Skip to main content


FINRA's Risk Monitoring Program: Understanding the Unique Risks of Every Firm

April 04, 2023

FINRA's Risk Monitoring team is responsible for assessing financial, operational and business conduct risks that exist within individual member firms and across the industry. But they're also the day-to-day point of contact for firms for any questions they may have for FINRA.

On today's episode, we're talking to Ornella Bergeron, Senior Vice President of Member Supervision's Risk Monitoring team, Brian Kowalski, Vice President of Diversified and Carrying & Clearing with the Risk Monitoring team, and Andrew McElduff, Vice President of Retail with Risk Monitoring to learn more about the team’s mandate and work and why they’re such a helpful resource for the member firms they work with.

Resources mentioned in this episode:

Reg Notice 22-25: FINRA Alerts Firms to Recent Trend in Small-Cap IPOs

Reg Notice 22-29: FINRA Alerts Firms to Increased Ransomware Risks

15a-6 Chaperone Firms (from 2021 Exam and Risk Monitoring Report)

Episode 90: Single Points of Accountability

FINRA Gateway

FINRA Examination and Risk Monitoring Programs

Listen and subscribe to our podcast on Apple PodcastsGoogle PodcastsSpotify or wherever you listen to your podcasts. Below is a transcript of the episode. Transcripts are generated using a combination of speech recognition software and human editors and may contain errors. Please check the corresponding audio before quoting in print. 


00:01 - 00:29

Kaitlyn Kiernan: FINRA's Risk Monitoring team is responsible for assessing financial, operational and business conduct risks that exist within individual member firms and across the industry. But they're also the day-to-day point of contact for firms for any questions they may have for FINRA. The Risk Monitoring team's ability to spot and track risks across similar firms makes them an invaluable resource for FINRA as a whole, but also for the member firms they work with. On this episode, we're talking to three senior leaders from the Risk Monitoring team to hear more.

00:29 – 00:38

Intro Music

00:38 - 01:22

Kaitlyn Kiernan: Welcome to FINRA Unscripted, I'm your host, Kaitlyn Kiernan. I'm pleased to welcome back three returning guests to our show today, two of them in new roles. Joining us once again are Ornella Bergeron, Senior Vice President of Member Supervision's Risk Monitoring team. You will have heard her most recently on our January episode about the 2023 Report on FINRA's Exam and Risk Monitoring program. Also with us today are Brian Kowalski, Vice President of Diversified and Carrying & Clearing with the Risk Monitoring team, and Andrew McElduff, Vice President of Retail with Risk Monitoring. Brian and Andrew were last on our episode about what used to be known as the role of the Single Point of Accountability. Ornella, Brian and Andrew, welcome back to the show.

01:22 - 01:23

Brian Kowalski: Thank you.

01:23 - 01:23

Ornella Bergeron: Great to be back.

01:24 - 01:31

Kaitlyn Kiernan: So, just to kick things off, can you each introduce yourselves and tell us a little bit more about what you do at FINRA? Ornella, maybe we can start with you?

01:31 - 02:20

Ornella Bergeron: I lead the Risk Monitoring Program for Member Supervision. Risk Monitoring is one of the three business programs in Member Supervision, along with the Firm Examination Program and the National Cause and Financial Crimes Detection Program. So, the three programs work very closely together to execute our Member Supervision regulatory responsibility. We've talked about in prior podcasts that Member Supervision organized our regulatory programs around five firm groupings: Retail, Capital Markets, Diversified, Carrying & Clearing, and Trading & Execution. So, now each firm grouping has a new senior leader that's responsible for the Risk Monitoring Program for their respective firm groupings. And those senior leaders report into me and you're going to hear a little bit more about those roles from Andrew and Brian.

02:21 - 02:27

Kaitlyn Kiernan: And we couldn't have all of them with us today. But we do have two in Brian and Andrew. Andrew, do you want to go next?

