FINRA Enforcement: New Direction for the Regulator

by McGuireWoods LLP

With new leadership at the helm of the Financial Industry Regulatory Authority (FINRA), the broker-dealer industry’s primary self-regulator, and the FINRA Enforcement Department, there is an opportunity for real and productive change. FINRA CEO Robert Cook has engaged in an extensive listening tour since he came on board, has launched an inward-looking review (named FINRA360) and, importantly, promoted Susan Schroeder to executive vice president, head of enforcement. Cook also made Schroeder a direct report.

In addition to the organizational changes occurring in the Enforcement Department, discussed below, perhaps the most significant action by Schroeder has been developing and announcing principles or goals that will guide Enforcement’s decision-making on matters. Schroeder delivered her remarks outlining the principles in a Feb. 12 speech at SIFMA’s Anti-Money Laundering Conference. Those firms and individuals and their counsel and consultants dealing with FINRA enforcement matters should be aware of her remarks and, more importantly, apply the principles in addressing identified issues. The importance of Schroeder’s remarks was reinforced at the recent SIFMA 2018 Annual Compliance & Legal Conference, where the speech and the information imparted about the new direction of the Enforcement Department were mentioned on several occasions, including by Cook.

Schroeder’s remarks covered the considerations of FINRA’s Enforcement Department when it evaluates: (1) whether to bring an action, (2) what sanctions to seek and (3) how to describe the department’s actions to make it apparent why the action was filed and why the sanctions are what they are.

In addition to the specific counsel Schroeder provides, there are two other points critical to understanding the current state of FINRA. First, this new way of “doing business” comes out of the FINRA360 review, an enterprise-wide, ongoing assessment to review, question its ongoing processes, rethink how it regulates, and ultimately, change to make FINRA a more efficient and effective regulator. What this tells the industry is that these changes on the enforcement side are real, not just talk. It is a long time in coming and never more critical to operationalize for FINRA than right now. Second, Schroeder’s vision for the enforcement program is not just a product of her own musings. She is a direct report of the CEO. The details of the new enforcement program, as described in her speech, clearly have Robert Cook’s support and mandate.

The guidance Schroeder conveyed, if acted on, can potentially save firms and individuals a lot of stress, anxiety, money (especially in fines) and reputational damage. Does that mean there will be no more enforcement actions? Of course not. What it does mean is that the leaders of this enforcement program and of FINRA have staked out what matters to them and the conduct and actions they want to incentivize.


1. What Is the New FINRA Enforcement Department — Getting Back to Basics?

It is now a single, unified enforcement program. The overarching goal with merging the “old” Market Regulation program into the Enforcement Department is to create one consistent program where everybody is headed in the same direction. The next phase — back to basics — identifies common goals for the department and “define[s] what an effective Enforcement action looks like.” 

The Enforcement Department will consist of three components with three deputies reporting to Schroeder — Main Enforcement (f/k/a Home Office Enforcement), Member Regulation Enforcement (f/k/a Regional Enforcement) and Market Regulation Enforcement (f/k/a Market Reg. Legal). The latter two positions are open and in the process of being filled.  Jessica Hopper, until recently the head of the Regional Enforcement Program, has assumed the position of senior vice president, head of the Main Enforcement Program. There is also a fourth deputy position, held by Lara Thyagarajan, who is now counsel to Schroeder. This newly created role is expected to be similar to the policy role of the Securities & Exchange Commission’s chief counsel of the Division of Enforcement.

2. When Is an Enforcement Action Appropriate?

Schroeder identified three primary considerations for assessing when an enforcement action is appropriate:

  1. Was there financial harm to customers? If so, FINRA expects customers to be made whole. 
  2. Was there a significant impact to market integrity? If so, FINRA wants to know if the issue has been fixed and if steps were taken to prevent a reoccurrence. 
  3. Did the misconduct cause significant risk? Most of the cases fall into this category and involve those situations where actual, measurable harm is not there, but there is significant risk of harm — to customers, the firm or the industry.

3. Risk Broken Down, According to FINRA Enforcement

In assessing the third consideration — what constitutes “significant risk of harm” — Enforcement will consider the following factors:

  1. High likelihood of harm. For example, a lot of high-risk brokers are at the firm and a reasonable, tailored supervision program is not in place.
  2. Low probability of occurrence, but high impact. For example, wholesale violations of the customer protection rules, designed to safeguard customer funds and securities, do not occur frequently, but upon occurrence can seriously harm customers. This is especially true when violations occur at financially compromised firms.
  3. Intentional or reckless misconduct. The counterpoint, which Schroeder uses to illustrate this issue, is if a firm misunderstands the rule but is trying to comply, it will be handled differently than the firm that chooses to ignore the same rule.
  4. Recidivism. No further explanation is needed.
  5. Pattern of disregarding regulatory requirements. Viewing paying a fine as the cost of doing business — rather than focusing on an adequate system of controls, compliance and supervision — will not go over well with Enforcement.
  6. Supervision. Supervisors failing to carry out their responsibilities in a reasonable manner creates significant risk. Schroeder acknowledges the issue of CCO liability, saying that this is “not a declaration of war on CCOs: [we will] focus on actual supervisory roles, and [not] reactively blame compliance for the failure of the actual supervisors.”

