Client Alert

FINRA Issues Comprehensive Guidance on Compliance and Risk Monitoring

11 Feb 2021

The Financial Regulatory Authority (“FINRA”) recently issued a comprehensive report on compliance issues noted in its examination program (the “Report”).[1] The Report is intended to assist broker-dealers in identifying and addressing potential weaknesses in their compliance procedures, and discusses 19 different topics. Each section includes a summary of the relevant regulatory requirements, a series of suggested questions that broker-dealers should consider regarding compliance with those requirements, recent FINRA examination findings and suggested “effective practices” to enhance compliance. Several sections include useful links to additional FINRA and SEC resources.[2]

FINRA suggests that broker-dealers can use the Report (i) as a tool for reviewing the adequacy of their current compliance procedures, (ii) to identify gaps in their procedures that need to be addressed, (iii) to flag additional risks that they should monitor, and (iv) as a training and informational source for keeping personnel informed and focused on compliance requirements.

The 19 topics covered in the Report are:

  • Anti-Money Laundering
  • Cybersecurity
  • Regulation BI and Form CRS
  • Communications with the Public
  • Private Placements
  • Variable Annuities
  • Disclosure of Markups on Fixed Income Securities
  • Best Execution
  • Market Access
  • Consolidated Audit Trail
  • Vendor Display Rule
  • Large Trader Reporting
  • Net Capital
  • Liquidity Management
  • Credit Risk Management
  • Segregation of Assets and Customer Protection
  • Outside Business Activities and Private Securities Transactions
  • Books and Records
  • Regulatory Event Reporting.

While FINRA’s discussion on each of these topics is worthy of review, this Alert will focus on six topics that may be of particular concern to many broker-dealers.

Anti-Money Laundering

Anti-money laundering has long been an area of concern for FINRA and other financial regulatory authorities. In addition to reiterating its concerns about the policies and practices employed by some firms to monitor, detect, and report suspicious activity, FINRA notes three areas of emerging concern involving money laundering and other financial crimes:

  1. Suspicious activity in micro-cap and penny stocks, particularly when transacted through omnibus accounts maintained for foreign financial institutions.
  2. Accounts for foreign customers that appear to have been opened solely to trade in IPOs and post-IPO trading in shares issued by companies based in restricted markets such as China. FINRA notes that these accounts sometimes appear to coordinate their activities in a possible market manipulation scheme.
  3. Failure to conduct adequate due diligence with respect to SPAC sponsors and the appropriateness of disclosures in SPAC IPOs.


For the last several years, FINRA has been keenly concerned with cybersecurity risks to broker-dealers and their customers. In the Report, FINRA noted it has observed, among other things, an increase in system-wide outages, systems infected with ransomware, imposter websites, and fraudulent wire requests. FINRA also advised that its examinations continue to find the following problems:

  1. Failure to encrypt all confidential non-public data, including non-public information about customers.
  2. Failure to adequately address cybersecurity concerns at the branch office level.
  3. Inadequate access controls.
  4. Inadequate control over vendors who might compromise a firm’s cybersecurity.
  5. Inadequate training of all personnel on cybersecurity risks and responsibilities.

Communications with the Public

FINRA’s rules generally require all communications with customers and the general public to be fair and balanced. Although this requirement is not new, the Report focuses attention on how this requirement is addressed in the context of communications regarding digital assets and cash management accounts. FINRA noted that its examinations had uncovered promotional materials for digital assets that failed to adequately address the risks of investments in digital assets and failed to state clearly the nature of the relationship between the broker-dealer and the digital assets. With respect to cash management accounts, FINRA expressed concern about lack of clarity in disclosures about the distinction between the broker-dealer and banks that are involved with the cash management accounts, the limitations on FDIC insurance, and the time it would take customers to access their cash in these accounts.

The Report also discusses the “surge” in retail customers opening accounts at online brokers and the high level of risky investments undertaken by some of those customers. FINRA noted that some of the online brokers offer “game-like” features to induce customers to open accounts and actively trade, a factor also cited by the State of Massachusetts in a pending action against a broker-dealer. FINRA observed that these features might encourage inexperienced customers to undertake excessively risky trading. The Report suggests that, even though many customers of online brokers engage in self-directed trading, broker-dealers should nonetheless be diligent in the customer on-boarding process and provide customers with appropriate disclosures about investment risks. FINRA also encouraged broker-dealers to review their communications with online customers to consider whether these communications might be deemed recommendations that would trigger an obligation to comply with Regulation BI and Form CRS delivery requirements.

