Last week, FINRA published its 2022 Report on its Examination and Risk Monitoring Program (the “Report”), identifying key areas of focus for broker-dealer exams this year. The Report contains many of the same areas of focus as last year’s report, including anti-money laundering, cybersecurity, Reg BI and Form CRS, communications with the public, best execution and segregation of customer funds. Although the Report again identifies these general areas, it identifies new concerns and recent examination findings in those areas. In an effort to be user friendly, the Report highlights that new content in bold and identifies new areas for 2022. A key takeaway from the Report is the continued challenges posed by technology.
FINRA identified cybersecurity threats as “one of the primary risks firms and their customers face” and in 2021 FINRA observed “increases in the number and sophistication” of cybersecurity threats. FINRA identified several examples of threats it identified, including phishing campaigns involving fraudulent emails purporting to be from FINRA. FINRA also noted that it “continues to observe fraudsters and other bad actors engaging in cybercrime that increases both fraud risk (e.g., synthetic identity theft, customer account takeovers, illegal transfers of funds, phishing campaigns, imposter websites) and money laundering risk . . . .” As in the past, FINRA reminded firms that they are responsible to oversee, monitor and supervise cybersecurity programs provided by third-party vendors. FINRA also provided a list of effective practices and exam findings that firms should use as a guide when evaluating their cybersecurity programs.
Similarly, FINRA noted that “advances in technology and its application continue to reshape the way some firms attract and interact with customers on mobile apps.” Although these innovations can increase access to the markets, FINRA noted that apps raise novel questions and potential concerns, including “whether they encourage retail investors to engage in trading activities and strategies that may not be consistent with their investment goals or risk tolerance and how the apps’ interface designs could influence investor behavior.” FINRA also noted that it has identified significant problems with some mobile apps’ communications with customers and firms’ supervision of activity on those apps, especially controls around account openings. FINRA further expressed concern about mobile apps using social media to acquire customers and launched a targeted exam to assess firms’ practices in this area, including compliance with obligations relating to the collection of information from customers and others who may provide information to firms. FINRA stated that it will share its findings once the review is completed.
The Report also identifies some new areas of focus for 2022, specifically: (a) Firm short positions and fails-to-receive in municipal securities; (b) Trusted contact persons; (c) Funding portals and crowdfunding offerings; (d) Disclosure of routing information; and (e) Portfolio margin and intraday trading. Keeping with the technology theme, FINRA identified, as a new area of focus in 2022, regulatory obligations related to funding portals and crowdfunding. The Report identifies a number of exam findings, including: (i) missing disclosures that are codified in Regulation Crowdfunding (such as use of proceeds descriptions, offering process details and financial statements); (ii) failing to report customer complaints (as required by FINRA Funding Portal Rule 300(c)); and (iii) failing to make timely required filings, such as statements of gross revenues. The Report provides effective practices for funding portals including developing annual compliance questionnaires to confirm that required obligations are being met in a timely manner and implementing supervisory review procedures tailored to their communications requirements.
Firms should carefully review the Report against their own operations to identify any potential gaps or areas for enhancement in their compliance programs, controls and supervisory systems. In their review, firms may want to focus on to the new material that FINRA added to previously covered topics, particularly the new exam findings and effective practices, and pay close attention to the new topics for 2022. As firms prepare for upcoming exams, they should ensure that their current practices are sufficiently documented and underwent appropriate testing.