view this encouragement of self-correction as a positive development and consistent with the self-regulatory model.

Tick Size Pilot

FINRA will continue to collect data under its Tick Size Pilot. The Letter emphasizes that firms’ submission of accurate Order Audit Trail System (OATS) and market maker data is critical to informing the SEC’s and self-regulatory organizations’ analysis of the Pilot. Accordingly, FINRA will review for compliance with the data requirements of the Pilot, as well as compliance with its quoting and trading restrictions.

Market Access Rule

FINRA reasserts the need for firms to improve their compliance with the Market Access Rule (MAR). FINRA generally believes firms need to better document their market access controls, provide the rationales for decisions relating to the setting of controls, identify the individuals responsible for monitoring those controls and consistently monitor the effectiveness of the controls they employ. The Letter provides little, if any, guidance regarding compliance or sharing best practices. In fact, the only best practice provided is that Firms should implement, memorialize and monitor pre-trade and post-trade controls. In other words, it merely states that firms should comply with the Market Access Rule. The Letter neither provides guidance nor shares best practices for complying with the Rule or the documentation deficiencies referenced above. FINRA has implemented an aggressive examination and enforcement program for compliance with the Rule. FINRA apparently follows up most erroneous transaction petitions with a lengthy request regarding the submitting firm’s compliance with the Rule. The only guidance available to members is through the implementation of enforcement actions, which does not normally provide the detailed guidance necessary to be helpful. Compliance with this critical rule is too important to be addressed solely through enforcement. FINRA (and the SEC) should share their specific expectations with the industry.

FINRA included in the MAR section a discussion of a related area: controls and procedures related to algorithmic trading. FINRA recommends that firms:

1. Implement procedures for the supervision, development, testing and employment of algorithmic trading, including code development or changes; and
2. Maintain reasonable processes to monitor whether trading algorithms operate as intended and processes to disable algorithms or systems that malfunction.

The Letter further recommends that firms consider the effective practices described in Regulatory Notice 15-09. FINRA’s focus in this area raises a number of concerns, including those related to exam staff requests that firms provide proprietary, highly technical, sensitive and confidential data/code.

Trading Examinations

FINRA’s 2017 trading examination priorities include reviewing the adequacy of Alternative Trading Systems’ (ATS) disclosures to customers about how they operate, reviewing for potential conflicts of interest and evaluating whether floor brokers and upstairs firms are handling manual options orders in accordance with their best execution obligations.

FINRA will also launch a pilot trading examination program to determine the value of targeted examinations of certain smaller firms that have historically not been subject to trading examinations due to their relatively low trading volume.

Fixed Income Securities Surveillance Program

FINRA will continue to expand its fixed income surveillance program and conduct investigations into problematic activity, such as wash sales and interpositioning. FINRA will review firms’ written supervisory procedures and systems for whether they are reasonably designed to monitor for individuals who engage in non-bona fide trading to create an artificial price level in a bond, in order to hide an excessive mark-up on a customer trade or reset the aging of positions held by the firm. Such activity has been the subject of recent FINRA enforcement actions.

FINRA plans to develop a data integrity program to monitor the accuracy of data submitted under the new Trade Reporting and Compliance Engine (TRACE) reporting requirements for transactions in U.S. Treasury securities, which are scheduled to become effective in July 2017. FINRA will develop customer protection surveillance patterns to monitor compliance with U.S. Treasury securities rules, as well as patterns to identify abusive algorithms.

Conclusion

The cover letter sets the tone for a more cooperative and transparent approach by FINRA, which should be beneficial to member firms. The Letter, a lengthy though not an exhaustive list, serves as a good guide for areas that firms should review and, where appropriate, revise their processes and procedures prior to their next exam.

If you have any questions regarding this Sidley Update, please contact the Sidley lawyer with whom you usually work, or