TOPIC | KEY REQUIREMENTS AND OBLIGATIONS | RELATED CONSIDERATIONS AND EFFECTIVE PRACTICES | FINDINGS |
FINANCIAL CRIMES | - Each member firm must develop and implement a written Anti-Money Laundering (AML) program that is approved by senior management and is reasonably designed to comply with the Bank Secrecy Act (BSA) and its implementing regulations.
- Member firms must establish and implement AML policies and procedures that can detect and report suspicious transactions.
- The AML program must undergo independent testing for compliance each calendar year (or every two years in some cases).
- Ongoing training for appropriate personnel is required.
- Member firms’ AML programs must include risk-based procedures for conducting ongoing customer due diligence.
- Additional requirements in the FINRA 2024 Priorities document include maintaining a Customer Identification Program (CIP), verifying the identity of legal entity customers, assessing the money laundering risk presented by correspondent accounts maintained for foreign financial institutions, and responding to information requests from FinCEN within specified timeframes.
| - The AML program should reasonably address the AML risks associated with the firm’s business model, including new and existing business lines, products and services offered, customers, and geographic area of operation.
- If the firm has experienced substantial growth or changes to its business, the AML program should have evolved alongside the business.
- Implementing robust CIP and CDD procedures to verify customer identities.
- Conducting ongoing risk based CDD to understand customer relationships and develop customer risk profiles.
- Establishing policies and procedures to detect and respond to red flags of identity theft or synthetic identity fraud.
- Implementing written AML procedures to detect and report suspicious activity.
- Regularly reviewing and responding to red flags associated with suspicious transactions.
| - Misconstruing Obligation to Conduct CIP and CDD: Failing to recognize that certain formal relationships established with the firm to effect securities transactions are customer relationships and not conducting Customer Identification Program (CIP) or Customer Due Diligence (CDD) as required.
- Inadequate Verification of Customer Identities: Failing to collect identifying information at the time of account opening and verify the identity of customers and beneficial owners of legal entity customers within a reasonable timeframe.
- Inadequate Responses to Red Flags: Auto-approving customer accounts despite red flags or failing to perform a reasonable review of potential red flags associated with verifying customer identities. Also, failing to establish policies and procedures to detect identity theft or synthetic identity fraud in connection with account opening.
- Inadequate Due Diligence: Failing to conduct initial and ongoing risk based CDD to understand the nature and purpose of customer relationships and conduct due diligence on correspondent accounts of foreign financial institutions.
- Inadequate Ongoing Monitoring and Reporting of Suspicious Transactions: Failing to establish and implement written AML procedures to detect and report suspicious activity and failing to review and respond to red flags associated with suspicious transactions.
|
CRYPTO ASSET DEVELOPMENTS | - Establishing written policies, procedures, and controls to determine whether a crypto asset is a security, confirm the registration status of crypto asset securities, and issue retail communications with fair and balanced presentation of risks.
- Incorporating crypto asset orders and trading activity into the firm’s AML compliance program.
- Testing for potential weaknesses in cybersecurity controls for crypto asset-related business lines, including those operated through agreements with crypto asset exchanges or other third-party intermediaries.
- Conducting due diligence before recommending crypto asset securities through unregistered offerings, including understanding where assets will be maintained, who will have access to wallets, and how funds or assets will be returned in the event of a contingency.
- Conducting risk-based on-chain assessments when accepting, trading, or transferring crypto asset securities and non-securities.
- Ensuring customers understand the differences between their brokerage account and any linked/affiliated crypto account, including protections, regulatory oversight, firm supervision, and avenues of communication.
- Complying with SEC guidance on custody of digital asset securities and financial responsibility rules when operating as a crypto asset ATS or Special Purpose Broker-Dealer.
- Establishing written policies, procedures, and controls to achieve compliance with applicable securities laws and regulations, including due diligence for recommending the sale of unregistered crypto asset securities, trading of crypto assets with customers and counterparties, and custody of crypto asset securities.
- Creating checklists to determine whether crypto asset-related activities are considered OBAs or PSTs.
- Reviewing and supervising accounts where registered persons engage in crypto asset securities transactions.
- Implementing AML programs to detect and report suspicious crypto asset transactions and trading involving issuers involved in crypto asset-related activities.
- Addressing non-compliance in crypto asset-related retail communications through targeted examinations and publishing findings and effective practices.
- These requirements, obligations, considerations, findings, and effective practices aim to ensure compliance with regulations and protect customers in the evolving crypto asset landscape.
| | |
FIRM OPERATIONS | - The document mentions relevant federal securities laws, regulations, and FINRA rules that firms need to comply with.
