201-896-4100 info@sh-law.com

10 Key Takeaways from FINRA’s Exam Results and Priorities for 2021

Author: Paul A. Lieberman|March 10, 2021

The Financial Industry Regulatory Authority (FINRA) recently published its “Report on FINRA’s Risk Monitoring and Examination Activities”

10 Key Takeaways from FINRA’s Exam Results and Priorities for 2021

The Financial Industry Regulatory Authority (FINRA) recently published its “Report on FINRA’s Risk Monitoring and Examination Activities”

10 Key Takeaways from FINRA’s Exam Results and Priorities for 2021

On February 1, 2021, the Financial Industry Regulatory Authority (FINRA) published its “Report on FINRA’s Risk Monitoring and Examination Activities” (Report) providing insights of its regulatory operations. In its News Release, FINRA stated that the new two-in-one report combines two previously published annual reports: FINRA’s Report on Examination Findings and Observations, and the Risk Monitoring and Examination Program Priorities Letter.  FINRA’s objective was to provide member firms with information for assessment and strengthening of compliance, supervisory and risk management programs.  FINRA will “revisit” the Report annually.

The new, more user-friendly report identifies the applicable rule and key related considerations for member firm compliance programs, summarizes noteworthy findings from recent examinations, outlines effective practices that FINRA observed during its oversight, and provides additional resources helpful to member firms in fulfilling their compliance obligations. According to FINRA, “This report is designed to give member firms a single, authoritative source that provides insights derived both from the last year’s examinations and risk assessments, and from where we have identified emerging issues for the coming year.”[1]

The Report is organized into four categories and addresses 18 regulatory areas: Firm Operations, Communications and Sales, Market Integrity, and Financial Management. For each regulatory obligation discussed, the Report (1) identifies the applicable rule and key related considerations for member firm compliance programs, (2) summarizes noteworthy findings from recent examinations and outlines effective practices that FINRA observed during its oversight, and (3) provides additional resources that may be helpful to member firms.

How to use the report

FINRA issued guidance to members on “How to Use the Report”, recognizing that member firms are diverse and therefore should after reviewing the Report, “incorporate relevant practices into its compliance programs tailored to its activities”.  Member firms were reminded to update their WSPs in light of new laws, rules and regulations.  The Report is a “tool” among a host of other identified resources for members.

Category I:  Firm Operations

This section of the Report discusses operations issues related to anti-money-laundering (AML), cybersecurity and technology governance, outside business activities, books and records, regulatory event reporting, and fixed income markup disclosure. Below are several key takeaways:

  • Anti-Money Laundering: FINRA exams revealed several AML compliance issues, such as failing to tailor transaction monitoring to address firms’ business risk(s); failing to incorporate, or account for, AML risks relating to cash management accounts; and unclear delegation of AML responsibilities. FINRA also highlighted several emerging AML or financial crime risks, including those related to: special purpose acquisition companies (SPACs); microcap and penny stocks; and restricted markets. To boost compliance, FINRA recommends that firms use both documentary (such as drivers’ licenses or passports) and non-documentary methods (such as using third-party sources) to verify customers’ identities. It also states that firms should consider implementing additional precautions during account opening, including limiting automated approval of multiple accounts opened by a single customer; reviewing account application fields for repetition or commonalities among multiple applications; and using technology to detect indicators of automated scripted attacks in the digital account application process. To avoid improper reliance on clearing firms, FINRA suggests that firms review the allocation of responsibilities between clearing and introducing firms for handling ACH transactions and implement policies and procedures to comply with those responsibilities.
  • Cybersecurity: FINRA emphasizes that firms’ ongoing and increasing reliance on technology for many customer-facing activities, communications, trading, operations, back-office and compliance programs—especially given the increased reliance on working remotely—requires them to address new and existing cybersecurity risks, including risks relating to cybersecurity-enabled fraud and crime. In addition to firms’ compliance with SEC regulations requiring firms to have written policies and procedures that are reasonably designed to safeguard customer records and information, FINRA reminds firms that cybersecurity remains one of the principal operational risks facing broker-dealers, and expects firms to develop reasonably designed cybersecurity programs and controls that are consistent with their risk profile, business model and scale of operations. With regard to emerging risks, the Report notes that it has observed increased numbers of cybersecurity- or technology-related incidents at firms, including: systemwide outages; email and account takeovers; fraudulent wire requests; imposter websites; and ransomware.

