The Financial Industry National Regulatory Authority’s (“FINRA”) annual examination letter is out and filled with informative nuggets. Fear not; the breakdown that you need to know is contained below.
- High-Risk Firms and Brokers –
- FINRA will focus on “outside business” activities of representatives and private securities transactions for “selling away” activity;
- FINRA will examine heightened supervisory procedures under FINRA Rule 3110; and
- FINRA will focus on speculative or complex products sold to investors who do not have the necessary experience or sophistication to evaluate the same.
- Fraud – Long an area of emphasis for FINRA, this comes in many forms. Examples include “pump and dump” of microcap securities, Ponzi schemes and insider trading. FINRA will also make regulatory referrals for individuals outside its jurisdiction.
- Initial Coin Offerings and Cryptocurrencies – Digital assets like cryptocurrencies, i.e., Bitcoin and initial coin offerings (“ICOs”) maybe securities or involve the offer or sale of securities, which would trigger FINRA rules. For example, if a fund to trade Bitcoin is created with a manager, an investment in the fund likely involves an “investment contract” which is a security.
- Technology Governance and Cybersecurity – FINRA will examine the implementation of new systems and modifications or enhancements to existing vendor or proprietary systems. FINRA is focused on protection of personally identifiable information from external and internal threats. Finally, FINRA says that a broker-dealer’s procedures should assess when a cybersecurity event necessitates filing a Suspicious Activity Report (“SAR”).
- Suitability and Concentration – FINRA will closely examine situations where representatives recommend complex products to vulnerable or unsophisticated investors. FINRA is also interested in rollover recommendations as well as Unit Investment Trusts (“UITs”) and multi-share class products.
- Business Continuity Planning – Due to recent hurricanes, this is fresh on FINRA’s radar. FINRA Rule 4370 requires firms to have written Business Continuity Plans (“BCPs”) in place to address what happens during emergency disruptions.