Cyber-Security: FINRA’s Targeted Examination Letter

The IPR Blog: FINRA's Targeted Examination LetterAs we posted earlier in outlining  FINRA’s  2014 Regulatory and Examination Priorities Letter, one focus included FINRA’s concern for the integrity of member firms’ policies, procedures and controls that are supposed to protect sensitive customer data.  In the letter, FINRA states that it will examine and conduct targeted investigations and followed up by issuing  a separate notice concerning  Targeted Examination Letters that some firms may get seeking information about how the firm addresses the issue of cyber-security threats, vulnerabilities, and management of related risks.  The cyber-security topics FINRA will examine or assess include a firm’s

Continue reading “Cyber-Security: FINRA’s Targeted Examination Letter”

FINRA’s Targeted Examination Letter on Social Media Use

wallpapers-red-bull-s-eye-target-psdgraphics-x-1June 2013,  has seen FINRA publish another targeted examination letter — this time aimed at members and associated persons use of social media.  FINRA uses these letters, primarily, to educate member firms about how it uses targeted exams, known as sweeps, to gather insights on member regulatory responses on emerging issues, and carry out investigations.

Relying on FINRA Rule 2210(c)(6) which subjects member firms’  communications (including electronic)  to periodic spot-check procedures, FINRA’s Advertising Regulation Department is asking firms and their associated persons for information about how they use social media (e.g., Facebook, Twitter, LinkedIn, blogs).  Questions and information requests include:

  • how a firm’s social media (e.g., Facebook, Twitter, LinkedIn, blogs) platform is being used as part of its business purpose; 
  • URL information for all social media sites the firm uses; date of first use, and the identity of those who post or update content;
  • how a firm’s associated persons are using social media;
  • a firm’s written supervisory procedures covering the production, approval and distribution of social media communications;
  • what measures firms adopt to monitor compliance with social media policies (e.g., training meetings, annual certification, technology);
  • a list of a firm’s top 20 producing registered representatives (based on commissioned sales) who used social media for business purposes to interact with retail investors, including the type media they use, their name, CRD number, and dollar amount of sales made and commissions earned during a specific period.

FINRA says its  selection of firms for the targeted exam is based on a number of factors, including the “level and nature of business activity in a particular area, customer complaints and regulatory history, and prior examination findings.”

The letter demonstrates the attention broker-dealer’s should pay to both adopting policies and procedures and supervising interactive electronic communications to ensure that content requirements of FINRA’s communications rules are not violated.  In doing so, members should review FINRA’s Regulatory Notices 07-59, 10-06,  11-39 and FINRA Conduct Rules 2210 and 3010.

 

FINRA’s Broker-Dealer Conflicts of Interest Sweep

Seeking to ensure that broker-dealers identify conflicts and place their customers’ interests above there own, FINRA sent to its member firms, in July, another “Targeted Examination Letter”  announcing that it would be conducting targeted examinations (or sweeps) of  member practices to review how they identified and managed conflicts of interest.  The letter sent to  a number of firms seeks a response by September 14, 2012, followed by a potential three hour meeting to discuss information reported. 

What this exercise means for member firms in the near term and in the future is that any new rules FINRA enacts are likely to have a significant effect on broker-dealers with retail clients, particularly in the areas of best execution and customer order handling.  Firms will need to address whether conflicts exist for topics related to best execution as “internalization” (i.e. agency cross trades orders), “preferencing (directing to one market maker over another), affiliated brokerage (i.e. directing  fund brokerage commissions to brokers that sold large number of fund shares), and the priority of trade execution (i.e. trading ahead of customers, block trading, front running and proprietary trading issues) to name a few.     

FINRA makes explicit that it will not be using information gathered from the sweeps as a tool for potential enforcement actions, but instead is using  responses to better understand whether firms are taking reasonable steps to properly identify, manage and mitigate conflicts that may impact clients and the industry.  The letter also states that FINRA intends to develop potential guidance for the industry from the information it learns.  From a fiduciary perspective, and if  broker-dealers haven’t been doing so, they need to start thinking about creating formal risk assessment programs that address conflicts concerns.