FINRA has published its 2024 Regulatory Oversight Report (“Report”), which provides member firms with information from FINRA’s recent regulatory operations to strengthen their complaince departments. FINRA highlighted six key sections of the Report in its news release pertaining to the same: (1) Crypto Asset Developments; (2) Advertised Volume; (3) Cybersecurity; (4) Anti-Money Laundering (“AML”), Fraud and Sanctions; and (5) Reg BI.

            1.         Crypto Asset Developments

Crypto assets are digital assets issued or transferred using distributed ledger or blockchain technology. The Report advises member firms seeking to engage in crypto asset-related activity should review their supervisory procedures in the areas of cybersecurity, AML compliance, communications with customers, manipulative trading. The Report further advises that member firms should exercise thorough due diligence on crypto asset private placements and take extra care to supervise their associated persons’ involvement in crypto asset-related outside business activities and private securities transactions.

            2.         Advertised Volume

Under FINRA Rule 5210 member firms are prohibited from publishing any communication reporting any transaction as a purchase or sale of any security unless such member believes that such transaction was a bona fide purchase or sale of such security. FINRA encourages member firms to develop supervisory procedures which provide for a method to verify the accuracy of the member firm’s trading volume. In furtherance of this goal, the Report suggests that member firms monitor their internal systems and the personnel responsible for the same to ensure that trade information transmitted to third party service providers for dissemination is consistently accurate. In so doing, member firms can avoid overstating their trade volume data due to technological or procedural failures and better comply with FINRA Rule 5210.

            3.         Cybersecurity

The Report notes that FINRA has observed an increase in the variety, frequency and sophistication of certain cybersecurity incidents. This includes  the establishment of imposter websites, insider threats, ransomware and cybersecurity events at critical vendors. FINRA advises that if a member firm is the victim of a cyberattack or security breach, they should immediately report such incident to their local FBI office and FINRA Risk Monitoring Analyst. FINRA Rule 4370 (Business Continuity Plans and Emergency Contact Information) also applies to denials of service and other cyberthreats to member firms. The Report reminds firms FINRA expects them to develop and maintain reasonably designed cybersecurity programs and controls that are consistent with their risk profile, business model and scale of operations.

            4.         Anti-Money Laundering (AML) Fraud and Sanctions

FINRA Rule 3310 (Anti-Money Laundering Compliance Program) requires that each member firm develop and implement a written AML program that is approved in writing by senior management. The findings from FINRA’s regulatory activities show that member firms struggle to adequately verify customer identities. To avoid this problem, the Report suggests that member firms require multiple forms of identification, ask follow-up questions based on information obtained from credit bureaus, contract with third parties to verify the accuracy of suspicious information in customer applications, and reviewing the IP address or other available geolocation data associated with new online account applications and transfer requests.

            5.         Reg BI

Regulation Best Interest (“Reg BI”) establishes a “best interest” standard of conduct for broker-dealers and associated persons when they make recommendations to retail customers of any securities transaction or investment strategy involving securities, including account recommendations. FINRA has found that by not maintaining profile information for retail customers in accordance with Exchange Act Rule 17a-3(a)(35), member firms have undermined the ability of themselves and their associated persons to demonstrate compliance with Reg BI. To avoid this pitfall, the Report encourages member firms to outline firm documentation procedures for its associated persons to follow and set forth ear supervisory processes that address reviews and firm-required documentation.

In summary, the Report covers twenty-six (26) topics and identifies the relevant rule(s) involved for each. The Report also highlights key considerations for member firms’ compliance programs, summarizes noteworthy findings or observations from recent oversight activities, and outlines effective practices that FINRA has observed through its regulatory activities over the past year. Broker Dealers should review the Report and refine their written supervisory procedures to mirror the effective practices highlighted by FINRA in its 2024 Regulatory Oversight Report.