2024 finra annual conference
The 2024 FINRA Annual Conference offered a broad range of topics including regulatory compliance, risk management, crypto asset developments, trends and threats in financial crimes and the evolution of branch office inspections.
The Asgard team has identified its key takeaways from the sessions attended, which can be found below.
Developments in Remote Supervision
Regulatory Notice 24-02 addresses FINRA’s adoption of FINRA Rule 3110.18 (Remote Inspections Pilot Program) and FINRA Rule 3110.19 (Residential Supervisory Location) and announces the end of temporary relief related to updates of office information on Forms U4 and BR.
FINRA Rule 3110.18 (Remote Inspections Pilot Program) - Effective July 1, 2024
A voluntary, three year remote inspections pilot program to allow members to continue remote inspections. To participate, member firms would have to provide FINRA with an opt-in notice, as well as specified data and information. This includes:
Written Supervisory Procedures specific to Remote Inspections
Breakdown of total number of offices and locations inspected
Total number of home remote inspections conducted
Total number of location with findings identified
Total number of findings identified during remote inspections
Total number of on-site inspections conducted
How many of these on-site inspections were due to a finding in a remote inspection
Total number of on-site inspections with findings identified
How many findings were identified during on-site inspections
FINRA Rule 3110.19 (Residential Supervisory Location) - Effective June 1, 2024
A Residential Supervisory Location (RSL) is a private residence at which an associated person engages in specified supervisory activities. As a non-branch location, a RSL would be subject to inspections (presumed every three years) as opposed to the annual inspection requirement a Office of Supervisory Jurisdiction (OSJ) has. On June 1st, member firms may begin using the RSL designation, and will have to report those RSL designations to FINRA on October 15, 2024. It is important to note, to use an RSL designation, member firms and associated persons must meet certain requirements, and must conduct a risk assessment. Lastly, if you use the RSL designation, the address of a private residence will not be publicly available on BrokerCheck.
Crowdfunding Capital Raises – Considerations for Broker-Dealers & Funding Portals
Regulation Crowdfunding (Reg CF) allows eligible issuers to offer and sell securities through the platform of a broker-dealer or funding portal that is both registered with the SEC and a FINRA member. Reg CF is most commonly used by younger companies, starting out in their operating pathway. It is not meant for investment companies. In fact, FINRA has seen continued growth in this space, with eighty-seven (87) new members.
Some considerations to think about:
When raising capital, the offering limit is $5 million over a 12-month period.
Broker-dealers must fulfill Know Your Customer and Anti-Money Laundering responsibilities for CF investors.
There are limitations for funding portals. Can not touch investor money, can not offer investment advice or recommendations, and are limited from making solicitations.
FINRA’S Membership Application Program (MAP) – Avoiding Pitfalls, What’s New, and What’s Next
For the past two and a half years, the Membership Application Program (MAP) has been going through changes, which included the creation of dashboards and analytical tools to track progress, status and deliverable deadlines. FINRA conveyed there are more enhancements still to come, which includes updating the format of Form New Membership Application (NMA) and Form Continuing Membership Application (CMA). The text of these forms will not be changing. Instead it's how we interact with them making them more user friendly.
Anyone who has recently submitted an application to MAP understands there is a process that occurs to determine if an application is substantially complete (application has sufficient information and documentation for a Firm Group Analyst to conduct a meaningful review).
The front-line team of examiners (the Triage Group) conducts an initial assessment of each NMA, CMA, Materiality Consultation, Membership Agreement Change and Two-Principal Waiver. Once Triage determines the application is substantially complete, it will be assigned to a Firm Group Analyst. This is where a demo will be held, if required. Demo readiness is being held much earlier in the lifecycle of the application compared to years past.
What makes a demo a good demo?
Platform has been built out with all the relevant specifications for the broker dealer.
Able to take FINRA step by step of each stage of the transaction, how a customer navigates the platform, order placements, back office, customer complaints, etc.
Key principals are present to walk FINRA through the platform.
Consistency! Representations made at demo meeting should be cross checked to the procedures to ensure they are consistent.
Modernizing Off-Channel Communications Supervision
Off-channel communications was one of the most anticipated and well attended breakout sessions. The panel emphasized off-channel communications including all communications between registered representatives, clients and internal business-related communications is not limited to emails and text messages. This includes, among other communications, instant messaging, SMS, iMessage, and other collaborative communication tools. The overarching theme in all sessions including this one was training, education, and attestations to ensure that all registered representatives understood firm wide expectations. It was stressed that a tone at the top was critical to foster a culture of compliance. Artificial intelligence will continue to play a key part in ongoing monitoring and certain red flags have been identified via the examination process and reminded supervisory and compliance personnel to be mindful of business cards, email signatures, forwarding of emails to personal email accounts as well as key words and phrases that may imply that a communication is moving to an unapproved communication channel.
