Broker Dealer | Compliance Programs | Conflicts of Interest | COVID-19 | Cybersecurity | FINRA | Form CRS | Regulation Best Interest

Broker-Dealer – 2020 Regulatory Year in Review

2020 was a difficult year for broker-dealers as they found themselves not only juggling their regular day-to-day obligations, the implementation of Form CRS and Regulation Best Interest policies and procedures, but having to do so in the middle of a pandemic.  As a result, 2020 may feel like a relative blur when it comes to regulatory guidance.  Here is a summary of some of the most notable regulatory events (rule changes, enforcement actions, announcements, etc.) that impacted broker-dealers in 2020.

COVID-19 – Pandemic

The global pandemic impacted all financial firms during 2020.  Firms have had to learn new ways to conduct business, execute their supervisory systems, and running an effective compliance program.  In response, FINRA and the SEC sought to provide relief (when reasonable) and guidance as needed.  Both entities established resource pages on their websites for updates, guidance, and general information to support all firms.  Below are links to several regulatory resource webpages:

Regulation Best Interest & Form CRS

SEC Regulation Best Interest (Reg BI) requires broker-dealers to enhance their standards of conduct beyond suitability and make it clear that a broker-dealer may not put its financial interests ahead of those of a retail customer.  Form CRS requires registered investment advisers and broker-dealers to provide retail investors with simple, easy-to-understand information about the nature of their relationship.

Reg BI and Form CRS Resources

Hardin Compliance Consulting Resources

Regulatory Updates

Registration Filings in the new FINRA Gateway: Classic CRD Form U4 Retires April 5; Upcoming FINRA Gateway U4 Enhancements – FINRA rolled out its new FINRA Gateway and will retire certain registration functionality from Classic CRD on April 5, 2021.  FINRA is encouraging firms to go ahead and use the new FINRA Gateway when processing any Form U4s.

  • FINRA also launched its new Financial Professional Gateway (FinPro) that provides individuals (current or former representatives) direct access to resources and tools to manage their securities registration information.

Regulatory Notice 20-38: FINRA Adopts Rule to Limit a Registered Person from Being Named a Customer’s Beneficiary or Holding a Position of Trust for or on Behalf of a Customer – To address potential conflicts of interest relating to registered persons being named beneficiaries or holding positions of trust for personal monetary gain, FINRA adopted new Rule 3241, which creates a uniform standard to govern persons holding positions of trust.

  • Rule 3241 became effective on February 15, 2021 and requires a registered person to decline being named a customer’s beneficiary, executor, or trustee unless one of the following conditions is satisfied:
    • The customer is a member of the registered person’s immediate family;
    • The registered person provides written notice to the member and receives written approval before being named a beneficiary of a customer’s estate or receiving a bequest from a customer’s estate; or
    • The registered person does not derive financial gain from acting in such capacity (other than reasonable and customary compensation).
  • Full details of the obligations of registered representative and their member firms can be found in the script of the rule that is attached to the Regulatory Notice or using the link to the rule that is provided above.

Amendment to FINRA Rule 4210: Margin Requirement – Establishes TBA Market Requirements Effective October 26, 2021 – FINRA Rule 4210 was amended to establish margin requirements for (1) To Be Announced transactions, including adjustable-rate mortgage transactions, (2) Specified Pool Transactions, and (3) transactions in Collateralized Mortgage Obligations, issued in conformity with a program of an agency or Government-Sponsored Enterprise, with forward settlement dates. (Note that the effective date has been postponed several times.)

Enforcement Actions

In 2020, reported disciplinary actions for FINRA members were reasonably in line with the enforcement activity from 2019.  See below for a breakdown of the impact of enforcement actions over the last 4 calendar years.