02:27 - 03:06

Andrew McElduff: Thank you for having me again. So, Brian and I will talk a little bit about how our roles have changed, but as the Vice President and head of Retail Risk Monitoring, my day-to-day includes overseeing the firm grouping of about 1,200 firms from our one-person shops handling 12b-1 fees up to some of our major institutions with clearing and carrying capabilities. Within that, we also have included fintech, our independent contractor firms, private placements and pooled investments in variable annuities, just to name a few. So, from a day-to-day function, it's overseeing those firms for the trends and topics happening in the market, how can FINRA be best prepared to have timely outreach to the firms and ensure that the client base investing through those firms are appropriately covered.

03:06 - 03:08

Kaitlyn Kiernan: Thanks, Andrew. And Brian, how about you?

03:08 - 04:06

Brian Kowalski: I have responsibility for the small and medium Diversified groups as well as the Carrying & Clearing firm group. That essentially represents 300 firms across our membership. As Andrew indicated, Retail tends to be solely focused on that business line. Diversified would represent where there are three separate and distinct material business lines that a firm engages in. To give you a sense of the Carrying & Clearing, you would have subgroups in there that represent correspondent clearing firms, secured financing firms, firms that chaperone a 15a-6 business, et cetera. I have a team of roughly 30 that are responsible for those firms. And again, Kaitlyn, as you mentioned, they all couldn't be here, but we at least wanted to introduce to the audience those that round out the Vice Presidents across Risk Monitoring, and those include Lance Burkett, who oversees Capital Markets, Pat Tominey in Trading & Execution, and Scott Gilbert in Large Diversified. So, there are five vice presidents across the program.

04:07 - 04:14

Kaitlyn Kiernan: Thanks, Brian. And then Ornella, just to take us back, you know, what is FINRA's Risk Monitoring Program at the highest level?

04:14 - 07:44

Ornella Bergeron: Sure. So, at the highest level, Risk Monitoring performs two main critical functions. So, first, they're the designated point of contacts for member firms. And as a result of being the designated point of contact, they have numerous regulatory touchpoints with their assigned firms. So, things like reviewing regulatory reports, such as FOCUS reports and annual audits. They're responsible for approving capital withdrawals for firms and subordinated loans. They review clearing agreements for firms. They also conduct outreach to assigned member firms to understand the impact of significant market and other material events that are happening in the industry to make sure that at FINRA, we understand the impact to firms. So, for example, we've been monitoring the impact of the regional banking crisis on firms and before that it was the FTX collapse. We'll also proactively reach out to member firms to gather information about major events that can have an impact on our firms, such as the impact of rising interest rates or something we're working on as we speak, a reach out to firms regarding the impact in the event that the U.S. Government doesn't raise the debt ceiling.

Also, we may reach out to gather intelligence needed for our regulatory programs. So, for example, we did a reach out on digital assets to better understand the involvement by firms in digital assets and that's a topic that we'll continue to reach out to firms about. The Risk Monitoring Analysts are also the individuals for firms to reach out to if they have interpretive questions on new or existing rules, if they're experiencing a regulatory issue and need guidance or want or need for us to know about it. The other main function that Risk Monitoring Analysts are responsible for is the ongoing monitoring of financial, operational and conduct risk for their firms. So, they do that by utilizing all regulatory intelligence to conduct risk assessments for their assigned firms. So, the risk assessments I mentioned cover 11 financial, operational and business conduct risks. The financial and operational risks that the RMAs monitor include accuracy of capital, segregation of client assets, market, credit and liquidity risk, market integrity, risk as well, operational risk, and our newest addition, which is cyber and technology risk.

On the conduct side, the RMAs assess and monitor sales, money laundering and fraud interception risk for our firms. As we've talked about in prior podcasts, Member Supervision operates a risk-based regulatory program, so the work that Risk Monitoring does regarding these risks is leveraged to identify the most efficient regulatory response based on the risk of a firm which can include, for example, a firm exam, it can include a cause exam, and in some cases heightened monitoring. So, for firm exams, examiners will leverage our risk assessments and risk-based recommendations to help build the strategy for exams for them to execute on. So, big picture, Risk Monitoring shares their intelligence with firm exams and cause exam teams and they are our boots on the ground. So, after every exam, the intelligence from the examiners gets fed back into Risk Monitoring and Risk Monitoring re-feeds that intelligence into their risk assessment.

