Skip to main content


Report on FINRA’s Examination and Risk Monitoring Program | A Comprehensive Reference Item for Firms

March 08, 2022

In February, FINRA issued its second Report on FINRA’s Examination and Risk Monitoring program, a comprehensive document that combines elements of what used to be the annual Priorities Letter and the Examination Findings Report. The report can serve as a reference document, addressing more than 20 topics of interest for firms and regulators from Regulation Best Interest and Form CRS to cybersecurity and mobile apps.

On this episode, J Koutros, vice president of risk monitoring standards, Joe Sheirer, vice president of the examination program, and Steve Polansky, senior director of special initiatives, join us to talk about the report, some key highlights and how firms can use this extensive document.

How are we doing? Take the FINRA Unscripted survey today. 

Resources mentioned in this episode:

2022 Report on FINRA’s Examination and Risk Monitoring Program

Episode 79: Year in Review: The 2020 Exam and Risk Monitoring Program

Episode 80: Exam and Risk Monitoring Program: Responding to COVID-19 and Looking Ahead

2022 FINRA Annual Conference

Listen and subscribe to our podcast on Apple PodcastsGoogle PodcastsSpotify or wherever you listen to your podcasts. Below is a transcript of the episode. Transcripts are generated using a combination of speech recognition software and human editors and may contain errors. Please check the corresponding audio before quoting in print. 


00:00 – 00:35

Kaitlyn Kiernan: In February, FINRA issued its second Report on FINRA's Examination and Risk Monitoring Program, a comprehensive document that combines elements of what used to be the annual Priorities Letter and the Exam Findings Report. The Report, still relatively new, can serve as a reference document for firms addressing more than 20 topics of interest for both firms and regulators from Regulation Best Interest and Form CRS to cybersecurity and mobile apps, and much more.

On this episode, we have three members of the Member Supervision team here to talk about the Report, some key highlights and how firms can use this extensive document.

00:35 – 00:45

Intro Music

00:45 - 01:10:

Kaitlyn Kiernan: Welcome to FINRA Unscripted, I'm your host, Kaitlyn Kiernan. Today, we are welcoming two new guests to the show and welcoming back a third guest. Joining us from FINRA's Member Supervision team are Joe Sheirer, vice president of the examination program. J Koutros, vice president of risk monitoring standards, and Steve Polansky, senior director of special initiatives. Steve, welcome back. And Joe and J, welcome for the first time.

01:10 - 01:11

J Koutros: Thank you.

01:11 - 01:11

Joe Sheirer: Thank you.

01:11 - 01:12

Steve Polansky: Pleasure to be here.

01:13 - 01:29

Kaitlyn Kiernan: So today we have the three of you with us to discuss the recently released Report on FINRA's Examination and Risk Monitoring Program. But before we dig into that, can you all just introduce yourselves and tell us a bit about your background and what you do within Member Supervision? J, do you want to kick us off?

01:30 - 01:56

J Koutros: Sure. I'm J Koutros, vice president of risk monitoring standards. My role here currently is the ongoing monitoring of firms. Our risk monitoring team engages with firms on a regular basis to ensure that we're proactively working with firms and monitoring them on an ongoing basis. My background is 15 years in the industry of various member firms, as well as about 16 years now at FINRA primarily in the risk monitoring space.

01:57 - 01:58

Kaitlyn Kiernan: Joe, do you want to introduce yourself?

01:59 - 02:26

Joe Sheirer: I am Joe Sheirer. I oversee the national firm exam program, and that is the program that firms know as the cycle program, very commonly referred to as. But it's a periodic assessment of firms that we do at least once every four years that's conducted by both Member Supervision and Market Reg teams combined. We do those together. I've been at FINRA for about 25 years almost. Unlike J, I did not have direct industry experience, but I've been around for a while.

02:26 - 02:27

Kaitlyn Kiernan: And Steve?

