Some firms apparently are not meeting their basic responsibilities to comply with Reg BI and Form CRS, the industry self-regulatory organization has found.
In its 2022 Report on Examination and Risk Monitoring Program, FINRA outlines its initial findings from its review of Reg BI and Form CRS, and highlights emerging and ongoing regulatory topics. The 70-page report also summarizes additional findings from recent examinations, outlines effective practices that FINRA observed, and provides additional resources that may help member firms fulfill their compliance obligations.
With Reg BI and Form CRS going into effect on June 30, 2020, FINRA notes that during the first full calendar year of implementation of Reg BI and Form CRS in 2021, it expanded the scope of its reviews and testing relative to 2020 to execute a more comprehensive review of firms’ processes, practices and conduct.
Below are some of the key findings from its initial look at firms’ practices with respect to Reg BI and Form CRS. FINRA says that it will share further findings as it continues to conduct exams and gather additional information on firms’ practices.
Written Supervisory Procedures. FINRA observed WSPs that it says are not reasonably designed to achieve compliance with Reg BI and Form CRS by:
- not identifying the specific individuals responsible for supervising compliance with Reg BI and failing to develop adequate controls;
- stating the rule requirements, but failing to detail how the firm will comply with those requirements;
- not addressing how costs and reasonably available alternatives should be considered when making recommendations;
- not addressing conflicts that create an incentive for associated persons to place their interest ahead of those of their customers; and
- not including provisions to address Reg BI-related recordkeeping obligations and the testing of the firms’ policies, procedures and controls.
Inadequate staff training. Firms failed to adequately prepare associated persons to comply with the requirements of Reg BI beyond previous suitability obligations or Form CRS by:
- failing to deliver initial training before the compliance date;
- delivering training without making clear Reg BI’s new obligations; or
- delivering training that focused on Reg BI and Form CRS requirements in general, without addressing the specific steps necessary to comply.
Failure to comply with care and conflict of interest obligations. Here, FINRA observed firms:
- making recommendations that were not in the best interest of a retail customer based on that customer’s investment profile and the potential risks, rewards and costs;
- recommending a series of transactions that were excessive considering a retail customer’s investment profile and placing the broker-dealer’s interest ahead of the retail customers; and
- not identifying conflicts or, if identified, not adequately addressing those conflicts.
Improper use of ‘advisor’ or ‘adviser.’ FINRA observed associated persons, firms or both using the terms “advisor” or “adviser” in their titles or firm names, even though they lack the appropriate registration.
Track the SEC and DOL fiduciary rules at our fiduciary rule resource center!
Insufficient Reg BI disclosures and deficient Form CRS filings. FINRA also observed firms:
- not providing retail customers with “full and fair” disclosures of all material facts related to the scope and terms of their relationship with these customers or related to conflicts of interest that are associated with the recommendation;
- significantly departing from the instructions or guidance from the SEC for Form CRS filings by omitting material facts, inaccurately representing their disciplinary histories, and failing to describe types of compensation and compensation-related conflicts, among others;
- failing to communicate changes to existing retail investor customers;
- failing to post prominently on their websites the current Form CRS in a location and format that is easily accessible; and
- incorrectly claiming a firm is not subject to the Form CRS delivery obligation.
Other Focus Areas
In addition to its review of Reg BI and Form CRS, the report covers 21 different topics—including five new subjects—relevant to the securities industry:
- firm short positions and fails-to-receive in municipal securities;
- trusted contact persons;
- funding portals and crowdfunding offerings;
- disclosure of routing information; and
- portfolio margin and intraday trading.
Other focus areas highlighted in the report include:
- firms’ compliance with certain regulatory obligations related to the Consolidated Audit Trail, best execution and Rule 606 of Regulation NMS;
- problems with some mobile apps’ communications with customers and firms’ supervision of activity on those apps, particularly controls around account openings;
- firms’ compliance with their regulatory obligations with securities activities involving SPACs;
- the increasing number and sophistication of cybersecurity threats; and
- firms’ communications and disclosures made to customers regarding complex products.
Cybersecurity: In the area of cybersecurity, FINRA notes that these threats are one of the primary risks firms and their customers face. The organization says that over the past year it has continued to observe increases in the number and sophistication of these threats. For example, in 2021, FINRA has alerted firms about phishing campaigns involving fraudulent emails purporting to be from FINRA, as well as new customers opening online brokerage accounts to engage in Automated Clearing House (ACH) “instant funds” abuse.
FINRA notes that it has issued additional regulatory guidance concerning the increase of bad actors using compromised accounts to execute transactions or move money, and will continue to assess firms’ programs to protect sensitive customer and firm information, as well as share effective practices and information about cybersecurity threats to firms.
