FINRA recently published its 90-page 2024 Annual Regulatory Oversight Report (Report) providing member firms with insight into six primary topics: Financial Crimes, Crypto Asset Development, Firm Operations, Communications and Sales, Market Integrity, and Financial Management. Each of the primary topics contains three to eight sub-topics with, among other things, examples of what FINRA considers to be effective (and ineffective) practices related to each sub-topic. Provided below are discrete observations corresponding to each sub-topic that member firms may wish to consider relative to their unique businesses. Such observations are designed to be an entry point into a broader discussion of a firm's critical self-assessment in these areas.

The primary topics and corresponding sub-topics for consideration are as follows:

Financial Crimes

  • Cybersecurity and Technology Management: Although cyber incidents could have Bank Secrecy Act (BSA) implications, consideration should be given to whether such incidents also could implicate FINRA Rule 4530(b).
  • AML, Fraud, and Sanctions: For firms that establish online accounts, develop an effective practice for verifying customer identification for individuals.
  • Manipulative Trading: Surveil for wash sales and consider whether such trading activity was effected for the purpose of collecting liquidity rebates from exchanges.

Crypto Asset Development (New)

Determine whether communications with customers clearly distinguish an affiliated crypto account from the customer's brokerage account.

Firm Operations

  • Outside Business Activities and Private Securities Transactions: Establish policies, procedures, and controls for associated persons that have outside business activities and private securities transactions involving crypto assets.
  • Books and Records: Consider how your firm surveils for unapproved off-channel communications.
  • Regulatory Events Reporting: Determine whether to review firm communications for unreported customer complaints.
  • Trusted Contact Persons: Consider creating target goals for collecting trusted contact person information and making the results available within the firm.
  • Crowdfunding Offerings: Broker-Dealers and Funding Portals: Evaluate and properly vet instances (if any) where issuers or offerings present warning signs during the onboarding process.

Communications and Sales

  • Communications with the Public: For mobile applications, consider providing appropriate risk disclosure at account opening and before customer transactions.
  • Reg BI and Form CRS: Consider whether high risk and complex investment recommendations to retail customers should be subject to a rigorous review and approval process.
  • Private Placements: Disclose potential risks to customers and note that Reg BI applies to recommendations to retail customers.
  • Variable Annuities: Provide clear guidance to retail investors about fees, benefits, and surrender periods.

Market Integrity

  • Consolidated Audit Trail (CAT): Consider regular communications with the CAT reporting agent and report CAT issues to the FINRA CAT Help Desk as applicable.
  • Best Execution: With regard to payment for order flow (PFOF), consider how such payments interact with the firm's best execution obligations.[1]
  • Disclosure of Routing Information: Consider conducting periodic reviews of the quarterly Rule 606 Reports and customer specific order disclosure reports concerning PFOF, if applicable, for accuracy and completeness.
  • Regulation SHO- Bona Fide Market Making Exemptions: Distinguish bona fide market making activity from proprietary trading activity that may not qualify for an exception under Reg. SHO.
  • Fixed Income – Fair Pricing: Determine whether to compare the firm's markups/markdowns to the data that FINRA provides in the TRACE and MSRB Markup/Markdown Analysis Reports.
  • OTC Quotations in Fixed Income Securities (New): Consider using a third-party vendor to confirm there is current information about an issuer of a fixed income security or a valid exception prior to quoting.[2]
  • Advertised Volume (New): Determine whether there is a methodology for the firm to monitor and review the reported and disseminated trade volume.
  • Market Access Rule (New): Consider how the firm can evidence the reasonableness of its risk-management controls.

Financial Management

  • Net Capital: Identify whether the firm has a methodology to assess the completeness and accuracy of its accounting entries and their impact on net capital.
  • Liquidity Risk Management: Determine whether the firm has a liquidity risk management plan and conducts adequate stress testing on a periodic basis.
  • Credit Risk Management: Consider whether the firm has adequate policies, procedures, and controls to manage and report credit risk.
  • Portfolio Margin and Intraday Trading: Identify whether the firm has a process to proactively communicate with clients that have significant exposures.
  • Segregation of Assets and Customer Protection: Determine if the firm has policies and procedures to monitor and resolve possession or control deficits and that there is accurate coding for good control locations.

Davis Wright Tremaine LLP continues to monitor developments in the areas addressed in the Report and our financial services attorneys can assist member firms with their corresponding compliance obligations.

[2] Note also that the SEC issued a no-action letter concerning fixed income securities that expires on January 4, 2025.