The Financial Industry Regulatory Authority (“FINRA”) recently published its Risk Monitoring and Examination Priorities Letter (the “Letter”) for 2019 and signaled its intent to expand the scope of its priorities and exam program. Unlike previous years, FINRA’s 2019 Letter took a “somewhat new approach” by identifying materially new areas of emphasis. Admittedly, FINRA will continue to examine longstanding priorities detailed in prior letters, but in adding “Risk Monitoring” to the title to the Letter, FINRA notified the industry it planned to broaden its exam program into three materially new priorities: (1) online distribution platforms, (2) fixed income mark-up disclosure, and (3) regulatory technology. These three new areas of focus are buttressed by other highlighted items in FINRA’s 2019 Letter: sales practice risks, operational risks, market risks, and financial risks. At the same time, FINRA cautioned industry recipients that “[u]nlike previous Priorities Letters, we do not repeat topics that have been mainstays of FINRA’s attention over the years.” Thus these “mainstays” are also given consideration. The following briefly summarizes many of the important and emerging issues highlighted by FINRA:
Mainstay Areas of Exam Focus
FINRA’s 2019 Priorities Letter makes clear its exams will continue to focus on what it terms “mainstay” topics. In fact, FINRA highlights this admonition in the first paragraph of its 2019 Letter. And as to be expected protection of securities customers will continue to be a bedrock exam principle. Thus protections for the customer vis-à-vis the transaction process or relative to the strength of the firm remain key areas of inquiry. Firms should focus then on compliance obligations related to suitability, complex products, mutual fund and variable annuities share classes and break points; use of margin; OBAs and especially disclosures about such activities; private securities transactions; private placements; communications with the public; AML; best execution; fraud (including microcap fraud), insider trading and market manipulation; net capital and customer protection; trade and order reporting; data quality and governance; recordkeeping, risk management and supervision related to these and other areas.
Sales Practice Risks
Some of the sales practice risks include everlasting priorities such as suitability, senior investors, outside business activities and private sales transactions. FINRA identifies several specific areas on which it will focus, including deficient quantitative suitability determinations, overconcentration in illiquid securities (the 2019 Priorities Letter specifically cites non-traded alternative investments and private placements), and recommendations to purchase share classes that are not in line with a customer’s investment time horizon. To be sure, the suitability of share classes recommended to customers remains a chief focus of other federal and state securities regulators.
Some of the deficient quantitative suitability determinations include firms’ failure to maintain adequate written supervisory procedures that establish specific threshold values or parameters for key indicators of excessive account activity, and the failure to consider pertinent criteria, such as turnover ratio, cost-to-equity ratios, margin balances, total commissions, total fees paid, and profit and loss.
Senior investors remain a top priority for FINRA. Last year, FINRA amended Rule 4512 to require firms to make reasonable efforts to obtain information about trusted contacts for non-institutional accounts. FINRA also adopted new Rule 2165 to create a safe harbor so that firms could place temporary holds on disbursements when the firms suspect the exploitation of senior customers. Reg flags FINRA identifies are a senior customer’s request to change his or her trusted contact person, such as from an immediate family member to a previously unknown third party, registered representatives serving in a fiduciary capacity, including holding a power of attorney, acting as a trustee or co-trustee, or having some type of beneficiary relationship with a non-familial customer account, as well as registered representatives using their role as a fiduciary to take control of trusts or other assets and direct funds to themselves.
Finally, FINRA notes that it will continue to assess firms’ controls related to associated persons’ outside business activities (“OBA”) and private securities transactions (“PST”). FINRA is particularly concerned with fundraising activities for entities controlled by associated persons or in which they hold an interest. Over the past several years, FINRA has brought over 2,000 OBA and PST actions against firms and associated persons. Notably, the specific notation regarding OBAs and PSTs by FINRA appears to line up well with the industry-wide focus on conflicts of interest between financial advisors and their customers.
Operational risks identified by FINRA include supervision of digital assets business, and customer due diligence and suspicious activity reviews. What is of particular importance is that FINRA and the Securities and Exchange Commission (“SEC”) are putting forth a united front to scrutinize digital asset transactions and ensure compliance of such transactions with related securities laws and regulations. Last year, the SEC brought several actions against companies for selling digital tokens without registering or qualifying for an exemption to registration under the federal securities laws. FINRA is coordinating closely with the SEC, and will review how firms determine whether a particular digital asset is a security and whether firms have implemented adequate controls and supervisions related to the marketing and sale of digital assets.
Market risks highlighted by FINRA include best execution practices, market manipulation, market access, short sales, and short tenders. In particular, FINRA will review firms’ best execution decision-making in conflict-of-interest situations, such as routing customer orders to affiliated broker-dealers or to alternative trading systems in which the firm has a financial interest. FINRA will also continue to review firms’ compliance with Rule 15c3-5, the Market Access Rule, under the Securities Exchange Act of 1934, including focusing on how firms apply controls and limits, maintain customer activity, and maintain policies and procedures to detect and prevent prohibited trading activity. Moreover, FINRA will review firms’ aggregation of short sales consistent with Exchange Act Rule 200(f), and firms’ options positions when tendering shares in an offer in accordance with Exchange Act Rule 14e-4.
