Skip to content
Regulatory

FINRA’s updated cycle exam program: What you need to know

Regulatory exams can be stressful and complex. Here's a simple breakdown of FINRA's updated cycle exam program to help firms prepare.

FINRA member firms know to allocate the time and energy needed for a FINRA exam into their compliance fabric. They understand this is what it means to be regulated. They knew the announcement of an exam was forthcoming. They believe they are ready. Still, there is often that sense of uneasiness at the prospect of an examination knowing that compliance is not an event, it is a process, and the timing of a regulatory exam is rarely optimal. Understanding FINRA’s own evolution in its cycle exam program may help to allay the jitters. Let me explain.

A little history

Back in the day, there were three types of exams: financial, business conduct, and trading. Firms could vary their preparation depending on the nature of the exam. Firms typically set aside a conference room (or rooms) for a week (or a month, or more) and allocated personnel and resources to accommodate the examiners. Firms often identified someone to liaise with the examiners for document and information requests and someone to log and produce requested records. Firms allocated resources to both facilitate and segregate FINRA examiners’ use of printers, copiers, access credentials while they were onsite. Since the exams mostly adhered to a “one-size-fits-all,” firms assembled decks or scripts to introduce FINRA to their business, anticipating that the examiners themselves may need to be oriented to what they were about to examine.

That was then. This is now.

FINRA360

FINRA’s exam program has undergone a notable transformation over the past several years. In 2017, Robert Cook announced his keystone initiative FINRA360 which included initiatives to elevate FINRA’s exam and risk management programs.1 FINRA established goals and reported progress relative to the exam program beginning in 2019.2 In 2020, FINRA announced that it had grouped each FINRA-member firm into one of five main firm business models: Retail, Capital Markets, Carrying and Clearing, Trading and Execution, and Diversified.3 And, in 2021, as FINRA continued the FINRA360 rollout, it made an investment of over $37 million in the exam and risk-monitoring program including training its personnel and investing in advanced analytics and tools that support the program which is now performed largely remotely.4

Risk-based approach

Underpinning FINRA360’s strategic initiative is a risk-based approach incorporating metrics to inform its overall view of firms’ risk profiles. FINRA took measurable steps to further its strategy. It expanded the number of subsets of risk criteria, from nine in 2017 to eleven over the next few years, and adjusted its risk-assessment methodology and scoring.5 Then, using firm-specific data, it took steps to shape the exam program. The adjustments to the methodology doubled the number of registered representatives within the scope of FINRA’s exam reach and led to increased exam frequency for firms based on its assessments. FINRA consolidated its three exam programs into one. And, FINRA disclosed that when applicable there would be an allowance of approximately three to six months from a firm’s receipt of the prior year’s exam report and the announcement of the next exam to allow more time to address findings.6

Ebook download → AI insights survey: Adopters, skeptics, and why it matters.

New alignments

In addition to measurable goals, FINRA sought to increase the frequency and scope of ongoing and routine touchpoints between supervisions. FINRA made holistic changes by realigning the engagement model among FINRA supervision teams, exam teams, and member firms. Firms were sorted into groups according to business models, and regional District Coordinators were replaced with Risk-Monitoring Analysts (RMAs) who were assigned to firms according to business models rather than regions. FINRA expressed its intent to leverage the knowledge base that could develop through the concentration of business models under one team.

Exam engagement

FINRA also altered the exams by including RMAs and the risk-monitoring firm assessments as components of the exams. FINRA has taken steps to increase the engagement among the firm, the exam team, and the risk-monitoring team during its cycle exams. Firms are now informed of the lead examiner, exam manager, and exam supervisor assigned to their exam and are encouraged to reach out upon announcement of the exam and during the exam. FINRA can be expected to (and firms may opt to) involve the firm’s RMA in communications during the exam. It is reasonable for the firm to expect that, as a result, the exam team might better understand the firm’s business for a more focused overall exam experience. In the event the firm finds it still needs support to manage interactions among the RMA and the exam team, FINRA maintains what it calls a “Small Firm Helpline” (know that there is no limit to the size of firm that can contact and be assisted by live personnel)7 and invites outreach by the firm to the Office of the Ombudsman.8

Post exam

Other changes to the program include the reports and communications that follow the exam. “Recommendations” are no longer written into a firm’s exam exit letter. Instead, any firm-specific commentary or observation that does not rise to a “finding” is now communicated verbally in an exit conference. This affords firms and the RMA an opportunity to discuss potential corrective actions more freely. Now, FINRA also incorporates industry-wide observations and recommendations into its annual report on exam priorities and findings. This enables firms to put their results and proposed corrective actions in the context of other member firms.9

One of FINRA360’s stated goals is to identify elements of the examination process that cause unnecessary friction in the day-to-day professional interactions between firms and examiners.10 

Is FINRA succeeding? Time will tell. For now, firms have an opportunity to prepare for, embrace, and adapt to the evolving landscape.

 

Sources:

1. Background and information about FINRA360 can be found here: https://www.finra.org/about/finra-360/finra360-background.

2. More information about FINRA360-specific goals attained can be found here: https://www.finra.org/about/finra-360/progress-report/exam-program.

3. One resource for understanding how the firm groupings impact FINRA exam priorities can be found here: https://www.finra.org/rules-guidance/communications-firms/2020-risk-monitoring-and-examination-priorities-letter.

4. More about the allocation and source of FINRA’s funding for the exam and risk-monitoring programs can be found here: https://www.finra.org/about/annual-reports/report-use-2021-fine-monies.

5. More about the 11 categories of risk can be heard here: https://www.finra.org/media-center/finra-unscripted/risk-monitoring-program-understanding-unique-risks-every-firm.

6. A progress report is found here: https://www.finra.org/about/finra-360/progress-report/exam-program.

7. Information about the Small Firm Helpline including contact information is found here: https://www.finra.org/compliance-tools/small-firm-helpline.

8. Learn about the services offered through the Ombudsman here: https://www.finra.org/about/office-ombudsman.

9. The most recent version of the Report on FINRA’s Examination Report and Risk Monitoring is found here: https://www.finra.org/rules-guidance/guidance/reports/2023-finras-examination-and-risk-monitoring-program.

10. Ibid.

The opinions provided are those of the author and not necessarily those of Fidelity Investments or its affiliates. Fidelity does not assume any duty to update any of the information.

1091375.1.0

 

Lisa Roth

Regulatory & Compliance Advisor to Saifr
Lisa Roth is an executive with three decades of leadership and entrepreneurial experience in the financial services industry. She is a regulatory compliance consultant and registered principal, plus has been a member of multiple FINRA committees and boards and served in executive capacities at broker-dealers and investment advisers.

Check out our latest blogs

What Financial Advisors can learn from the SEC's Marketing Rule enforcement

What Financial Advisors can learn from the SEC's Marketing Rule enforcement

In enforcing the Marketing Rule, the SEC has focused on transparency and factuality regarding conflicts of interest, third-party ratings, a...

How AI-assisted entity resolution can help you reduce risk

How AI-assisted entity resolution can help you reduce risk

Learn how AI can enhance detection of bad actors, improve AML/KYC processes, and minimize false positives for your compliance team.

It’s time to take your AML compliance programs off autopilot

It’s time to take your AML compliance programs off autopilot

Financial criminals are turning to AI to exploit weak IT protocols and carry out cyber attacks—but firms can use AI tools to fight back.