On January 5, 2016, FINRA published its 11th annual Regulatory and Examination Priorities Letter which highlights emerging and existing risks that could adversely affect investors and market integrity in 2016. FINRA focused on three broad issues: 1. culture, conflicts of interests and ethics; 2. supervision, risk management and control; and 3. liquidity.

Firm culture, ethics and conflicts of interest was a topic of particular importance. In the accompanying cover letter from FINRA chairman and CEO, Rick Ketchum, it was indicated that a firm's culture contributes to, and is also a product of, a firm's supervision and its approaches to identifying and managing conflicts of interests and the ethical treatment of customers. Given the significant role culture plays and how a firm conducts its business, the letter addressed how FINRA would formalize its assessment of firm culture to better understand how culture affects a firm's compliance and risk management practices.

FINRA defined "firm culture" to refer to the set of explicit and implicit norms, practices, and expected behaviors that influence how firm executives, supervisors and employees make and implement decisions in the course of conducting a firm's business. FINRA indicates that it does not seek to dictate firm culture but rather to understand how it affects compliance and risk management practices. In its assessments, FINRA will focus on the frameworks that firms use to develop, communicate and evaluate conformance with their culture. FINRA indicated that it will assess five indicators of a firm's culture: whether control functions are valued within the organization; whether policy or control breaches are tolerated; whether the organization proactively seeks to identify risk and compliance events; whether supervisors are effective role models of firm cultures; and whether sub-cultures that may not conform to overall corporate culture are identified and addressed. FINRA noted that firms should take visible actions that help mitigate conflicts of interests, and promote the fair and ethical treatment of customers.

With respect to supervision, risk management and controls, FINRA noted that it will focus on four areas where they have observed repeated concerns that affect firms' business conduct and the integrity of the markets: management of conflicts of interests, technology, outsourcing and anti-money laundering. Of particular note, the technology further focused on firms' supervision and risk management practices related to their technology infrastructure, including the hardware, software and personnel who develop and maintain a firm's information technology systems. FINRA indicated that it will focus on firms' supervision and risk management related to cybersecurity, technology management, data quality and governance. FINRA noted that it will review firms' approaches to cybersecurity risk management, and depending on a firm's business and risk profile, it will examine one or more of the following topics: governance, risk assessment, technical controls, incident response, vendor management, data loss prevention and staff training. FINRA will also consider examining firms' abilities to protect the confidentiality, integrity and availability of sensitive customer and other information.

With respect to liquidity, FINRA noted that failures to manage liquidity have contributed to individual firm failures and systemic crises. FINRA will review the adequacy of firms' contingency funding plans in light of their business models. The framework for these reviews will consider many of the effective practices contained in Regulatory Notice 15-33.

Also of note, FINRA highlighted other areas of focus in 2016. With respect to sales practices, FINRA identified areas of potential concern related to suitability and concentration, seniors and vulnerable investors, sales charge discounts and waivers, 529 college savings plans, private placements and outside business activities.

FINRA encourages compliance staff, supervisors and senior business leaders to consider the broad issues and targeted topics addressed in the 2016 Regulatory and Examination Priorities Letter. FINRA states that firms' risk management can better protect investors, the markets and the firms themselves by using this information. Member firms are urged to review their supervisory, risk management and control systems as part of their overall programs.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.