07:44 - 07:59

Kaitlyn Kiernan: Thanks, Ornella. It sounds like you really do cover a huge variety of risks for the industry. And can you give us an idea of how unique this program is and how it compares to how other regulators handle this function?

07:59 - 08:19

Ornella Bergeron: Our program, Kaitlyn, is unique in that each and every member firm is assigned a dedicated risk monitoring analyst for them to partner with and communicate with on a regular basis. There are other regulators that have similar monitoring functions, but they're more targeted for certain types of firms.

08:20 - 08:24

Kaitlyn Kiernan: And what are some of the benefits this structure has for FINRA?

08:25 - 08:50

Ornella Bergeron: Having a central point of contact for all firms also puts us in a very unique position internally within FINRA in that Risk Monitoring teams will typically have the most up to date, real-time information about firms, and they're able to share that regulatory intelligence as necessary with our other regulatory programs both within Member Supervision as well as our partners in other regulatory operation groups.

08:52 - 08:56

Kaitlyn Kiernan: And Brian, what does the makeup of the Risk Monitoring team look like?

08:57 - 10:42

Brian Kowalski: It starts, as Ornella said, with the Risk Monitoring Analysts. They are the primary day-to-day contact. And their focus, really what they're tasked with, is knowing a firm's business and assessing its risk. The RMA, as we call them, will review a firm's submissions, as Ornella mentioned, the FOCUS, audit, any notifications that are submitted, Rule 4530 filings, et cetera, and contact firms to address any questions about the information and to discuss business activities as well as industry events. To support this process, in addition to any required filings or notifications, we encourage firms to also notify their RMAs any time they're experiencing any material changes, including changes in key officers, ownership and/or business operations. They're also there to assist with answering your questions on topics such as FINRA Rules and Notices, financial and business conduct requirements, form filing deadlines and compliance resources.

And importantly, the RMA can also assist in obtaining guidance on rule-interpretive questions. Then there's the Risk Monitoring Director. They really manage the day-to-day risk monitoring functions, including serving as the RMA's immediate supervisor. They are responsible for ensuring that RMAs understand the firm's business activities and the related risks. The Risk Monitoring Director will also work closely with members alongside the RMAs as we meet with firms to address the more complex issues a firm may face and discuss new regulatory initiatives. And then there's the Senior Director. They oversee the Risk Monitoring team and are ultimately responsible for the ongoing risk monitoring and risk assessment based on the tailored risks identified for firms within their firm grouping and/or subgroup. They also coordinate with the Examination Program management to discuss areas of emerging risk and to ensure annual exam planning is appropriately risk-based.

10:43 - 10:55

Kaitlyn Kiernan: So, it sounds like this is very much meant to be a two-way relationship. Andrew, can you tell us how does this relationship work? And in an ideal world, what would you want the relationship to look like?

10:55 - 12:26

Andrew McElduff: I think I'll start with some of the stuff that Brian had mentioned as far as questions, interpretations, market events, changes in firm management or business lines—they're all-important items that FINRA Risk Monitoring would want to know about. But it's also items that firms should want to share with FINRA's Risk Monitoring group. Going back to Ornella's point, so, we're doing assessments on a number of different areas in our risk construct, each of which Ornella mentioned. The information that you're providing impacts how we're viewing the firm and questions that we would want to ask of the firm. So, I would like to think that it would be an open dialogue with your Risk Monitoring Analyst on a day-to-day, as needed function. But beyond that, when there are those material events, that is stuff that we would want you to share with FINRA because we would genuinely want to know it and I think that goes back to something Brian touched on—knowing your firm.

