Categories: Securities

The recently issued 2021 Report on FINRA’s Examination and Risk Monitoring Program (the “Report”) replaces, and combines, two previously published FINRA reports – The Report on Examination Findings and Observations as well as the Risk Monitoring and Examination Program Priorities Letter. The Report addresses key regulatory topics in four categories: (1) Firm Operations; (2) Communications and Sales Practices; (3) Market Integrity; and (4) Financial Management. In particular, FINRA identified the following issues that impact many member firms.

Regulation Best Interest (Reg BI) and Form CRS

FINRA noted that in 2021 it intends to expand the scope of its review and testing in this area to engage in a more comprehensive review of firm processes, practices and conduct. FINRA provided a list of considerations its staff will use when examining a firm for compliance with Reg BI and Form CRS, and firms should make sure they have addressed those considerations and FINRA’s prior guidance in this area. FINRA also noted that it was in the “early stages” of review for compliance with these new obligations and thus the report does not contain exam findings or effective practices related to Reg BI and Form CRS. FINRA anticipates issuing a separate report after more examinations have been conducted. Firms should monitor FINRA’s further guidance in this issue.


For years, FINRA has focused on cybersecurity due to firms’ increasing reliance on technology. In the Report, FINRA noted that it has observed an increase in cybersecurity or technology incidents at firms, including data breaches. Further, as COVID-19 has triggered an increase in remote work and virtual client interactions, FINRA is encouraging firms to review its prior guidance on cybersecurity as well as the considerations, observations, effective practices outlined in the Report. FINRA also noted that it remains concerned about increased risks for firms that do not implement practices for addressing phishing emails or requiring multi-factor authentication for accessing non-public information. Accordingly, firms should review their cybersecurity program against FINRA’s guidance to ensure that they have adopted best practices and engaged in sufficient testing of their cybersecurity program.

Communications with the Public

FINRA noted that it is “increasingly focused” on communications about new products and how firms address risks relating to new digital communication channels.” In particular, FINRA noted that it is focused on the risks associated with app-based platforms with interactive or “game-like” features that are intended to influence customers. As more millennials become customers, firms may look to such apps to attract customers and firms should be mindful of FINRA’s guidance in this area. FINRA also stated that it will maintain its traditional focus on communications regarding complex products and communications with seniors and vulnerable investors.

Variable Annuities

FINRA noted that in 2020 it had engaged in an informal review of firms’ procedures for buyouts of variable annuities and disclosures to customers after an insurer with significant variable annuities exited the market. That review found that firms did not have sufficient supervision around buyouts, did not have sufficient supervision over exchanges of annuities, had an inadequate review of source of funds for new annuities and did not provide sufficient training to its registered representatives on the sale of annuities. Firms should consider the findings of this review as well as the other issues raised in the Report in connection with their sale of variable annuities.

The Report also highlighted best execution and consolidated audit trail as areas of focus.

In addition to these areas of specific concern, the Report also outlines examination priorities regarding several other issues, including anti-money laundering, outside business activities, books and records, regulatory events reporting, fixed income mark-up disclosure, private placements, large trader reporting, market access, vendor display rule, net capital, liquidity management, credit risk management, segregation of assets.

Back to Commercial Litigation Update Blog

Search This Blog

Blog Editors

Related Services



Jump to Page


Sign up to receive an email notification when new Commercial Litigation Update posts are published:

Privacy Preference Center

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.