Supervisory Considerations for Complex Products
This session began to address the elephant in the room - there is no set definition of complex products aside from a combination or characteristics of different products for retail investors. FINRA is using advanced analytics in the examination process of member firms. The examination program focuses on some key aspects of investor education such as:
How does a product align with the goals, risks and objectives of the client
Does the RR have an understand of the product they are recommending
Are there a concentration of accounts in the RR’s client base that are engaging in activities within these complex products
Does the Firm’s WSPs provide for evaluation and risks of these complex products
From a surveillance perspective, FINRA wants to ensure that Firm’s have, at a minimum, the following processes in place when offering complex products to its retail clients:
Exception reporting
System integrity testing
Training and education, and
Effective testing of processes and procedures
Further, there are Regulation Best Interest implications, suitability requirements for each complex product that a Firm offers. Emphasis was made on options and elaborate option strategies and FINRA encouraged attendees to revisit Regulatory Notice 22-08.
Cybersecurity: Staying Ahead of the Threat Through Strong Cyber Programs
The esteemed panelists included the Senior Vice President for Complex Investigations and Intelligence and former Section Chief for the FBIs Cyber Criminal Operations as well another member of the FBI. The discussion centered on current threats arising out of China and Russia involving Ransomware.
Artificial Intelligence is prevalent, widespread and it has lowered the bar of entry to have a greater surface attack. Cyber Intrusions are a mechanism for fraud and money laundering and FINRA has been active in working with the FBI in ensuring that the financial markets remain safe. The FBI tries to disable each threat actor and take down their infrastructure. Social media and other mass communication channels have been the gateway to investment and crypto related frauds.
FINRA emphasized that the Firm's need to remain vigilant in training and educating its employees as well as continuing to develop incident response policies and procedures.
Technology Governance: Mitigating Risk Throughout the Vendor Lifecycle
The panelists discussed the importance of risk mitigation throughout the entire lifecycle of vendor engagement. Initially, firms must establish Written Supervisory Procedures ("WSPs") that are designed in accordance with the specific risks inherent in their operations. At a minimum, the WSPs should encompass the following elements:
1. Procedures for conducting Due Diligence assessments on vendors.
2. An understanding of the vendor's location, whether domestic or foreign.
3. Criteria for determining when heightened supervision is warranted.
Firms must develop a risk appetite tailored to their operations when conducting due diligence on vendors. This involves subjecting vendors to a structured evaluation process comprising five phases: (1) planning, (2) selection, (3) onboarding, (4) monitoring/oversight, and (5) off-boarding.
Vendor management emerged as the fourth most frequently cited violation in FINRA examinations. Common deficiencies observed among firms include the absence of a management program, inadequate off-boarding protocols, and deficient due diligence practices. FINRA discourages a “hands-off” approach to vendor oversight.
A View Into FINRA’s Enforcement Program
Panelists discussed FINRA's enforcement program, which focuses on mitigating risks in areas such as customer harm, senior investors, misconduct by bad actors, and supervisory failures. When initiating enforcement actions, a key aspect involves assessing the extent of misconduct and determining whether supervisory lapses contributed to it. FINRA does not automatically presume supervisory failures occur at the Firm. Instead, enforcement examines various scenarios, including whether the market was protected, whether the issue was resolved in a timely manner, and what measures were implemented to prevent future occurrences.
FINRA actively encourages firms to engage with enforcement. If there are questions regarding a request, firms are urged to communicate directly with enforcement to seek clarification. FINRA welcomes feedback from firms, as input may prompt adjustments to its approach, especially when supported by facts or circumstances. This collaborative approach highlights FINRA's commitment to fostering transparent and effective regulatory oversight.
Financial Crimes: Outpacing the Threats
This session featured panelists from the FBI who discussed how threat actors are effectively defrauding investors today. They reported that fraud losses have reached $3.94 billion. The panelists noted that many fraud trends originate in the United Kingdom before spreading to the United States. By observing these trends, we can proactively combat criminals in the US.
It was emphasized that adults aged 60 and over are the most vulnerable group to bad actors, as they hold the largest assets and, on average, lose $100,000 to fraud.
The session highlighted schemes in the industry, particularly email schemes, which are becoming increasingly realistic with the help of artificial intelligence (“AI”). AI enables emails and their contents to appear more convincing, causing more panic among victims. Seniors are particularly susceptible to these schemes due to cognitive decline and the emotional distress induced by threats accompanied by time limits. These threats affect firms of all sizes, as hackers continually evolve and become more sophisticated. It is crucial for firms to regularly evaluate the threats and their impact. Customer protection and verification are critical for all firms.
The Latest in Private Placement Sales Oversight
This session emphasized the importance of suitability and Regulation Best Interest (“Reg BI”) as it relates to Private Placement sales. The panelists discussed an emphasis on the Conflict and Care obligations of Reg BI and that many private placement firms state that they do not make recommendations, when they very well do. It’s important that if a firm claims to not make a recommendation, then the term “recommendation” should be defined in the firm’s procedures. While the regulators themselves do not define recommendation, one main takeaway from this session is that a recommendation can be identified by a call to action. As always, conflicts of interest were highlighted during this discussion. Some common conflicts of interest include (but are not limited to) distributing proprietary products, having a limited menu of investment options, deal team conducting due diligence themselves. It’s important to mitigate and disclose conflicts where they cannot be eliminated. Due Diligence was also a major topic as it relates to private placements. Some best practices for due diligence are:
Having two levels of due diligence (i.e. sponsor level and product level);
Due diligence questionnaires;
Having a team evaluate due diligence to obtain multiple perspectives and ensure a thorough review;
Training on products; and
Documentation, documentation, documentation!
This FAQ is a helpful resource.
A View Into FINRA’s Examination, National Cause and Financial Crimes Detection, and Risk Monitoring Programs
This session provided a deeper look into FINRA’s examination process. It highlighted the fact that FINRA attempts to accommodate firm preferences for examinations such as best times to conduct exams and for on-site visits. FINRA has stated that the examination process has evolved to be much more risk-based with an emphasis on net capital reviews, revenue recognition, expense sharing agreements, outside business activities, private securities transactions, complex products, new account fraud, and complex manipulation. FINRA also discussed the importance of ensuring the lines of communications are open between them and member firms, specifically regarding cyber events. Since firms are on the front lines, communicating these types of events to the regulators is of critical importance. For example, think of a cyber event that affects a specific vendor - if FINRA is aware, they can get ahead and warn firms that utilize that vendor (hence the 2023 vendor questionnaire!). FINRA addressed the point of remote working and emphasized the importance of understanding outside business activities in this type of environment. Clearly, this is a major topic when it comes to examinations.
FINRA also maintains LinkedIn and Instagram accounts so you can stay up to date with all the new and fun regulatory news. If you prefer podcasts, they have one too! Check out FINRA Unscripted wherever you get your podcasts.
One additional tidbit - if you would ever like FINRA to speak at an event, you can reach out to ms-ose@finra.org.
Crypto Assets: Trends, Regulatory Developments and Resources
Cryptocurrency (“crypto”) has been a hot topic for some time now. As it is ever-changing and developments continue to come about, activity with crypto needs to be considered in the perspective of potential outside business or private securities transaction activity. One distinction that was discussed is the difference between tokenization and digitization, whereas digitization is the process of converting physical assets into digital form and tokenization represents a real world asset on a blockchain.
When talking about these types of assets, it’s important to consider the definition of a security and the inclusion of an investment contract. The SEC has provided guidance on this in this framework.
As a complex asset class, it is imperative that the content standards regarding Communications with the Public (FINRA Rule 2210) is a priority. Regulators have found that communications may compare crypto to cash without explaining the material differences pursuant to FINRA Rule 2210(d)(2). Regulators have also found misleading statements related to SIPC protection. Many crypto assets are not protected by SIPC and therefore, if your firm does not offer SIPC protected assets (i.e. stocks and bonds), it is misleading to disseminate that your firm is a SIPC member (Article 10 of the SIPC Bylaws detail Member Advertising). Be wary of global footers on your website! It is important to note that FINRA Rule 2210 applies to all member communications, whether or not there is mention of securities.
Lastly, the importance of due diligence is a common theme. Ensure your firm is conducting thorough vendor-level and product-level due diligence when working with cryptocurrencies.
A View Into FINRA’s Market Regulation and Transparency Services Program
The major trend discussed during this session was insider trading. Some examples are listed below:
Shadow Trading - where an insider at a public company has Material Non-Public Information (“MNPI”) with respect to their company, but they don’t effect transactions in their company, but trade in a similar company/product line.
Working From Home (“WFH”) & Insider Trading - individuals are WFH with spouses, roommates, etc. and outsiders obtain MNPI by eavesdropping or overhearing internal meetings, then those outsiders act on that information.
Frontrunning Block Orders - not trading on this kind of MNPI yourself, but tipping others to potentially obtain clients.
Another area of focus are markups related to fixed income - mainly providing guidance on when the dealer’s cost is no longer contemporaneous. See FINRA’s Report on this for further information.
Regulators utilize BSA and SAR filings to detect market manipulation and other suspicious behavior. This is why it’s pertinent that firms are vigilant in this respect and making proper filings upon detection of suspicious behavior.
Important Updates:
Foreign debt securities are TRACE eligible as of 2023
T+1 settlement in effect as of May 28, 2024
Proposal for Winter 2024: reduce TRACE reporting time frame to 1 min. as opposed to 15 min. with limited exceptions (limited trading activity and manual trades).
FINRA Rule 6151 (SEC Rule 606) - effective June 30, 2024.
Every member that is required to publish a report pursuant to Rule 606(a) of SEC Regulation NMS shall provide the report to FINRA, in the manner prescribed by FINRA, within the same time and in the same formats that such report is required to be made publicly available pursuant to Rule 606(a).
FINRA has filed with the SEC a proposed rule change to adopt the new FINRA Rule 6500 Series (Securities Lending and Transparency Engine) to:
Require reporting of securities loans, and
Provide for the public dissemination of loan information.