02:28 - 02:58

Steve Polansky: Thanks. Steve Polansky, as Kaitlyn said, I run the special initiatives group. Among the things we do is produce the Report, but I want to emphasize that is certainly not just our group that's working on it. It really represents work from a number of people across FINRA. So, it is truly a team effort. We work on a variety of other things, including some of that Reg Notices that come out. I've been at FINRA about 20 years, prior to that was a consultant, and I also spent nine years on the Foreign Relations Committee in the Senate.

03:03 - 03:05

Kaitlyn Kiernan: So now just to kick us off with the Report, can you tell me what the Report is exactly?

03:06 - 04:01

Steve Polansky: Certainly, the Report really is designed to be a tool that firms can use and through which FINRA shares information about what we're seeing in our Exam and Risk Monitoring Programs on a variety of different topics. It's an evolution that came out of what used to be the Priorities Letter and the Exam Findings Report.

I want to emphasize that it is not a Priorities Letter. We do not have 21 priorities. It really is FINRA trying to share information about topics where we frequently observe firms having challenges ranging from AML, cyber, other areas and where we're trying to provide them information they can use to understand what we're seeing and to think about what that information can mean in terms of improving their programs.

04:02 - 04:51

Joe Sheirer: The Report is really meant to highlight, as Steve mentioned, the areas that we commonly see issue with, and it's really meant to call attention for the firms, where it's applicable to their business, to think about how the Report may inform them to evolve their particular supervisory structure or how they sell products or how they interact with their clients. Not every topic is applicable to every firm, we understand that. As Steve pointed out, it's not a Priorities Letter. It's really our sharing of the knowledge that we gain from all that experience of examining and monitoring firms throughout the year and years and thinking about how emerging issues might impact the industry.

So, we share that information understanding it's a starting point for many firms to think about how they should look at their business in light of the information that's been passed along through the Report.

04:51 - 05:30

Steve Polansky: In the past, both the Findings Report and the Priorities Letter were relatively short documents. This is obviously a much longer document, and part of the reason it's longer is we had requests from the industry to provide more information about what we're seeing. So, in the past, where somebody might have read through the Priorities Letter in one go, I applaud the tenacity of the compliance officer who reads through the entire Report. But really, it's more at this point a reference so that you could look up information on something like AML or cybersecurity or liquidity management. It's changed a bit in what it is and how people can use it.

05:31 - 05:51

J Koutros: And the only other thing I would add is the focus should be on what your firm does, and that's how we focus our review of the Report, where we're thinking about our firms and how we're monitoring those firms on an ongoing basis or even when we examine them. We do think about the Report in the context of what the activities that firm does. So, I think that's a critical point that I wanted to highlight that Joe mentioned.

05:52 - 06:09

Kaitlyn Kiernan: That makes sense, FINRA has a lot of different firms. So, you're going to have 21 different items when you're trying to cover business models that run the gamut. So, Steve did mention that this combines what used to be the Priorities Letter and the Exam Findings Report. But what really drove that change?

06:10 - 07:21

J Koutros: I think what drove that change is our desire to continue to provide the industry with tools that will help them in their compliance of the rules and regulations that we seek every day. The big difference for me in the Report is a 12 to 18 months look back. It's more of like a mirror allows us to reflect on what we've seen, what potentially we are seeing for future consideration for firms to think about. The biggest thing for me from a Report perspective is that it is more about not just worrying about what the upcoming exam is going to be, but more as a tool that members can use on an ongoing basis.

One other thing I will add is also the structure coincides nicely with our move to our transformation in Member Supervision. So as many know, Member Supervision is now in a firm group model versus what it historically was the regional district model. And the Report and the structure the Report allows us, as well as the firms that are regulated by us, to know what applies to their business more easily and precisely. So, I think it correlated nicely with our transformation into the firm groupings. I think that was good timing if anything.

