Thursday, May 22, 2008

Exam Priorities

FINRA just put out its annual notice on exam priorities. Below I've listed the areas they prioritize (many), along with summaries and few comments. Far below, I note some recent findings I've seen on exams. This isn't overly original or interesting, but I thought I'd throw it in my blog, since I've been way too busy lately to write anything else... :)

Senior Investors – hot topics include misleading advertising, shameless, fear-inducing sales pitches and of course, suitability. Advice: don’t let your reps claim to be qualified
‘senior investing’ specialists and make sure each transaction is well documented to establish suitability.
Deferred Variable Annuities – new Rule 2821 went into effect, sort of, on May 5. Reps have to document their reasonable basis for recommending a Def. V/A purchase or switch; principals in the future will also be required to ensure reasonableness. Training is in Def. V/A rules and products is required. Here is the link to the April Phone-In Workshop on the subject -
phone-in workshop; also reference my notes on this in an earlier blog entry
.
Anti-Money Laundering (AML) – final rule 312 of Patriot Act went into effect in Feb; most small firms are not effected since they don’t have foreign banking relationships. Examiners are looking for suspicious activity monitoring and SAR filings; also making sure firms are having independent testing as required. Remember, follow-up on testing recommendations and keep records of your follow-up action taken.
Protection of Customer Information – issues include online account hacking (not relevant for most small firms) and protecting information stored electronically (on hard drives, portable drives, laptops and PDA’s). Exam deficiencies include failure to provide privacy notices (and keep records of providing them), failure to have procedures addressing disposal of consumer report information, failure to obtain required confidentiality agreements from third parties; failure to insure that outsourcing entities maintained the confidentiality of customer information; and failure to include a required “opt out” clause in their privacy policies. While firm procedures may address safeguarding their information, it’s a good idea to have a separate “IT” type document detailing the administrative, technical and physical safeguards used to secure data.
Supervision and Supervisory Controls – I guess a lot of firms are still struggling with the difference between supervisory procedures under 3010 and control procedures under 3012/3013. Exams focus on separate control procedures, review of producing manager, heightened supervision of high-risk brokers, annual testing and verification and CEO certifications.
Sales of New or Non-Conventional Products – firms have to have procedures for approving of new products; examiners are also focusing on recommendations in new and non-conventional products, such as hedge funds, CMOs/CDOs, REITS, auction rate securities and other structured products. Guidance references MSRB notices for firms doing muni business.
Transaction Reporting – accuracy of reported transaction information is the firm’s responsibility, no matter how it’s reported. Trade Reporting Facility participants must transmit certain information regarding last sale reports of transactions in designated securities. Examiners are also finding firms to have incorrectly reported riskless principal transactions, incorrectly reported transactions with the long/short-sale indicator and not properly submitted OATS data with accurate order information, terms and conditions, and/or special handling codes.
Business Continuity Planning (BCP) – the exam priorities publication states that firms should periodically test their plan to ensure all of its components work as envisioned…but this is not required by the Rule itself or in FINRA’s 2006
NTM 06-74 on the subject. Firms should decide if periodic testing is necessary, given their size and customer services.
Data Integrity – exams will look at CRD filings, complaint reporting and clearing firm reporting to ensure accuracy and timeliness. Firms face steep fines for late filings.
Bank Sweep Programs – for broker-dealers sweeping customer credit balances into deposits at banks. All sorts of issues, here, including: protection of funds, net capital requirements, written agreements, reconciliations, books and records, SIPC/FDIC coverage, and account statements. Call district contact to discuss before setting up such a program.
Agency Lending Disclosure – for firms that operate an agency securities lending business. Exam findings show firms not performing principal counterparty credit risk monitoring or reconciliations and not resolving contract differences nor computing securities borrow deficit capital charges at the principal counterparty level. Ref: 05-45.
Inventory Valuations – firms should have controls to independently validate the pricing of inventory positions.
Outsourcing – outsourcing is not a substitute for internal controls and compliance monitoring; outsourcing should be monitored and overseen. Outsourcing to foreign entities may result in risks and should be closely monitored.

