• 2016 FINRA Regulatory and Examination Priorities Letter
  • January 22, 2016 | Author: Joel Wertman
  • Law Firm: Marshall Dennehey Warner Coleman & Goggin, P.C. - Philadelphia Office
  • On January 5, 2016, FINRA published its 11th annual Regulatory and Examination Priorities Letter, which highlights emerging and existing risks that could adversely affect investors and market integrity in 2016. FINRA focused on three broad issues: (1) culture, conflicts of interests and ethics; (2) supervision, risk management and control; and (3) liquidity.

    Firm culture, ethics and conflicts of interest was a topic of particular importance. In the accompanying cover letter from FINRA chairman and CEO, Rick Ketchum, it was indicated that a firm's culture contributes to, and is also a product of, a firm's supervision and its approaches to identifying and managing conflicts of interests and the ethical treatment of customers. Given the significant role culture plays and how a firm conducts its business, the letter addressed how FINRA would formalize its assessment of firm culture to better understand how culture affects a firm's compliance and risk management practices.

    FINRA defined "firm culture" as a set of explicit and implicit norms, practices and expected behaviors that influence how firm executives, supervisors, and employees make and implement decisions in the course of conducting a firm's business. FINRA indicates that it does not seek to dictate firm culture but, rather, to understand how it affects compliance and risk management practices. In its assessments, FINRA will focus on the frameworks that firms use to develop, communicate and evaluate conformance with their culture. FINRA indicated that it will assess five indicators of a firm's culture: (1) whether control functions are valued within the organization; (2) whether policy or control breaches are tolerated; (3) whether the organization proactively seeks to identify risk and compliance events; (4) whether supervisors are effective role models of firm cultures; and (5) whether subcultures that may not conform to overall corporate culture are identified and addressed. FINRA noted that firms should take visible actions that help mitigate conflicts of interests and promote the fair and ethical treatment of customers.

    With respect to supervision, risk management and controls, FINRA noted that it will focus on four areas where they have observed repeated concerns that affect firms' business conduct and the integrity of the markets: (1) management of conflicts of interests; (2) technology; (3) outsourcing; and (4) anti-money laundering. Of particular note, the technology further focused on firms' supervision and risk management practices related to their technology infrastructure, including the hardware, software, and personnel who develop and maintain a firm's information technology systems. FINRA indicated that it will focus on firms' supervision and risk management related to cybersecurity, technology management, data quality and governance. FINRA noted that it will review firms' approaches to cybersecurity risk management, and, depending on a firm's business and risk profile, it will examine one or more of the following topics: governance, risk assessment, technical controls, incident response, vendor management, data loss prevention and staff training. FINRA will also consider examining firms' abilities to protect the confidentiality, integrity, and availability of sensitive customer and other information.

    With respect to liquidity, FINRA noted that failures to manage liquidity have contributed to individual firm failures and systemic crises. FINRA will review the adequacy of firms' contingency funding plans in light of their business models. The framework for these reviews will consider many of the effective practices contained in Regulatory Notice 15-33.