Next, Rufino stressed that firms should not consider compliance as a cost, but understand that good compliance means good business, and so compliance functions need budgetary support from the executive management. First, he emphasized “tone at the top,” and stressed that commitment from the board and executive management is essential for compliance. On conflicts of interest, Rufino said it is important for firms to have the ability to identify and mitigate conflicts and have escalation procedures.
For broker-dealers looking for a good starting point, FINRA produces a WSP Checklist which is generally designed for guiding new FINRA member applicants on the minimum requirements when preparing a compliance manual during the new membership application process. Although this certainly doesn’t cover all required areas for all firms, it’s a useful tool and good reference point when considering what you should include based on your firm’s business model and product lines. Although many firms test the efficacy of their procedures in different ways, one of the main ways is through annual and/or periodic internal/external compliance reviews where the testing and verification processes are designed to detect any irregularities or gaps in compliance processes. These types of reviews also consider material changes in the regulatory landscape that may impact the firm and its internal controls and compliance processes.
He added that merely giving just the “right answer” or talking about what an employee does not know may raise suspicion on the part of examiners. Halliday commented on annuity accounts and said they have a centralized team review annuity transactions to ensure consistency and comprehensive review. Bank, informed the panel that cyber crime is a growth industry due to the low risk for criminals in countries that do not hold residents accountable or who lack extradition. In our years of experience, we’ve seen a gradual diminution of the attitude that compliance, marketing, and sales cannot coexist. The most effective firms place a high emphasis on GRC and include compliance as part of C-Level leadership. The SEC is taking a retaliatory stance against certain BD-employee confidentiality agreements that violate Section 21F-17 of the Securities Exchange Act of 1934, which amends “Securities Whistleblower Incentives and Protection” provisions.
Therefore, he said, it is important for anti-money laundering supervisors to work closely with employees who run trading surveillance. Regarding a potential customer risk profile requirement in the final CDD Rule, Green noted that this profile process is “more entrenched in the banking side” than it is in the securities side of the industry. When discussing the ongoing monitoring and reporting requirement, Ziermann explained the need to make internal staff aware of this part of the CDD Rule and that explaining why this requirement exists is likely to lead to better compliance. Sterling Daines, Managing Director, Global Compliance Division, Goldman, Sachs & Co., expressed appreciation for how the government agencies involved in the CDD Rule conducted extensive industry outreach during their proposed rule drafting process. Daines noted that larger firms are still figuring out how to best identify beneficial owners, which can be challenging.
Although the microcap market has become a focal point for regulatory scrutiny, risk is broadly predicated on the brokerage’s operational footprint, the geographies they intersect, and the RIAs for which they process trades. In 2017, firms must thoroughly assess the integrity of their trading technology platforms, employees, counterparties, and transaction-monitoring systems. One of the most important steps to building the right compliance manual is to start with a good foundation. Whether you’re a broker-dealer or investment adviser firm , you will need to prepare a set of written supervisory procedures or a “compliance manual” that is largely based on the firm’s business activities, corresponding risks and the regulatory framework within which it operates.
Wollman also emphasized that FINRA shares information with the SEC, and has quarterly calls as well as business and risk meetings with them. Communication in the compliance department, Wollman said, is the key to express any possible burdens or duplication caused by FINRA and SEC examinations. Sibears stated that there is a connection between risk management and governance; and that the board needs to be interested in cybersecurity and understand risk management approach. He highlighted the need to cover legacy systems since there are many that companies ignore that continue to collect information and subsequently pose a threat. He also stressed the need to ensure that the board understands that breaches will occur and what the response plan will be so the company can recover. White highlighted that transparency is a priority of the national exam program, which the SEC has sought to enhance through its risk alerts and press releases about findings from prior examinations.
She noted that open, constructive dialogue benefits everyone and enables regulators to identify issues before investor harm occurs. He noted that approaches to retirement are changing rapidly as more and more people are now required to manage their own retirement money. Furthermore, he said 77% of firms have written procedures for senior customers, “which is a good thing.” However, he noted that there is concern regarding the complexity of products in which many seniors are invested.
Moderator Christopher Hetner, Lead, Technology Controls Program, Office of Compliance Inspections and Examinations What is Compliance for brokers at the SEC, asked the panel what cybersecurity actors, threats, and potential impacts exist for companies.
Efficient and compliant written supervisory procedures that reflect your business model ensure consistent results to protect you and your clients. From designing compliance programs to reviews and testing for large, complex organizations, we optimize resources and align programs to manage risk and achieve compliance. Regarding giving notice, Wollman explained that FINRA is fairly focused on “pre-work,” explaining that FINRA gives pre-announcement days ahead of its actions and requests that information be submitted 2-3 weeks after the pre-announcement. Wollman noted that the opening phase of an exam is key, especially receiving requested documents, and stressed the importance of a firm’s willingness to explain records and allow examiners to have interviews with the employees. If you oversee the compliance program at your firm, you need compliance technology designed to help you meet your regulatory obligations and demonstrate your commitment to helping the firm focus on core business functions. The ComplySci platform not only enables better use of your time and resources, but ensures your compliance program effectively safeguards your firm from regulatory issues for today and tomorrow.
To mitigate AML risks, as well as bolster CIP and UBO compliance, brokerages should seek an investigative public records tool that can pull data from a global network of information resources in real time. Both explained that even though the SEC and FINRA may seem as if they are “stumbling over each other or even competing,” he stressed that they are trying avoid duplication unless it is necessary, as both have limited resources. Goodman said with exam plans, the SEC conducts document analysis to understand what FINRA has done, how is it different, and why FINRA looked at certain areas.
