Close Close
Sign In
Newsletters
Popular Financial Topics Discover relevant content from across the suite of ALM legal publications From the Industry More content from ThinkAdvisor and select sponsors Investment Advisor Issue Gallery Read digital editions of Investment Advisor Magazine Tax Facts Get clear, current, and reliable answers to pressing tax questions
Luminaries Awards
Podcast Center Video Center Webcasts Resource Center Events
About ThinkAdvisor Contact Us Advertise With Us Asset & Logo Licensing Sitemap Terms of Service Privacy Policy Copyright © 2024 ALM Global, LLC. All Rights Reserved.
ThinkAdvisor

Regulation and Compliance > Federal Regulation > FINRA

FINRA Zooming In on Platform Outages, Suspicious Activity Reports

By Melanie Waddell

X
Your article was successfully shared with the contacts you provided.

What You Need to Know

  • Account intrusions, takeovers and data breaches “likely will be SAR reportable.
  • FINRA is “very focused on customer service” during platform outages, according to Bill St. Louis.
  • The regulatory group also will assess whether risks tied to digital assets are being properly disclosed.

This year’s Financial Industry Regulatory Authority exams will focus on broker-dealer filings of suspicious activity reports (or SARs), technology governance, and communications about digital assets, in addition to Regulation Best Interest, says Bill St. Louis, FINRA’s senior vice president of retail and capital markets firms.

“There’s an intersection between cyber events and [anti-money laundering],” St. Louis explained during a just-released FINRA podcast, Exam and Risk Monitoring Program: Responding to COVID-19 and Looking Ahead.

Account intrusions, takeovers an data breaches “likely will be SAR reportable. So, I just wanted to remind firms of that. And that’s something that we pay quite a bit of attention to,” he said.

(See related story: Is an AML Crackdown Coming for RIAs?)

St. Louis highlighted two other priorities set out in FINRA’s 2021 exam priorities report — tech governance and communications about digital assets.

A number of firms, he said, have had “platform outages in 2020, some of which related to market volatility. And the headline on outages, and like a lot of things on tech governance, is testing, testing, testing, capacity testing, vendor management, ongoing maintenance and testing of changes, new patches, scripts, new software, new hardware.”

Testing, he continued, “to see whether or not the linkages between systems are going to operate as expected when there are patches or changes to one part of the system.”

FINRA, St. Louis said, is “very focused on customer service” during outages. “Can firms handle the incoming calls from customers? Are there ways for customers to access and make transactions through other entry points if, for example, an app is down?” he asked.

Regarding communications about digital assets, St. Louis said FINRA will assess whether risks are being adequately disclosed. If a firm has part of its digital asset business “being facilitated through affiliates that are not member firms, are the communications around that clear or is the firm perhaps implying that it’s all happening at a FINRA-registered and regulated firm, when in fact it’s not?” he asked.

Deeper Reg BI Reviews

Turning to Reg BI, St. Louis said FINRA will “still be focused on looking at firm implementation efforts.”

However, exams “are always backwards-looking as a review period and as we do exams in 2021 and beyond that cover more of a post-June 30 [2020] time period,” Reg BI’s compliance date, “we can anticipate that there’ll be some deeper reviews.”

For instance, he continued, “there’ll be more reviews of recommendations because there’ll be more recommendations to customers where Reg BI applies as the review period moves forward. So, focus on implementation, deeper reviews and more reviews of recommendations and conflicts and disclosures.”

Melanie Waddell

@Think_MelanieW

NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.