Order Audit Trail System (OATS) – as of February 4, 2008, OATS reporting requirements include OTC equity securities such as orders for OTC equity securities traded on the OTCBB, Pink Sheets or otherwise, as well as orders for certain foreign equity securities and other securities meeting the definition of OTC equity security in NASD Rule 6951. Best to visit the OATS web site (OATS) and FAQs to understand the complexities of OATS reporting.
Regulation NMS -- SEC Rules 610 (the Access Rule) and 611 (the Order Protection Rule) were fully implemented for all NMS stocks as of October 8, 2007. Initial FINRA exams show that some firms mistakenly may believe that Reg NMS does not apply to them, either because they make markets in a limited number of NMS stocks or because they infrequently execute orders internally. Note that Reg NMS does not include any exception to the definition of “trading center” based on de minimis activity. Firms are reminded that the requirements for ISOs apply to “any broker or dealer” that uses ISOs, and are not limited solely to broker-dealers that operate as trading centers. Refer to online resources for clarity on this:
Spotlight On Regulation and Frequently Asked Questions on Rules 610 and 611.

Additional areas of exam findings:

Changes in Account Name or Designation – changes in account name or designation, including error accounts, must be approved by a designated principal and there must be records to show that s/he was personally made aware of the essential facts concerning the change. Approval must be noted on the order or another record.
Time and Price Discretion – when relying on a verbal, one-day time and price discretion exception to Rule 2510 (discretionary accounts), firms must note the reliance on tickets and must not extend the discretion beyond the close of business that day. (Doesn’t apply to institutional accounts in ‘good-til-cancelled’ transactions on a ‘not held’ basis.)
Net Capital – violations include inaccurate inventory valuations of prop. positions and mark-to-markets performed by traders; and improper treatment of ‘cash-like’ investments offered by banks (non-allowable).
Customer Protection – 15c3-3 violations include: inaccurate treatment of stock record allocation positions; non-bona fide reserve bank deposits; and creation of segregation deficits by deliveries, securities loaned and securities borrowed returns.
Back-Office Transaction Processing – inaccurate trade processing and reconciling. Conversions of processing systems often leads to a lot of trade breaks and unreconciled items, creating inaccuracies in books and records, charges against net capital and increased customer reserve requirements.

What I have seen lately in exam results:

Audit of Electronic Storage Input -- failure to have procedures for/comply with the ‘audit’ function under the SEC electronic books and records rule (17a-4(f)(3)(v). I have requested guidance from four FINRA staff members; three clients have directly requested guidance, verbally and/or in writing, from their examiners and/or liaisons, but NONE has been provided. At very least, perhaps firms should ‘check to see that the records are there’—paraphrased advice from one FINRA staff member.
Notify Outside Brokerage Firms of Employee Accounts – Rule 3050. If reps opened accounts prior to being associated persons of the firm, they will not have informed the outside brokerage firm of their status as RR. Firm should send letter to outside brokerage firm with request to provide duplicate statements/confirms.
Provide Copy of U5 to Term’d Rep – copies of U5’s must be provided to terminated reps within 30 days of termination; keep a record to show that the U5 was indeed provided.
Maintain Updated Contacts on FCS – be sure when updating contact information that you hit “save” or the changes will be lost. Changes of most CRD information should be made within 30 days of the change or of knowing of the change.
Provide BCP Disclosure Summary – required for all firms, including those with institutional customers. Provide at account opening and when the information changes (not an annual disclosure requirements, but a good idea to include in annual disclosures).
Register Personnel with Access to B/R – back office or administrative staff who have access to customer records or the firm’s financial b/r should be registered on CRD as “NRF” employees. Fingerprint cards and certain personal data are filed.
Obtain AML Information (CIP) -- new account forms or other such forms should include all required CIP information—name, physical address, TIN and DOB if individual. Verification must be in evidence and customers must be informed of firm’s CIP verification efforts—keep records of all compliance with this rule.

No comments: