In 2021, considerable industry, and in some cases public, attention was focused on topics that FINRA also addressed through its exam and risk monitoring program. These topics include newer SEC Rules (e.g., Regulation Best Interest (Reg BI), Form CRS, amendments to Rule 606), recent increases in the number and sophistication of cybersecurity threats, and the proliferation of securities trading through mobile apps.
Reg BI and Form CRS
During Reg BI’s and Form CRS’ first full calendar year of implementation in 2021, FINRA expanded the scope of its reviews and testing relative to 2020 to execute a more comprehensive review of firms’ processes, practices and conduct in areas such as establishing and enforcing adequate written supervisory procedures (WSPs); filing, delivering and tracking accurate Forms CRS; making recommendations that adhere with Reg BI’s Care Obligation; identifying and mitigating conflicts of interest; and providing effective training to staff. In this Report, FINRA notes its initial findings from its Reg BI and Form CRS reviews during the past year and will share additional findings at a future date.
FINRA continues to evaluate member firms that receive or originate orders in National Market System (NMS) stocks, over-the-counter (OTC) equity securities and listed options for compliance with Securities Exchange Act of 1934 (Exchange Act) Rule 613 and the CAT NMS Plan FINRA Rule 6800 Series (Consolidated Audit Trail Compliance Rule) (collectively, CAT Rules). This year’s Report addresses compliance with certain CAT obligations, such as reporting CAT information to the Central Repository and maintaining an effective supervision process (including clock synchronization performed by third-party vendors).
Order Handling, Best Execution and Conflicts of Interest
Assessing firms’ compliance with their best execution obligations under FINRA Rule 5310 (Best Execution and Interpositioning) is one of the cornerstones of FINRA’s oversight activities. This oversight has evolved with changes in firms’ business models, for example the advent of the “zero commission” model.
As noted in last year’s Report, FINRA launched a targeted exam to “evaluate the impact that not charging commissions has or will have on the member firms’ order-routing practices and decisions, and other aspects of member firms’ business.” FINRA will share its findings with member firms at a future date.
In addition, FINRA is focusing on firms’ compliance with Rule 606 of Regulation NMS, which requires broker-dealers to disclose information regarding the handling of their customers’ orders in NMS stocks and listed options. This information provides transparency to customers and can help them: better understand how their firm routes and handles their orders; assess the quality of order handling services provided by their firm; and determine whether their firm is effectively managing potential conflicts of interest that may impact their firm’s routing decisions.
Advances in technology and its application continue to reshape the way some firms attract and interact with customers on mobile apps. These innovations can benefit investors in several ways, including increasing their market participation, expanding the types of products available to them and educating them on financial concepts. At the same time, however, these apps raise novel questions and potential concerns, such as whether they encourage retail investors to engage in trading activities and strategies that may not be consistent with their investment goals or risk tolerance, and how the apps’ interface designs could influence investor behavior.
FINRA has identified significant problems with some mobile apps’ communications with customers and firms’ supervision of activity on those apps (particularly controls around account openings). FINRA has also observed mobile apps making use of social media to acquire customers, and recently initiated a targeted exam to assess firms’ practices in this area, including with respect to firms’ management of their obligations related to information collected from those customers and other individuals who may provide data to firms; FINRA will share its findings from this review after its completion.
Special Purpose Acquisition Companies (SPACs)
Another topic that has received significant attention is the increased use of Special Purpose Acquisition Companies (SPACs) to bring companies public. For example, in 2019, approximately 25 percent of initial public offerings were accomplished through SPACs; in the first quarter of 2021, this figure was over 70 percent.
FINRA recognizes how SPACs can provide companies with access to diverse funding mechanisms and allow investors to access new investment opportunities; however, as SPAC activity has increased, so too has FINRA’s focus on broker-dealers’ compliance with their regulatory obligations in executing SPAC transactions. In October 2021, FINRA launched a targeted exam to explore a range of issues, including how firms manage potential conflicts of interest in SPACs, whether firms are performing adequate due diligence on merger targets and if firms are providing adequate disclosures to customers. At a future date, FINRA will share with member firms its findings from this review.
Cybersecurity threats are one of the primary risks firms and their customers face. Over the past year, FINRA has continued to observe increases in the number and sophistication of these threats. For example, in 2021, FINRA has alerted firms about phishing campaigns involving fraudulent emails purporting to be from FINRA, as well as new customers opening online brokerage accounts to engage in Automated Clearing House (ACH) “instant funds” abuse. FINRA has issued additional regulatory guidance concerning the increase of bad actors using compromised registered representative or employee email accounts to execute transactions or move money; using customer information to gain unauthorized entry to customers’ email accounts, online brokerage accounts or both (i.e., customer account takeover (ATO) incidents); and using synthetic identities to fraudulently open new accounts. FINRA will continue to assess firms’ programs to protect sensitive customer and firm information, as well as share effective practices firms can employ to protect their customers and themselves. Where appropriate, FINRA will also share information about cybersecurity threats to firms.
FINRA will continue to review firms’ communications and disclosures made to customers in relation to complex products, and will review customer account activity to assess whether firms’ recommendations regarding these products are in the best interest of the retail customer given their investment profile and the potential risks, rewards and costs associated with the recommendation. In addition, in August of last year, FINRA launched a targeted exam to review members’ practices and controls related to the opening of options accounts which, in some instances, may be used to engage in complex strategies involving multiple options (such as spreads). FINRA will share its findings from this review at a future date.