So, if we know our firm, it's beyond just picking up the phone when there's an event that FINRA has a question on, but rather we, meaning FINRA Risk Monitoring, having a relationship with that firm to understand how the business works, who the key players are, and being there to be able to support and assist the firm when needed by providing guidance or interpretations or getting you in touch with the right people that can do that at any point in time. And then the last piece of it—Brian touched on as well—is we've heard it from the industry, ‘we want staff that know our firm and know our business.’ As Brian mentioned, we've positioned staff that are handling like institutions on a day-to-day basis, so we're seeing and we can provide peer-to-peer analysis. So, we're never going to tell you, ‘Joe Smith of X firm does this,’ but, ‘here's what we're seeing across the markets,’ or ‘here's what may be a best practice for consideration.’ So, we can also share that out as well if or when you have questions for FINRA.

12:27 - 12:35

Kaitlyn Kiernan: And we've implemented that best practice type of sharing model with the annual Report on FINRA's Exam and Risk Monitoring.

12:35 - 13:18

Andrew McElduff: To that point the industry likely will see more of that feedback from FINRA, and we did it a number of times last year through fairly timely and pointed Reg Notices that we've put out regarding cyber events and some of the things that you'll probably never see, but we've had Risk Monitoring Analysts receive a call about a cyber event at a firm. They took it one or two steps beyond that and then realize, 'oh wait, I have other firms that I should call.' They reach out proactively to those firms and, at least in my instance, two firms didn't even know that they had an ongoing cyber event on their own website. So, that's where we're trying to put Notices out and be more timely through our social media channels, so please check those out. But also, if you receive a call directly from Risk Monitoring, it's not always a bad call. There are times where we're calling proactively to engage and educate.

13:18 - 13:30

Kaitlyn Kiernan: Yeah, we do share that information on FINRA's LinkedIn page for anyone who wants to follow us there. And it seems like the firm grouping model has a big role to play in this. Brian, can you tell us a little bit more about that?

13:31 - 14:25

Brian Kowalski: I know you've had at least a couple of podcasts on this issue. It was our Exam and Risk Monitoring transformation. A critical component of that transformation was to classify all member firms into one of five firm groupings that we've already mentioned: Retail, Capital Markets, Trading & Execution, Carrying & Clearing and Diversified. Each of those has a number of subgroups to more precisely group firms with similar business models and activities. Doing this really serves as the foundation to tailoring our programs and creates a more efficient and effective examination and risk monitoring process. And our staffing model for the unified program has built around these groupings. So, really, this change was made to better align our staff with the industry and improve our collaboration, build expertise and enhance our ability to align our oversight with the risks of each firm group. And I think that's played a critical role in a lot of the things that Andrew just touched upon as we go about achieving our mission.

14:26 - 14:39

Kaitlyn Kiernan: Andrew just mentioned cybersecurity as a recent example, but are there any other recent examples you can share of how the firm grouping model has helped Risk Monitoring detect or react to new or developing risks more quickly or more proactively?

14:39 - 16:58

Andrew McElduff: Sure. So, I can start and then if Brian wants to jump in. So, I think I'll start at a higher level, right? So, we have a Fintech subgroup within Retail, and so, throughout the course of the last year, including the FTX-related news events, we were able to spin up those teams very quickly to get on the phone with the folks that they've established relationships with at these firms, real-time, regardless of what time of day it was—you know, a number of those firms being on the West Coast and news breaking early on the East Coast—and having those relationships allowed us to be well-positioned to understand what is the impact at the FINRA associated broker-dealer level as well as the market impact on a larger scale. So, I think that's one area whereby having people that are focusing on a like business on a day-to-day helped us to understand and develop risk profiles very quickly.

Another one, and this was a Notice that FINRA posted last year as well, was the Chinese IPO issue. This is something that we started to notice in our Capital Markets groups under Lance Burkett as his team started to flag it at a number of their firms, they spoke to us in the retail space across the VP's and FINRA created a little task force internally. We got all the right players to have a seat at the table. Those teams started to communicate externally as well with some of the exchanges to understand what was going on as well as foreign regulators. So, it's not an area that we had seen all that often, but foreign regulators had a lot of interest in it, as well as background. They were able to share kind of what they've seen, what they've learned. And the result of that is FINRA getting a Notice out to the industry, I think, within about four to five weeks between the time that we saw the initial red flags, as well as Nasdaq and NYSE posting Notices on their sites as well. So, we're trying to get better about how do we bring it in and how do we create information for the industry to digest fairly quickly thereafter.

The last item I'll mention on the Chinese IPO, our Financial Intelligence Unit was leading that effort internally and coordinating amongst all the different teams. They actually joined calls that we set up with our member firms to have proactive conversations about not only are you participating in this business, but here's what we want you to know about the levels of due diligence that should be required, what's going on with the overall market structure and how this impacts. So, I think those calls were valuable. And in my 15 plus years, I don't know that I've seen that before, where we had a team proactively get on a call and say to a firm, ‘Here's what we want you to be aware of,’ versus waiting until we came into an exam and said, ‘What did you guys do when you started to transact in this business?’ So, I think that's a shift and I think it was welcomed by the membership as well.

16:59 - 19:38

Brian Kowalski: I think to echo some of what Andrew was touching on and give a couple of additional examples, the firm grouping model really does allow us to better spot themes and trends to react to market events and identify emerging risks, but importantly it positions us to quickly assess these situations, understand the impact and react appropriately. And I think as we continue to evolve, number one, we're able to be more proactive. And two, we'll continue to more frequently see the output of these efforts beyond just the impact on exams, but as we strive to raise awareness of such risk through the annual Exam and Risk Monitoring Report, Reg Notices and other alerts. One of the first examples that I really saw benefit of the firm grouping was with 15a-6 Chaperone Firms, which is a subgroup in the Carrying & Clearing group. Having those firms in one group allowed for the tailored, focused and consistent approach across RM and Exam coming out of transformation. And within months we were learning of net capital issues stemming from the regulatory treatment of certificate of deposit investments, as well as the reporting and treatment of failed transactions, something that we hadn't dug into previously, at least on a concentrated basis, and through an analysis of the firms’ financial reporting, we were able to identify where firms might have similar challenges and focus our efforts accordingly.

So, not only were we able to work with firms on remediating those issues, but we included some of those details of those findings and some of the effective practices we observed in avoiding those issues in the 2021 Exam and Risk Monitoring Report. And then more recently, just last year, the Russia-Ukraine conflict was a great example of how well this model worked in a crisis. In those situations, we can't just pick up the phones and contact 3,600 firms, ask general questions and expect to understand the risk and prioritize our response. We relied on a combination of data, expertise and the Risk Monitoring team's knowledge of their firms to assess the impact of the many risks to firms and their customers posed by everything from sanctions, countersanctions, market volatility, trading halts, cyber threats, operational challenges, custody issues, the list goes on. But we were able to prioritize the firms to contact and the questions to ask based on the firm grouping model.

That approach produced responses that were easily compared and analyzed, which allowed us to quickly identify areas of focus. But it really comes down to the relationship that Risk Monitoring teams have with their firms—reaching out to the right people in the middle of a chaotic event and obtaining that valuable information is tremendous. So, within days we had a good handle on the key issues and which firms were most impacted and were able to communicate across key internal and external stakeholders to coordinate the appropriate response. And in those situations, an appropriate response might include seeking regulatory interpretation or clarification an/or potential relief based on the challenges facing firms.

19:39 - 20:03

Kaitlyn Kiernan: Those are great examples. And we'll link in our show notes to some of the Reg Notices or annual Reports that were mentioned for anyone who wants to go back and take a look. Brian, you have emphasized how important it is to get in touch with the right people at firms quickly. So, what advice do you have for firms that maybe haven't yet had an opportunity to really develop a relationship with their Risk Monitoring Senior Director yet?

20:04 - 20:53

Brian Kowalski: The Senior Director role is tasked with overseeing and directing the efforts at the subgroup level. That primary responsibility is ensuring that the program is appropriately tailored to the risk of the subgroup. At the same time, they collaborate across the groupings as well as with key stakeholders across Member Supervision and Regulatory Operations. So, by assigning each firm a dedicated, senior-level point of contact, as well as a path for escalating issues when necessary, we're providing firms with the means of getting questions and or concerns addressed more quickly, which was in direct response to feedback we got from the industry. But beyond that, the Senior Director is able to provide insight into what we might be seeing across the firm group or share information about our programs, organizational initiatives, et cetera, that might be helpful as firms look to tailor their risk and compliance programs.