Private Placements

FINRA’s existing rules impose a variety of requirements upon member firms that participate in private placements. These rules include a duty of “reasonable investigation” of the investment opportunity, and the obligation to file certain private placement documents with FINRA. Regulation BI also applies to recommendations of private placement investments.

FINRA’s exam findings raised a number of concerns about members complying with these obligations. For example, some FINRA members did not have appropriate policies and procedures to effect the required filings, and many did not in fact make timely filings of the required materials. Some firms did not make a reasonable investigation of the offerings prior to recommending them to retail investors. FINRA also noted that some members used third-party due diligence reports as to the issuers, but those members did not address “red flags” about the companies or their management that were set forth in the reports.

FINRA identified a number of steps that member firms could take to assist in complying with their requirements, including:

  • Developing private placement “checklists” as to the required procedures;
  • Conducting and documenting independent research on material aspects of the offerings, including the identification of any red flags about the issuer;
  • To effect the required filings with FINRA, assigning roles and responsibilities to specific employees or groups within the firm, and developing automated systems that provide an alert as to pending filing deadlines;
  • Creating “private placement committees” to approve the relevant offerings prior to a firm’s participation; and
  • Developing post-approval processes and ongoing monitoring systems after the closing of private offerings.

Best Execution

Best execution obligations have become an area of increasing concern to securities regulators as many retail broker-dealers have moved to a zero commission business, looking to replace the lost commissions with payment for order flow. In light of these concerns, FINRA conducted a targeted review of zero commission firms during 2020 to examine the implications of that business model for best execution obligations. While the results of that targeted examination have not yet been released, FINRA reminds broker-dealers in the Report that they have a continuing obligation to seek best execution for their customers by conducting a “regular and rigorous review,” of, among other things, speed of execution, price improvement, and the likelihood of execution of limit orders.

FINRA also flagged the need for broker-dealers to consider potential conflicts of interest that might result from order routing arrangements and to ensure that proper disclosures are being made regarding payment for order flow arrangements and any related conflicts.

Regulation BI and Form CRS

Regulation BI is the new SEC rule requiring broker-dealers to act in the best interest of their retail customers when making recommendations about investments or investment strategies. Form CRS is a related short-form disclosure document mandated by the SEC for all retail accounts.

The Report does not include any examination findings on these requirements given the fact that they only recently went into effect. FINRA indicated that it expects to publish results of its examination findings on Regulation BI and Form CRS in the future. In the meantime, FINRA encourages firms to consider, among other things:

  1. Have their registered representatives and sales supervisors been adequately trained to understand the best interest standard?
  2. When making recommendations, do registered representatives consider reasonably available alternatives?
  3. How does the broker-dealer identify and address conflicts of interest that might affect recommendations to retail customers?
  4. Has the broker-dealer eliminated titles for its registered representatives that include the word “adviser” or “advisor”, except for personnel who are licensed with a registered investment adviser, commodity advisor or municipal advisor?
  5. Does the broker-dealer’s Form CRS include all mandated text and adequately describe how the firm makes money as well as potential conflicts of interest?
  6. Is the broker-dealer maintaining records to demonstrate its compliance with Regulation BI?

Our Take

The Report is a valuable compendium of FINRA’s guidance as to compliance issues and related resources. The Report should help most broker-dealers to review and improve their compliance procedures across a broad range of topics, and to prepare for their next examination.


[2] FINRA notes that the Report replaces two of FINRA’s prior annual publications: (1) the Report on FINRA Examination Findings and Observations, which provided an analysis of prior examination results; and (2) the Risk Monitoring and Examination Priorities Letter, which highlighted areas that FINRA planned to review in the coming year.



Unsolicited e-mails and information sent to Morrison & Foerster will not be considered confidential, may be disclosed to others pursuant to our Privacy Policy, may not receive a response, and do not create an attorney-client relationship with Morrison & Foerster. If you are not already a client of Morrison & Foerster, do not include any confidential information in this message. Also, please note that our attorneys do not seek to practice law in any jurisdiction in which they are not properly authorized to do so.