Payment for order flow (PFOF) and best execution; market access; finfluencers and gamification; and anti-money laundering were some of the most critical emerging and familiar compliance challenges faced by member firms addressed by the Financial Industry Regulatory Authority (FINRA) in 2021 through relevant guidance and its enforcement program.
Looking into 2022, FINRA is expected to continue to pay careful attention to compliance issues surrounding these challenges, as well as those newly identified in the authority's 2022 Report on Examination and Risk Monitoring Program.1 These include firm short positions and fails-to-receive in municipal securities; trusted contact persons; funding portals and crowdfunding offerings; disclosure of routing information; and portfolio margin and intraday trading.
This review elaborates in detail on top emerging and compliance challenges of members addressed by FINRA in 2021 and reviews additional 2022 issues that also may be targeted by FINRA.
Payment for Order Flow (PFOF) and Best Execution
In June 2021, FINRA issued Regulatory Notice 21-23 (Best Execution and PFOF), which reminded firms of their obligations with respect to PFOF2 and best execution.
Generally, FINRA Rule 5310 requires FINRA members to "use reasonable diligence to ascertain the best market for a security, and to buy or sell in such market so that the resultant price to the customer is as favorable as possible under prevailing market conditions." Regulatory Notice 21-23 made clear that PFOF arrangements do not alter a firm’s best execution obligations, and to meet such obligations a firm must compare execution quality obtained from existing arrangements against quality that could be obtained from competing markets.
Securities and Exchange Commission (SEC) Chairman Gary Gensler recently sent a directive to SEC staff to consider whether additional best execution requirements or guidance are needed to promote investor protection, hinting at future developments in this area.3
In the past year, FINRA fined three firms for purported best execution violations, resulting in approximately $1.5 million in fines. In particular, FINRA assessed a fine of $850,000 against a member firm for allegedly failing to exercise reasonable diligence to ensure that it routed customer orders through venues that provided the best execution quality.4 FINRA found the firm prioritized the routing of marketable equity orders to market makers and exchanges that paid for that order flow or paid the highest rebates.
FINRA also found the firm failed to reasonably supervise for best execution; specifically, its written supervisory procedures (WSPs) provided no guidance as to how the supervisor should conduct an execution quality analysis of competing markets.
In addition, FINRA fined another member firm $575,000 for supposedly violating best execution obligations in connection to its role as a market maker in over-the-counter (OTC) securities.5 FINRA said the firm "[failed] to use reasonable diligence to ascertain the best market for the subject securities and [failed] to buy or sell in such a market so that the resultant prices to the customers were as favorable as possible under prevailing market conditions."6 The manual process used by the firm for comparing customer orders resulted in the firm, at times, missing better-priced messages and not executing orders at the best available price.
FINRA also determined that there were shortcomings in the firm's supervisory system — the firm did not account for price opportunities available through its electronic messaging service and thus had no way to determine if its customer orders received inferior executions to those available via the messages.
Further, FINRA fined a third member firm $80,000 for purportedly failing to comply with best execution obligations under FINRA Rule 5310. Specifically, FINRA found that the firm failed to "use reasonable diligence to ascertain the best market for a subject security and buy or sell in such market so that the resultant price to the customer was as favorable as possible under prevailing market conditions in connection with 26 corporate bond transactions."
In addition, FINRA also found that the firm failed to establish and maintain a supervisory system designed to comply with FINRA Rule 5310, fining the firm an additional $20,000.7
With respect to PFOF, FINRA fined a member firm $170,000, claiming the firm failed to disclose material aspects of its PFOF arrangements, among other things. Additionally, FINRA concluded that the firm did not establish and maintain a supervisory system, including WSPs, reasonably designed to achieve compliance with disclosure obligations pertaining to PFOF under Regulation NMS (Reg NMS) Rule 606.8 Although the firm's Rule 606 report9 in Q1 of 2018 stated that it may receive and/or make payments in varying amounts from the exchanges or other broker-dealers, FINRA said the report failed to disclose the material aspects of its relationship with its significant execution venues, including descriptions of any PFOF arrangements.