07:21 - 07:42

Kaitlyn Kiernan: This is the second year of this new approach with the Report. The transformation really went into effect in January of 2020. So now, two years in, we did talk about last year's Report on episode 79, which we'll link to in our show notes. But has anything changed since last year's Report with the first combined Priorities Letter and Exam Findings Report?

07:43 - 08:19

Joe Sheirer: Content wise, there's certainly been changes. I think Steve's probably best positioned to talk about any format changes. But to J's earlier point and Steve's, the Report itself is designed to give not just the findings that we have, as the prior Exam Report would have found, or priorities the annual Priority Letter would have informed, but really give context for the issues that are being identified, the consideration that firms can take into account when they're looking at the issues that we're flagging, the best practices of other firms that we've identified. So, it's really a much more robust Report giving context, not just a list of items to be considered.

08:20 - 10:16

Steve Polansky: So, in terms of the changes that are there, really, we carried over the same basic structure that we had in last year's Report, but we wanted to make it easy for folks to use. So, they didn't have to look back at the 2021 Report and compare it to the 2022 Report to see what's new. So, we put in some formatting things each entirely new section and the table of contents it says "new section" so that people know they can look there. Within sections that we covered previously new material is in bold type. So again, folks don't need to go back and compare the two Reports.

From a structural standpoint, it's the same basic structure that we had last year, organized around four broad thematic areas firm operations, communication and sales, market integrity and financial management. And then within each of those topics, we have a brief description of the rule.

Some related considerations - these are really meant to help firms think about their programs broadly related to a specific topic. So, the question is not necessarily tied to specific provisions of a rule but are really meant to be sort of more one step up from that, if you will, to help folks think about their compliance programs generally.

Then we have the exam findings, or observations in the case of liquidity and cybersecurity. And then we have effective practices. And as Joe said, these practices are things that we've observed at firms. These are not practices that just get you to achieving compliance. They're really supposed to be going above and beyond. And we recognize that an effective practice at one firm may not be feasible or appropriate at another firm. And so again, they're meant more as sort of a thought starter for firms to be able to say, OK, we see this happening, this firm, they're doing this. Maybe some variation of that might be useful for us, or it may not be relevant.

10:17 - 10:33

Kaitlyn Kiernan: So, it sounds like the exam findings are issue areas that you're observing during exams. And then the effective practices are not issue areas, but what firms are doing to go above and beyond in adhering to rules or meeting their compliance obligations. Is that right?

10:33 - 10:34

Steve Polansky: Exactly.

10:34 - 10:45

Kaitlyn Kiernan: It sounds like a lot of those structure changes are, to your point, Steve, to allow firms to use this more as a reference document versus something that they read through just once. Is that the goal there?

10:46 - 10:47

Steve Polansky: Yes, definitely.

10:47 - 11:44

J Koutros: If I could just add to that, my advice to firms and others that are using this document is it's not a one size fits all. It really depends on what the user is most comfortable with. Some users are going to like to read it once through. Some users may like to reference it in pieces as they go through it. Some folks, and I often advise, even if you'd like to read it once through it, is to keep it in your library and reference it as often as you need. That's the advice I give my team as well, is that it's a great tool to keep around.

You never know what questions are going to come up or a situation that you're dealing with, and the firm should use that likewise, as they're dealing through questions or situations on their side, they should use this as a great reference tool throughout the year. And if they're considering new businesses, that's another area where you can see what other firms or practices or other issues that we're seeing. So those are key points I would share with others, the critical use of how to use this document.

11:44 - 12:11

Joe Sheirer: And I just would add that, and maybe I'm dating myself, although I already dated myself when I talked about my background, the Report can be printed, and you can keep it on the desk or on a chair in your house and reference back to it throughout the year. But it's really meant to be interactive, and there is a ton of resources linked inside the document that will take you to both FINRA and other resources that I would highly encourage firms to use and not just read the Report as a printed document.

12:11 - 12:15

J Koutros: You are definitely dating yourself by talking about printing the document.