Category II:  Communications and Sales

This section of the Report covers Regulation BI (Reg BI) and Form CRS, communications with the public, private placements, and variable annuities. Below are several key takeaways:

  • Regulation BI (Reg BI) and Form CRS: FINRA will continue to focus on assessing whether member firms have established and implemented policies, procedures, and a system of supervision reasonably designed to comply with Reg BI and Form CRS. In 2021, FINRA intends to expand the scope of its Reg BI and Form CRS reviews and testing to effect a more comprehensive review of firm processes, practices and conduct. The Report states that FINRA will take appropriate action in the event it observes conduct that may cause customer harm, would have violated previous standards (e.g., suitability), or indicates a clear disregard of the requirements of Reg BI and Form CRS. 
  • Communications with the Public: FINRA continues to evaluate firms for compliance with FINRA Rule 2210, which includes principles-based content standards that are designed to apply to ongoing developments in communications technology and practices. According to the Report, FINRA is increasingly focused on communications relating to certain new products, and how member firms supervise, comply with recordkeeping obligations, and address risks relating to new digital communication channels. This focus includes risks associated with app-based platforms with interactive or “game-like” features that are intended to influence customers, their related forms of marketing, and the appropriateness of the activity that they are approving clients to undertake through those platforms. The Report also addresses communications relating to cash management services that sweep customer cash into affiliate or partner banks or money market funds (Cash Management Accounts).
  • Variable Annuities: FINRA continues to evaluate variable annuity exchanges under FINRA Rule 2330 and, when applicable, under Reg BI. In 2020, FINRA engaged in an informal review of buyout written supervisory procedures (WSPs), training, and disclosures for firms whose customers were impacted by a recent announcement from an insurer with sizable variable annuity assets stating it will terminate servicing agreements, cancel certain trail commissions for registered representatives, and provide buyout offers to its variable annuity customers. The Report includes several recommended practices with respect to buyouts, such as performing a holistic review of buyout offers; requiring supervisory principal pre-approval (and, in some cases, additional second-level approval) for buyout offers; and requiring registered representatives’ recommendations to consider all changes to customers’ variable annuities. FINRA also suggests that firms provide extensive, ongoing training and communications to all registered representatives about buyout offers and related compliance obligations, as well as develop new buyout offer disclosures or expanding existing variable annuity disclosure forms to address considerations for buyout offers.

Category III:  Market Integrity

This section of the Report discusses the Consolidated Audit Trail (CAT), best execution, large-trader reporting, market access, and the vendor display rule. Below are several key takeaways:

  • Consolidated Audit Trail (CAT): The Report highlights that all firms that receive or originate orders in National Market System (NMS) stocks, over-the-counter (OTC) equity securities or listed options must report to CAT. All proprietary trading activity, including market-making activity, is subject to CAT reporting. There are no exclusions or exemptions for size or type of firm or type of trading activity. FINRA is in the early stages of reviewing for compliance with certain CAT obligations; accordingly, exam findings or effective practices are not included in the Report but will be provided later when more information is available. In the interim, FINRA advises that firms should review the list of recommended steps provided in Regulatory Notice 20-31, along with the list of considerations and relevant resources provided in the Report, in assessing the adequacy of their CAT compliance programs.
  • Best Execution: FINRA continues to review firms’ compliance with best execution obligations under FINRA Rule 5310. Areas of focus include potential conflicts of interest in order-routing decisions, appropriate policies and procedures for different order and security types, and the sufficiency of member firms’ reviews of execution quality. FINRA also conducted a targeted review of member firms that do not charge commissions for customer transactions (“zero commission” trading) to evaluate the impact that not charging commissions has or will have on member firms’ order-routing practices and decisions, and other aspects of member firms’ business.

Category IV:  Financial Management

This section of the Report addresses net capital, liquidity management, credit risk management, and segregation of assets and customer protection. Below are several key takeaways:

