On January 10, 2023, the Financial Industry Regulatory Authority, a US government-authorized not-for-profit organization that oversees broker-dealers in the United States, published its report on the organization’s examination and risk monitoring program for 2023. The purpose of the report is to provide guidance for member firms; it identifies relevant rules, summarizes developments, outlines effective practices, highlights key considerations and lists additional resources.
Several new sections in the 2023 report reveal an increasing focus on cybersecurity and technological governance, anti-money laundering, fraud, sanctions, and manipulative trading as areas of risk for investors. Cybersecurity in particular poses significant challenges, as the frequency, sophistication and variety of attacks grows. To address the challenge of cybersecurity, FINRA has established a Cyber and Analytics Unit in order to help firms proactively address threats in this area. And in December 2022, FINRA issued a regulatory notice to help firms evaluate their cybersecurity programs and obtain information about ransomware controls.
According to the report, the use of mobile apps has surged in recent years, creating new opportunities but also new issues for broker-dealers and their customers, especially as some apps do not adequately distinguish between products and services offered by the broker-dealer, and those offered by third parties — transactions involving crypto assets among them.
Another new area of focus is complex products and options. The 2023 report addresses both of these topics, beginning earlier, in November 2022, when FINRA announced a targeted exam of firms’ crypto asset retail communications, in which communications were evaluated for false and misleading statements and possible misrepresentations regarding the extent to which existing securities laws and FINRA rules apply to crypto asset products and services. And in December 2022, FINRA updated its targeted exam of practices and controls related to options accounts.
The 2023 report warns firms to examine communications in every format – in print, on mobile apps, and in other media – and ask themselves how they are promoting claims about environmental, social and governance positions, crypto assets, and municipal securities, among others.
An appendix to the report lists ways in which firm have used FINRA’s reports to strengthen their compliance practices.