20:53 - 21:44

Andrew McElduff: Going back to the Single Point of Accountability podcast that Brian and I joined, what we really harped on there is we wanted to be there as a point of contact regardless of where your question, comment or concern lies across FINRA. So, whether it's something with Market Reg or Enforcement or Member Supervision or Billing and Payables, call that Senior Director and allow them to help facilitate where you're having a difficult conversation or where you feel that you're hitting a speed bump with FINRA. We can play that connection point and the Senior Directors do a perfect job of that on top of their day job of overseeing many firms across a subgrouping. So, it's a dual-hatted role for the Senior Directors. For firms that don't know who your senior director is, feel free to go on to FINRA Gateway and you'll see a full listing there of who's been assigned as your Senior Director, your Risk Monitoring Director and your Risk Monitoring Analyst, the levels there and what their responsibilities are.

21:45 - 21:59

Kaitlyn Kiernan: So, that's a great overview of the program and how it works independently. But I also it was hoping to hear how the Risk Monitoring team works with other groups within Member Supervision, particularly the exam team. So, anything you can share there?

22:00 - 23:44

Brian Kowalski: I'll start with our closest partner, Firm Examinations, and touch a bit on how we interact on cycle exams. It actually begins with our annual exam planning where we work together with the Firm Examinations group in the development of the exam schedule. Exam frequency is determined by several factors, but it starts with our assessment of risk and a quantitative assessment of a firm's impact or footprint. During this process, at a high level, we'll share any relevant details that might factor into the decision to schedule an exam, including specific areas of concern and even provide insight into issues that might impact timing. For example, a merger, a systems change, an exam from another regulator or some other event that would create significant challenges for a firm over, say, the first half of the year.

Once an exam is scheduled, around the time of announcement, the Risk Monitoring team's focus is to transfer knowledge to the Exam team and help develop a targeted exam strategy tailored for that particular firm. We provide Exams with a deep understanding of the business, a detailed risk assessment, intelligence gathered since the last exam and highlight specific areas of concern. During the exam, the teams stay in regular contact and Risk Monitoring might participate in certain meetings, especially when it helps in their assessment of risk. We are also usually brought in on material issues and, when necessary, significant issues will be escalated on both sides to ensure we're all on the same page. And then at the conclusion of an exam, and this is a critical step, there's a debrief process where the Exam team will share its observations back to Risk Monitoring. This includes feedback on our risk assessment, any new information they obtained, or aggravating or mitigating factors that should be considered in our risk assessment and their experience with firm personnel. The whole process is extremely collaborative, and firms should see a direct benefit.

23:45 - 23:50

Kaitlyn Kiernan: And what about some of the other groups within FINRA that you frequently collaborate with?

23:50 - 27:28

Andrew McElduff: I think we've heard on prior podcasts as well as communications from FINRA that we've established what we're calling Regulatory Operations. So, our Market Reg, Membership Supervision and Enforcement departments have really partnered to be one FINRA. As probably the biggest groups that have external outreach to member firms, we want to make sure that we're all moving in lockstep and working together. So, I'll say Reg Ops is our biggest world of interaction, but within those groups that I mentioned, there are a couple of groups that I wanted to highlight today, and I won't touch on every group that we work with, but probably the most frequent beyond Examinations—the first being MAPS or our membership group. So, our Risk Monitoring Analysts and Risk Monitoring Directors are involved with every new member application and change of membership application that are filed. So, whether it's the financial standards as part of the applications or understanding the firm's business, reasonableness of their supervisory processes as well as their controls, all that is human input. That is a human-to-human connection, and we relay that to our membership team as they work through the application and the file itself.

