FINRA Examinations: Regulatory Priorities and Firm Best Practices
By Diana C. Campbell Miller and David G. Buffa – September 18, 2012
In an effort to explore the contours of the Financial Industry Regulatory Authority’s (FINRA’s) current examination priorities and firms’ best practices, the SRO Subcommittee of the ABA Securities Litigation Committee hosted a panel on April 26, 2012, where FINRA’s New York regional director, Michael Solomon, was joined by industry legal and compliance professionals: Michael Ludwig, of Credit Suisse; Bill Peterson, of Dahlman Rose & Co.; and Joy Weber, of UBS Financial Services Inc. The panel’s discussion was moderated by the subcommittee’s cochairs: David C. Boch, of Bingham McCutchen LLP; Anne C. Flannery, of Morgan Lewis & Bockius LLP; and Andrew W. Sidman, of Bressler, Amery & Ross, P.C.
The New Risk-Based Approach to FINRA Examinations
FINRA member firms of all sizes most inevitably will find themselves face-to-face with on-site regulators wielding virtually limitless investigative powers and seeking to ensure that firms are in compliance with the securities laws and regulations. In addition to cultivating a strong culture of compliance and enforcement thorough internal surveillance, the manner in which firms plan for and work with FINRA’s examiners can drastically affect the entire examination process and its result. For smaller firms, ineffective communication or a failure to educate examiners on the firm’s business at the outset of the examination can lead to burdensome and unnecessary requests and an overall poor allocation of time and valuable, limited resources. For larger firms, the FINRA examination process can seem never-ending, and a failure to proactively seek out solutions and provide ready assistance to the examiners can result in findings and disciplinary action that could have been avoided.
To keep up with the ever-changing industry and regulatory landscapes, FINRA’s examination program continuously adapts and, over the past few years, has shifted to a risk-based approach. This shift represents a departure from pro-forma style exams toward a process that focuses on the individual risk characteristics of the specific member firm. In that sense, the nature, scope, and frequency of examinations will hinge on the regulatory risks presented by that particular firm, including its business model, operations, relevant disciplinary history, and regulatory issues identified in past examinations. See FINRA’s 2012 Regulatory and Examination Priorities Letter (Jan. 31, 2012). This important shift has an impact on the way firms tailor their “best practices” in preparing for and working through a FINRA examination.
A Customized Examination Experience
The shift to risk-based examinations requires FINRA to begin preparing for the examination long before they knock on the member-firm’s door. Data-gathering teams work to collect information on each particular firm in advance, allowing for a more tailored process, with smarter allocation of resources to areas and/or individuals viewed as potentially problematic. The pre-examination collection of this information also allows FINRA to run its own analysis prior to arriving on-site, which means spending less time at the firm and causing less business interruption.
When examiners arrive, they will often station at a firm’s headquarters and, in bigger firms, they frequently branch out to investigate practices at local offices. The length of time examiners spend with a firm varies greatly depending on size. Large, international firms will find that examiners often stay on-site for three to four months. The pre-examination data collection has, hopefully, helped focus the process. But firms should, nevertheless, open the channels of communication with FINRA staff from the outset, to ensure that the examiners understand the firm’s business model. Typically, open communication leads to more focused requests and fewer surprises during the exit interview.
The beginning of the examination is also the best opportunity to show FINRA that the firm embraces a “culture of compliance.” A firm should emphasize its focus on its compliance function and its independence from the firm’s business management, as FINRA has expressed concern that, during difficult economic times, some member-firms downsize their compliance departments, causing greater potential for risk.
Based on an assessment of each member-firm’s risks and scope of operations, FINRA schedules periodic cycle examinations to determine whether firms are in compliance with federal securities laws, rules, and regulations. Cycle examinations often focus on the following areas, among others:
- Rules 3012 and 3013 reports, which identify member-firms’ written compliance policies and supervisory procedures and document the testing of their adequacy and sufficiency. For additional information on 3012 and 3013 reports, see FINRA’s Frequently Asked Questions – Rule 3012 Report.
- anti-money laundering (including the adequacy of firms’ customer identification processes);
- Trade reports for over-the-counter equity securities. For guidance on the trade-reporting rules, see FINRA’s Frequently Asked Questions – Trade Reporting.
- level of experience of compliance personnel;
- email retention practices;
- adequacy of books and records;
- firms’ supervision of employees’ outside business practices and employee trading; and
- private placements and disclosures at the point of sale (e.g., offering materials that are overly broad and vague).
An ongoing concern for examiners has been the tightening of firms’ budgets at the expense of their compliance resources and systems. Many firms have adequate procedures, but lack the staff to adequately enforce them. As an example, FINRA finds it problematic when firms cut costs by shifting compliance functions to supervisors, in effect taking “back-stop” compliance responsibilities and placing the burden on “front-end” employees. On the other hand, FINRA also sees firms that have sufficient staff and appropriate procedures, but have ineffective systems, for example, exception reports with inappropriate parameters that don’t lead to an adequate review of the accounts’ activity or email filters so narrow that they leave objectionable content overlooked. See also Preparing for a FINRA Cycle Examination.
The recent years have also seen an increase in cause examinations and investigations at firms’ local branches. This can be partially attributed to firms and employees trying to “push the envelope” in a revenue-challenged environment. Cause examinations can originate from FINRA’s review of customer complaints, employee arbitrations, whistleblower tips, and/or referrals from other regulators. Often, these are unannounced, and examiners arrive seeking to perform data captures, including trading records, emails, and other electronically stored information.