2017 2018 2019 2020
Firms Expelled 20 16 8 21
Firms Suspended 29 23 43 36
Individuals Barred 492 386 380 270
Individuals Suspended 733 472 537 515
Total Fines ($m) $64.9 $61.0 $62.4 $57.2
Total Restitution & Disgorgement ($m) $66.8 $25.5 $28.1 $45.2

*2017 & 2018 data was obtained from the FINRA Statistics page.  Data for 2019 & 2020 was obtained from FINRA’s Monthly Disciplinary Action reports.  The statistics are provided as reported, but enforcements are typically reported by FINRA 60 to90 days after they occurred.

Observations

  • A key driver for registered representative suspensions was their failure to appropriately disclose required information (financial, criminal, other employment, etc.) on Form U4.
  • Registered representatives were fined on average $5,000 when suspended, but fines exceeded $10,000 for more serious violations.
  • When individuals were barred from the industry, it was largely the result of failing to cooperate or provide information to regulators.
  • FINRA consistently cited firms for a failure to have or follow reasonably designed written supervisory procedures – especially where there was a failure to establish a reasonable supervisory system, or the firm did not provide adequate resources and training to its supervisors.

Notable Enforcement Cases

Regulatory Notices

Cybersecurity

Firms are increasingly dependent on technology for their business activities and operations, and cybersecurity poses an increasingly larger risk.  This trend was even more apparent in 2020 with so many employees working remotely due to the pandemic.  Taking advantage of the “work from home” environment, cyber criminals ramped up their attempts to gain access to confidential client information. FINRA will continue to look at cybersecurity measures during its examinations.  Expect testing by examiners to determine whether your firm’s policies and procedures are reasonably designed to protect customer records and information consistent with Regulation S-P.

Throughout 2020, regulators alerted firms to various threats and providing guidance on steps that should be taken to protect their networks.  FINRA warned members multiple times about various phishing attacks and also provided guidance on how to strengthen authentication methods.  There were also a couple of a alerts from OCIE regarding ransomware attacks and the safeguarding of customer accounts.

FINRA Phishing Email Notices

FINRA Information Notices

OCIE Cybersecurity Risk Alerts

Final Thoughts

The beginning of the year provides everyone with the opportunity to assess their current compliance programs and to address any identified gaps or weaknesses.  Recent regulatory notices and enforcement actions can help you identify specific areas to focus on to set your compliance program up for success in 2021.

Check out FINRA’s 2021 Report on Examination and Risk Monitoring Program, published February 1, 2021.  This report combines and replaces the Annual Priorities Letter and the Exam and Risk Monitoring Findings Report.  The SEC just published its annual examination priorities, another “must read” for compliance professionals.  These publications can help you prioritize your compliance efforts.

We expect regulators to focus on compliance with Reg BI and Form CRS disclosures in 2021.  Given the continued impact of the pandemic, expect examiners to ask firms about changes to compliance and supervision programs to deal with employees working remotely and any adaptations to business operations.  Regulators will also focus on firms’ cybersecurity programs and digital communications with the public.

The biggest challenges for compliance officers this year will be managing basic compliance blocking and tackling, while at the same time ensuring that the new policies and procedures adopted to deal with Reg BI work as expected.  The “work-from-home” environment and ever-increasing cybersecurity threats simply add to the complexities of running a compliance program.   Since we are only human, compliance officers need to develop a plan for prioritizing and addressing the greatest risk activities, delegate or outsource where possible, and off-load non-compliance tasks.

____________________________________________________________________________________

Partner with Hardin Compliance

Have a compliance question or want an independent review of your compliance program?  Hardin Compliance can help!  Call us today at 1.724.935.6770, or visit our website at www.hardincompliance.com for more information.

____________________________________________________________________________________

Hardin Compliance Consulting provides links to other publicly-available legal and compliance websites for your convenience. These links have been selected because we believe they provide valuable information and guidance.  The information in this e-newsletter is for general guidance only.  It does not constitute the provision of legal advice, tax advice, accounting services, or professional consulting of any kind.

Photo by Lauren Mancke on Unsplash.