Cybersecurity Exam Observations and Effective Practices

Cybersecurity Exam Observations and Effective Practices

Cybersecurity remains one of the principal operational risks facing broker-dealers and Registered Investment Advisers. Accordingly, FINRA and the SEC’s examiners expect firms to have reasonably designed cybersecurity programs and controls consistent with the firm business model and scale of operations to ensure that sensitive data, including client information, is not lost or misused, or accessed by unauthorized users.

Examiners continue to inquire into the Firm’s controls regarding firewalls, vulnerability, penetration testing, and training during office examinations.

Read More…

RIA Branch Audit Planning

RIA Branch Audit Planning

Investment advisers should consider the need to perform a branch office inspection of branch offices pursuant to a branch office inspection schedule. Firms should consider whether a branch audit is warranted using factors such as nature and complexity of the branch’s business, volume of business, complaints, disclosures, number of registered persons, and other relevant factors determined by the firm. Firms are to document the exam schedules for each branch office including a description of the factors used to determine the exam cycle for such locations.

Various states require investment advisers to conduct regular inspections of their branch offices. For example, an investment adviser registered in Georgia is required to inspect each office location at least annually to ensure that its written policies and procedures are enforced. Even when an investment adviser is not explicitly required to conduct branch inspections, it should still implement a branch inspection program as part of its supervisory procedures. Also, investment advisers lacking an adequate branch office inspection program expose themselves to significant liability for failure to supervise in the event misconduct at the branch goes undetected.

Read More…

Compliance Budget

Mid-Year Compliance Budget Planning

Reviewing your current mid-year compliance budget plan and adjusting for the rest of the year is important. With COVID-19 taking up a substantial portion of the first half of the year, your vision and budget for 2020 may have drastically changed.

Read More…

Examinations and Risk Monitoring

Examination and Risk Monitoring: What to Expect in 2020

FINRA recently released a podcast called “What to Expect: The 2020 Exam and Risk Monitoring Program“. It provides a wealth of information from three members of the Member Supervision Senior Leadership on what to expect from the Examination and Risk Monitoring program in 2020. Here are a few highlights from the podcast. Read More…

Digital Communication

Digital Communications: 2019 FINRA Report

In the recent “2019 Report on FINRA Examination Findings and Observations,” one of the topics highlighted was the use of digital communications. This can include a wide range of social media, email, text messaging, and various other digital tools. The regulatory requirements pertaining to the usage of digital communications are outlined in Exchange Act Rule 17a-3 and 17a-4 and FINRA Rules 3110(b)(4) and 4510. These rules require procedures pertaining to the usage of these types of communications, as well as the appropriate maintenance of the communications in the form of books and records.

Read More…