2008 Regulatory and Examination Priorities Letter
March 24, 2008
Dear FINRA Member:
We are writing to highlight new and existing areas that are of particular significance to FINRA's examination program for 2008. We hope you find valuable insights into some of the most important topics regarding FINRA examinations, and that it helps you assess your firm's compliance and supervisory programs.
One change to the examination program that we wanted to call to your attention is that you are no longer required to respond in writing to the Exit Meeting Report. Rather, we now ask you to respond within 30 days of the issuance of the Examination Report, which includes exceptions, if any, detected during the course of the examination. Following the review of your response to the examination report, we will send you an Examination Disposition Letter, in which we will categorize examination exceptions in one of four classifications: No Further Action, Cautionary Action, Compliance Conference, or Referral to Enforcement for Review and Final Disposition.
Before discussing areas of potential examination focus, we want to update you on some other developments.
- FINRA Coordinator: The Coordinator program—which assigns a principal point-of-contact to each firm to answer regulatory questions—combines three similar initiatives: the Core Examiner, Liaison and Finance Coordinator programs. For most firms, the person assigned to this role will remain the same—they will simply have the new “Coordinator” title.
- Advance Notice of Examinations: The majority of firms will receive up to 30 days advance notice for their cycle examination. For certain firms, such as those with large retail branch networks where FINRA asks for significant amounts of information in the pre-examination process, this notice may be extended up to a maximum of 60 days. This extended period allows the firm appropriate time to respond to the Web Information Request (WebIR) and other requests for information in advance of the examination. It is important to emphasize that the standard examination notice is up to 30 days. In this regard, some firms designated as high risk from an investor protection or market integrity perspective may not receive any advance notice while other firms may receive something less than the full 30 or 60 days notice.
- Relief for Certain Record Retention Requirements: Effective February 19, 2008, FINRA member firms can rely on Web CRD to satisfy their record retention requirements with respect to certain Forms U4, U5 and BR filed in Web CRD. Firms are no longer required to maintain hard copies and/or electronic images of the specified forms, provided they adhere to the terms of the no-action relief granted by the SEC. See Information Notice 02/21/08 (www.finra.org/Notices/Information/022108) for details.
- Firm Gateway: FINRA has launched the Firm Gateway (www.finra.org/FirmGateway), a new tool that provides a single place for regulatory filing and reporting needs, one-click access to common tasks and useful resources, an at-a-glance view of important filing dates and upcoming rule changes, and a consolidated view of regulatory forms and filings. The applications and filings which can currently be accessed include Web CRD, IARD, OATS, the Report Center and virtually all electronic regulatory filing applications, including WebFOCUS,1 the FINRA Contact System and 3070 Customer Complaints.
Turning to areas of examination focus, we first wanted to remind you that in previous letters, as well as the Improving Examination Results page on our Web site (www.finra.org/ImprovingExamResults), we highlighted issues that were of particular significance for 2006 and 2007. Many of these topics remain important in 2008, especially anti-money laundering, business continuity planning, protection of customer information and supervision. Understanding these areas should prove useful when preparing for routine examinations. You can reference these letters at:
Below is a discussion of new developments, as well as more traditional topics for firms to consider when reviewing their supervisory and compliance programs.
FINRA has devoted considerable resources to the topic of senior investors and “baby boomers.” FINRA efforts include educating these investors, firms and registered representatives on key issues surrounding investors in or approaching retirement. FINRA also actively participated in the SEC's second Seniors Summit (www.sec.gov/spotlight/seniors/seniors_summit.htm), and coordinated examinations with the SEC and certain state securities regulators focusing on sales seminars (www.sec.gov/investor/seniors.shtml). These examinations found significant concerns related to seniors, including sales pitches masquerading as educational seminars, misleading advertising and sales materials, poor supervision, product suitability and outright fraud (www.sec.gov/spotlight/seniors/freelunchreport.pdf). These examinations also found—and a report on these examinations cited—a number of favorable practices implemented by some broker-dealers to ensure compliant practices and investor protection. Please also see Regulatory Notice 07-43 (www.finra.org/notices/07-43).
Apart from sales seminars, FINRA is examining other areas that may have a particular impact on senior and “baby boomer” investors, including life settlements, the use of designations by salesperson suggesting a particular expertise in addressing the needs of these investors, and situations known as “72(t)” whereby investors in or approaching retirement are solicited with misrepresentations or omissions about the risks of withdrawing retirement funds for reinvestments into products that may be unsuitable.
