On January 10, FINRA published its " 2023 Report on FINRA's Examination and Risk Management Program" (Report) — FINRA's third annual compendium of guidance, covering key topics and emerging risks for member firms to consider when evaluating the efficacy of their compliance programs and operations procedures. Among other things, the Report identifies relevant rules, summarizes noteworthy findings, outlines effective practices, and provides additional resources that may be helpful to member firms when assessing their compliance obligations.
This year, the Report is organized into five sections: (1) Financial Crimes, (2) Firm Operations, (3) Communications and Sales, (4) Market Integrity, and (5) Financial Management. The Financial Crimes section is a new addition for this year, whereas each of the other four sections were included in last years' report. In addition to adding the Financial Crimes section, this year's Report also builds on the structure and content of the 2021 Report and 2022 Reports by adding: (i) new material (findings and effective practices) to existing sections; and (ii) new topics to the Market Integrity section. The Financial Crimes section (its topics and emerging risks) is summarized below, followed by a summary of the regulatory obligations and related considerations for each of the new Market Integrity topics.
I. Financial Crimes
This new section of FINRA's annual report is a deliberate effort by FINRA to focus on areas where member firms face potential criminal exposure. It includes one new topic (Manipulative Trading) and two topics that were previously included in the Firm Operations section (Cybersecurity and Technology Governance and Anti-Money Laundering, Fraud, and Sanction).
Manipulative Trading (new): Certain FINRA rules prohibit member firms from engaging in impermissible trading practices, including manipulative trading, including, among others: Rules 2010 (Standards of Commercial Honor and Principles of Trade), 2020 (Use of Manipulative, Deceptive, or Other Fraudulent Devices), 5210 (Publication of Transactions and Quotations), 5220 (Offers at Stated Prices). Additionally, under Rule 3110 (Supervision), member firms are required to supervise their associated persons' trading activities, and a firm's supervisory procedures must include a process for the review of securities transactions.
Cybersecurity and Technological Governance: Rule 30 of SEC Regulation S-P requires member firms to have written policies and procedures that address administrative, technical, and physical safeguards for the protection of customer records and information. In addition to member firms' compliance with SEC regulations, FINRA reminds firms that cybersecurity remains one of the principal operational risks facing broker-dealers and expects firms to develop and maintain reasonably designed cybersecurity programs and controls that are consistent with their risk profile, business model, and scale of operations.
Anti-Money Laundering, Fraud, and Sanction: FINRA Rule 3310 (Anti-Money Laundering Compliance Program) requires that each member firm develop and implement a written AML program that is approved in writing by senior management and is reasonably designed to achieve and monitor the firm's compliance with the Bank Secrecy Act (BSA) and its implementing regulations.
Notably, each of the "emerging risks" identified in this year's Report fall within the ambit of Financial Crimes:
Manipulative Trading in Small Cap IPOs: FINRA, NASDAQ, and NYSE have recently observed that initial public offerings (IPOs) for certain small cap, exchange-listed issuers may be the subject of market manipulation schemes, similar to so-called "ramp and dump" schemes. FINRA has also observed significant unexplained price increases on the day of or shortly after the IPO of certain small cap issuers.
Sanctions Evasion: Since February 2022, OFAC has taken several significant sanctions actions related to the Russian financial services sector in response to Russia's actions in Ukraine. In response, on February 25, 2022, FINRA issued Regulatory Notice 22-06 (U.S. Imposes Sanctions on Russian Entities and Individuals) to provide firms with information about these actions, and to encourage firms to continue to monitor the OFAC website for relevant information.
ACATS Fraud: FINRA has observed an increased number of fraudulent transfers of customer accounts through ACATS in which a bad actor will use the stolen identity of a legitimate customer to open an online brokerage account.
Senior Investors: Senior investors can be vulnerable to fraud, theft, scams, and exploitation. When firms are assessing how they monitor customer account activity for red flags of financial crimes to which senior investors may be vulnerable, they should consider whether they maintain specialized senior investor-focused or other exception reporting or surveillance that is reasonably designed to detect and report suspicious activity related to financial crimes. Member firms should also consider whether their monitoring program incorporates red flags of elder financial exploitation.
II. Market Integrity
Each of this year's remaining new topics sits within the Report's Market Integrity category.
Fixed Income: The fair pricing obligations under FINRA Rule 2121 (Fair Prices and Commissions) apply to transactions in all securities — including fixed income securities — and MSRB Rule G-30 imposes similar obligations for transactions in municipal securities. In addition, FINRA Rule 2121 and MSRB Rule G-30 also include specific requirements for transactions in debt securities. These rules generally require a dealer that acts in a principal capacity in a debt security transaction with a customer, and who charges a markup or markdown to mark up or mark down the transaction from the prevailing market price (PMP).
Fractional Shares: FINRA's trade reporting rules generally require member firms to transmit last sale reports of transactions in equity securities to a FINRA trade reporting facility (TRF) or FINRA's over-the-counter trade reporting facility (ORF) as applicable. Although the TRF and the ORF do not currently support the entry of fractional share quantities, such trades are required to be reported subject to FINRA guidance.
Regulation SHO: Rules 203(b) (Short Sales) and 204 (Close-Out Requirement) of Regulation SHO provide exceptions for bona fide market making activity. Member firms must confirm and demonstrate that any transaction for which they rely on a Regulation SHO bona fide market making exception qualifies for the exception, consistent with Regulation SHO and guidance.
The Report also highlights several topics that FINRA has identified as ongoing key areas of risk to investors and the markets, including: (1) Regulation Best Interest and Form CRS; (2) best execution obligations and conflicts of interest; (3) the increasing prevalence and sophistication of cybersecurity attacks; and (4) securities trading via mobile applications. The Report also is of interest for what it does not include. Notably, although special purpose acquisition companies (SPACs) were considered a key topic for the 2021 Report — and have seen focused attention from other regulatory bodies, such as the SEC — they are not referenced in this year's issue at all.
The findings and best practices outlined in the Report can serve as a guide for member firms to identify possible deficiencies or gaps in their compliance programs and operations procedures that could result in the types of exam findings highlighted therein. FINRA member firms are encouraged to thoroughly review the Report. In particular, member firms should identify the findings, observations, and effective practices relevant to their business models. The Report also may serve as a road map to prepare for an examination. If concerns arise before an examination, member firms would be well served by including counsel familiar with these issues in their preparation for the examination.
