On January 9, 2024, FINRA published its 2024 Annual Regulatory Oversight Report (the “Report”). FINRA publishes the Report as a way to provide its broker-dealer members with insight into findings from FINRA’s Member Supervision, Market Regulation, and Enforcement programs. FINRA also intends for the Report to serve as a roadmap firms can use to bolster their compliance programs throughout the year.
FINRA’s Report has evolved over recent years into a snapshot of key risks and findings across the full landscape of FINRA’s oversight. FINRA noted that the new title and focus (the previous title and focus was the Report on FINRA’s Examination and Risk Monitoring Program) “represents FINRA’s ongoing efforts to increase both the integration among our regulatory operations programs and the utility of the Report for member firms as an information source they can use to strengthen their compliance programs.”1 As in prior years, the Report is organized according to broad topics with subtopics summarizing firms’ obligations, information on related considerations, exam findings, effective practices, and additional resources.
New for 2024 is specific content dedicated to (i) crypto assets (crypto was discussed in prior years, but not with a dedicated section); (ii) additional topics within the “Market Integrity” section (e.g., OTC quotations in fixed income securities, advertised volume, and market access); (iii) information related to artificial intelligence and its potential effects on firms’ regulatory obligations; and (iv) guidance concerning firms’ supervision and retention of off-channel communications (i.e., business-related messages on personal devices or platforms outside the firm’s control).
The Report continues to address perennial topics such as AML, cybersecurity, net capital, communications, and sales practices (including issues related to Reg. BI and Form CRS). Notably, the Report includes a broader range of topics than in the prior two years, especially related to matters pertaining to market integrity (e.g., CAT, best execution, Reg. SHO). In some ways, the Report has morphed from a list of specific priorities for a given year, to an overall market-wide report that highlights specific trends and developments. FINRA notes that it has “selected topics … for their interest to the largest number of member firms.” We highlight areas of particular interest below.
1. Covering cybersecurity, AML, and manipulative trading, FINRA highlights the SEC’s recently adopted rules relating to disclosures by public reporting companies and proposed cybersecurity risk management rules for broker-dealers. Managing technology and vendors, responding to cyber incidents, branch-specific controls, and incident awareness are all key areas for FINRA when considering cybersecurity.
2. FINRA highlights the use of Artificial Intelligence (including generative AI) as an emerging risk that “could implicate virtually every aspect of a member firm’s regulatory obligations,” noting that the use of these technologies may have broad implications across the firm’s regulatory obligations, including communications with the public, customer information protection, research and Regulation Best Interest, and noting that the regulatory landscape may change as this area continues to develop.
3. For AML, firms should be focused on the scope of their AML program and whether it reasonably addresses risks presented by the business model, suspicious activity reporting (SAR), customer onboarding, and independent testing.
Crypto Asset Developments
4. A new area for 2024, FINRA highlights the three permissible business lines for broker-dealers engaging in crypto asset securities business –acting as placement agent for crypto asset securities, operating an ATS for crypto asset securities, and providing custodial services. Firms engaging in this area should consider prior SEC and FINRA guidance related to custody and settlement, establishing WSPs, processes, and controls reasonably designed to achieve compliance with applicable laws and guidance, including for determining whether a crypto asset is a security, whether an effective registration statement is in place, and for communications related to digital assets. Firms should also consider their AML program in light of unique or novel considerations related to digital assets.
5. For firm operations, the Report focuses on outside business activities (OBAs) and private securities transactions (PSTs), books and records, regulatory event reporting, trusted contact persons, and crowdfunding for funding portals and broker-dealers. Firms should consider WSPs and processes for notification and approval of OBAs and PSTs (including updating Form U4). For recordkeeping, FINRA highlights the recently adopted SEC rule allowing for audit-trail recordkeeping as an alternative to write once, read many (WORM) technology and risks associated with off-channel communications, noting the SEC has issued and continues to issue significant fines in this areas. FINRA notes that misinterpreted obligations, failure to maintain email correspondence, and failure to maintain converted records are common findings in these exams.
Communications and Sales
6. Covering communications with the public, Reg. BI and Form CRS, private placements, and variable annuities, FINRA highlights false, misleading, or inaccurate information on mobile applications and deficient communications promoting crypto assets and ESG products as frequent key findings. For Reg. BI and Form CRS, FINRA observes that firms fail to conduct reasonable investigation of offerings prior to making a recommendation, do not identify, disclose, and mitigate conflicts of interest, and do not provide customers with full and fair disclosures of material facts when complying with the care, conflict of interest, and disclosures obligations, all key drivers of noncompliance in this area.
7. Market Integrity covers the consolidated audit trail, best execution, disclosure of routing information, Reg. SHO, fair pricing in fixed income securities, OTC quotations in fixed income securities, advertised volume, and the Market Access Rule (the last three items being new in 2024). Broadly speaking, FINRA highlights insufficient controls, failure to consider additional data, over reliance on vendors, and unreasonable supervisions of firm technologies and procedures as common findings. For best execution, FINRA frequently sees a lack of assessment of execution in competing markets, lack of review of certain order types, unreasonable “regular and rigorous” reviews, and failure to address conflicts of interest as frequent issues when examining best execution.
8. Financial Management addresses perennial considerations like net capital, liquidity and credit risk management, margin, and segregation of assets and customer protection. These concerns are likely underscored by the turmoil experienced at some US banks in early 2023. For net capital, FINRA identifies supervision, designating a FinOp, maintaining accurate books and records, properly allocating expenses in expense sharing agreements, and keeping secure and limited access to bank accounts as issues firms should focus on to enhance compliance. Firms should also conduct stress tests, create credit risk frameworks, and evaluate counterparty exposure when evaluating their liquidity and credit positions.
While the SEC continues its rulemaking at a breakneck pace, FINRA similarly shows no signs of slowing down its rapid rate of examination and enforcement activity. Firms at least now have a more developed set of warnings about what FINRA will be looking for. The Report should serve as a resource for firms to identify and evaluate compliance across key areas of their business before FINRA’s examinations or enforcement teams pay a visit.
 In 2021, FINRA published its Report on FINRA’s Risk Monitoring and Examination Activities, which replaced two of FINRA’s prior publications: (1) the Report on Examination Findings and Observations, which provided an analysis of prior examination results, and (2) the Risk Monitoring and Examination Program Priorities Letter, which highlighted areas FINRA planned to review in the coming year. In 2022, FINRA again changed the title to the Report on FINRA’s Examination and Risk Monitoring Program, while leaving the scope largely the same as in 2021. The 2023 Report title and scope remained the same as in 2022.
This informational piece, which may be considered advertising under the ethical rules of certain jurisdictions, is provided on the understanding that it does not constitute the rendering of legal advice or other professional advice by Goodwin or its lawyers. Prior results do not guarantee a similar outcome.