  • Net Capital: FINRA highlights several compliance concerns related to Exchange Act Rule 15c3-1, which requires that firms must at all times have and maintain net capital at specific levels. For instance, it observed that firms incorrectly classifying receivables, liabilities and revenues, which resulted in inaccurate reporting of firms’ financial positions and, in some instances, a capital deficiency; incorrectly classifying non-allowable assets, such as large investments in certificates of deposit (CDs) because firms did not have a process to assess the net capital treatment of CDs pursuant to Exchange Act Rule 15c3-1(c)(2)(vi)(E); and not reviewing account agreements for CDs to determine whether they contained stipulations restricting withdrawals prior to maturity, including restricting their withdrawal or giving the bank discretion to permit or prohibit their withdrawal. FINRA recommends that firms assess their net capital treatment of assets, including CDs, to confirm that they were correctly classified for net capital purposes. It also suggests that firms confirm that they have correctly identified and aged all failed-to-deliver contracts, properly calculated the applicable net capital charges and correctly applied the deductions to their net capital calculation.
  • Liquidity Management: FINRA reminds firms that effective liquidity controls are critical elements in a broker-dealer’s risk management framework. Nonetheless, it observed several compliance concerns, such as failing to expand stress tests from a single time horizon to multiple time horizons (such as 10 days to 30 days or longer); failing to incorporate the results of firms’ stress tests into their business model; and failing to develop contingency plans for operating in a stressed environment with specific steps to address certain stress conditions, including identifying the firm staff responsible for enacting the plan, the process for accessing liquidity during a stress event and setting standards to determine how liquidity funding would be used. Accordingly, FINRA stresses the importance of updating liquidity risk management practices to take into account a firm’s current business activities and conducting stress tests in a manner and frequency that considered the firm’s business model.
  • Credit Risk Management: FINRA notes that firms need to properly capture, measure, aggregate, manage and report credit risk, including risk exposures that may not be readily apparent. Such responsibility can be incurred under clearing arrangements, prime brokerage arrangements (especially fixed income prime brokerage), “give up” arrangements, sponsored access arrangements (discussed above in the Market Access section) or principal letters. The Report further emphasizes that firms should maintain a robust internal control framework where they manage credit risk and they identify and address all relevant risks covering the extension of credit to their customers and counterparties.

Conclusions:  Next Steps for Firms

  • Firms senior management, Legal and Compliance managers/staff and supervisors should review the Report in its entirety and incorporate relevant updates and revisions into your WSPs and compliance programs.
  • Look for the next Annual Report and focus on (a) core compliance responsibilities and (b) episodic/development-led requests.
  • Consider contact with firm’s designated Risk Monitoring Analyst for guidance about effective practices.
  • Firms should use FINRA’s observations and findings as ‘benchmarks’ for upgrades to its WSPs.

If you have questions, please contact us

If you have any questions or if you would like to discuss these issues further,
please contact Paul A. Lieberman or the Scarinci Hollenbeck attorney with whom you work, at (201) 896-4100.


[1] See Regulatory Notice 20-16 regarding Covid-19 Pandemic Remote Work Environment.

10 Key Takeaways from FINRA’s Exam Results and Priorities for 2021

Author: Paul A. Lieberman
10 Key Takeaways from FINRA’s Exam Results and Priorities for 2021

On February 1, 2021, the Financial Industry Regulatory Authority (FINRA) published its “Report on FINRA’s Risk Monitoring and Examination Activities” (Report) providing insights of its regulatory operations. In its News Release, FINRA stated that the new two-in-one report combines two previously published annual reports: FINRA’s Report on Examination Findings and Observations, and the Risk Monitoring and Examination Program Priorities Letter.  FINRA’s objective was to provide member firms with information for assessment and strengthening of compliance, supervisory and risk management programs.  FINRA will “revisit” the Report annually.

The new, more user-friendly report identifies the applicable rule and key related considerations for member firm compliance programs, summarizes noteworthy findings from recent examinations, outlines effective practices that FINRA observed during its oversight, and provides additional resources helpful to member firms in fulfilling their compliance obligations. According to FINRA, “This report is designed to give member firms a single, authoritative source that provides insights derived both from the last year’s examinations and risk assessments, and from where we have identified emerging issues for the coming year.”[1]

The Report is organized into four categories and addresses 18 regulatory areas: Firm Operations, Communications and Sales, Market Integrity, and Financial Management. For each regulatory obligation discussed, the Report (1) identifies the applicable rule and key related considerations for member firm compliance programs, (2) summarizes noteworthy findings from recent examinations and outlines effective practices that FINRA observed during its oversight, and (3) provides additional resources that may be helpful to member firms.

How to use the report

FINRA issued guidance to members on “How to Use the Report”, recognizing that member firms are diverse and therefore should after reviewing the Report, “incorporate relevant practices into its compliance programs tailored to its activities”.  Member firms were reminded to update their WSPs in light of new laws, rules and regulations.  The Report is a “tool” among a host of other identified resources for members.