4. What Sanctions Are Appropriate?

First and foremost, FINRA Enforcement will seek restitution if necessary and appropriate to make harmed investors/customers whole. After that, Enforcement’s assessment of a “fair and effective sanction” is one that is “tailored to most effectively address the root of the problem.”

As anyone can discern from reviewing FINRA’s Sanction Guidelines and prior enforcement actions, FINRA has a number of different sanctions it may seek. Schroeder has “gone on record” that Enforcement “want[s] to choose the tool that most precisely effects the needed change.” One important takeaway for industry from this new mandate is to understand and bring to its discussions with FINRA Enforcement what happened, including any root causes; what needs to change or has changed; and what sanctions are available. In the future, so as to avoid this issue, firms should be prepared to discuss why certain sanctions are or are not appropriate in light of the root cause of the issue and steps taken by the firm to remediate.

Second, if there are systemic or firm-wide issues, the firm should make its best effort to get in front of each issue and remediate as soon as possible. This will go a long way with FINRA in terms of establishing that the firm and its management are committed to doing the right thing. Schroeder noted that FINRA’s goal is to incentivize compliance.

Third, firms earn credit for cooperation. Acting quickly, proactively and comprehensively to address issues is the core goal of FINRA’s credit-for-cooperation policy. Schroeder noted that FINRA currently is reviewing the 10-year-old policy and expects to issue updated guidance this year.

Fourth, actions by other regulators will be considered. In the securities regulatory space, there often is regulatory duplication. Schroeder notes that, with limited resources, there is often little need to duplicate the actions taken by other regulators. Notably, Schroeder also references sanctions imposed internally by the firm. If the regulatory actions and/or internal firm sanctions effectively address the issues, then FINRA should not have to bring an action. While these concepts are included in FINRA’s Sanction Guidelines, historically they have not always been evaluated appropriately. The hope and expectation is that, with the new commitment to be more effective and efficient, FINRA will appropriately defer to other regulators or the firm’s own sanctions if either addresses the conduct.

Schroeder explained that, in determining sanctions to recommend, her department will abide by the following core principles:  

  • Tailor to address the root cause more effectively.
  • Observe proportionality.
  • Incentivize remediation of systemic issues.
  • Reflect credit for cooperation.
  • Reflect action by other regulators or firms.

5. Transparency

The last guiding principle enunciated in Schroeder’s remarks is a goal to ensure that the documents issued in disciplinary actions clearly spell out the legal framework underlying the action. Many in the industry review disciplinary actions to inform and guide their own conduct. No one benefits if all are left scratching their heads as to why a case was brought, an individual sued or a sanction imposed.

The challenge is that firms and individuals on the other side of the negotiating table have an important interest in how the settlement document is worded. Among other things, there are often disagreements on the facts underlying the action and on whether certain facts are relevant and should be included. In her remarks, Schroeder recognized the difficulty, noting that the negotiation process often challenges FINRA in terms of spelling out all of the details. She committed the Enforcement Department to working to find the right balance to ensure that the information explaining the “why” is included in the documents. Proposed respondents and their counsel in negotiations will need to be vigilant when negotiating language in settlement documents regarding this changed approach.

Finally, Schroeder discussed the need to avoid “rule-making by enforcement.”  Both Schroeder and Cook, in his remarks at SIFMA, distinguish “regulation by enforcement,” which is an effective tool to appropriately address deficient conduct, from “rulemaking by enforcement,” which both leaders noted was not an acceptable regulatory response. Enforcement leadership is committed to identifying them early and will seek input from experts outside the department to ensure that the right regulatory response is achieved. Firms will need to be vigilant as well and ensure such issues are appropriately identified and raised within FINRA.

6. What Should Firms/Individuals Do to Meet the New Expectations?

One, if customers/investors were harmed, provide restitution. Second, fix what is broken — the sooner the better. The longer deficiencies continue, the more likely an enforcement action. Third, review compliance, controls and supervision programs to ensure they have sufficient resources, focus, commitments, escalations and follow-up. FINRA’s goal, as stated, is to incentivize compliance — to ensure that paying a fine is not just the cost of doing business and cheaper than having the right systems and processes in place to comply. Fourth, review the guidelines Schroeder spells out in her speech and, if the situation arises, go into discussions with FINRA staff armed with information supporting your position on the issues that organization officials have publicly stated matter to them.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© McGuireWoods LLP | Attorney Advertising

Written by:

McGuireWoods LLP

McGuireWoods LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.


JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at:

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.