FINRA’s 2012 Regulatory and Examination Priorities Letter sets forth a comprehensive listing of its current examination priorities. The “hot button” issues are as follows:
- Complex and structured products. Examiners want to understand the process by which complex products reach the markets, from the product’s creation through the client-facing marketing materials. They also want to see what training is in place for registered representatives and the firm’s guidance for point-of-sale communications. A major emphasis is placed on the adequacy of education of the sales force concerning complex financial instruments offered by the firm.
- Areas where the firm is trying to expand revenue. What are the areas in which the firm is attempting to expand its business? Examiners will test the firm’s readiness to enter new businesses, especially when they are novel and/or call for greater regulatory scrutiny.
- FCPA procedure. Examiners have seen a wide variation in firm’s Foreign Corrupt Practices Act (FCPA) procedures. Of focus are procedures applicable to the investment banking/institutional side of the firm, and restrictions applicable to employee travel abroad and gifting.
- Call centers. While a firm’s decision to shift its retail business to a call center is not itself a bad thing, examiners will want to verify that the firm’s procedures have been adequately tailored for the unique issues presented by a call-center structure and that supervision and staffing in the call centers is appropriate.
- Suitability. FINRA examiners will be interested in obtaining data that reflect member firms’ compliance with the new suitability rules (which went into effect as of July 9, 2012).
The efficient use of FINRA’s resources is a recurring theme within the organization. FINRA has approximately 200 employees in the New York regional offices. The culture within the New York FINRA offices empowers the staff to be creative in their efforts to examine member firms and emphasizes the importance of visiting larger firms on the local branch level. While FINRA makes a concerted effort to send experienced professionals to supervise younger staff members during an examination, member firms are urged to educate examiners about the firm’s business at the outset of the examination process to best allocate both FINRA’s and the firm’s resources and time.
FINRA is also cognizant of the potential for overlap between its examinations and those of other SROs, and works to avoid subjecting firms to multiple, overlapping exams. With that in mind, FINRA’s regional heads meet on a monthly basis to compare their efforts, and FINRA meets semi-annually with the Securities Exchange Commission to coordinate investigations and avoid duplicative examinations.
Planning for an Exam
The resources a firm needs to allocate to the actual examination process depend greatly upon the size of the firm. Because it can take about six months from the beginning of the examination through the issuance of the report, a large firm cannot begin planning for its next examination soon enough. In that process, it is essential to thoroughly review recent past examination reports and gather documentation showing remedial efforts and demonstrating new initiatives that address risk areas previously identified.
Staying abreast of FINRA’s priorities is likewise crucial to facilitating a well-run examination. One suggestion is that firms look at the last five years of SRO-issued guidance on exam focal points. In identifying their potential issues, firms should look at their own branch examinations and internal audit reports. Larger firms should make sure all branches and remote locations are registered. With respect to smaller firms, FINRA’s online training resources are helpful to update compliance employees on examination priorities quickly and without great cost. See FINRA’s Online Learning Program.
During the Examination
In any firm, no matter the size, it is important to have appropriate space set aside for the examiners to work. Of course, if the examiners will spend many months on-site, having adequate space becomes even more important. From the beginning and through the duration of the process, firms should have an examination coordinator—a point person who knows the structure of the firm and its business, understands the particular subject of the exam, knows all the “key players” involved, and has the authority to get things done quickly within the company. For broad-based examinations, it can be helpful to appoint different coordinators for each specific topic area. As the firm’s key person facing the examiners, it is invaluable that the coordinator be very well versed on the firm’s compliance policies and procedures.
When responding to requests during an examination, it is very important that both firm personnel and examiners understand the specific request and what type of documentation is sought. There is nothing wrong with offering the examiner an alternative set of documents that gets the examiner to the same point with less of a burden to the firm. If a request is overly broad, firms should let the examiner know. For instance, email reviews often present challenges with scope. A helpful way to demonstrate overbreadth is to show the examiners a sample of the emails responsive to the terms of their request. From the smaller-firm perspective, it is important to stay vigilant and continuously educate examiners about the business of the firm to avoid requests for documents that do not necessarily apply to the particular firm or business model. Once again, communicating at the outset to educate examiners can help avoid unnecessary costs and confusion.
With respect to how member-firms handle examinations internally, compliance professionals are reminded to advise senior businesspeople at the firm of any impending or ongoing examination and to continually update them as to its progress, including (especially) any problematic findings.
Remedial Efforts and the Examination Report
There are several best practices for addressing deficiencies identified either during the course of the examination or in the final examination report. When the examiner identifies issues in the course of the examination, the best practice is to demonstrate immediate remedial efforts. By proactively seeking out periodic meetings with the examiners, the firm’s examination coordinator can discuss deficiencies and findings that can potentially be addressed even before the examination report is finalized. In that regard, examiners can omit smaller violations from their final report when they see that the firm has taken steps during the examination process to remediate them. Asking for status meetings and keeping an open channel of communication during the examinations is the best way to avoid surprises during the exit interview and allows FINRA and the firm to discuss issues more candidly, come up with action plans, and find suitable solutions.
The examination report will detail the exceptions and potential violations identified, as well as FINRA’s recommendations. Serious violations, especially those involving fraud, may be referred to FINRA’s Enforcement Department, which can happen even before the end of the examination. In responding to deficiencies, firms should take the opportunity to discuss remedial efforts underway as well as planned courses of action. It is important not to overpromise results that the firm may later fail to deliver. After the examination is conducted, firms should keep track and document their remedial efforts in preparation for FINRA’s next visit, which, as noted, is likely to be just around the corner.
Keywords: securities litigation, FINRA examination, regulatory priorities, broker-dealer, best practices