12:16 - 12:19

Kaitlyn Kiernan: You can save some trees in the process if you don't print it out.

12:20 - 12:20

Joe Sheirer: That's true.

12:21 - 12:40

Kaitlyn Kiernan: Especially with such a long Report this year. So, moving on a little bit from the structure and how firms can use the Report, 2021 was a very interesting year. It was marked by a rapidly changing financial landscape. How does the Report reflect some of the changes that we did see in 2021?

12:41 - 13:37

Joe Sheirer: I can take this first, so 2021 was definitely a unique and challenging year. And we learned a lot as an industry. The Report reflects that in a number of topical areas, I think for me, the biggest one that comes to mind is Reg BI, Form CRS. In particular, we had a full year of experience with those new regulations, new in 2020, and we really learned a lot and we tried to pass that information along to the industry in the content of the Report.

There are other areas, though. Obviously, we had market events and new ways of interacting with clients that evolved pretty significantly in 2021 and thinking about use of data or mobile applications and how firms are evolving to use those new tools and new data sources to be more effective at reaching customers, monitoring activity with customers, and interacting with customers in general.

13:38 - 14:39

J Koutros: Obviously, Joe mentioned the reliance on tools and data and other factors. I think 2021 definitely was the shift of our reliance on technology. And with that comes the cyber risk that [impacts] all our member firms, so, I think that is a critical component that the Report touches on and focus that firms should have. On vendor due diligence, I think is a critical piece that we should consider, as well as your supervision and ongoing controls and awareness of cyber things such as phishing and email takeovers. So, I would be mindful around the cyberspace. I think that's a big thing in 2021.

And also, Joe mentioned the fluctuations in the market. I think the Report also touches on portfolio margin and intraday trading. I think that's something that was highlighted through 2021 with some of our critical situations in the market and how it impacted some of our firms and some of the events that we saw highlighted throughout 2021. So, I think the Report did a nice job in identifying those.

14:39 - 15:06

Joe Sheirer: The other thing worth noting is the report is a reference document, and it's got the continuity from previous learned experience. So, there's the bolded items that really jump out as new content that we learn from. But there's also a lot of persistent knowledge that stays in there from previous years that are still issues. So, while we learned new things in 2021 and try to share them a lot of the things that we already know continue, and that's still part of the Report as well, and that's there as reference.

15:08 - 15:24

Kaitlyn Kiernan: There is a lot to cover in the Report, as has been established, and we'll be doing some deep dives in several of the areas covered in the Report later in the year, with some of the subject matter experts. But is there anything in particular that the three of you would like to highlight here today?

15:25 - 15:55

Steve Polansky: A couple of things I'd like to highlight, and both J and Joe have already spoken to this, but I think cybersecurity remains a persistent risk in the industry. And so, I think it's worth taking a look at the material in there. Clearly, Reg BI Form CRS, major new rule that had its first full calendar year of effectiveness, the findings and effective practices we share there could be helpful for the firms as they navigate this newer regulatory environment. So those are two that I'd highlight.

15:56 - 16:32

J Koutros: In addition to what I highlighted earlier around cyber and the portfolio margin, I think the other thing is obviously liquidity still remains a key focus for FINRA. Firms’ ability to meet their liquidity needs are critical to their ongoing ability to operate. So, I think liquidity and operating under stress scenarios, which we've operated several times throughout the year and having empirical data now that firms can point to as a business as usual, as well as stress scenarios, are important for all firms to realize how the markets and fluctuation impacted liquidity. So, I would also point to the liquidity piece.

16:32 - 17:35

Joe Sheirer: For me, the thing that stands out from the Report is more of a thread that I see going throughout the whole Report, which is around customer growth or business changes. And you'll see that in a number of topics that we've all already mentioned. Steve mentioned cyber. J mentioned cyber and operations, AML, communications, Reg BI or sales, trusted contact, mobile apps.