- Firms are encouraged to review the document and incorporate relevant elements into their compliance programs tailored to their activities.
| - The FINRA 2024 Priorities document suggests implementing pre-trade “hard” blocks to prevent fixed income orders from reaching an ATS that would cause a breach of a threshold.
- It recommends implementing processes for requesting, approving, reviewing, and documenting ad hoc credit threshold increases and returning limits to their original values as needed.
- Firms are advised to implement detailed and reasonable WSPs that list the steps that firm personnel should take when determining how to handle orders that trigger soft controls.
- Conducting a separate supervisory review to ensure that release rationales for soft controls are appropriate and incorporating review results when assessing the effectiveness of the firm’s controls.
- Tailoring erroneous or duplicative order controls to particular products, situations, or order types and ensuring that controls apply to all order flow and trading sessions.
| - The FINRA 2024 Priorities document highlights some noteworthy findings that FINRA has noted at some member firms, including new findings from recent examinations, market surveillance, investigations, or enforcement activities.
- It also mentions findings highlighted in prior reports and noted in recent oversight activities.
- Failure to Document Annual Review of Effectiveness:
- One finding mentioned in the FINRA 2024 Priorities document is the failure of firms to document the annual review of the effectiveness of their risk management controls and supervisory procedures.
- Firms are expected to conduct an annual review and document the specific systems, controls, thresholds, or functionality that were reviewed.
|
COMMUNICATIONS AND SALES | - FINRA Rule 2210 defines communications with the public into three categories: correspondence, retail communications, and institutional communications.
- Member firms are required to file widely disseminated retail communications with FINRA’s Advertising Regulation Department during their first year of membership.
- Member firms are subject to filing requirements for specified retail communications based on their content.
- FINRA Rule 2220 governs member firms’ communications with the public concerning options.
- MSRB Rule G-21 contains similar content standards for municipal securities communications.
- Communications must be free of false, misleading, unwarranted, or promissory statements or claims.
- Communications must include material information necessary to make them fair, balanced, and not misleading.
- Communications must balance specific claims of benefits with the key risks specific to the product or service.
- Communications must not contain predictions or projections of investment performance prohibited by FINRA Rule 2210(d)(1)(F).
- Municipal securities communications must have prior approval, provide education and training, balance statements of benefits with risks, and ensure accurate tax feature benefits.
- Communications promoting ESG factors must be reviewed for consistency with offering documents, balance statements with associated risks, and disclose the potential limitations of ESG-related strategies.
| - Tailor policies and procedures to address the firm’s business lines, products, services, customer base, and conflicts of interest.
- Specify supervisory steps, reviews, and their frequency in policies and procedures and document supervisory reviews.
- Periodically re-evaluate policies and procedures to ensure compliance with Reg BI, including conflicts of interest and disclosures.
- Evaluate and test critical systems and controls for compliance with Reg BI, making enhancements based on feedback and providing timely training.
- Periodically re-evaluate the obligation to comply with Reg BI considering changes to business practices.
- Implement measures to deter associated persons from circumventing supervisory controls related to off-channel communications.
- Evaluate approved communication channels for signs of off-channel communications and underutilization.
- Implement corrective or disciplinary measures to deter circumvention of supervisory controls.
- Include factors related to evaluating costs and reasonably available alternatives in procedures and processes for recommended products.
- Provide clear guidance to associated persons on evaluating costs and reasonably available alternatives, conduct reviews, and document firm-required documentation.
| - Misinterpreted Obligations: Firms failing to verify vendors’ ability to comply with recordkeeping requirements and not confirming that service contracts comply with recordkeeping requirements.
- Failure to Maintain Email Correspondence: Firms failing to capture, review, and archive electronic correspondence of registered representatives conducting firm business via third-party vendor email addresses or using non-firm email addresses.
|
MARKET INTEGRITY | - The firm must conduct an annual review of the effectiveness of its risk management controls and supervisory procedures related to market access.
- The firm must implement pre-trade fixed income financial controls to prevent orders from breaching thresholds.
- The firm must have processes for requesting, approving, reviewing, and documenting ad hoc credit threshold increases.
- The firm must implement detailed and reasonable written supervisory procedures for handling orders that trigger soft controls.
- The firm must tailor erroneous or duplicative order controls to specific products, situations, or order types.
- The firm must ensure that controls apply to all order flow and trading sessions.
- The firm must include risk disclosure or necessary language in offering documents related to ESG.
- The firm must not use rankings, ratings, or awards that lack a sound basis or are misleading.
- The firm must not distribute false, misleading, or inaccurate information in mobile apps or social media promotions.
- The firm must appropriately address relevant risks and include disclosures in communications with the public.
- The firm must follow the prescribed methodology for determining the Prevailing Market Price (PMP) for fixed income products.