FINRA will review firms’ identification and management of credit risk, including risks that “may not be readily apparent.” FINRA will also assess firms’ liquidity planning, including the adequacy of liquidity pools, reasonableness of stress test assumptions, and contingency plans for disruptions or reductions in funding from the government securities repo market. In short, FINRA wants firms to consider potential indirect risks to their financial stability and well-being.
Three Materially New Areas of Priority
Distribution through online platforms. At the outset, FINRA expressed a particular concern with the distribution of securities through online platforms in reliance on the exemptions found in Rule 506(c) of Regulation D and Regulation A of the Securities Act of 1933. Of specific concern to FINRA is member firms’ stance “they are not selling or recommending securities when involved with online distribution platforms” despite what FINRA deems “evidence to the contrary, including handling customer accounts and funds, or receiving transaction-based compensation.” Firms and associated persons active in these distribution channels should be prepared to address their policies, WSPs, and supervisory actions relating to obvious regulatory and customer compliant risk areas, including communications with the public, disclosures (false or misleading claims, claims of high returns, etc.), and sales to non-accredited investors. Additionally, FINRA’s concern regarding online distribution platforms is connected with the rise of digital asset transactions, which is noted above.
Fixed Income Mark-up/Mark-downs disclosures. With respect to this area of query, member firms are well advised to scour recent pronouncements including the May 2018 customer confirmations amendments to FINRA Rule 2232 and MSRB Rule G-15. FINRA also pointed to its Mark-up/Mark-down Analysis Report and its Bond Facts Tool. Being able to show substantive analysis and application of these resources to a firm’s compliance structure will prove beneficial should FINRA detect areas of deficiency in an exam.
Use and relevant application of Reg-Tech. Finally, the third new priority focuses on firms’ use of regulatory technology tools to address compliance risks, including those relating to supervision and governance systems, third-party vendor management, and safeguarding customer data and cybersecurity. Here again, it will not be enough during an exam for a firm to state, “we have it.” Instead, a firm must demonstrate how it is meaningfully folding these tools into its particular business model.
In light of the new material areas and highlighted priorities, FINRA regulated firms should continue to review and reevaluate their compliance and supervisory programs and procedures, and review questions with experienced counsel.
 2019 Annual Risk Monitoring and Examination Priorities Letter, Cover Letter from FINRA President and CEO, Robert Cook (Jan. 22, 2019), available at http://www.finra.org/industry/2019-annual-risk-monitoring-and-examination-priorities-letter.
 For instance, FINRA will continue to review for compliance regarding suitability determinations, anti-money laundering, best execution, fraud, insider trading and market manipulation, customer protection, recordkeeping, and so on.
2019 Annual Risk Monitoring and Examination Priorities Letter, available at http://www.finra.org/sites/default/files/2019_Risk_Monitoring_and_Examination_Priorities_Letter.pdf.
 FINRA’s quantitative suitability obligation requires a broker-dealer or associated person that has “actual or de facto control” over a customer’s account to have a reasonable basis that a series of recommended securities transactions are not excessive and unsuitable in light of the customer’s investment profile. See FINRA 2018 Examination Findings Report (Dec. 2018), available at http://www.finra.org/sites/default/files/2018_exam_findings.pdf.
 FINRA 2018 Examination Findings Report (Dec. 2018), available at http://www.finra.org/sites/default/files/2018_exam_findings.pdf. See also, e.g., In the Matter of Department of Enforcement vs. Craig Scott Taddonio, Brent Morgan Porges, and Edward Beyn, Complaint Nos. 2015044823501 and 2015044823502, Decision (Jan. 29, 2019), available at http://www.finra.org/sites/default/files/fda_documents/2015044823501%20Craig%20Scott%20Taddonio%20CRD%204773787%20Brent%20Morgan%20Porges%20CRD%204002626%20and%20Edward%20Beyn%205406273%20NAC%20va%20.pdf.
 Regulatory Notice 17-11, Financial Exploitation of Seniors: SEC Approves Rules Relating to Financial Exploitation of Seniors (Feb. 5, 2018), available at http://www.finra.org/sites/default/files/Regulatory-Notice-17-11.pdf.
 See In the Matter of CarrierEQ, Inc., d/b/a Airfox, Order Instituting Cease-and-Desist Proceedings Pursuant to Section 8A of the Securities Act of 1933, Making Finding, and Imposing Penalties and a Cease-and-Desist Order, available at, https://www.sec.gov/litigation/admin/2018/33-10575.pdf ; In the Matter of Paragon Coin, Inc., Order Instituting Cease-and-Desist Proceedings Pursuant to Section 8A of the Securities Act of 1933, Making Finding, and Imposing Penalties and a Cease-and-Desist Order, available at, https://www.sec.gov/litigation/admin/2018/33-10574.pdf; In re TokenLot, LLC et al., Exchange Act Rel. No. 84075 (Sept. 11, 2018), available at https://www.sec.gov.litigation/admin/2018/33-10543.pdf.