Selected Highlights

This Report highlights FINRA’s regulatory operations programs’ expanded focus on ongoing key areas of risk to investors and the markets:

Reg BI and Form CRS

Regulation Best Interest (Reg BI) and Form CRS remain areas of focus across FINRA’s regulatory operations programs. FINRA’s reviews of member firms’ adherence to their obligations pursuant to Reg BI and Form CRS address a number of areas, such as making recommendations that adhere to Reg BI’s Care Obligation; identifying and addressing conflicts of interest; disclosing to retail customers all material facts related to conflicts of interest; establishing and enforcing adequate written supervisory procedures (WSPs), including the provision of effective staff training; and filing, delivering and tracking accurate Forms CRS. Member firms should regularly review and update their approach to compliance with Reg BI and Form CRS, taking into consideration new interpretive guidance the SEC continues to issue.

Consolidated Audit Trail (CAT)

FINRA continues to evaluate member firms that receive or originate orders in National Market System (NMS) stocks, over-the-counter (OTC) equity securities, and listed options for compliance with Securities Exchange Act of 1934 (Exchange Act) Rule 613 and the CAT NMS Plan FINRA Rule 6800 Series (Consolidated Audit Trail Compliance Rule) (collectively, CAT Rules). Generally, member firms have dedicated significant resources to CAT implementation, and firms’ overall compliance with CAT reporting requirements remains high. FINRA’s reviews of member firms’ compliance with CAT Rules includes timely submission of reportable events and corrections, reporting complete and accurate CAT records, and effectively supervising third-party vendors (including those responsible for CAT submissions and clock synchronization).

Order Handling, Best Execution and Conflicts of Interest

FINRA continues to assess member firms’ compliance with their best execution obligations under FINRA Rule 5310 (Best Execution and Interpositioning), and Rule 606 of Regulation NMS, which requires broker-dealers to disclose information regarding the handling of their customers’ orders in NMS stocks and listed options. FINRA’s reviews of member firms’ compliance with these regulations include whether firms are fully and promptly executing marketable customer orders, adequately conducting periodic “regular and rigorous reviews,” and clearly and completely disclosing the specific terms of any profit-sharing relationships—such as payment for order flow (PFOF)—with venues to which they route orders.

As noted in last year’s Report, FINRA has undertaken targeted regulatory efforts in this area in recent years. Specifically, FINRA began a targeted exam in 2020 to evaluate the impact that not charging commissions has or will have on member firms’ order-routing practices and decisions, and other aspects of member firms’ business. Last year, FINRA also launched targeted reviews of wholesale market makers concerning their order handling practices for customer orders they receive from other broker-dealers. This year’s Report includes findings and observations from these targeted efforts in addition to observations from our ongoing regulatory efforts.

Mobile Apps

As noted in last year’s Report, mobile apps can benefit investors in several ways, including increasing their market participation, expanding the types of products available to them and educating them on financial concepts. However, these apps also raise novel questions and potential concerns, such as whether they encourage retail investors to engage in trading activities and strategies that may not be consistent with their investment goals or risk tolerance, and how the apps’ interface designs and functionality could influence investor behavior.

FINRA has observed potential issues with some mobile apps not adequately distinguishing between products and services of the broker-dealer and those of affiliates or other third parties (such as transactions involving crypto assets). FINRA also continues to monitor how mobile apps disclose and explain risks of higher-risk products or services.

Cybersecurity

Cybersecurity threats continue to be one of the most significant risks many customers and member firms face. The frequency, sophistication and variety of attacks continue to increase; in 2022, for example, the attacks FINRA witnessed included customer account intrusions, ransomware attacks and cyber-enabled fraud. In August 2022, FINRA established the Cyber and Analytics Unit (CAU) to enhance our ability to proactively address the evolving sophisticated cyber threat landscape and growth of the crypto-asset market. CAU has a team that examines member firms’ cybersecurity risk management through reviews of their controls, a team responsible for conducting investigations of cyber-related fraud and a team that investigates and examines crypto-asset activity.

FINRA has also increased our outreach to member firms this year to make them aware of cybersecurity threats. These efforts include email alerts to member firms’ Chief Information Security Officers (CISOs) and Chief Compliance Officers (CCOs), and notifying member firms when we identify website(s) or social media profiles that may be attempting to impersonate that member firm, one or more of its current or previous registered representatives, or individuals purporting to be associated with a member firm. In December 2022, FINRA issued Regulatory Notice 22-29 (FINRA Alerts Firms to Increased Ransomware Risks) to provide firms with questions they can use to evaluate their cybersecurity programs, information about possible additional ransomware controls and relevant resources.

Complex Products and Options

FINRA will continue to review member firms’ communications and disclosures made to customers in relation to complex products; FINRA will also review customer account activity to assess whether member firms’ recommendations regarding these products are in the best interest of the retail customer given their investment profile and the potential risks, rewards and costs associated with the recommendation. In March 2022, FINRA issued Regulatory Notice 22-08 (FINRA Reminds Members of Their Sales Practice Obligations for Complex Products and Options and Solicits Comment on Effective Practices and Rule Enhancements) to reiterate member firms’ current regulatory obligations regarding complex products and options, and solicit comment on effective practices member firms have developed for these products, particularly when retail investors are involved (as well as whether the current regulatory framework appropriately addresses current concerns these products raise).

In November 2022, FINRA announced a targeted exam of firms’ crypto asset retail communications, evaluating whether these communications contain false or misleading statements or claims, misrepresent the extent to which the federal securities laws or FINRA rules apply to a crypto asset product or service, or fail to balance the benefits of crypto asset products with their associated investment risks. FINRA will share its findings from these reviews at a future date.

In December 2022, FINRA provided an update on its targeted exam of firms’ practices and controls related to the opening of options accounts and related areas, including account supervision, communications and diligence. The update includes a list of questions for firms to consider—based on FINRA’s observations to date—when evaluating whether their supervisory systems are reasonably designed to address risks related to supervising the approval of options accounts (both self-directed and full-service brokerage accounts) and monitoring the trading activity in options accounts.