Close
ThinkAdvisor

Regulation and Compliance > Federal Regulation > FINRA

FINRA Zooming In on Platform Outages, Suspicious Activity Reports

X
Your article was successfully shared with the contacts you provided.

What You Need to Know

  • Account intrusions, takeovers and data breaches “likely will be SAR reportable.
  • FINRA is “very focused on customer service” during platform outages, according to Bill St. Louis.
  • The regulatory group also will assess whether risks tied to digital assets are being properly disclosed.

This year’s Financial Industry Regulatory Authority exams will focus on broker-dealer filings of suspicious activity reports (or SARs), technology governance, and communications about digital assets, in addition to Regulation Best Interest, says Bill St. Louis, FINRA’s senior vice president of retail and capital markets firms.

“There’s an intersection between cyber events and [anti-money laundering],” St. Louis explained during a just-released FINRA podcast, Exam and Risk Monitoring Program: Responding to COVID-19 and Looking Ahead.

Account intrusions, takeovers an data breaches “likely will be SAR reportable. So, I just wanted to remind firms of that. And that’s something that we pay quite a bit of attention to,” he said.

(See related story: Is an AML Crackdown Coming for RIAs?)

St. Louis highlighted two other priorities set out in FINRA’s 2021 exam priorities report — tech governance and communications about digital assets.

A number of firms, he said, have had “platform outages in 2020, some of which related to market volatility. And the headline on outages, and like a lot of things on tech governance, is testing, testing, testing, capacity testing, vendor management, ongoing maintenance and testing of changes, new patches, scripts, new software, new hardware.”

Testing, he continued, “to see whether or not the linkages between systems are going to operate as expected when there are patches or changes to one part of the system.”

FINRA, St. Louis said, is “very focused on customer service” during outages. “Can firms handle the incoming calls from customers? Are there ways for customers to access and make transactions through other entry points if, for example, an app is down?” he asked.

Regarding communications about digital assets, St. Louis said FINRA will assess whether risks are being adequately disclosed. If a firm has part of its digital asset business “being facilitated through affiliates that are not member firms, are the communications around that clear or is the firm perhaps implying that it’s all happening at a FINRA-registered and regulated firm, when in fact it’s not?” he asked.

Deeper Reg BI Reviews

Turning to Reg BI, St. Louis said FINRA will “still be focused on looking at firm implementation efforts.”

However, exams “are always backwards-looking as a review period and as we do exams in 2021 and beyond that cover more of a post-June 30 [2020] time period,” Reg BI’s compliance date, “we can anticipate that there’ll be some deeper reviews.”

For instance, he continued, “there’ll be more reviews of recommendations because there’ll be more recommendations to customers where Reg BI applies as the review period moves forward. So, focus on implementation, deeper reviews and more reviews of recommendations and conflicts and disclosures.”