Deferred Variable Annuities
On September 7, 2007, the SEC approved new NASD Rule 2821 regarding broker-dealers' compliance and supervisory responsibilities for deferred variable annuities. These products offer choices among a number of complex contract options, which can cause confusion for both the individuals who sell them and customers who buy them. The majority of the aspects of the rule become effective on May 5, 2008, while the principal review provision, including the seven-business-day principal approval requirement, will not become effective until August 4, 2008, at the earliest. For additional information, see Exchange Act Rel. No. 57228 (Jan. 29, 2008), 73 Fed. Reg. 7017 (Feb. 6, 2008) (SR-FINRA-2007-040) and Regulatory Notice 07-53 (www.finra.org/Notices/07-53). FINRA hopes to conclude its analysis of comments regarding the principal review provision and determine whether additional amendments to Rule 2821 are appropriate in the near future.
Anti-Money Laundering (AML)
The AML requirements for broker-dealers, which have been in effect since April 24, 2002, continue to be an examination focus. It is important to note that the AML requirements in the Bank Secrecy Act and implementing regulations apply to all FINRA member firms—regardless of size or business model—even if the firm does not hold customer funds. The firm's AML compliance program can be risk-based and must be designed to reasonably mitigate the money laundering risk at the firm.
In 2007, FinCEN issued a final rule (31 CFR 103.176(b)) (http://www.fincen.gov/31_CFR_Part_103_312_EDD_Rule.pdf) that implemented a key provision of Section 312 of the USA PATRIOT Act. The rule requires firms to have enhanced due diligence procedures for certain foreign banking relationships to assist firms in detecting and reporting instances of money laundering.
Protection of Customer Information
With the growing sophistication of technology, the financial sector faces increasing risks of security breaches, hacking, cyber attacks and online account intrusion. Over the last year, the brokerage industry has continued to be a target for online account intruders who illegally access customer accounts. It appears these intruders are able to access accounts by using a number of methods to obtain customer login credentials. After logging into a customer account, the intruders may wire out funds or use the account for a market manipulation scheme in tandem with other accounts. The perpetrators of intrusion schemes are now targeting smaller online firms as well.
Firms must examine how they are protecting customer information and records, including information stored on electronic devices. Regulation S-P requires firms to have policies and procedures that address administrative, technical and physical safeguards for the protection of customer information and records. Firms must ensure that their policies and procedures are reasonably designed to protect against any anticipated threats or hazards to the security and integrity of customer records and information. Among other things, firms should consider how they protect customer information stored on electronic devices, such as hard drives, CDs, flash drives, floppy disks, laptops and PDAs when such devices are discarded by the firm.
In addition, firms offering online customer access and trading should assess their internal surveillance and develop plans for handling account intrusions. This assessment might include a review of the online interface with customers to determine if there are any inefficiencies or gaps that can be strengthened in order to reduce the ability of intruders to access customer accounts and records. Firms should also be diligent in their review of account activity for “red flags” that may indicate suspicious activity. Notice to Members 02-21 (www.finra.org/ntm/02-21) discusses anti-money laundering compliance programs and suspicious activity reporting requirements.
Since December 2006, the SEC has filed five complaints against multiple individuals and entities that appear to have perpetrated account intrusions. In one matter, the SEC took action to freeze assets held in a U.S. brokerage account by one of the alleged intruders. For more information on these matters, see SEC Litigation Releases 19949, 19981, 20030, 20037, 20190 and 20430 (www.sec.gov/litigation/litreleases.shtml).
For all FINRA examinations, supervision is a core element. The supervisory structure implemented by member firms is vital to achieving overall compliance with applicable rules and regulations. Firms must establish adequate systems, policies and procedures for all areas of their business, and appropriately review and update their supervisory system. Firms should also have procedures in place for reviewing and identifying individuals or business types that require enhanced scrutiny due to sales practice concerns, such as a pattern of customer complaints. Compliance with NASD Rules 3010, 3012 and 3013, and incorporated NYSE Rule 342 (for firms that remain subject to Rule 342), will be reviewed during cycle examinations.2
Firms that engage in a municipal securities business should take particular note of the amendments to MSRB Rule G-27, which became effective February 29, 2008. These amendments are designed to harmonize MSRB's supervision rule with the requirements of NASD Rules 3010 and 3012, and include a requirement that firms designate certain offices of supervisory jurisdiction (OSJs) as “municipal OSJs.”