Halliday said she is not seeing any particular new trends but said supervisors need to be more vigilant as more employees are able to work remotely. Greco noted that, although there is an overall increase in complaints https://xcritical.com/ across the industry, they are not sales practice but customer-service related. When asked about trends, Gregus noted that there are still firms that engage in the traditional type of excessive trading in penny stocks.
Greco noted the importance of making sure that any outside business activity issues are flagged for new managers when they arrive. Axelrod spoke extensively about FINRA’s efforts in the senior investor sphere, noting that an April joint reportfrom the SEC and FINRA outlined both firm’s policies and practices on senior investors. She highlighted the extent of the FINRA helpline for investors which began in April and has received 867 calls across 47 states and four countries (U.S., Israel, Vietnam, and U.K.).
In these highly structured fund vehicles, various feeder funds, often set up as offshore limited liability corporations, buy a stake in the master fund, which becomes the buyer/seller of record for all trades. Given that master-feeder fund architecture is popular with “foreign investors who wish to maintain a certain level of anonymity,”14 brokerages must leverage new investigative technologies to enhance transparency for RIA ownership structures. Denise Saxon, Assistant Regional Director, Denver Regional Office, SEC, noted SEC Enforcement Director Andrew Ceresney’s February speech that called into question “what the industry as a whole is doing” regarding SARs reports. Greene noted that the SARs form has expanded and that firms should perform their own risk assessments and that as regulators should ask whether firms are adequately investigating all alerts and whether they are capturing relevant activity in their monitoring systems. SEC Chair Mary Jo Whiteemphasized the critical importance of compliance professionals on the front lines to assist the SEC and the Financial Industry Regulatory Authority in creating, implementing, and enforcing strong, comprehensive policies. She noted that compliance and risk management must be an “organization-wide” effort and responsibility, especially considering the limited resources available.
Broker-Dealers need to solidify their compliance activities by investing in software solutions that improve the efficiency of processes, while providing supervisors with immediate information regarding outliers or areas of increasing exposure. While recent penalties against delinquent brokerages suggest more human error than technological deficiency, the first-ever fine issued against a BD for failing to file SARs is a wake-up call for the entire sector. It follows that more brokerages will inevitably feel the sting of SAR-related enforcement action in 2017. And most recently in June, the SEC issued the first-ever fine against a BD for failing to file suspicious activity reports 6 related to the high-volume liquidation of microcap securities. We have the Compliance, Operations and Strategic professionals under one roof to meet all of your consulting needs. Our Governance, Risk and Compliance experts will balance regulatory requirements with your day-to-day operations, policies and procedures.
We can help you collaborate with other internal business lines to prioritize challenges and pioneer change. During the exit interview, Goodman stated that listening carefully and giving feedback is important, noting that this is the time to make changes before the deficiency letter is actually sent out. FINRA meets with firms on a periodic basis, he explained, and offers status updates during the exam period. He also noted that during the exit meeting, FINRA provides a written document to state what the issues and outcomes are.
Data exposure can come in many forms, especially where paper processes may be temporarily replacing automation. Providing employees with company equipment, rather than deploying BYOD policies, will make a difference, as well as the use of shredders to destroy physical records at remote locations. Our employees leverage their knowledge of industry benchmarks, platforms and expertise using proven agile methods, helping you meet and overcome your toughest challenges. Wollman said there may be certain times where the examination may or might appear to be duplicated and explained that for the SEC, this occurs when a normal exam turns to be an oversight exam, however he noted that these cases are fairly limited. Another time, he explained, is when a tip or complaint is received about a high profile firm or if the firm is having financial difficulties.
However, point solutions for such monitoring often create data siloes that negatively impact the efficiency and effectiveness of your compliance program. A comprehensive solution uses data and software to ensure compliance teams are ahead of regulators and ready for examinations. ComplySci reduces the amount of time data gathering by as much as 60%, allowing you to respond to changing regulations with confidence and agility.
First, whether you’re starting from scratch or updating your existing manual, you shouldn’t try and reinvent the wheel unless you absolutely have to. Your time is valuable and probably best spent on top-line functions so seeking expert help may be the right choice for saving time while getting the right guidance needed to get started. Although each firm is different and one size certainly does not fit all, you can make your life a lot easier if you have a baseline from which to start and then customize. There is no right answer as to how you approach this as long as you end up with a compliance manual that is sufficiently aligned with your firm’s business activities and supervisory processes. Your compliance manual is the centerpiece of your compliance program and plays a critical role in helping enhance and enforce your firm’s culture of compliance. As a former regulator and current principal of a compliance consultancy, I’m often asked about the key considerations for building an effective “audit proof” compliance manual.
In the risk alert, the SEC encourages broker-dealers to “pay particular attention to the risks regarding access to systems, investor data protection, and cybersecurity.” FINRA has similarly offered cybersecurity advice for firms that are working from home. Meetings via Zoom and remote compliance activities are likely to be in place for the foreseeable future, and keeping information secure should be a key consideration for compliance teams. Despite the latest no-action-relief guidance from the SEC, brokerages must enhance third-party due diligence capabilities. In today’s regulatory regime, BDs should generally focus on microcap traders and RIAs with highly structured, offshore fund architecture.
Dolber then continued that a preventative two factor identification system, though beneficial, is often resisted by consumers who prefer convenience to preventative measures. Additionally, firms should offer more detailed guidance to home workers about routinely changing passwords, detecting phishing scams, and avoiding unsecure communication platforms. Wollman also said the examiners know when answers are different and that offering additional information provides greater degree of comfort.
Increasing levels of trade, the threat of cyber-attacks, and regulators looking to reassert their authority are major concerns, and time is of the essence to undertake a review of compliance activities. We understand the issues you face and provide practical solutions, helping you reframe your toughest challenges. From Compliance and Operational improvements to creating long-term value through strategic planning, our experts have the experience and solutions to fit your needs.