The recently issued 2016 Regulatory and Examination Priorities Letter discloses FINRA’s new initiatives on market integrity and firm culture and reflects a focus on firms’ supervision regarding conflicts of interest and technology. Regulatory concern over many of these issues has been previously reported in this blog here, here, here and here.
The 2016 Letter reveals that, in early 2016, FINRA will start delivering compliance report cards to firms, beginning with monthly report cards focused on layering and spoofing. These report cards will identify potentially manipulative activity based on FINRA’s cross-market equity manipulation surveillance program and FINRA “will examine how firms use this information to identify and address the potential misconduct.” In particular, FINRA will focus on coordinated options and equity market activity intended to affect the settlement prices of related products and is adding new surveillance tools in this area.
The 2016 Letter also identifies a new initiative to formalize FINRA’s assessment of firm culture, which has a “profound influence” on how firms operate and manage conflicts. The 2016 Letter identifies five indicators of a firm’s culture that FINRA will assess: whether control functions are valued within the organization; whether policy or control breaches are tolerated; whether the organization proactively seeks to identify risk and compliance events; whether supervisors are effective role models of firm culture; and whether sub-cultures that may not conform to overall corporate culture are identified and addressed.
The 2016 Letter also focuses on firms’ supervision regarding conflicts of interest. In particular, FINRA will look at incentive structures that may present conflicts, such as retail sale of proprietary products or products where firms receive third-party payments, as well as proprietary traders who value their own positions. The 2016 Letter also reminds firms not to use research analysts to win investment banking business and that FINRA will assess “whether any analysts are inappropriately involved in investment banking activities and whether investment banking personnel exercise undue influence on analysts.” FINRA also will review firms’ controls to identify, minimize and mitigate information leakage.
The 2016 Letter also reflects concern as to firms’ supervision and risk management with regard to cybersecurity, technology management, and data quality. On cybersecurity, FINRA examiners may review governance, risk assessment, technical controls, incident response, vendor management, data loss prevention and staff training. FINRA also states that it has “observed shortcomings in firms’ management of their technology systems” and that FINRA will focus on firms’ technology governance and change management practices. Further, FINRA will examine firms’ data governance, quality controls and reporting practices to ensure that firm systems and management receive accurate and complete data.
In addition to these areas of concern, the 2016 Letter also outlines examination priorities regarding several other issues, including anti-money laundering, liquidity, sales practices, short sales, financial and operational controls and other subjects of regulatory interest.