Categories: Securities

Last week, FINRA published its 2022 Report on its Examination and Risk Monitoring Program (the “Report”), identifying key areas of focus for broker-dealer exams this year. The Report contains many of the same areas of focus as last year’s report, including anti-money laundering, cybersecurity, Reg BI and Form CRS, communications with the public, best execution and segregation of customer funds. Although the Report again identifies these general areas, it identifies new concerns and recent examination findings in those areas. In an effort to be user friendly, the Report highlights that new content in bold and identifies new areas for 2022. A key takeaway from the Report is the continued challenges posed by technology.

FINRA identified cybersecurity threats as “one of the primary risks firms and their customers face” and in 2021 FINRA observed “increases in the number and sophistication” of cybersecurity threats. FINRA identified several examples of threats it identified, including phishing campaigns involving fraudulent emails purporting to be from FINRA. FINRA also noted that it “continues to observe fraudsters and other bad actors engaging in cybercrime that increases both fraud risk (e.g., synthetic identity theft, customer account takeovers, illegal transfers of funds, phishing campaigns, imposter websites) and money laundering risk . . . .” As in the past, FINRA reminded firms that they are responsible to oversee, monitor and supervise cybersecurity programs provided by third-party vendors. FINRA also provided a list of effective practices and exam findings that firms should use as a guide when evaluating their cybersecurity programs.

Similarly, FINRA noted that “advances in technology and its application continue to reshape the way some firms attract and interact with customers on mobile apps.” Although these innovations can increase access to the markets, FINRA noted that apps raise novel questions and potential concerns, including “whether they encourage retail investors to engage in trading activities and strategies that may not be consistent with their investment goals or risk tolerance and how the apps’ interface designs could influence investor behavior.” FINRA also noted that it has identified significant problems with some mobile apps’ communications with customers and firms’ supervision of activity on those apps, especially controls around account openings. FINRA further expressed concern about mobile apps using social media to acquire customers and launched a targeted exam to assess firms’ practices in this area, including compliance with obligations relating to the collection of information from customers and others who may provide information to firms. FINRA stated that it will share its findings once the review is completed.

The Report also identifies some new areas of focus for 2022, specifically: (a) Firm short positions and fails-to-receive in municipal securities; (b) Trusted contact persons; (c) Funding portals and crowdfunding offerings; (d) Disclosure of routing information; and (e) Portfolio margin and intraday trading. Keeping with the technology theme, FINRA identified, as a new area of focus in 2022, regulatory obligations related to funding portals and crowdfunding. The Report identifies a number of exam findings, including: (i) missing disclosures that are codified in Regulation Crowdfunding (such as use of proceeds descriptions, offering process details and financial statements); (ii) failing to report customer complaints (as required by FINRA Funding Portal Rule 300(c)); and (iii) failing to make timely required filings, such as statements of gross revenues. The Report provides effective practices for funding portals including developing annual compliance questionnaires to confirm that required obligations are being met in a timely manner and implementing supervisory review procedures tailored to their communications requirements.

Firms should carefully review the Report against their own operations to identify any potential gaps or areas for enhancement in their compliance programs, controls and supervisory systems. In their review, firms may want to focus on to the new material that FINRA added to previously covered topics, particularly the new exam findings and effective practices, and pay close attention to the new topics for 2022. As firms prepare for upcoming exams, they should ensure that their current practices are sufficiently documented and underwent appropriate testing.

Back to Commercial Litigation Update Blog

Search This Blog

Blog Editors

Related Services



Jump to Page


Sign up to receive an email notification when new Commercial Litigation Update posts are published:

Privacy Preference Center

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.