OCIE has now issued examination observations related to cybersecurity and operational resiliency practices taken by investment advisers and other market participants. With examples, the observations included governance and risk management, access rights and controls, data loss prevention, mobile security, incident response and resiliency, vendor management, and training and awareness. Members are encouraged to incorporate these observations in their cybersecurity assessments. A copy of the examination guidance can be found here.
The Securities and Exchange Commission, through the Office of Compliance Inspections and Examinations (OCIE), has announced and issued a staff report aimed at aiding broker-dealers in safeguarding confidential information from misuse.
Taken from examinations of broker-dealers conducted by the SEC, FINRA, and the NYSE’s Division of Market Regulation, the report reflects strengths and weaknesses OCIE identified in examining how broker-dealers handle material nonpublic information to prevent improper uses. Misuses might include insider trading, trading during a tender offer in violation of SEC rules or through issuance of a research report based on material non-public information.
When facing the challenge of designing their controls, the report may be particularly beneficial to broker-dealers dually-registered as investment advisers or who are closely integrated with an affiliated investment adviser.
Carefully pointing out that no one size fits all, and from a “best practices” perspective, OCIE found two practices among some broker-dealers to be particularly effective. The first involved those included broker-dealers who developed processes that differentiated between types of material non-public information based on the source of information coming from within the broker-dealer or the nature (e.g., transaction type) of the information. In certain instances, the report notes, ” broker-dealers were creating tailored exception reports that took into account the different characteristics of the information.”
The second practice involves broker-dealers who expanded the scope of instruments that they reviewed for potential material non-public information misuse by traders. Included are credit default swaps, equity or total return swaps, loans, components of pooled securities such as unit investment trusts and exchange traded funds, warrants, and bond options.
In addition to defining many of the sources of material non-public information, the report also provides an overview of broker-dealers’ controls structure and their controls – both in terms of public versus private side of transactions, and in how firms limit and prevent authorized and unauthorized access (physical and technical barriers) to such information.
A look at SEC litigation releases, in the past few six months alone, show no shortage of cases involving misuse of material nonpublic information being either filed or settled. As the report states, look for OCIE to continue reviewing broker-dealer practices in these areas in future examinations.
On December 16, Financial Industry Regulatory Authority (FINRA) issued a Press Release highlighting its regulatory accomplishments during 2011. FINRA makes clear its goal is two-fold: protecting investors and bringing transparency to financial markets. The release demonstrates for senior management, risk management and compliance managers the additional arsenal FINRA is employing to beef up its oversight of broker-dealers and their registered reps. So far, for reps and their firms, this has meant a significant increase in the number of disciplinary actions this year. The release identifies some of the newer tools and sources FINRA has used and will continue to employ to protect investors.
What’s been different about 2011 and what will firms and reps experience more of in 2012? The press release sheds light on some measures FINRA will be employing, including:
- Using its Office of Fraud Detection and Market Intelligence (OFDMI) to refer matters involving potential fraudulent conduct to federal and state regulators and law enforcement agencies. FINRA referred more than 600 matters this year.
- Reconfiguring its exam program to be more risk-based and ensuring exam teams are more focused on those areas critical to investor safety; including identifying high-risk firms, branch offices, brokers, activities and products through broader data collection.
- Developing, through its Market Regulation Department, cross-market surveillance patterns that monitors all FINRA, NYSE and NASDAQ markets (80 percent of equity markets) with plans to launch these patterns in 2012. Earlier, FINRA expanded the Order Audit Trail System (OATS) to include all NMS securities to create a uniform order audit trail to serve as a foundation for the cross-market surveillance program.
- Expanding the Trade Reporting and Compliance Engine (TRACE) to include securitized products. The effect was to add more than 1.2 million asset- and mortgaged-backed securities to the current 70,000 TRACE-eligible securities; and introduced securitized products benchmark pricing and aggregated data reports on FINRA’s website.
- Continuing to push rule proposals that include Back Office Registration, Suitability and Debt Research Conflicts of Interest.
- Enhancing its examination program by taking a more risk-based approach to focus on areas posing greatest risk to investors. With this, FINRA has increased the number of its staff in district offices responsible for having a deeper understanding of specific firms, including increased real-time monitoring of business and financial changes.
- Placing greater emphasis on branch-level activity by increasing the number of branch exams that focus exams at the point-of-sale.
- For 2012, developing comprehensive cross-market surveillance patterns that will examine trading activity across all markets, including FINRA, NYSE and NASDAQ equity markets, at one time (which account for 80 percent of equity volumee time), rather than having multiple patterns survey each market separately. This is suppose to help FINRA identify problematic trading more quickly.
- Finally, FINRA implemented a rule for firms and reps involved in FINRA arbitrations allowing investors to choose all-public panels in customer cases involving three arbitrators.