The Financial Industry Regulatory Authority is joining the chorus of regulators urging a “culture of compliance” at the financial firms it supervises.

FINRA’s recently released 2016 Regulatory and Examination Priorities letter highlights a variety of issues, including supervision, risk management and controls, liquidity, conflicts of interest, and ethics, stressing the role each of plays in the way a firm conducts its business. A notable inclusion this year is a focus on firm culture and the self-regulatory organization will formalize its assessments, not to “dictate firm culture, but rather to understand how it affects compliance and risk management practices at firms.”

“In our assessments, FINRA will focus on the frameworks that firms use to develop, communicate and evaluate conformance with their culture,” the letter says, making the case that a firm’s culture is connected to how it identifies and manages conflicts of interest and ensuring the ethical treatment of customers.

In particular, FINRA will assess five indicators of a firm's culture: whether control functions are valued within the organization; whether policy or control breaches are tolerated; whether the organization proactively seeks to identify risk and compliance events; whether immediate managers are effective role models of firm culture; and whether sub-cultures that may not conform to overall corporate culture are identified and addressed.

FINRA’s focus on firm culture is closely related to another area of focus: supervision. “A firm’s supervisory, risk management, and control systems are essential safeguards to protect and reinforce a firm’s culture,” the letter says.

FINRA’s rules create an obligation for firms to establish and maintain a system to supervise the activities of their associated persons that is designed to achieve compliance with securities laws and regulations. In 2016, it will focus on four areas where it has observed repeated concerns that affect firms’ business conduct and market integrity: management of conflicts of interest, technology, outsourcing, and anti-money laundering.

In 2016, FINRA will also complete a targeted examination of incentive structures and conflicts of interest in connection with firms’ retail brokerage business. That review encompasses firms’ conflict mitigation processes and approaches to mitigating conflicts of interest that arise through the sale of proprietary or affiliated products, or products for which a firm receives third-party payments.

Also on tap for 2016 is a proposed rule FINRA recently filed with the Securities and Exchange Commission that would require firms to deliver educational communications in connection with firm recruitment practices. These communications would highlight key considerations in transferring assets to the recruiting firm—including whether financial incentives received by a registered representative may create a conflict of interest—and the direct and indirect impacts of transfers of those assets.

“Information” leakage” and controls to identify, minimize and mitigate these issues will also be a priority. “This type of leakage could occur in a variety of different contexts, including inappropriate information leakage between different areas of a firm’s trading activities, between a firm’s trading activities and other parts of a firm, and through the front-running of pending rating changes,” the letter says. “These and other situations raise conflicts of interest concerns that firms should manage with targeted controls.”

Technology infrastructure—including the hardware, software and personnel who develop and maintain a firm’s information technology systems—is another priority, with a focus on firms’ supervision and risk management related to cyber-security, technology management, data quality, and governance. A key issue on this front is, as expected, cyber-security preparedness. “While many firms have improved their cyber-security defenses, others have not, or their enhancements have been inadequate,” the letter says.As part of these reviews, FINRA will also consider examining firms’ abilities to protect the confidentiality, integrity and availability of sensitive customer and other information.

Shortcomings in firms’ management of their technology systems will also be targeted, as past reviews have uncovered potentially significant shortcomings that can cause market disruption and system outages, including insufficient  supervision of back office and vendor system changes.

Other supervisory priorities include: anti-money laundering controls; liquidity and contingency concerns; excessive concentrations of complex, speculative or illiquid products; private placements and Regulation A+ offerings; and financial and operational controls relating to exchange-traded funds.