Skip to main content
Carlo V. di Florio

Chief Risk Officer and Head of Strategy FINRA

Remarks at NSCP 2014 National Conference

October 20, 2014

Washington, DC 

As prepared for delivery.

Good morning. It's a pleasure to be here with you again at the national conference.

The work you do is incredibly important, and we appreciate and respect your critical contributions to our shared objectives of investor protection and market integrity.

I've had the opportunity to speak with you on three occasions. When I spoke to you last in 2012, I focused on the key elements of an effective ethics and compliance program—emphasizing how, at their core, the federal securities laws are intended to achieve a higher level of business ethics in the securities industry. The manner in which the federal securities laws are illuminated by ethical principles can be seen, for example, in the fiduciary duty and FINRA rules grounded in concepts of ethics, professionalism, fair dealing, and just and equitable principles of trade.

I also had the opportunity to speak with this gathering about how critical ethics and compliance are to a broader risk-governance framework that includes business as the first line of defense, risk and compliance as the second line of defense and internal audit as the third line of defense, all supported by effective board and senior management oversight. Of course, ethics, compliance and enterprise risk management are not important merely because regulators expect them and the federal securities laws are grounded on these principles, but also because they are good business. As you all know well, treating customers fairly and honestly helps build a firm's reputation and brand, while attracting the best employees and business partners.

Finally, we had the opportunity in prior speeches here to explore how important it is to manage conflicts of interest, and the Report on Conflicts of Interest FINRA released last year shares effective practices for managing conflicts across the enterprise and within key areas, such as new products and compensation practices.

We know from experience that a firm's failure to eliminate or properly manage conflicts of interest is a leading indicator of significant regulatory issues and sometimes an indication of systemic risk for the broader financial markets. In fact, looking back over my career in securities regulation, it's incredible how many major business-conduct and market-abuse issues have had conflicts of interest at their core.

This year, for example, we've heard a lot about allegedly "rigged" markets. And while the markets are not rigged, these concerns do raise many questions that FINRA, the SEC and other regulators must address, such as:

  • Has algorithmic trading become ungovernable?
  • Are electronic traders with ultrafast programs taking advantage of retail investors?
  • Is there adequate sunlight in the form of disclosure and transparency in today's dark markets?
  • Do regulators have the information they need to effectively regulate and monitor today's markets?
  • And, what conflicts of interest are at play, against which we need to remain aggressively vigilant?

Fundamentally, these are questions about market fairness and business ethics. And since ethics are the backbone of our securities regulations, conflicts of interest—and a strong ethical culture, generally—will always be a top priority for FINRA and other regulators. So this morning, I would like to expand our discussion to look at ethics, and risk and regulatory issues in the markets more broadly. I want to talk about how FINRA's initiatives like our risk-based exam program, Comprehensive Automated Risk Data System (CARDS), the Consolidated Audit Trail (CAT) and our efforts to improve transparency are helping us proactively address the five questions I raised.

Market Structure and Transparency

As the debates around trust and confidence in our markets continue, it is important to reflect on the broader context for the discussion about investor protection and market integrity. The broader context suggests that investors are better protected, and market quality and integrity is stronger today than ever before. There is greater transparency across equities, fixed income, options, futures, swaps and forex. There is better trade execution quality. Retail investors have experienced significantly reduced spreads and execution costs. The rise of passive indexed investing has resulted in a stunning reduction in asset management transaction costs for retail investors. Overall, there is stronger investor protection and market integrity. That's the positive news.

That said, there's no question that our market structure and the way the markets are regulated need to continuously evolve and be modernized. The speed and complexity of the markets is growing. Technology and data analytics have brought great innovation and efficiencies, but have also increased the threat of cyber attacks. There also continues to be a proliferation of complex products available to retail investors, and increasingly diverse and sophisticated platforms for distributing these products. So we always need to continue to be aggressively vigilant.

Over the last few years, we have also experienced a number of algorithmic trading malfunctions that caused substantial market disruptions. For instance, the Knight Capital technology glitch in August 2012 caused widespread market concerns. And these malfunctions raise concern about the ability of firms and markets to develop, implement and effectively supervise these systems.

The SEC took some important initial steps by passing the Market Access Rule, 15c3-5 and proposing Regulation Systems Compliance Integrity (Reg SCI). Earlier this year, SEC Chair Mary Jo White called more broadly for a comprehensive review of market structure that tests our assumptions about long-standing rules and market practices, re-evaluates past decisions in light of increased market complexity and speed, and explores market-based solutions. The SEC is also taking steps to further promote market stability and fairness, enhance market transparency and disclosures, and build more effective markets for smaller companies. Working in partnership with the SEC, FINRA is proactively taking steps to help strengthen the integrity of our markets.

Starting with the first question—are algorithms out of control—FINRA and the SEC are focused on assessing whether firms' testing and controls related to high-frequency trading and other algorithmic trading strategies and trading systems are adequate. When we examine firms, we expect them to be prepared to address whether they conduct separate, independent, and robust pre-implementation testing of algorithms and trading systems. And we also assess whether the firm's legal, compliance and operations staff are reviewing the design and development of the firm's algorithms and trading systems for compliance with legal and regulatory requirements.