Rule 15c3-5 of the Securities Exchange Act of 1934 (the Market Access Rule) requires broker‑dealers providing market access (i.e., access to trading in securities on an exchange or alternative trading system) to establish, document and maintain a system of risk management controls and supervisory procedures reasonably designed to manage financial, regulatory and other risks of the business.
FINRA reported five market access cases in 2021, totaling approximately $1.67 million in fines.
FINRA's market access cases can generally be distinguished by settlement amounts: (1) settlements above $1 million, which typically involve violations of multiple rules, including anti-money laundering (AML) violations, over a long period of time; (2) settlements around $300,000–$500,000, which involve a limited number of violations or affected transactions; and (3) settlements around $50,000, which generally involve minor procedural violations. An example of a market access case from each of the three categories above is highlighted below.
First, FINRA and various self-regulatory organizations (SROs) fined a member firm $1.25 million for, among other violations, allegedly failing to establish and maintain a supervisory system and regulatory risk management controls reasonably designed to monitor for potentially manipulative trading, such as potential layering, spoofing, wash trades, prearranged trades, marking the close and odd-lot manipulation.10
Importantly, FINRA and the SROs did not determine the firm failed to detect actual instances of manipulative trading — rather, they found that the firm’s failures concerning the Market Access Rule resulted in potentially manipulative trading.
FINRA also found the firm failed to implement a reasonably designed AML program for the detection and reporting of potentially suspicious transactions. Specifically, FINRA claimed the firm’s written AML procedures did not address potentially manipulative trading at all. These violations allegedly continued for a period of 10 years.
Second, FINRA fined a brokerage firm $310,000 for purportedly failing to comply with various provisions of the Market Access Rule for a period of under two years relating to establishing, monitoring, and amending customer credit limits and conducting annual reviews and certifications of the effectiveness of its market access risk management controls and supervisory procedures.11 FINRA said the firm's WSPs "did not include reasonably designed procedures for customer credit limits because they did not require firm personnel to conduct due diligence as to the customer's business, financial condition or trading patterns."12
Third, FINRA fined a broker-dealer $40,000, claiming that it failed "to establish financial risk management controls and supervisory procedures to systematically limit its financial exposure that could arise as a result of market access."13 For example, FINRA said the firm did not have any pre-trade controls to prevent the entry of orders that exceed preset credit or capital thresholds for customers. Because the purported violations were mostly procedural, FINRA assessed a lower fine.
Common market access issues across firms include failing to establish WSPs or having insufficient WSPs, failing to supervise for manipulative orders, failing to conduct an annual review of its business activity in connection with market access, and AML violations.
Finfluencers and Gamification
Exam Sweep of Broker-Dealer Practices Related to "Finfluencers" (Sept. 2021)
In September 2021, FINRA published guidance entitled "Social Media Influencers, Customer Acquisition, and Related Information Protection,"14 notifying member firms that FINRA is conducting a review of broker-dealer practices related to the acquisition of customers through social media channels.15 According to the guidance, the exam sweep focuses on firms' supervision and communications related to paid social media influencers. The sweep inquiry letter poses multiple questions and subparts, including requests for details regarding firms' relationships with social media influencers, including how they are found and compensated, information on any referral programs in which the firms may be engaged, and WSPs around the use of social media influencers.
Annual Report on Examination and Risk Monitoring Programs (Feb. 2021)
In February 2021, FINRA released its annual report on "Examination and Risk Monitoring Program,"16 which highlighted "gamification" as an emerging risk.17 Gamification features include "a range of technologies and techniques designed to influence investor behavior, including 'games' at sign-up; social networking tools; streaks with prizes, such as free stock; points, badges and leaderboards; and push notifications."18 The annual reports warned broker-dealers of their existing regulatory obligations, including compliance with Regulation Best Interest (Reg BI), supervisory and diligence obligations, and various FINRA communications rules. Specifically, the guidance noted that broker-dealers must evaluate gamification features to determine whether they meet regulatory obligations to:
- comply with any Reg BI and Form CRS requirements if any communications constitute a "recommendation" that requires a broker-dealer to act in a retail customer's "best interest;"
- make disclosures relating to risks to customers, fees, costs, conflicts of interest, and required standards of conduct associated with the firm's relationships and services;
- prohibit the use of false, exaggerated or misleading statements or claims in any communications and ensure all firm communications are fair and balanced and do not omit material information concerning products or services;
- comply with account opening requirements that require firms to gather information about customers and approve certain types of accounts, including options accounts;
- develop a comprehensive supervisory system for such communication methods, including surveilling for red flags of potential violative behavior, and maintaining books and records of all communications related to the firm's business as such; and
- address compliance with FINRA communications rules.