For additional information on the recent supervisory control provisions of these rules, see Notices to Members 04-71, 04-79, 05-08, 05-29, 06-04, 06-11 and 07-32 (www.finra.org/notices); NYSE Information Memos 04-38 and 05-07 (www.nyse.com/regulation); and MSRB Notices 2008-06, 2007-32 and 2007-16 (www.msrb.org/msrb1/new.asp). For guidance on the establishment of adequate written supervisory procedures, heightened supervision of high-risk brokers and an adequate supervisory system, see Notices to Members 97-19, 98-38, 98-96 and 99-45 (www.finra.org/notices), and NYSE Information Memo 97-20 (www.nyse.com/regulation). You can find additional information on the supervisory controls issue center at www.finra.org/issuecenter/supervisorycontrols.
Sales of New Products
Firms must consider the suitability of any securities they recommend to their customers. Since member firms increasingly are offering new and sometimes complex securities, such products may not be suitable for many customers. Firms are encouraged to take a proactive approach to reviewing and improving their procedures for developing and vetting new products. At a minimum, those procedures should include clear, specific and practical guidelines for determining what constitutes a new product, ensure that the right questions are asked and answered before a new product is offered for sale, and, when appropriate, provide for post-approval follow up and review, particularly for products that are complex or are approved only for limited distribution. See Notice to Members 05-26 (www.finra.org/ntm/05-26) for additional information.
All security recommendations must take into account the customer's financial situation and needs, risk tolerance, investment time horizon, available funds, existing investments and investment objectives, among other things. In addition, firms and their salespersons may not recommend products that they do not understand. FINRA has issued a number of Notices regarding members' suitability and related obligations: 05-50 (equity-indexed annuities), 03-07 (hedge funds), 03-71 (non-conventional instruments), 05-59 (sales of structured products), 04-30 (bonds and bond funds), 06-38 (sale of existing variable life insurance policies to third parties) and 07-28 (debt price mark-ups) (see www.finra.org/notices). For those firms engaged in municipal securities transactions, recent market events give rise to questions about customer disclosure and suitability (see MSRB Notices 2008-04 (http://www.msrb.org/Rules-and-Interpretations/Regulatory-Notices/2008/20...) and 2008-09 (http://www.msrb.org/Rules-and-Interpretations/Regulatory-Notices/2008/20...)).
In 2007, the Court of Appeals for the District of Columbia in Financial Planning Association v. SEC (the FPA Decision) vacated Rule 202(a)(11)-1 under the Investment Advisers Act of 1940. That rule provided, among other things, that fee-based brokerage accounts were not advisory accounts and were thus not subject to the Investment Advisers Act. Firms that maintained such fee-based brokerage accounts can expect FINRA examiners to review what was done with these accounts in light of the FPA Decision. Firms who rely on Rule 206(3)-3T (the Temporary Rule) to trade on a principal basis with certain non-discretionary advisory accounts must be able to demonstrate they are conducting this trading in compliance with all requirements.
FINRA continues to see rule violations related to the timeliness and accuracy of transaction reporting, especially in the fixed income area. Transaction reporting is a focus of FINRA's automated surveillance and on-site examinations of firms. Firms are reminded that they are responsible for the accuracy of the transaction information reported on their behalf, regardless of the means by which that information is reported to FINRA.
While always an important issue, recent public enforcement actions by securities regulators warrant a re-emphasis on information barriers. Firms are reminded that they must have procedures in place to prevent the misuse of material, non-public information and insider trading. The adequacy of a firm's information barrier procedures depends on the nature and scope of the firm's business and organizational structure. Procedures should address the monitoring systems in place, supervision, review of questionable activities and recordkeeping requirements. Procedures should identify the appropriate department(s) or individual(s) with responsibility for executing the firm's policy on monitoring for insider trading. Given the importance of this topic, FINRA recently launched a special review of information barriers. For more information on this initiative, see www.finra.org/sweepletters/infobarriers.
Bank Sweep Programs
Firms are advised that FINRA will continue to examine the programs of broker-dealers sweeping customer credit balances into deposits at banks. The focus of the examinations are to ensure that customer funds are protected at all times and include requirements for minimum net capital requirements, titling of bank sweep accounts, treatment of bank sweep account balances under SEC Rules 15c3-1 and 15c3-3, written agreements with the bank and other related parties, bank sweep account reconciliations, and maintenance of books and records. Firms are encouraged to contact their FINRA Coordinator if they are planning to enter into any new customer bank sweep program arrangements.
Agency Lending Disclosure
In 2008, agency lending practices will continue as an important area of review during FINRA examinations of member firms that operate an agency securities lending business. Our continued emphasis on this area is based in part on 2007 examination findings that disclosed that some members were not performing principal counterparty credit risk monitoring or reconciliations and were not resolving contract differences nor computing securities borrow deficit capital charges at the principal counterparty level. Firms conducting this business are advised that examiners will focus on pre-approval of principal counterparties, the adequacy of credit risk reviews performed, preparation of daily reconciliations at both the agent and underlying principal counterparty level, maintenance of books and records at the principal counterparty level, application of securities borrow deficit charges to the net capital computation, and inclusion of excess collateral received from agent lenders on securities borrow contracts as credit items in the customer reserve formula computation. Firms engaged in agency lending practices are urged to review information published by FINRA regarding the Agency Lending Disclosure initiative. That initiative resulted from regulatory concerns regarding the lack of transparency with the underlying principal counterparties, as well as the lack of information disclosures from the principal counterparties and the impact on the members' ability to monitor credit exposure and other regulatory requirements when conducting agency securities lending transactions. See Notice to Members 05-45 (www.finra.org/ntm/05-45) and NYSE Information Memos 05-39 and 06-21 (www.nyse.com/regulation).
Firms are reminded to review controls in place to independently validate the pricing of inventory positions. As the credit markets have become more illiquid, validation of prices to external third- party sources has become more challenging. This heightens the need to strengthen controls to ensure the integrity of pricing.
Order Audit Trail System (OATS)
Effective February 4, 2008, OATS reporting requirements were expanded to include OTC equity securities. The new reporting requirements apply to orders for OTC equity securities traded on the OTCBB, Pink Sheets or otherwise, as well as orders for foreign equity securities (if any resulting executions are required to be trade reported pursuant to NASD Rule 6620), and other securities meeting the definition of OTC equity security in NASD Rule 6951. To assist firms with their compliance, an “OATS Reportable Flag” has been added to the OATS Symbol Directory/Daily List on the OTCBB Web site (www.otcbb.com). Also effective February 4, 2008, other modifications were implemented to address Reg NMS requirements and certain other technical changes. OATS modifications for Reg NMS include a requirement to identify Intermarket Sweep Orders routed to other trading centers with a Routing Method Code “I” and the addition of a new “ISO” Special Handling Code to identify the receipt of an order identified as an Intermarket Sweep Order. Firms are encouraged to review the Frequently Asked Questions, reporting specifications and other information available on the OATS Web site (www.finra.org/oats) for more details regarding these and other OATS reporting requirements, or to call the OATS Helpdesk at (800) 321-6273.
SEC Rules 610 (the Access Rule) and 611 (the Order Protection Rule) were fully implemented for all NMS stocks as of October 8, 2007. Under Reg NMS, a “trading center” includes alternative trading systems, exchange and OTC market makers and “any other broker or dealer that executes orders internally by trading as principal or crossing orders as agent.” Initial examinations conducted by FINRA for compliance with Reg NMS indicate that some firms mistakenly may believe that Reg NMS does not apply to them, either because they make markets in a limited number of NMS stocks or because they infrequently execute orders internally. Firms should be aware that Reg NMS does not include any exception to the definition of “trading center” based on de minimis activity. Firms also need to remember that the requirements for ISOs apply to “any broker or dealer” that uses ISOs, and are not limited solely to broker-dealers that operate as trading centers. You may obtain more information from the SEC's “Spotlight On Regulation NMS” at www.sec.gov/spotlight/regnms.htm.
