On Thursday, the Financial Industry Regulatory Authority (FINRA) released its 2014 Regulatory and Examination Priorities letter to help firms review and enhance their compliance programs. FINRA emphasized that it will be examining for strong controls and compliance efforts in the areas covered in the letter, since they were deemed to pose significant risk to the investing public and the integrity of the markets.
The topics ranged from business conduct rules to fraud controls, conflicts of interest due diligence to data security protocol. The agency stressed that just as it adjusts its programs and allocation of resources to meet present-day challenges, firms must be just as nimble.
After cherry-picking several items from a lengthy letter, here are some takeaways:
- FINRA stresses the need for disclosure practices that enable customers to understand what they are purchasing and the downside risks of those products.
- Ongoing training, due diligence during the hiring process and enhanced supervision must be key ingredients in a firm’s compliance culture.
- In October, FINRA published a Report on Conflicts of Interest to describe what constitutes effective conflicts management practices. Examiners will be looking to see how firms identify and manage any conflicts and how much they include senior management in the process. In particular, FINRA will look to see if firms are conducting new product reviews to identify and mitigate potential conflicts those products raise, and whether firms are offering products without favoring proprietary ones.
- Cybersecurity remains a strong concern in 2014 as compromised security through hacking and other disruptions remains an ongoing challenge. As FINRA notes in its letter: ‘Our primary focus is the integrity of firms’ policies, procedures and controls to protect sensitive customer data … evaluation may take the form of examinations and targeted investigations.’
- Anti-money laundering will be a significant focus area, as some managers at firms mistakenly believe that since they are working with only savvy institutional clients, they do not need a robust AML program. An AML program is required in every firm, and it should be reasonably designed to address the risks of money laundering specific to the firm’s business. Importantly, firms with high-risk customers must tailor their programs around the specific risks of those customers, including where the customers live and the types of services the firm offers them.
- FINRA advises firms to remember that the Securities and Exchange Commission has stressed the importance of independent audits in protecting investors by requiring, or permitting the SEC to require, that financial statements filed with it by public companies, investment companies, broker-dealers, public utilities, investment advisers and others be audited by independent public accountants.
Julie DiMauro is the executive editor of FCPA Blog and can be reached here.