We also assess whether a firm actively monitors and surveils algorithms and trading systems once they are placed into production, or after they have been altered. This review includes procedures and controls to detect potential trading abuses such as spoofing, wash sales, marking, layering and momentum-ignition strategies, among others. In addition, we ask firms to explain their approach to firmwide disconnect or "kill" switches, as well as procedures for responding to catastrophic system malfunctions.

And in an important improvement to our oversight, FINRA's board last month approved a proposal to require those who design, develop or direct the significant modification of an algorithmic strategy, to register with FINRA. Those who supervise these functions would also be required to register with FINRA. We plan to seek comments on the proposal, and you should expect to hear more about it soon. We look forward to your comments and input.

FINRA will also publish guidance reminding firms of their existing supervisory obligations with regard to the development and deployment of algorithmic trading strategies. We'll also provide additional guidance to firms on effective controls and practices to monitor for and prevent potential adverse impacts on the market. The guidance will also cover firms' obligations in these areas, and supervision and control practices for firms and market participants that use algorithmic trading strategies.

In addition to these new initiatives, FINRA has a robust equity and options surveillance program in place that has never been more focused or effective at identifying manipulative or disruptive electronic trading activity.

New advances in technology and data analytics allow us to aggregate data from across multiple trading venues and see trading patterns that we weren't able to detect before, allowing more comprehensive surveillance in order to better protect investors. For example, our program includes a suite of 29 cross-market surveillance patterns that address 55 threat scenarios. These surveillance patterns canvass activity on the markets FINRA oversees, including NASDAQ's and NYSE's family of markets, Direct Edge's two licensed stock exchanges, and BATS' four stock exchanges. FINRA currently conducts comprehensive surveillance across 90 percent of the market for U.S.-listed equities. When the arrangement with BATS is fully in place in the first quarter of 2015, FINRA will conduct comprehensive surveillance across 99 percent of the market for U.S.-listed equities.

The expansion of FINRA's cross-market surveillance promotes the effectiveness of the program and further protects investors and market integrity. With these cross-market patterns, we can track orders from their inception, as they move through the market and are either cancelled, replaced or executed. This is particularly important since market participants are increasingly dispersing their activity across multiple trading platforms in an effort to mask improper trading schemes. In our surveillance of patterns, we have found that about 44 percent of the manipulation-based alerts we generate involved conduct on two or more equity markets. And 43 percent of the alerts involved conduct by two or more market participants. Advances in technology and data have made strategies that combine equities, fixed income, derivatives and indices profitable. But with these advances also come more opportunities to manipulate markets, take advantage of customer information or otherwise abuse investors.

While we believe cross-market surveillance patterns are a material step forward in promoting market integrity and enhancing investor confidence, there is so much more that we can do with technology to collect more data that helps us improve surveillance. Implementing a consolidated audit trail—or CAT—that collects and accurately identifies and links to customers every order, cancellation, modification and trade execution for all exchange-listed equities, options and fixed income products across all U.S. markets will allow us to look not just across markets but across products in a complete and comprehensive manner. The more comprehensive and granular data from CAT will enable us to better protect investors by detecting market manipulation and investor harm that we can't detect today.

Where do we stand with CAT now? In March, 10 organizations, including FINRA, submitted their bids to develop a CAT plan processor. In July, the SROs named FINRA as one of the six bidders selected from the group of organizations that submitted a bid. In September, the SROs submitted the final plan to the SEC and it is expected the CAT processor will be selected in the coming months.

Increasing Transparency

FINRA and the SEC support greater market transparency, and we agree that more oversight is needed for dark pools, HFT and algorithmic trading. It's critical that market participants have access to trade information that enables participants and regulators to assess prices and valuations in a timely and accurate manner. In partnership with the SEC, FINRA has proposed a series of rules to increase the scope of the trading information FINRA receives, and make equity and fixed income trading activity more transparent to market participants and investors. All these proposals are designed to enhance FINRA's oversight of high frequency traders and algorithmic trading activity—and, together, they will boost investor confidence in the fairness and transparency of both the equity and fixed income markets.

One of the proposals would expand the dark pool volume information FINRA began disclosing in June of this year. Since June, we have been publishing reports of alternative trading systems volume on a stock-by-stock basis. Under the proposal our Board approved last month, FINRA would publish volume information on equity securities in the OTC market that's reported to FINRA's equity trade reporting facilities. Much of this data on ATS volume was previously provided primarily to professionals, based on voluntary monthly reporting by some—but not all—ATSs on an aggregate basis. A greater level of transparency means non-professionals now have the opportunity to review and study this data.

Another proposal would require alternative trading systems to provide FINRA with order book information that is not currently reported by the ATS to FINRA's Order Audit Trail System, or OATS. These rule proposals will go through FINRA's standard rulemaking and comment process. Expect to hear more from us on them soon.


