FINRA published a 2017 report on its examination program. The report is intended as a "resource that firms can use to strengthen their compliance with securities rules and regulations." FINRA highlighted the following concerns:
- Firms failed to address basic access management issues, including revoking system access for departing employees in a timely manner and instituting adequate supervisory procedures for privileged users.
- Firms did not have adequate processes for undertaking risk assessments for data, systems, and applications.
- Branch offices faced greater challenges in managing system data, software, and devices, as well as reporting incidents.
- Medium and small firms failed to adequately segregate cybersecurity responsibilities.
- Firms need to enhance implementation of data loss prevention tools.
Outside Business Activities ("OBAs") and Private Securities Transactions ("PSTs")
- Employees failed to notify their firms of proposed OBAs or PSTs.
- Firms did not have sufficient procedures or processes for OBA and PST reviews.
Anti-Money Laundering ("AML") Compliance Program
- Firms did not maintain adequate policies and procedures for identifying and reporting suspicious activity.
- Firms did not have an appropriate understanding of what monitored activities required escalation.
- Firms had deficient monitoring systems due to gaps in data feeds.
- Firms did not ensure that independent testing included a review of AML program implementation.
- Firms failed to meet suitability obligations for unit investment trusts and multi-share class or complex products.
- Firms failed to provide adequate training for registered representatives regarding suitability issues.
- Firms failed to compare the quality of executions firms obtained via order routing and execution arrangements against the quality of the executions they could have obtained from competing markets.
- Firms failed to conduct reviews of marked, marketable limit and non-marketable limit orders.
Market Access Controls
- Firms failed to establish reasonable pre-trade capital and credit thresholds.
- Firms did not adequately consider aggregate capital and credit usage.
- Firms did not appropriately tailor their erroneous or duplicative order controls.
- Firms did not implement effective fixed income financial controls, relied on vendors for these controls, and did not conduct effective testing.
FINRA also offered additional observations regarding alternative investments held in IRA accounts, net capital and credit risk assessments, order capacity, Regulation SHO, and the Trade Reporting and Compliance Engine.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.