Short Interest Reporting
NASD Rule 3360 requires firms to maintain a record of total short positions in all customer and proprietary accounts in OTC equity securities and exchange-listed securities not otherwise reported to another self-regulatory organization, and to report such short positions in such a manner as may be prescribed by FINRA. Effective September 2007, Rule 3360 was amended to increase the frequency of short interest reporting from monthly to twice a month. Firms are now required to report the short positions they hold on the settlement date of the 15th of the month (or the previous settlement date if the 15th falls on a weekend or holiday) and the last settlement date of the month. Each short interest report must be received by FINRA no later than the second business day after the relevant reporting settlement date. A schedule of FINRA's designated settlement dates, as well as other relevant dates relating to short interest reporting, is available at www.finra.org/shortinterestdates.
We hope that by sharing these areas of potential examination focus, your firm will be well armed to assess your compliance operations. We encourage you to contact your FINRA Coordinator with any additional questions you may have.
Robert C. Errico
Executive Vice President
Member Regulation, Sales Practice
Thomas R. Gira
Executive Vice President
Grace B. Vogel
Executive Vice President
Member Regulation, Risk Oversight and Operational Regulation
Recent or Referenced Notices and Additional Resources
Supervision, Supervisory Controls and CEO Certification
- MSRB Notice 2008-06: New Supervisory Requirements Under G-27 Become Effective February 29, 2008 (http://www.msrb.org/Rules-and-Interpretations/Regulatory-Notices/2008/20...)
- MSRB Notice 2007-32: Guidance on Implementation of New Supervisory Requirements Under Rule G-27 (http://www.msrb.org/Rules-and-Interpretations/Regulatory-Notices/2007/20...)
- MSRB Notice 2007-16: SEC Approves Amendments to Rule G-27 on Supervision, Rule G-8 on Record Keeping, and Rule G-9 on Record Retention (http://msrb.org/Rules-and-Interpretations/Regulatory-Notices/2007/2007-1...)
- FINRA Online Workshops: www.finra.org/OnlineWorkshops
Books and Records
Protection of Customer Information
- Notice to Members 05-49: NASD Reminds Members of Their Obligations Relating to the Protection of Customer Information (www.finra.org/ntm/05-49)
- Regulatory Notice 07-36: FINRA Clarifies Guidance Relating to SEC Regulation S-P under Notice to Members 07-06 (www.finra.org/Notices/07-36)
New or Non-Conventional Products
- Notice to Members 05-26: NASD Recommends Best Practices for Reviewing New Products (www.finra.org/ntm/05-26)
- Notice to Members 03-71: NASD Reminds Members of Obligations When Selling Non-Conventional Investments (www.finra.org/ntm/03-71)
- Notice to Members 04-30: Sales Practice Obligations in the Sale of Bonds and Bond Funds (www.finra.org/ntm/04-30)
- Notice to Members 05-59: Retail Sale of Structured Products (www.finra.org/ntm/05-59)
- Notice to Members 07-28: Mark-Ups on Debt Securities (www.finra.org/ntm/07-28)
- MSRB Notice 2008-4: Bond Insurance Ratings (www.msrb.org/Rules-and-Interpretations/Regulatory-Notices/2008/2008-04.aspx)
- MSRB Notice 2008-9: Transactions in Auction Rate Securities (www.msrb.org/Rules-and-Interpretations/Regulatory-Notices/2008/2008-09.aspx)
- To assist firms with their compliance efforts and to help them with the examination process, FINRA devotes significant efforts towards member education and outreach.
- FINRA produces webcasts (www.finra.org/webcasts) and podcasts (www.finra.org/podcasts) on topics such as expectations for routine examinations, ways to improve examination results, anti-money laundering and issues involving senior investors.
- All FINRA District Offices (www.finra.org/ContactUs/DistrictOffices/index.htm) conduct Preventive Compliance programs (www.finra.org/PreventiveCompliance) for their firms.
- FINRA also sponsors, among other things, Compliance Boot Camp (www.finra.org/compliance bootcamp) and Small Firm Conferences (www.finra.org/conferences/smallfirm) to assist member firms and their personnel with compliance.
- In 2008, FINRA and the SEC are co-sponsoring a CCOutreach program for broker-dealers (www.finra.org/bdccoutreach), which is intended to foster stronger compliance programs within their firms.
- Please note that firms filing their FOCUS report through the eFOCUS system should continue to access that system through the Electronic Filing Platform.
- The FINRA rulebook currently consists of both NASD Rules and certain NYSE Rules that FINRA has incorporated, including NYSE Rule 342. The incorporated NYSE Rules apply solely to members of FINRA that are also members of the NYSE. These firms must also comply with NASD Rules.