FINRA’s Annual Regulatory Oversight Report (previously known as the Report on FINRA’s Examination and Risk Monitoring Program) provides meaningful and concise guidance to broker-dealers (BDs) on the regulator’s key focus areas for the coming year. Released on January 9, 2024, topics include financial crimes, crypto asset developments, firm operations, communications and sales, market integrity, and financial management. New topics include a section on crypto assets, additions to the market integrity section (e.g., OTC quotations in fixed income securities, advertised volume), information related to artificial intelligence’s (AI’s) potential impact on firms’ regulatory obligations, and guidance concerning firms’ supervision and retention of off-channel communications.
This version keeps in place the format established in 2021 combining the Report on Examination Findings and Observations and the Risk Monitoring and Examination Program Priorities Letter. It provides easy-to-access insight to the regulator’s considerations and includes questions firms should ask of their own compliance programs, common regulatory deficiencies FINRA has observed, effective practices, and links to relevant resources.
Let’s first have a look at what FINRA highlights as new and noteworthy in the 2024 report, and then I will tack on a few of my own “must-see” topics.
New in 2024: crypto asset developments
This is a resource-rich section that calls into play FINRA rules 2210 (disclosures), 3110 (due diligence on private placements), and 3310 (SAR Reporting). Crypto assets scored an entire section in the report, emphasizing the extent to which they are creeping into the traditional finance arena. References cited in the material include the CMA/NMA guidance published in June 2023 and the 2022 targeted exam letter on crypto communications. FINRA stresses the importance of surveillance of on-chain employee or client asset transfers, and advises customer outreach to disclose how crypto and traditional securities account protections and firm supervision differ. FINRA continues to advise firms of its request for notification if the firm intends to engage in crypto assets in any way.
Key takeaways: I find the relatively high prevalence of crypto guidance to be notable considering FINRA’s Crypto Hub report stated that, as of August 2023, there were just 26 firms approved solely to engage in crypto assets business. And, new crypto content is found in other sections including “Outside Business Activities and PSTs” and “Communications with the Public.” More than a mere mention, FINRA provides substantive crypto guidance and numerous resources under each of these headings. This leads me to believe firms should carefully consider crypto in their 2024 compliance programs.
New emerging risk in 2024: artificial intelligence
Scroll to the very bottom of “Financial Crimes/Cybersecurity and Technology Management” for FINRA’s description of the risks it perceives in firms’ use of AI—especially generative AI. FINRA notes that AI impacts virtually every aspect of a firm’s regulatory obligations and warns that the regulatory landscape may change as further developments are observed. Being thus warned, firms may be wise to consider the resources provided, including a FINRA podcast, a conference presentation, and a treasure from NIST: the NIST Framework AI 100-1, Artificial Intelligence Risk Management Framework (RMF 1.0).
Key takeaways: Don’t overlook the technical-sounding resources like the NIST RMF 1.0 report. While much of the NIST content is technical in nature and potentially outside the wheelhouse of many compliance professionals, there is substantial value in this material for compliance professionals. In plain English, Appendix A summarizes tasks related to AI design, development, deployment, operation/monitoring, and testing. Appendices B and C provide descriptions of the ways in which AI risk differs from traditional software and how humans and AI interact, which stand out to me as useful bases for staff and RR training. In my view, knowledge of these components of RMF 1.0 may be leveraged to inform compliance processes such as vendor due diligence, technology onboarding, and training.
Featured in 2024: off-channel communications
Since the topic of off-channel communications is called out in the introduction, and even includes a definition, you might expect it to warrant a sub heading somewhere on the “Table of Contents” for ease of reference. Instead, the topic is given a cameo appearance in the “Books and Records” subsection under “Firm Operations.” This positioning is not unreasonable, considering that the SEC has issued fines over the course of 2021-2023 related to firms’ failures to archive business-related communications transmitted through platforms outside of the BD’s control or monitoring. The magnitude of these fines has been staggering. Though short and concise, FINRA’s guidance suggests methods for surveillance and disciplinary measures for non-compliance, which is worthy of consideration.
Key takeaways: As I mentioned in a recent Saifr webinar, I believe that regulatory scrutiny of off-channel communications is here to stay, and firms are well-advised to take material steps to capture and retain them. Whether electing to deploy new technology, establish realistic limitations, perform training, or the like, it appears clear that a top-down commitment to compliance is warranted. Although not mentioned in the Report, the SEC sweep on the topic has revealed substantial feedback to inform the SEC and FINRA regulatory programs. The SEC sweep exam questions should be reviewed as a reference, since they provide the scope of exam questions firms may expect over the next year.
New in 2024: market integrity
Content in this section draws attention to new and proposed rulemaking of importance such as Rules 6151 (Disclosure of Order Routing Information for NMS Securities) and 6470 (Disclosure of Order Routing Information for OTC Equity Securities).
FINRA also draws attention to compliance with Rule 15c2-11 (OTC Quotations). While in the past regulators have focused on the rule application to equity securities, here FINRA notes the rule’s application to fixed income.
In addition to two new focus areas—“Advertising Volume” and “Market Access Rule”—there is guidance regarding monitoring, supervision, recordkeeping, and new content of note in the “Best Execution” section. Building on substantial new content in the prior year’s report, this year FINRA adds more new questions for consideration in a firm’s best execution reviews, with a focus on order routing, liquidity, and options exchange exposure requirements.
Key takeaways: Notwithstanding content in the “Market Integrity” section that includes guidance for compliance with new rulemaking, I find new content in the “Best Execution” section to be most practical. In particular, the insight that points to a focus on liquidity. I believe it can be concluded that firms that route to a single resource should be prepared to provide a robust assessment of execution quality in preparation for exams in the coming year.
2024 must-see nominees
In addition to the new content called out in red in the table of contents, I have selected a few must-see sections that I believe deserve special attention for the year ahead.
High on my list is the “Cyber Security and Technology” section, found under the “Financial Crimes” header. Here you will find a wealth of new content regarding evolving topics: complexity of business, vendor management, change management, and system availability and business continuity. Compliance officers for firms of all sizes can walk right into their CISO’s office with the direct questions found in this section, can assess the firm’s readiness armed with resources found mostly on the “Cybersecurity Key Topics” page, and can solidify compliance’s role in managing the firm’s cyber and tech protections.
And let’s not forget about sales practices. Also making my list is the Reg BI/Form CRS guidance which continues to evolve over the years. Based on the 2024 Report, firms can expect high scrutiny under the care and conflicts obligations. This section makes my must-see list because it is rich in insight to the regulator’s laser focus on these two obligations. Specifically, content suggests that a firm’s selection and disclosure of reasonably available alternatives and a hard look at terms of RR compensation will factor high in an overall assessment of the firm’s Reg BI compliance. Add to that a few tidbits regarding Form CRS delivery expectations, and I would say that firms expecting a cycle exam this year are well-advised to have a look at this guidance for tips on compliance in 2024.
In all, the 2024 FINRA Annual Regulatory Oversight Report is valuable and contains a number of new topics. Give it read! The insights can be invaluable to your organization.
The opinions provided are those of the author and not necessarily those of Fidelity Investments or its affiliates. Fidelity does not assume any duty to update any of the information.