Our proposed Comprehensive Automated Risk Data System, or CARDS, is one example of how we plan to use the modern technological resources to enhance the scope of data we receive and analyze. CARDS would enable us to more quickly identify patterns of transactions that could indicate bad behavior on the part of a particular broker-dealer, branch office or registered representative, monitor more effectively for problem areas such as pump and dump schemes, suitability, churning, mutual fund switching and concentrations of high-risk securities and respond more quickly to stop those activities before more investors are harmed.

To do so, we are taking advantage of modern technological resources—especially in the areas of data, risk analytics and surveillance—that are changing the way FINRA and other regulators examine firms and oversee the markets.

CARDS will allow us to collect information in a standardized format across all firms on a regular basis. The information that FINRA would collect through CARDS is substantially consistent with the information we already collect when we conduct an exam. Collecting this data in a standardized format will allow us to identify and quickly respond to potentially fraudulent and abusive behavior.

CARDS will also help us better understand the business profile of a firm and incorporate that understanding into FINRA's examination, surveillance, cycle planning and risk-assessment functions. Having data in a standard format will also allow us to track product mix across firms and in branches of each firm, including changes to that mix.

It will also help us monitor, on an ongoing basis, where firms consistently sell products that present higher risk to customers and, when compared to risk tolerance profiles, appear to be unsuitable for those customers.

In addition, CARDS will improve our understanding of where a firm is taking on too much market risk in its proprietary trading or other risk-taking activities, and enhance our ability to identify potentially suspicious activity in accounts that may call into question the adequacy of a firm's anti-money laundering program.

Where does CARDS stand now? In September, we issued a second Regulatory Notice to solicit comments on the proposed rule to implement CARDS. Comments are due December 1, and we encourage you to submit comments.

Conflicts of Interest

Turning now to the fifth question I posed: Where are there conflicts of interest at play? Conflicts of interest are one of the central and most pressing challenges facing the industry. As a regulator, we've spent a lot of time thinking about conflicts of interest and how firms identify conflicts and ensure they place their customers' interests before the firm's.

On the market structure side, questions have been raised about conflicts associated with maker-taker fees and incentives, order routing and best execution responsibilities. On the firm side, FINRA's Report on Conflicts of Interest details key conflicts across the industry, including those associated with products and compensation practices. The report also details effective practices for managing conflicts. Another recent example is last December's Regulatory Notice on IRA rollovers. We addressed a number of our concerns—including suitability, supervision, communications and training of reps-when a rep recommends that a customer rollover an employer-sponsored retirement plan into an IRA. Another key issue we discussed is the potential conflict of interest when a broker or firm earns commissions or fees as a result of such a transfer.

At the end of the day, the biggest impact on how the industry manages and addresses conflicts of interest is an organization's culture. Leadership sets the tone at the top and puts the customer's best interest at the center of culture and decision-making. This culture is determined and led by a firm's executive management in their day-to-day actions and decisions. We routinely meet with the boards and senior management of the largest firms and tone at the top, ethics and culture are a central topic of discussion.

The principles of an ethical business culture must be at the core of a firm's everyday words and deeds—whether it's from the owner of a small firm or the board and executive management of a large firm. The firm also needs to reinforce that message with policies, processes and controls that reward ethical behavior and deter and punish unethical behavior.

As we noted in the Report on Conflicts of Interest there is no one-size-fits-all approach to managing conflicts. But FINRA believes an effective conflicts management framework should also address the following considerations:

  • establishing new product review processes that include perspectives independent from the business proposing products, that identify potential conflicts raised by new products, that restrict distribution of products that may pose conflicts that cannot be effectively mitigated and that periodically re-assesses products through post-launch reviews;
  • making independent decisions in the wealth management business about the products they offer without pressure to favor proprietary products or products for which the firm has revenue-sharing agreements;
  • minimizing conflicts in compensation structures between customer and broker or firm interests where possible and including heightened supervision when conflicts remain; for example, around thresholds in a firm's compensation structure;
  • mitigating conflicts of interest through disclosures and other information that enables customers to understand the factors that may affect a product's financial outcome—such as the use of scenarios and graphics for a particular product; and
  • including "best-interest-of-the-customer" standards in codes of conduct that apply to brokers' personalized recommendations to retail customers in order to maintain and increase investor trust.

While this report recognizes that many broker-dealer firms have made progress in improving the way they manage conflicts, it also emphasizes that there is still more firms need to do. FINRA will continue to review how firms manage conflicts and evaluate the effectiveness of firms' efforts.

FINRA will also continue to work with the SEC and other regulatory partners to strengthen our ability to identify and address potential conflicts of interest that emerge in our broader market structure, so we can continue to protect investors and market integrity, while building public trust and confidence in our markets.

Thanks for listening, and once again, thanks for your efforts every day to strengthen good governance, risk management, compliance and ethics in your organizations. Your work is critical to building public trust and confidence in our markets.