The Financial Industry Regulatory Authority (FINRA) is a non-governmental agency authorized by Congress to help regulate and protect the financial industry. Operating under the auspices of the SEC as a Self-Regulatory Organization (SRO), FINRA ensures that broker-dealers are honest and forthright and that financial data is kept secure.
To that end, here are the basics of FINRA compliance requirements and what they mean.
What is FINRA?
Despite being a non-governmental organization, FINRA has a degree of regulatory authority over the securities industry and the New York Stock Exchange. According to the HIPAA Journal: “FINRA is responsible for securities industry and stock market oversight and monitors the activities of more than 4,200 brokerage firms and their brokers. Up to 75 billion transactions are processed by FINRA each day.”
FINRA oversees several functions of its members, including:
- Regulating trading in corporate bonds, securities futures, equities, and options
- Conducting training and exams for members
- Licensing brokers and firms
- Devising, instituting, and enforcing compliance rules for members
What Are the FINRA Compliance Requirements?
Over the years, FINRA compliance requirements have been developed internally as a set of rules and regulations that member brokers and brokerage firms must follow. On February 21st, 2021, FINRA released “The Report” on the 19 major compliance issues brokers need to know and institute. They are grouped into five subtopics, which include:
- Firm operations
- Anti-money laundering
- Private securities transactions
- Cybersecurity and technology governance
- Outside business and private securities transactions
- Books and records
- Regulatory events reporting
- Fixed income mark-up disclosure
- Communications and sales
- Regulatory BI (Best Interest) and form CRS (Customer Relationship Summary)
- Communications with the public
- Private placements
- Variable annuities
- Market integrity
- Consolidated audit trail (CAT)
- Best execution
- Large trader reporting
- Market access
- Vendor display rule
- Financial management
- Net capital
- Liquidity management
- Credit risk management
- Segregation of assets and customer protection
As you might imagine, this covers a whole range of subjects in granular detail. The relevance and most effective practices will vary depending on the broker or firm. However, some key highlights are worthy of mention since they will broadly impact compliance across all firms. As such, you should focus on addressing these issues.
#1 Regulation Best Interest (Reg BI) and Customer Relationship Summary (Form CRS)
Regulation BI is a relatively new SEC rule that requires broker-dealers to act only in the best interest of their retail clients to offer advice and strategies. Form CRS is a short-form disclosure document required to be filled out for all retail accounts to verify good faith practices.
FINRA plans to expand the scope of its reviews and testing to ensure that member firms comply with the rules and act as champions to their clients.
To comply, FINRA encourages firms to take the following actions:
- Have all registered representatives and sales supervisors undergo comprehensive training on best interest standards.
- Encourage representatives to make a recommendation and then provide possible alternatives.
- Identify possible conflicts of interest that could impact recommendations to retail customers.
- Actively maintain records to demonstrate compliance.
The reliance on digital technologies has given rise to serious cybersecurity threats, especially regarding customer’s private data and personal identification. And this risk is constantly evolving.
Financial institutions must consider their risk profile, identify areas of concern, and institute cybersecurity programs that address these problems while protecting customer records and information. Best practices for compliance include:
- Encrypt all confidential non-public data.
- Address all potential cybersecurity problems at the branch office level.
- Set robust access controls.
- Ensure that vendors also have applicable and appropriate measures in place.
- Train personnel on the significant cybersecurity threats and their responsibilities to mitigate them.
By performing regular internal security audits, you can maintain compliance and protect your business from the ever-evolving cyber threats financial institutions face.
#3 Public Communications
FINRA compliance requirements for public communications, also known as Rule 2210, set standards for broker-dealers when communicating with the public, including retail customers and institutional investors. According to CDN:
“The overall purpose aims to provide cohesive standards for the content, approval, recordkeeping, and filing of communications with FINRA. Generally speaking, broker-dealers must comply with Rule 2210 when communicating with the public.”
The rule breaks down communications into three major categories based on who the audience is and who receives the materials. They include:
- Retail communication – Any written communication (including electronic) distributed or made available to 25+ retail investors within a 30 calendar-day period.
- Correspondence – Any written communication (including electronic) distributed or made available to 25 or fewer retail investors within a 30 calendar-day period.
- Institutional communication – Any written communication (including electronic) distributed or made available only to institutional investors, not including members’ internal communications meant to train or educate registered representatives.
FINRA requires that all three communication categories be fair and balanced, particularly regarding digital assets and cash management accounts. Ways to encourage this include:
- Provide diligent customer onboarding.
- Offer customers appropriate disclosures about investment risks.
- Review communications with online customers to see whether communications might be considered recommendations.
- Promotional materials for digital assets must clearly state the risks of investments and clarify the relationship between the broker-dealer and the target investment.
#4 Consolidated Audit Trail
Every member firm that receives or originates orders in the National Market System stocks, over-the-counter equity securities, or listed options is required to report to the consolidated audit trail (CAT). To comply with FINRA, you must report any type of proprietary trading activity. That includes market-making activities. Unlike other rules where the size of the firm, kind of company, or type of trading activity may impact what is or isn’t allowed, there are neither exceptions nor exclusions to this mandated reporting. According to International Financial Law Review (IFLR):
“This will have a significant impact on broker-dealers, who will have to adapt to be able to provide customer information reporting capability, order lifecycle reporting capability, synchronize clocks to an exacting standard time, and adapt the process to abide by CAT considerations.”
Because this is a newer rule, FINRA is still in the process of determining how firms can optimally comply and how FINRA can ensure compliance.
#5 Best Execution
FINRA rule 5310 “Best Execution” mandates that firms use “reasonable diligence” to determine the ideal market for potential security and to buy or sell in the optimal market so that customers receive the most favorable price concerning prevailing market conditions. Per FINRA:
“FINRA member firms that route customer orders away for execution can satisfy their best execution obligations by conducting either an order-by-order review of execution quality or a “regular and rigorous review.”
This is meant to prevent conflicts of interest when it comes to order-routing decisions.
#6 Deferred Variable Annuities
FINRA Rule 2230 was added to address a common issue in regards to marketing for variable annuity sellers. All too often, sellers use sales pitches for products that purposefully scare or obfuscate. These tactics are not based on fact but rooted in emotion, making them especially effective on seniors.
To prevent this, FINRA requires sellers to help buyers make informed decisions on how to invest, particularly for seniors and their retirement. To recommend a variable annuity, brokers must disclose and explain liquidity issues, fees, and market risks.
FINRA Compliance Made Simple
To recap, FINRA is a self-regulatory body that has created a massive catalog of rules and regulations to protect buyers and sellers. At its essence, FINRA compels member firms to have their broker-dealers act honestly and transparently and ensure that financial data is always secure.
Do you need help with understanding and complying with FINRA? If so, RSI Security provides a wide variety of cybersecurity solutions and training. We are experts in guiding you through FINRA compliance regulations and standards. Our team of experts can help you install policies and procedures that ensure you protect your customer’s data against any cyber risks.