Category I:  Firm Operations

This section of the Report discusses operations issues related to anti-money-laundering (AML), cybersecurity and technology governance, outside business activities, books and records, regulatory event reporting, and fixed income markup disclosure. Below are several key takeaways:

  • Anti-Money Laundering: FINRA exams revealed several AML compliance issues, such as failing to tailor transaction monitoring to address firms’ business risk(s); failing to incorporate, or account for, AML risks relating to cash management accounts; and unclear delegation of AML responsibilities. FINRA also highlighted several emerging AML or financial crime risks, including those related to: special purpose acquisition companies (SPACs); microcap and penny stocks; and restricted markets. To boost compliance, FINRA recommends that firms use both documentary (such as drivers’ licenses or passports) and non-documentary methods (such as using third-party sources) to verify customers’ identities. It also states that firms should consider implementing additional precautions during account opening, including limiting automated approval of multiple accounts opened by a single customer; reviewing account application fields for repetition or commonalities among multiple applications; and using technology to detect indicators of automated scripted attacks in the digital account application process. To avoid improper reliance on clearing firms, FINRA suggests that firms review the allocation of responsibilities between clearing and introducing firms for handling ACH transactions and implement policies and procedures to comply with those responsibilities.
  • Cybersecurity: FINRA emphasizes that firms’ ongoing and increasing reliance on technology for many customer-facing activities, communications, trading, operations, back-office and compliance programs—especially given the increased reliance on working remotely—requires them to address new and existing cybersecurity risks, including risks relating to cybersecurity-enabled fraud and crime. In addition to firms’ compliance with SEC regulations requiring firms to have written policies and procedures that are reasonably designed to safeguard customer records and information, FINRA reminds firms that cybersecurity remains one of the principal operational risks facing broker-dealers, and expects firms to develop reasonably designed cybersecurity programs and controls that are consistent with their risk profile, business model and scale of operations. With regard to emerging risks, the Report notes that it has observed increased numbers of cybersecurity- or technology-related incidents at firms, including: systemwide outages; email and account takeovers; fraudulent wire requests; imposter websites; and ransomware.

Category II:  Communications and Sales

This section of the Report covers Regulation BI (Reg BI) and Form CRS, communications with the public, private placements, and variable annuities. Below are several key takeaways:

  • Regulation BI (Reg BI) and Form CRS: FINRA will continue to focus on assessing whether member firms have established and implemented policies, procedures, and a system of supervision reasonably designed to comply with Reg BI and Form CRS. In 2021, FINRA intends to expand the scope of its Reg BI and Form CRS reviews and testing to effect a more comprehensive review of firm processes, practices and conduct. The Report states that FINRA will take appropriate action in the event it observes conduct that may cause customer harm, would have violated previous standards (e.g., suitability), or indicates a clear disregard of the requirements of Reg BI and Form CRS. 
  • Communications with the Public: FINRA continues to evaluate firms for compliance with FINRA Rule 2210, which includes principles-based content standards that are designed to apply to ongoing developments in communications technology and practices. According to the Report, FINRA is increasingly focused on communications relating to certain new products, and how member firms supervise, comply with recordkeeping obligations, and address risks relating to new digital communication channels. This focus includes risks associated with app-based platforms with interactive or “game-like” features that are intended to influence customers, their related forms of marketing, and the appropriateness of the activity that they are approving clients to undertake through those platforms. The Report also addresses communications relating to cash management services that sweep customer cash into affiliate or partner banks or money market funds (Cash Management Accounts).
  • Variable Annuities: FINRA continues to evaluate variable annuity exchanges under FINRA Rule 2330 and, when applicable, under Reg BI. In 2020, FINRA engaged in an informal review of buyout written supervisory procedures (WSPs), training, and disclosures for firms whose customers were impacted by a recent announcement from an insurer with sizable variable annuity assets stating it will terminate servicing agreements, cancel certain trail commissions for registered representatives, and provide buyout offers to its variable annuity customers. The Report includes several recommended practices with respect to buyouts, such as performing a holistic review of buyout offers; requiring supervisory principal pre-approval (and, in some cases, additional second-level approval) for buyout offers; and requiring registered representatives’ recommendations to consider all changes to customers’ variable annuities. FINRA also suggests that firms provide extensive, ongoing training and communications to all registered representatives about buyout offers and related compliance obligations, as well as develop new buyout offer disclosures or expanding existing variable annuity disclosure forms to address considerations for buyout offers.

