The 2024 FINRA Annual Regulatory Oversight Report provides firms with insight into findings from FINRA’s regulatory operations programs including Member Supervision, Market Regulation and Enforcement. Addressing a broad range of topics spanning conflicts of interest, disclosures, communication practices and crypto asset compliance, the report contains information that firms can use to strengthen their compliance programs in 2024 and beyond.
“As our industry evolves, so do the compliance challenges faced by firms, which is why the report is so critical. Some of the topics covered will be familiar from past reports, updated for 2024, while others are new and represent emerging risks and evolving trends that are of growing importance as we look ahead.”
The content includes areas of risk that are of perennial concern in the industry including Financial Crime, Firm Operations, Communications and Sales, Market Integrity and Financial Management. Crypto Asset developments along with expanded Market Integrity concerns are new to the report for 2024. Highlights of the report include:
Cybersecurity and Technology Governance
In the Cybersecurity and Technology Governance section firms are reminded of the requirement to have policies and procedures in place that address the protection of data. According to the report, cybersecurity remains one of the principal operational risks facing broker-dealers FINRA expects firms to maintain cybersecurity programs and controls that are consistent with their risk profile, business model and scale of operation.
Anti-Money Laundering, Fraud and Sanctions
The Anti-Money Laundering, Fraud and Sanctions section highlights that FINRA Rule 3310(a) requires that firms establish and implement AML policies and procedures to detect and report suspicious transactions. Firms must also conduct training for appropriate personnel and implement appropriate risk-based procedures for conducting ongoing due diligence.
The report's Financial Crimes section outlines the need for vigilant monitoring and controls to prevent manipulative trading. The section notes that under FINRA Rule 3110, firms are required to supervise the trading activities of associated persons. Firms must also have procedures in place to review securities transactions to identify trades that may violate regulatory rules prohibiting insider trading and manipulative and deceptive devices.
Crypto Asset Developments
New for 2024, the Crypto Asset Development section of the report highlights the risk of crypto-related market abuse, including manipulative schemes related to low price securities and amplified by social media. Additional guidance on preventing market abuse in crypto assets can be found in FINRA Regulatory Notice 21-03 (FINRA Urges Firms to Review Their Policies and Procedures Relating to Red Flags of Potential Securities Fraud Involving Low-Priced Securities).
The report also notes the risk of conflicts of interest when employees and associated persons are in crypto-related Outside Business Activities and Private Securities Transactions.
Outside Business Activities
“FINRA Rule 3270 (Outside Business Activities of Registered Persons) and FINRA Rule 3280 (Private Securities Transactions of an Associated Person) require registered persons to notify their member firms in writing of proposed outside business activities (OBAs), and all associated persons to notify their firms in writing of proposed private securities transactions (PSTs), so firms can determine whether to prohibit, limit or allow those activities.”
The report points out that firms should be considering whether OBA and PST activities are changing over time and lists questionnaires, due diligence, monitoring, affiliate activities, written supervisory procedures, training, disciplinary action and digital asset checklists as effective practices to manage OBA and PST compliance.
Books and Records
The report notes that failure to capture, review and archive employee correspondence is a significant risk that has resulted in recent regulatory action against many firms. It also highlights the impact of the SEC’s 2023 amendments to SEC Rule 17a-4, which pertains to the maintenance and preservation of electronic records and includes the supervision and retention of "off-channel communications" and the use of artificial intelligence.
The report also warns firms about the risk of off-channel communications, noting that correspondence on non-firm approved platforms brings an increased risk that the communications will not be preserved and maintained in accordance with books and records requirements.
Across all areas of the report, there are common themes regarding proactive steps that firms can take to stay compliant with the many areas of regulatory concern outlined in the report. These include:
- Establishing written policies, procedures and controls
- Testing and validating controls
- Having employees complete questionnaires and attestations
- Reviewing employee communications and electronic correspondence
- Ongoing and regular employee training
In the report, FINRA also reminds member firms to stay apprised of new or amended laws, rules and regulations, and update their written supervisory procedures (WSPs) and compliance programs on an ongoing basis.
Is your compliance roadmap for 2024 in place?
Let MCO help you meet the heightened expectations of FINRA and regulators across the globe in 2024. Our integrated solution lets compliance professionals efficiently and cost-effectively demonstrate they are proactively managing the regulated activities of the company, employees and third-party relationships and easily provide proof of regulatory compliance. MCO can help you streamline compliance across your organization and be ready to stand up to regulatory scrutiny.