Also, we see Risk Monitoring Analysts and Directors sit in on membership interviews quite often so that they're going to work with you as a firm once you're approved for business, so we want to establish that relationship early so you can meet the folks that you'll be working with closely. The next group I wanted to highlight is our National Cause of Financial Crimes groups. So, a wide-ranging group from market investigations to cyber analytics reviews and everything in between. So, that group we work with a ton and probably the biggest group we work with in that world is our National Cause Program. So, anything from a U5, to a complaint, to targeted rep reviews, our analysts and Risk Monitoring Directors are also assisting and sharing information so that hopefully our teams, meaning the counter teams, are not coming out and asking 101-level questions, but they already know the firms, the key players, the systems, the tools, and they can jump right into their review.

A few more groups I want to highlight all sit within the world of OGC, our Office of General Counsel, but OFORP, which is our financial and operations team, often we're going to those teams directly for questions and guidance. The items that we're receiving from you in the industry that require, truly, a rule-based response, that's the team that we're going to, and those are truly financial experts and have a close touch point with the SEC and ensure that we can get timely guidance back to the industry. Advertising Regulation, as they review the filings to understand what's the context, does it align with the business and is this a change or a shift in the business as well as where Ad Reg is coming back out and saying basically a “do not use” or “revisions are required.” they're sharing that with our teams as well.

And then the last team I wanted to highlight is Corporate Finance, both public and private offering related corporate finance deals. We work very closely with those teams as well to understand when filings come in, what's the context of the filing? Is this a deviation from the firm's business, existing business, or is this a continuation? Is it a first-time filing, an expansion of business? And what's the scope or potential impact on the firm so that we can then tee that up for future examinations if we deem that there is a risk that's worthy of review. By way of example, a firm commits an underwriting for the first time, we likely want to come out and ask the questions of how is the firm well-positioned to handle that business and all the different parts that go with it. So, a couple of teams that I wanted to highlight, but all great partners to Risk Monitoring.

What we hear from those teams immediately gets incorporated into our assessments so that we can share it across the organization. I'd like to think of Risk Monitoring as kind of the hub within the spoke of the wheels here so that as we receive information, we're inputting it and then it can be shared with everybody across the organization, so it's not just harbored within Risk Monitoring, but what we hear from Corp Fin can be shared with Examinations or what we hear from Examinations can be shared with MAP later on when somebody files a CMA.

27:29 - 27:42

Kaitlyn Kiernan: That is a lot of touchpoints, and it sounds like a great opportunity too, where firms don't need to understand the complexity of all these different touchpoints because you guys are their single point of contact. But firms, they just need to know they can reach out to you.

27:42 - 27:42

Andrew McElduff: Mm-hm.

27:43 - 27:53

Kaitlyn Kiernan: So, to wrap up, what do you think is the most important thing for firms to walk away knowing about FINRA's Risk Monitoring Program? Ornella, do you want to start?

27:53 - 29:23

Ornella Bergeron: Sure, happy to do that. You've heard it through this podcast that we're really here to help and guide our member firms. So, if you're a member firm that's looking to get into a new business line or new product, reach out to us because we can help you get ahead of what's needed from a regulatory standpoint. I'm not going to promise that we'll always have all the answers at our fingertips, but as Andrew mentioned, we have a team of experts within Member Supervision and outside of Member Supervision that we can leverage to provide guidance. Most firms are very comfortable reaching out to their Risk Monitoring team and do have a good relationship with the Risk Monitoring teams, but I do encourage you that if you don't know who your Risk Monitoring team is to please reach out and get to know them. We value open communication and transparency. We'd rather you call us and give us a heads up on an issue instead of us reading about something in the newspaper. It's better for us to know that ahead of time. And finally, I'll just mention that sometimes the misconception here is that, ‘well, if I call my RMA to talk about an issue, it's automatically going to mean a firm exam gets opened or an enforcement referral gets created.’ And what I'll say to that is that we really are here to help firms work through issues. So, obviously, if there is a material issue or rule violation that's reported, we'll have to work with our other regulatory programs regarding what's appropriate in terms of regulatory action, but that's usually the exception.

