- Cyber Security Services
- Compliance Services
- IT Risk and Audit Services
- Contact Us
In this blog we’ll be discussing the release of the Financial Industry Regulatory Authority’s (FINRA) 2019 Risk Monitoring and Examination Priorities Letter. The letter, released on January 22nd, 2019, highlights new priorities and identifies ongoing areas of concern for the coming year. FINRA is a not-for-profit organization authorized by Congress to protect America’s investors by making sure the broker-dealer industry operates fairly, honestly, and safely. They supervise 629,112 brokers and 3,712 broker-dealer firms.
FINRA Priorities Letter
FINRA has released their 2019 Risk Monitoring and Examination Priorities Letter. The letter focuses on topics that will be new areas of emphasis for their programs in the coming year. This does not mean they are abandoning current priorities; only that they are sharpening their focus on emerging issues (based on suggestions from many firms operating under FINRA supervision). The letter covers several regulatory and technology topics FINRA plans to focus on in the coming year.
Many firms have begun using a variety of regulatory technology tools () to make compliance easier and faster. RegTech is technology or software created to address regulatory challenges and help companies stay compliant while understanding regulatory requirements. FINRA will be working with firms to find out how they are using these new tools to address risk and regulations, regarding supervision and governance systems, third-party vendor management, safeguarding customer data, and cybersecurity. Finding out how firms are utilizing this new technology will help FINRA better understand the risks associated with it.
Protecting senior, retired, and near retirement investors is an area of focus. These individuals fall victim to fraud, abusive sales tactics, and exploitation more often than other age groups, and FINRA wants to take extra steps to make sure they’re able to invest safely. They will assess how well firms are supervising these accounts. FINRA will also review how firms are gathering and managing customer account information. According to FINRA Rule 4512, firms must collect important personal data (name, occupation, SSN, etc.) for each account, and maintain this data in a secure manner.
Digital assets are a new and emerging category of digital, virtual, and crypto currencies (ex. Bitcoin), and FINRA encourages firms to voluntarily notify them if they plan to take part in digital assets activities. This year, FINRA will be looking at how firms are using digital assets to see if they are complying with securities laws and regulations and related supervisory, compliance, and operational controls to reduce the risks of these activities. FINRA will be working closely with the U.S. Securities and Exchange Commission to make sure firms are compliant to all rules regarding the marketing, sale, and recordkeeping of digital assets.
FINRA will be checking to make sure firms are complying with the Financial Crimes Enforcement Network (FinCEN) Customer Due Diligence (CDD) rule. This includes conducting ongoing monitoring of customer accounts to identify and report suspicious transactions and updating customer information. FINRA will be looking closely at the data integrity of the systems firms are using to monitor suspicious activity, making sure client data is accurate and handled in a secure manner.
What Does This Mean for You?
If you are reading this article, chances are you work for a financial or investment company under the supervision of the Financial Industry Regulatory Authority (FINRA). Several topics emphasized in this year’s priorities letter revolve around client data security. It’s a large focus of FINRA’s risk assessment this year. The risk associated with this data is massive, which is why it’s extremely important to test your IT security before a breach takes place! Compass IT Compliance has been conducting IT Security, Audit, and Compliance services with clients since 2010, helping companies ready themselves for any level of cyber-attack. The best form of security is prevention! Our team is committed to partnering with you to provide you with expert knowledge around your risks and steps you can take to mitigate those risks. If you have any questions or want to talk to one of our security professionals, contact us and we can get a call scheduled!