S4:E4 | 2023 Report on FINRA's Examination and Risk Monitoring Program | Compliance In Context

Welcome back to the Compliance in Context Podcast! On today’s show, we do a deep dive on the 2023 Report on FINRA’s Examination and Risk Monitoring Program and the role of the Membership Application Program as part of FINRA’s larger governance structure. In our Headlines section, we review recent testimony from Chair Gensler before the House Financial Services Committee and a new Risk Alert from the SEC Division of Examinations identifying compliance deficiencies of newly registered investment advisers. And finally, we’ll wrap up today’s show with another installment of What’s On My Mind, we honor Mr. Irrelevant from last year’s NFL draft and the insight it can tell us about the role of compliance inside our respective firms.

Show

Headlines

• SEC Chair Gensler Testifies before House Financial Services Committee highlighting regulatory initiatives on equity markets and private funds, artificial intelligence and predictive data analytics, crypto assets, and climate change disclosure.
• SEC Division of Examinations Risk Alert identifies compliance deficiencies of newly registered investment advisers.

Interview with Ed Wegener and Lisa Robinson

• Reviewing the 2023 Report on FINRA’s Examination and Risk Monitoring Program
• What is rationale behind the new “Financial Crimes” section
• What stood out to from the Related Considerations in “Cyber” and where do you see the FINRA staff focusing in on during examinations?
• What’s the impact of SEC rulemaking on the “Cyber” area and what can firms do now?
• Where is FINRA staff focusing in the AML space?
• Why do you think FINRA called out “Manipulative Trading” specifically?
• What are successful firms doing to help mitigate the risk related to off-channel business communications?
• What are some key questions you could expect from FINRA staff conducting an examination in the area of Trusted Contacts?
• How is FINRA conducting exams on Reg BI?
• How are firms that use mobile apps having to enhance their policies and procedures in sales and marketing and what are some best practices you’ve seen from successful firms in this area?
• What is the purpose of the MAP and how has this group evolved over time?
• Lessons learned during the transition from regulator to industry

What’s On My Mind

• Brock Purdy as Mr. Irrelevant from the 2022 NFL Draft
• Compliance as the unsung hero

Quotes

13:55 - “There is a significant focus on firms’ controls over access to sensitive information. So they’re going to be reviewing policies, procedures, and controls with respect to how firms manage and control access to sensitive information. So that’s both the initial determination of who would have access to what but then also making sure that there’s periodic regular reviews with respect to who has access to what, to make sure that it continues to be current and appropriate.” - Ed Wegener

17:34 - “You know one of the things about cyber security is not only does it have a regulatory component (you need to make sure you have controls in place to have a good, compliant program), but also there’s a tremendous amount of reputational damage that can happen if there’s some sort of breech or if you’re involved in some sort of imposter website or something like that.” - Ed Wegener

29:05 - “What we find for firms that has been successful is having initial and annual training for the employees of the firm. Going over what is approved, what isn’t approved by the firm, and having an annual questionnaire that goes over that list. Making the training mandatory. And letting them know that there are consequences when they go ahead and use these unapproved methods for business-related communications.” - Lisa Robinson

35:22 - “It’s training and education of employees. Are they providing training to their employees upon the trusted contact person, the escalation process (if they ever need to put a temporary hold)? Things like that; FINRA is going to want to know if they’re doing. One of the first things that FINRA is always going to ask for is [about if] the WSPs are related to this. Is it an adequate system that you have in place to make sure that they’re following the rules?” - Lisa Robinson