By Brian Monroe
January 12, 2017
The chief self-regulatory body of the U.S. securities sector will give additional scrutiny to how firms protect the elderly and vulnerable, keep out recidivist brokers with rap sheets and strengthen the more technical aspects of financial crime compliance programs.
Those are just some of the focal points for the Financial Industry Regulatory Authority (Finra) in its 2017 Priorities Letter, which in some areas echoes past letters in that the agency has higher expectations around the anti-money laundering (AML) monitoring and surveillance systems firms employ to detect and report on fraudulent and other criminal activity.
But this year’s letter also diverges from last year, which had called for a “culture of compliance,” an esoteric concept hard to quantify for many firms still struggling with the basics of the four-pronged program. Finra also goes further this year on the critical importance of stronger cyber defenses.
In 2016, a record enforcement year for Finra in terms of overall penalty figures, examiners routinely cited firms for hiring inexperienced AML compliance officers – or simply tacking that duty onto someone already juggling multiple others – lax systems, and for failing to uncover, escalate or report on clearly aberrant activity replete with red flags aplenty.
The widely-read missive takes on even more importance this year as it gives a glimpse of the new direction enforcement will take under new leader, Robert Cook, who is currently on a “listening tour” of various broker-dealers to better understand sector-wide vulnerabilities.
Already, he said Finra will be helping smaller firms with more compliance resources.
He has clear marching orders to address Congressional criticisms Finra repeatedly allows sanctioned and fired brokers to trade again, with these tainted individuals in many cases going back to their old tricks and living to scam another day.
“A common thread running throughout the Priorities Letter is a focus on core ‘blocking and tackling’ issues of compliance, supervision and risk management,” Cook said in a cover to the exam priorities letter.
Data quality, monitoring systems to be scrutinized
In response to firms feeling they are not getting a sense of what gaps Finra examiners are seeing in compliance programs across the sector, the agency this year will start publishing summary reports “outlining key findings from examinations in selected areas,” so firms of all sizes can make improvements before examiners are at their doorstep.
The document “will alert firms to what we are seeing from a national perspective and, therefore, serve as an additional tool firms can use to strengthen the control environment for their business,” Cook said.
In 2017, Finra “will continue to focus on firms’ anti-money laundering programs, especially those areas where we have observed shortcomings,” according to the letter, including “gaps in firms’ automated trading and money movement surveillance systems caused by data integrity problems, poorly set parameters or surveillance patterns that do not capture problematic behavior such as suspicious microcap activity.”
Those weaknesses also extend to systems monitoring foreign currency transactions and transactions that flow through suspense accounts, according to Finra, noting that some firms use the same system to monitor trades, but don’t know how to tune it for AML red flags. Finra will also be looking at how operations handle “nominee accounts.”
In 2016, Finra also citied firms of all sizes for AML 101 failures, including weak customer due diligence and inaccurate resulting risk assessments, a foundational tenet used to tune the transaction monitoring system to be more sensitive to chicanery in those accounts.
Congress chides Finra to crackdown on repeat offenders
But the failures go much further than just weak programs. In some cases, too many cases according to Congressional watchdogs, Finra firms were actively and repeatedly taking advantage of customers – with some firms institutionalizing fraud and seeking those of ill repute.
In May, Senator Elizabeth Warren, a Massachusetts Democrat and Arkansas Republican Tom Cotton, sent a fiery letter to former Finra head Richard Ketchum, stating, in short, that the agency’s oversight problems are not as simple as just missing a few bad apples.
Financial adviser misconduct is “broader than a few heavily publicized scandals,” according to the letter, citing a prior analysis of broker activity.
After a review of Finra’s broker database, analysts found that “one in thirteen financial advisers have a misconduct-related disclosure on their record,” including criminal charges for offenses such as bribery, forgery, extortion, or fraud; SEC and state investigations; and advisers who were fired or permitted to resign after being accused of fraud or violating investment statutes.
This misconduct persists, in part, “because of ineffective sanctions for advisers,” according to the senators, adding that according to the study, “only about half of the advisers who committed misconduct lost their job, and 44 percent of those obtained a job at another advisory firm within a year.”
But that’s not all, according to the letter.
“Perhaps more disturbing, about one-third of all advisers with a misconduct record are ‘repeat offenders’ and these past offenders are ‘five times more likely to engage in misconduct than the average adviser,’” according to the senators, adding that some firms actually seemed to “specialize” in hiring dubious brokers to better go after elderly and less sophisticated clients, or in reality, victims.
Cybersecurity threats one of the ‘most significant’
Conversely, when it comes to cyberattacks, the firms, not the customers, are the victims.
Cybersecurity threats “remain one of the most significant risks many firms face, and in 2017, Finra will continue to assess firms’ programs to mitigate those risks,” according to the priorities letter.
Some of the areas of attention will be firms’ methods for preventing data loss, including understanding data, data flows, third parties, vendors and how firms risk assess and control sensitive, customer identifiable information, including against breaches from within.
“We may also examine firms’ controls to protect sensitive information from insider threats,” according to Finra. “The nature of the insider threat itself is rapidly changing as the workforce evolves to include more employees who are mobile, trusted external partnerships and vendors, internal and external contractors, as well as offshore resources.”