FINRA’s latest report on its examination findings reveals that some broker-dealer firms still fall short with respect to their supervisory and documentation requirements.
The organization’s “2019 Report on Examination Findings and Observations” found that some firms did not have adequate systems of supervision to review whether recommendations were suitable considering a customer’s financial situation, investment experience, risk tolerance, time horizon, investment objectives, liquidity needs and other investment profile factors.
The report reflects key findings and observations identified in recent examinations and contains effective practices that could help firms improve their compliance and risk management programs, including in the areas of supervision, cybersecurity, best execution and segregation of client assets.
In the area of product exchanges, FINRA found that some BDs “did not maintain a supervisory system reasonably designed to assess the suitability of recommendations that customers exchange certain products, such as mutual funds, variable annuities or unit investment trusts (UITs).” FINRA notes that some firms did not maintain blotters or other processes to identify patterns of unsuitable recommendations involving long-term products.
Additionally, firms in some cases did not reasonably supervise exchanges because they could not verify the information provided by registered representatives in their rationales to justify a recommended exchange, such as inaccurate descriptions of product fees, costs and existing product values.
Red Flags
FINRA also reports that the supervisory systems of some firms “were not reasonably designed or used to detect red flags of possible unsuitable transactions.” For example, the organization notes that firms did not identify or question patterns of similar recommendations by representatives or branch offices across many customers with different risk profiles, time horizons and investment objectives.
Moreover, in some instances several customers of a representative or branch office appeared to have made “unsolicited transactions” in identical securities, which could raise questions around whether the transactions were actually “unsolicited,” the report observes.
Insufficient Procedures
Some BDs also did not adequately address newly adopted or amended rules by developing controls to address the new requirements and by updating their written supervisory procedures (WSPs).
As examples, the report points to new fixed income mark-up disclosure requirements; new trusted contact person information requirements; and temporary holds, supervision and record retention requirement. “Firms are expected to evaluate which new and amended laws and regulations apply to their business, and review whether their supervisory systems, WSPs and training programs need to be amended to comply with any new or amended requirements,” the report advises.
Digital Communications
FINRA further notes that it observed firms encountering challenges in complying with supervision and recordkeeping requirements for various digital communications tools and technologies.
In some cases, firms prohibited the use of texting, messaging, social media or collaboration applications for communicating with customers, but did not maintain a process to identify and respond to red flags that representatives were using impermissible communications. “Red flags could be detected through, for example, customer complaints, representatives’ email, outside business activity reviews or advertising reviews,” FINRA notes. Some representatives also conducted “electronic sales seminars” in a chatroom or on digital channels that were not permitted by their firms and were outside of supervision or recordkeeping programs.
To establish effective practices, FINRA notes that some firms maintain governance processes to manage firm decisions and develop compliance processes for each new digital channel, as well as new features of existing channels. “Such firms worked closely with their marketing, compliance and information technology departments, as well as their third-party vendors to monitor the rapidly evolving array of communication methods available to their associated persons and customers,” the report explains.
Cybersecurity
Cybersecurity was another topic of concern. “While many firms have made significant improvements in their cybersecurity programs, cybersecurity attacks continue to increase in both number and level of sophistication,” the report observes. Recognizing that there is “no one-size-fits-all approach,” FINRA recommends that firms evaluate each of the cybersecurity controls described in the report and other FINRA resources in the context of their business model and risk profile.
“Our position as a self-regulatory organization affords us the unique opportunity to provide firms with resources that help them more easily comply with rules and regulations and protect investors – and this report aims to do just that,” notes Bari Havlik, FINRA Executive Vice President of Member Supervision. “We hope firms find the Exam Findings and Observations Report useful in strengthening their own control environments and addressing potential deficiencies before their next exam.”