29:24 - 29:25

Kaitlyn Kiernan: Andrew, do you want to go next?

29:26 - 31:34

Andrew McElduff: I'd love for people to walk away from this podcast and know that your Risk Monitoring Analyst is seeing hypothetically 20 firms that have a like business, your Risk Monitoring Director is seeing maybe 100 firms that have that like business. Your Senior Director is seeing a few hundred firms that have that like business. So, what we're trying to do is create this structure so that it's scalable, right? We can see an issue—maybe if it comes up once or twice, it's not a theme or a trend, but as that continues, we say, 'Oh wait, who else do we need to contact' or what do we need to do to position ourselves, meaning FINRA as well as the membership to respond to that kind of event and be prepared for the downstream impact or the risk associated. So, the positive of that is also that we're seeing like business models and how peer institutions are handling it, so to what Ornella mentioned, it doesn't always trigger a response from us. It may actually mitigate the risk. We see how you're handling your business and what steps you've put in, vendors you use, or homegrown solutions to create a reasonable supervisory process that may move you down on the risk scoring list on our side and push out your next exam. So, I think people always think, ‘well, if I call, my risk is going to be elevated and FINRA's coming in,’ it could be the exact opposite. And I think that's the benefit of having a management structure that oversees firms that are of the like business and seeing that on a day-to-day we can really level set and say, ‘is this something that's of concern?’ And when we plug it into our systems and answer our assessment questions, we can then also weigh in to say we think the firm has adequate controls here. So, I'd like firms to take away from this that there really is an in-depth process. It's not just a point and click. We're not just tagging firms for exams. We're really putting a lot of thought behind this. And I think again, that goes back to the relationship that we maintain. And the last piece I'll add there is we're really trying to encourage our Risk Monitoring Analysts to have more business-focused calls with their firms to really dive in, ask the right questions and ultimately have a conversation about it versus it being Q&A of what are you doing, where do you expect the business to go, what roadblocks are you hitting, what are you hearing in the industry, all those kinds of things so that we're really well-informed on the Risk Monitoring side. So, guess it's twofold: understanding our structure and how we evaluate firms as well as how to have those conversations with FINRA staff going forward.

31:35 - 31:37

Kaitlyn Kiernan: Thanks, Andrew. And how about you, Brian?

31:38 - 32:08

Brian Kowalski: Yes, I'll keep it short because Ornella and Andrew made great points and really nailed it, but at the risk of being repetitive, I am just hoping that as firms learn more about Risk Monitoring, they see the value and mutual benefit of building a strong partnership with their assigned team. The better we understand the firm, the more targeted, tailored and risk-based our programs can be. And the more transparent the relationship, the greater the benefit, as really our ultimate goal is to ensure firms are getting it right. And we do that through great, transparent two-way conversation.

32:09 - 32:37

Kaitlyn Kiernan: Well, that is it for today's episode of FINRA Unscripted. I appreciate the three of you taking time to join me today to shed light on the role of FINRA's Risk Monitoring Program. Listeners, if you don't already, you can subscribe to FINRA Unscripted wherever you listen to podcasts and if you have any thoughts on today's episode or ideas for future episodes, you can email us at [email protected]. Today's episode was produced by me, Kaitlyn Kiernan, coordinated by Hannah Krobock and engineered by John Williams. Until next time.

32:37 – 32:42

Outro Music

32:42 - 33:10

Disclaimer: Please note FINRA podcasts are the sole property of FINRA and the information provided is for informational and educational purposes only. The content of the podcast does not constitute any FINRA Rule or amendment or interpretation to such rules. Compliance with any recommended conduct presented does not mean that a firm or person has complied with the full extent of their obligations under FINRA Rules, the rules of any other SRO or securities laws. This podcast is provided as is. FINRA and its affiliates are not responsible for any human or mechanical errors or omissions. Parties may not reproduce these podcasts in any form without the express written consent of FINRA.

Find us: X / Facebook / LinkedIn / E-mail

Subscribe to our show on Apple Podcasts, Google Play and by RSS.