FINRA, in a letter to all FINRA member firms, highlighted new and existing areas of particular significance to its 2009 examination program. FINRA’s 2009 examination priorities are as follows:
(1) FTC’s Red Flags Rule, which is effective May 1, 2009 and requires firms to maintain a written identity theft prevention program.
(2) Alternative investments, such as high-yield bonds and bond funds, structured products, alternatives to cash holdings and other non-conventional investments, particularly:
Whether firms are adequately performing the required customer-specific suitability analysis; and
Whether sales materials and oral presentations are fair and balanced and include a discussion of risks associated with the investment.
(3) Retail foreign currency exchange activities.
(4) Supervision is a core element of all FINRA examinations. Specifically, FINRA noted that it will focus on the following:
Existence of comprehensive supervisory systems, policies and procedures;
Extent to which firms establish, maintain and administer their supervisory systems;
Firms’ ongoing obligation to test and verify their supervisory procedures; and
Existence of a robust inspection program for both branch and non-branch locations, including close review of private securities transactions and outside business activities.
(5) Sales practices with respect to senior investors and baby boomers.
(6) Anti-money laundering compliance programs, specifically whether a firm’s procedures are appropriately tailored to a its business model, risk profile and volume of transactions.
(7) Obligations under the Foreign Corrupt Practices Act, including maintenance of accurate books and records and adequate internal controls.
(8) Unregistered resales of restricted securities, particularly a firm’s:
Due diligence with respect to schemes involving low-priced securities or penny stocks; and
Due diligence toward and recognition of red flags that may have triggered suspicious activity reporting requirements under the Bank Secrecy Act.
(9) Adequate supervision of the sale deferred variable annuity products pursuant to NASD Conduct Rule 2821.
(10) Sufficiency of IT security procedures to deter security breaches, hacking, cyber attacks, account intrusions and other security threats.
(11) For firms that outsource key operational functions, whether they:
Perform the necessary due diligence and counterparty risk assessment when outsourcing those functions; and
Establish controls and procedures to ensure that vendors are fulfilling their duties responsibly and in compliance with applicable rules and service agreements.
(12) Adequacy of controls related to material, non-public information, particularly:
How firms tailor their information barrier procedures to their business activities and organizational structure; and
How firms identify information to be protected.
(13) Adequacy of procedures in place to comply with the customer protection rules, including correctly computing the reserve formula pursuant to Rule 15c3-3 of the Securities Exchange Act of 1934 (the “Exchange Act”) and reducing customer fully paid and excess margin securities to possession or control.
(14) Disclosure to customers regarding excess SIPC protection, particularly if a firm has made alternative arrangements for excess SIPC coverage.
(15) Controls for independently valuing inventory and collateral positions, particularly less liquid and more complex positions.
(16) Evaluation of counterparty credit risk.
(17) Accurate recording of bona fide intercompany transactions and reconciliation of intercompany accounts.
(18) Prompt establishment and reconciliation of suspense accounts.
(19) Bank sweep programs, particularly:
Disclosures made to customers with respect to FDIC and SIPC protections;
Firms’ methodology for determining interest rates on the balances swept; and
Disclosure of any compensation the broker-dealer receives arising from a bank sweep arrangement.
(20) For firms that use customer fully paid securities for lending programs:
Whether they record those transactions on their books and records;
Whether they accurately disclose those transactions to customers; and
The nature of any rebates paid to customers.
(21) The sale of equity securities, particularly related to the quality of a firm’s supervision and written supervisory procedures to ensure compliance with Reg SHO Rule 240T and Rule 10b-21 of the Exchange Act.
(22) Obligations not to inappropriately circulate or disseminate any information that might reasonably be expected to influence the market price of certain securities.
(23) Controls related to the order-entry process, particularly whether a firm’s internal controls and processes adequately ensure that orders are entered and transmitted accurately.
(24) Internal controls, procedures and surveillance practices related to the market close, particularly with regard to marking-the-close issues to ensure that potential misconduct is identified and reviewed in a timely manner.
(25) Transaction reporting, including the accuracy of the transaction information reported by firms or on their behalf.Proper processing of daily OATS submissions pursuant to recent enhancements to the OATS system.