While no enforcement action has been brought by FINRA to date concerning the use of finfluencers or gamification sales practices, member firms in 2022 can expect to see enforcement activity related to potential violations of Reg BI, suitability obligations, communication standards (which require all member communication to be fair and balanced), and supervision.
Anti-Money Laundering (AML)
FINRA Rule 3310 requires member firms to develop and implement a written AML program reasonably designed to achieve and monitor compliance with the requirements of the Bank Secrecy Act of 1970 (BSA) and its implementing regulations. The BSA and related regulations impose a number of requirements, including "implementing and maintaining both AML programs and Customer Identification Programs (CIPs); filing reports of suspicious activity; verifying the identity of legal entity customers; maintaining procedures for conducting ongoing customer due diligence; establishing due diligence programs to assess the money laundering risk presented by correspondent accounts maintained for foreign financial institutions; and responding to information requests from the Financial Crimes Enforcement Network within specified timeframes."19 In 2021, FINRA brought 12 cases against member firms and individuals for violations of Rule 3310, three of which are highlighted below.
Most notably, FINRA fined a prominent broker-dealer $57 million for several purported violations, one of which involved failing to establish or maintain a CIP in violation of Rule 3310 that was appropriate for the firm's size and business.20 FINRA found that the member firm automatically approved accounts and ignored alerts despite the fact that its clearing firm had flagged those accounts as requiring further review for potentially fraudulent activity. The firm approved and opened more than 5.5 million new customer accounts during a two-and-a-half-year period without any employee whose primary responsibilities related to the firm's CIP, charged FINRA.
FINRA fined another member firm $650,000 for, among other things, allegedly failing to establish an AML compliance program reasonably designed to detect, monitor, and cause the reporting of potentially suspicious activity relating to low-priced securities transactions.21 FINRA found that the firm failed to monitor for potentially suspicious activity involving equity trading.
Even when the firm later implemented monitoring systems, the systems were not reasonably designed to detect red flags associated with low-priced securities transactions. In addition, the firm supposedly failed to provide appropriate guidance and direction to its employees on how to properly use the systems, and ultimately did not detect and investigate several suspicious low‑priced securities transactions.
FINRA fined another member firm $500,000 for, among other things, allegedly failing to describe in its AML policies "how the firm or its registered representatives should review or monitor customer stock deposits or subsequent trading activity to detect and investigate such red flags."22 Further, FINRA found that the firm's AML policies failed to describe and identify how the firm would investigate such red flags. In connection with the matter, FINRA also fined the firm's AML compliance officer $5,000, claiming the officer failed to properly implement the firm's AML policies and procedures.
In the past year, FINRA issued guidance and brought numerous enforcement actions in areas such as PFOF, market access, finfluencers and gamification, and AML. Many enforcement actions in the above high-priority and related topics resulted in heavy penalties and large fines for member firms, which serve as cautionary tales to industry participants of the perils and high costs of noncompliance.
As innovative technologies and business methodologies continue to emerge and challenge existing regulatory paradigms in 2022, member firms can expect further communications and enforcement actions. To that end, FINRA has stressed that it will "adapt its areas of focus throughout 2022 to address emerging regulatory concerns and risks for investors that may arise throughout the year,"23 including topics reviewed in this advisory as well as many others highlighted in FINRA's 2022 Report on Examination and Risk Monitoring Program, such as firm short positions and fails-to-receive in municipal securities; trusted contact persons; funding portals and crowdfunding offerings; disclosure of routing information; and portfolio margin and intraday trading.
Aileen Tan, Financial Markets and Funds associate and candidate for admission to the New York State Bar, contributed to this advisory.