FINRA 2022 exam report highlights Reg BI compliance, AML trends, more

The “2022 Report on FINRA’s Examination and Risk Monitoring Program” also addresses emerging anti-money laundering (AML) trends involving low-priced securities offerings and initial public offerings (IPOs) of Chinese-based companies.

“Today’s securities industry landscape is highly dynamic in terms of business models, technologies, products, and compliance practices,” said Greg Ruppert, FINRA’s executive vice president, member supervision, in a press release Wednesday. “This report looks at these significant changes through the lens of FINRA’s commitment to investor protection and market integrity so that firms’ compliance programs can benefit from our findings about emerging and ongoing issues.”

The report’s introduction states firms should use the findings and “consider incorporating relevant practices into [their] compliance program in a manner tailored to [their] activities.”

The report contains many observations about firms’ compliance (or lack thereof) with Reg BI, which took effect in June 2020.

Reg BI is intended to enhance the quality and transparency of retail investors’ relationships with investment advisers and broker-dealers. It requires broker-dealers to “act in the best interest of a retail customer” when making a recommendation of any securities transaction or investment strategy involving securities to a retail customer.

The rule also requires broker-dealers to file client or customer relationship summaries to their retail customers via Form CRS, which lists investment services provided, fees, conflicts of interest, and legal and disciplinary history of the firms and financial professionals.

FINRA found during examinations of broker-dealers that some did not modify their policies and procedures to comply with the new disclosure requirements of Reg BI and did not adequately train employees responsible for complying with the rule.

Firms also failed to adhere to core tenets of the regulation, by making recommendations to retail clients that were not in the client’s best interest; by not disclosing conflicts of interest; and by not providing “full and fair” disclosures of all material facts regarding fees, conflicts of interest, and limitations in securities offerings.

Form CRS compliance failures included disclosures that were too long, omitted material facts, distorted an adviser’s disciplinary record, and failed to describe compensation and compensation-related conflicts. There were also issues with broker-dealers not properly posting the disclosure on their websites and mistakenly interpreting whether they should file Form CRS.

In July 2021, the Securities and Exchange Commission (SEC) fined 27 firms a total of almost $1 million for failing to deliver Form CRS by the agency’s deadline. Six of those firms were broker-dealers regulated by FINRA. Another six broker-dealers were fined by the SEC for Form CRS violations as part of a second wave of enforcement actions announced Feb. 15.

Other examination findings

AML obligations under the Bank Secrecy Act are always an area of focus for FINRA during examinations.

In 2021, FINRA identified an emerging fraud risk with low-priced securities offerings. Some signs of potentially fraudulent activities associated with these types of securities include:

• Trading that coincides with a spike in share price or trading volume that is not tied to legitimate news about the company;
• Investors depositing large blocks of such shares, immediately selling them and then transferring the money out of the account;
• Transactions in securities of issuers making dubious claims on products or services related to a recent major event, like the pandemic, or a new trend, like cryptocurrency; or
• Increased trading that coincides with a surge of promotional activity on social media, investor chat rooms, and message boards.

Another area of AML concern for FINRA in 2021 revolved around IPOs from issuers in China.

“FINRA has observed that some firms are underwriting IPOs and subsequent trading of issuers based in the People’s Republic of China, raising concerns that the investors in the IPOs may be serving as nominees for an undisclosed control person or persons,” the report said. “These IPOs are typically smaller in size (i.e., less than $100 million) and listed on the lower qualification tiers of U.S. stock exchanges.”

FINRA said red flags involving potentially manipulative trading associated with “how these investors open new accounts and trade these securities after the IPO is completed” include:

• Numerous unrelated accounts being opened at the same time, including with similar banking information, physical addresses, email address domains, and current employer (which is often associated with the IPO issuer);
• Documents investors provide in order to open an account or verify source of funds that may have been altered or could be fictitious;
• Wire transfers received into these accounts that exceed the financial wherewithal of the investor as indicated on their new account documents, exceed the value of the shares purchased in the IPO and are either sent from similar banks, or bank accounts that share certain identifying information (e.g., employer of account holder, email domain);
• Investor accounts being accessed by a different internet protocol or media access control address than is known for the customer, granting log in and trading capabilities to a third party;
• Multiple orders with substantial similar terms being placed at or around the same time by seemingly unrelated investors in the same security that is indicative of “spoofing” or “layering”; and
• Investors engaging in trading activity that does not make economic sense.

FINRA said broker-dealers can combat these types of market manipulation and abusive trading practices with proper controls in place that identify and report these types of activities. The report recommended such controls include:

• Conducting a formal risk assessment, then updating it based on the results of tests, audits, and changes in the size or risk profile of the firm;
• Proper training “that address regulatory and industry developments impacting AML risk or regulatory requirements; and where applicable, leverage trends and findings from quality assurance controls”;
• Conducting proper know your customer (KYC) checks when attempting to verify the identities of customers opening new accounts; and
• Having policies and procedures in place for vendors to escalate red flags of suspicious activity.

The report also included findings on cybersecurity threats, the proliferation of securities trading through mobile apps, and more.

Editor’s note: This story was updated Feb. 15 to include reference to the SEC’s second wave of enforcement actions for failure to meet Form CRS obligations.