FINRA recently released its 90-page document Annual Regulatory Oversight Report 2024 (Report) providing member firms with insight into six main topics: financial crimes, crypto asset development, company operations, communications and sales, market integrity, and financial management. Each of the main topics contains three to eight subtopics with, among other things, examples of what FINRA considers effective (and ineffective) practices related to each subtopic. Below are discrete observations corresponding to each subtheme that member companies may wish to consider in relation to their unique businesses. Such observations are designed to provide an entry point into a broader discussion about critical business self-assessment in these areas.
The main topics and corresponding subtopics to consider are:
Financial crimes
- Cybersecurity and technology management: Although cyber incidents may have implications under the Bank Secrecy Act (BSA), it is worth considering whether such incidents could also involve FINRA Rule 4530(b).
- AML, fraud and sanctions: For businesses that create online accounts, develop an effective practice for verifying customer identification of individuals.
- Manipulative Trading: Monitor wash sales and determine if this trading activity was done with the goal of collecting liquidity rebates from exchanges.
Crypto Asset Development (New)
Determine whether client communications clearly distinguish an affiliated crypto account from the client's brokerage account.
Company Operations
- Outside business activities and private securities transactions: Establish policies, procedures, and controls for associated persons who have outside business activities and private securities transactions involving crypto assets.
- Books and records: Consider how your company monitors unapproved off-channel communications.
- Regulatory Event Reports: Determine whether to review company communications for unreported customer complaints.
- Trusted contact persons: Consider creating target goals to collect information on trusted individuals and make the results available within the firm.
- Crowdfunding offers: Broker-dealers and financing portals: Properly evaluate and review instances (if any) where issuers or offerings exhibit warning signs during the onboarding process.
Communications and sales
- Communications with the public: For mobile apps, consider providing appropriate risk disclosure during account opening and before customer transactions.
- Reg BI and CRS form: Consider whether high-risk and complex investment recommendations to retail clients should be subject to a rigorous review and approval process.
- Private placements: Disclose potential risks to clients and note that Reg BI applies to recommendations for retail clients.
- Variable annuities: Provide clear guidance to retail investors on fees, benefits and redemption periods.
Market integrity
- Consolidated Audit Trail (CAT): Consider regular communications with the CAT reporting agent and report CAT issues to the FINRA CAT Help Desk as appropriate.
- Best execution: When it comes to payment for order flow (PFOF), consider how these payments interact with the firm's best execution obligations.(1)
- Disclosure of Routing Information: Consider conducting periodic reviews of Quarterly Rule 606 Reports and Customer-Specific Order Disclosure Reports regarding PFOF, where applicable, for accuracy and completeness.
- Regulation SHO – Exemptions from good faith market making: Distinguish bona fide market making activities from proprietary trading activities which may not benefit from an exception under Reg. SHO.
- Fixed Income – Fair Pricing: Determine whether to compare the company's markups/demarcations to the data provided by FINRA in the TRACE and MSRB Markup/Demarcation Analysis Reports.
- OTC Fixed Income Quotes (New): Consider using a third-party provider to confirm that there is current information on a fixed income issuer or a valid exception before proceeding with the listing.(2)
- Announced volume (new): Determine whether there is a methodology for the company to monitor and review reported and disseminated trading volume.
- Market access rule (new): Consider how the company can demonstrate the reasonableness of its risk management controls.
Financial direction
- Net Capital: Determine whether the company has a methodology for evaluating the completeness and accuracy of its accounting entries and their impact on net capital.
- Liquidity risk management: Determine whether the company has a liquidity risk management plan and performs adequate stress testing periodically.
- Credit risk management: Determine whether the company has adequate policies, procedures and controls to manage and report credit risk.
- Portfolio margin and intraday trading: Determine whether the company has a process for proactively communicating with high-risk customers.
- Asset Segregation and Customer Protection: Determine whether the company has policies and procedures to monitor and resolve possession or control deficits and that there is precise coding for the correct control locations.
(View source.)