- The firm must periodically review and update mark-up/mark-down grids for fixed income products.
- The firm must not charge substantial mark-ups that significantly reduce the yield received by investors.
- The firm must perform a facts and circumstances analysis when assessing fair pricing in fixed income securities.
- The firm must document the PMP for each transaction, even if mark-up/mark-down disclosure is not required.
- The firm must prevent payment for order flow from interfering with best execution obligations.
- The firm must establish policies and procedures to address best execution obligations for fixed income and options trading.
- The firm must consider differences among security types within fixed income and options trading.
- The firm must monitor options exchange order exposure requirements, auction mechanism usage, and venue routing.
- The firm must meet best execution obligations for trading conducted in regular and extended trading hours.
- The firm must use appropriate data sources for routing decisions and execution quality reviews.
| | - Failure to document the annual review of effectiveness of risk management controls and supervisory procedures.
- Implementing pre-trade “hard” blocks for fixed income orders to prevent threshold breaches.
- Implementing processes for requesting, approving, reviewing, and documenting ad hoc credit threshold increases.
- Implementing detailed and reasonable written supervisory procedures for handling orders that trigger soft controls.
- Tailoring erroneous or duplicative order controls to specific products, situations, or order types.
- Ensuring controls apply to all order flow and trading sessions.
- Including necessary risk disclosure in offering documents related to ESG.
- Avoiding the use of rankings, ratings, or awards that lack a sound basis or are misleading.
- Avoiding the distribution of false, misleading, or inaccurate information in mobile apps or social media promotions.
- Appropriately addressing relevant risks and including disclosures in communications with the public.
- Following the prescribed methodology for determining the Prevailing Market Price (PMP) for fixed income products.
- Periodically reviewing and updating mark-up/mark-down grids for fixed income products.
- Avoiding charging substantial mark-ups that significantly reduce investor yield.
- Performing a facts and circumstances analysis when assessing fair pricing in fixed income securities.
- Documenting the PMP for each transaction, even if mark-up/mark-down disclosure is not required.
- Preventing payment for order flow from interfering with best execution obligations.
- Establishing policies and procedures to address best execution obligations for fixed income and options trading.
- Considering differences among security types within fixed income and options trading.
- Monitoring options exchange order exposure requirements, auction mechanism usage, and venue routing.
- Meeting best execution obligations for trading conducted in regular and extended trading hours.
- Using appropriate data sources for routing decisions and execution quality reviews.
|
FINANCIAL MANAGEMENT | - Credit Risk Management Reviews: Firms should evaluate their risk management and control processes to accurately capture credit risk exposure at the broker-dealer level. This includes establishing a comprehensive internal control framework, such as systems, policies, and procedures, to capture, measure, aggregate, manage, and report credit risk. It also involves timely issuing margin calls and extensions, stress testing collateral, and having a governance process for approving new, material margin loans or financing activities.
- Monitoring Exposure: Firms should monitor for concentration risk and credit exposure to affiliated counterparties. This involves assessing credit exposures in a real-time environment and implementing measures to mitigate concentration risk.
- Credit Risk Limit Changes: Firms should establish approval and documentation processes for changes to assigned credit limits. This ensures that any changes to credit limits are properly reviewed and documented.
- Liquidity Risk Management: Firms should implement effective practices for liquidity risk management, as outlined in Regulatory Notice 15-33 and Regulatory Notice 10-57. This includes creating, implementing, and monitoring controls, processes, and policies to manage liquidity risk.
- Cost and Reasonably Available Alternatives: Firms should include specific factors related to evaluating costs and reasonably available alternatives to recommended products in their procedures and processes. This can be done using worksheets, notes or documents, specifying relevant factors to consider, and updating client relationship management tools to automatically compare recommended products to alternatives.
- Pre-Trade Fixed Income Financial Controls: Firms should implement systemic pre-trade “hard” blocks to prevent fixed income orders from breaching thresholds.
- Intra-Day Ad Hoc Adjustments: Firms should establish processes for requesting, approving, reviewing, and documenting ad hoc credit threshold increases and returning limits to their original values as needed.
- Soft Blocks: Firms should implement detailed and reasonable written supervisory procedures (WSPs) that list the steps personnel should take when determining how to handle orders that trigger soft controls. Staff should document their findings and rationale for releasing an order following a review. A separate supervisory review should be conducted to ensure release rationales are appropriate.
- Tailored Erroneous or Duplicative Order Controls: Firms should tailor erroneous or duplicative order controls to specific products, situations, or order types. Controls should prevent the routing of market orders based on impact and should be calibrated to reflect the characteristics of relevant securities, the firm’s business, and market conditions.
| | |