Category III:  Market Integrity

This section of the Report discusses the Consolidated Audit Trail (CAT), best execution, large-trader reporting, market access, and the vendor display rule. Below are several key takeaways:

  • Consolidated Audit Trail (CAT): The Report highlights that all firms that receive or originate orders in National Market System (NMS) stocks, over-the-counter (OTC) equity securities or listed options must report to CAT. All proprietary trading activity, including market-making activity, is subject to CAT reporting. There are no exclusions or exemptions for size or type of firm or type of trading activity. FINRA is in the early stages of reviewing for compliance with certain CAT obligations; accordingly, exam findings or effective practices are not included in the Report but will be provided later when more information is available. In the interim, FINRA advises that firms should review the list of recommended steps provided in Regulatory Notice 20-31, along with the list of considerations and relevant resources provided in the Report, in assessing the adequacy of their CAT compliance programs.
  • Best Execution: FINRA continues to review firms’ compliance with best execution obligations under FINRA Rule 5310. Areas of focus include potential conflicts of interest in order-routing decisions, appropriate policies and procedures for different order and security types, and the sufficiency of member firms’ reviews of execution quality. FINRA also conducted a targeted review of member firms that do not charge commissions for customer transactions (“zero commission” trading) to evaluate the impact that not charging commissions has or will have on member firms’ order-routing practices and decisions, and other aspects of member firms’ business.

Category IV:  Financial Management

This section of the Report addresses net capital, liquidity management, credit risk management, and segregation of assets and customer protection. Below are several key takeaways:

  • Net Capital: FINRA highlights several compliance concerns related to Exchange Act Rule 15c3-1, which requires that firms must at all times have and maintain net capital at specific levels. For instance, it observed that firms incorrectly classifying receivables, liabilities and revenues, which resulted in inaccurate reporting of firms’ financial positions and, in some instances, a capital deficiency; incorrectly classifying non-allowable assets, such as large investments in certificates of deposit (CDs) because firms did not have a process to assess the net capital treatment of CDs pursuant to Exchange Act Rule 15c3-1(c)(2)(vi)(E); and not reviewing account agreements for CDs to determine whether they contained stipulations restricting withdrawals prior to maturity, including restricting their withdrawal or giving the bank discretion to permit or prohibit their withdrawal. FINRA recommends that firms assess their net capital treatment of assets, including CDs, to confirm that they were correctly classified for net capital purposes. It also suggests that firms confirm that they have correctly identified and aged all failed-to-deliver contracts, properly calculated the applicable net capital charges and correctly applied the deductions to their net capital calculation.
  • Liquidity Management: FINRA reminds firms that effective liquidity controls are critical elements in a broker-dealer’s risk management framework. Nonetheless, it observed several compliance concerns, such as failing to expand stress tests from a single time horizon to multiple time horizons (such as 10 days to 30 days or longer); failing to incorporate the results of firms’ stress tests into their business model; and failing to develop contingency plans for operating in a stressed environment with specific steps to address certain stress conditions, including identifying the firm staff responsible for enacting the plan, the process for accessing liquidity during a stress event and setting standards to determine how liquidity funding would be used. Accordingly, FINRA stresses the importance of updating liquidity risk management practices to take into account a firm’s current business activities and conducting stress tests in a manner and frequency that considered the firm’s business model.
  • Credit Risk Management: FINRA notes that firms need to properly capture, measure, aggregate, manage and report credit risk, including risk exposures that may not be readily apparent. Such responsibility can be incurred under clearing arrangements, prime brokerage arrangements (especially fixed income prime brokerage), “give up” arrangements, sponsored access arrangements (discussed above in the Market Access section) or principal letters. The Report further emphasizes that firms should maintain a robust internal control framework where they manage credit risk and they identify and address all relevant risks covering the extension of credit to their customers and counterparties.

Conclusions:  Next Steps for Firms

  • Firms senior management, Legal and Compliance managers/staff and supervisors should review the Report in its entirety and incorporate relevant updates and revisions into your WSPs and compliance programs.
  • Look for the next Annual Report and focus on (a) core compliance responsibilities and (b) episodic/development-led requests.
  • Consider contact with firm’s designated Risk Monitoring Analyst for guidance about effective practices.
  • Firms should use FINRA’s observations and findings as ‘benchmarks’ for upgrades to its WSPs.

If you have questions, please contact us

If you have any questions or if you would like to discuss these issues further,
please contact Paul A. Lieberman or the Scarinci Hollenbeck attorney with whom you work, at (201) 896-4100.


[1] See Regulatory Notice 20-16 regarding Covid-19 Pandemic Remote Work Environment.

Firm News & Press Releases