That theme of when you add customers or when you change your business that permeates throughout the Report. And how does each firm, for their particular business and that particular growth or change that's happening, adapt their system, adapt their approach. And these are the questions and considerations that the Report points to. So, as we talked about before, referencing back when you have that growth, where did that growth happen? How is it impacting my supervision? How is it impacting my operations? How does it impact my communications? All of that, the data that supports all of my new growth or my new business, how am I consuming that and using that to be a better firm, from an operations standpoint, from a sales standpoint and from a compliance standpoint?

17:3 - 17:48

Kaitlyn Kiernan: So, beyond the Report, what resources are either available now or will soon be available for firms to build off of the issues covered in the Exam and Risk Monitoring Report?

17:49 - 18:38

J Koutros: The Report also does a great job linking you to additional resources and additional information, so utilizing some of the links within the Report itself provides tools and other notices. Other Regulatory Notices throughout the year ensure that you're aware of the Regulatory Notices that are issued, is also a critical piece of your ongoing maintenance and compliance with the rules.

I would also say interaction and working with your risk monitoring staff that you're assigned to throughout the year is a critical tool for firms. As questions come up, we ask you to be proactive in seeking guidance or having discussions, and it's meant in many ways to be a partnership along with our regulatory requirements. But it's also here to build and collaborate with the firms as they go through issues. So, feel free to contact your risk monitoring staff as a resource throughout the year.

18:39 - 18:58

Steve Polansky: As J mentioned, there's Reg Notices that are always evolving, and Kaitlyn you even mentioned the additional podcast coming, so those are certainly resources. I think of things like the Annual Conference that'll be coming up later in the year, I think in May, or whether you can participate virtually or in person, depending on the circumstances. We'll see how that evolves, but those kinds of things.

18:58 - 19:05

Kaitlyn Kiernan: And do you see the Report continuing to evolve? It changed a little bit from last year. Do you see that continuing?

19:06 - 19:32

Steve Polansky: One point I meant to make earlier is we always welcome firm input. So, if someone has an idea about how we could make the Report a more useful tool, we always welcome that. The Report reflects input that we've received from the industry to date. We're in the process now of starting to think about how it may evolve in the future. I don't think we have specific planned changes at this point.

19:32 - 19:35

Kaitlyn Kiernan: And is there any firms should go to with their feedback?

19:36 - 19:56

Steve Polansky: So, we have contact information right at the front end of the report for Rory Hatfield and myself. So, firms should certainly feel free to reach out to us. But I think if they reach out to their RMAs, they can also feed that feedback to us. So, talk to someone at FINRA and we will try and take all the feedback we can get.

19:57 - 20:33

Kaitlyn Kiernan: Well, that's it for today's episode, J, Joe and Steve, thanks so much for joining us to talk about the 2022 Report. Listeners, if you don't already, be sure to subscribe to FINRA Unscripted wherever you listen to podcasts. And if you have ideas for future episodes or thoughts on today's episode, you can email us at [email protected].

As a reminder, we also have a survey live where you can anonymously share your thoughts on the show. You can find a link to that in our show notes.

Today's episode was produced by me Kaitlyn Kiernan, engineered by John Williams, a special thanks to Jessica McCormick and Mike Rote. That's it for today. Until next time.

20:33 – 20:39

Outro Music

20:39 - 21:02

Disclaimer: Please note FINRA podcasts are the sole property of FINRA and the information provided is for informational and educational purposes only. The content of the podcast does not constitute any rule amendment or interpretation to such rules. Compliance with any recommended conduct presented does not mean that a firm or person has complied with the full extent of their obligations under FINRA rules, the rules of any other SRO or securities laws. This podcast is provided as is. FINRA and its affiliates are not responsible for any human or mechanical errors or omissions. Parties may not reproduce these podcasts in any form without the express written consent of FINRA.

21:02 – 21:11

Music Fades Out

Find us: Twitter / Facebook / LinkedIn / E-mail

Subscribe to our show on Apple Podcasts, Google Play and by RSS.