In its Risk Monitoring and Examination Priorities Letter (the "2021 Letter"), FINRA identified several areas of focus for 2021, including:
- Firm Operations. FINRA will assess firms' compliance with (i) AML regulatory obligations, including FINRA Rule 3310, (ii) cybersecurity and technology governance requirements, including FINRA Rule 4370, (iii) outside business activities and private securities transactions obligations, including FINRA Rules 3270and 3280, (iv) books and records requirements, including Exchange Act Rules 17a-3 and 17a-4 and FINRA Rules 3110 and 4510, (v) regulatory events reporting requirements, including FINRA Rule 4530, and (vi) fixed-income mark-up disclosure requirements, including FINRA Rule 2232 and MSRB Rule G-15.
- Communications and Sales. FINRA will monitor firms for compliance with Consolidated Audit Trail ("CAT"), Regulation BI and Form CRS requirements. In addition, FINRA will address firms' compliance with (i) public communications requirements under FINRA Rule 2210, (ii) private placements requirements under FINRA Rule 2111and (iii) variable annuities requirements under FINRA Rule 2330.
- Market Integrity. FINRA will focus on (i) compliance with CAT NMS Plan FINRA Rule 6800 Series, (ii) best execution as required under FINRA Rule 5310, (iii) large trader reporting obligations under Exchange Act Rule 13h-1, (iv) direct market access requirements under Exchange Act Rule 15c3-5and (v) the vendor display requirements under Regulation NMS Rules 600 and 606.
- Financial Management. FINRA will focus on requirements relating to (i) net capital, (ii) liquidity management, (iii) credit risk management and (iv) the segregation of assets and customer protection.
FINRA notes that firms continue to encounter issues with complying with recordkeeping rules. It comes as no surprise that the primary exam findings were deficiencies stemming from relationships with external vendors. FINRA's exams found that firms often did not understand that required records, even those stored using a vendor's services, must be fully compliant with the rules. While it is understandable that firms should not be able to outsource away their obligations, this makes vendor diligence extremely important. When selecting a vendor, a firm should ensure that its vendor fully understands the regulatory obligations and is capable of meeting them. In addition, firms would be wise to regularly test their vendors' capacities to ensure that all records are being kept appropriately and are accessible as required.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.