From archiving your business’s communication records to filing quarterly and annual reports, you must take several steps to ensure your business complies with SEC and FINRA regulations. Currently, you may wonder where to start, what types of records and electronic messages to save and how to implement a proper cybersecurity program to protect valuable client information.
Read on to discover some signs your firm may not be SEC- or FINRA-compliant and steps you can take to change that.
WHAT IS THE SEC AND WHAT DOES IT DO?
The United States Securities and Exchange Commission (SEC) is an independent federal government agency designed to:
- Maintain fair and orderly markets.
- Protect investors from bad actors in the market.
- Promote full public disclosure of market information.
- Oversee securities brokers and dealers, securities exchanges, investment advisers and corporate takeover actions in the U.S.
- Prevent market fraud and manipulation.
Following the stock market crash of October 1929 that sparked the Great Depression, U.S. Congress held hearings to address the issues and find solutions. It passed the Securities Act of 1933 as a result, followed by the Security Exchange Act of 1934. This led to the creation of the SEC, the first federal security markets regulator.
The organization operates on two main philosophies:
- Companies selling securities to the public must be truthful about their business, securities for sale and the potential risks of investing in those securities.
- Those who sell and trade securities, including dealers, brokers and exchanges, must be fair and honest with investors.
The SEC protects municipal securities markets investors that towns and cities rely on to provide public parks, neighborhood schools, clean drinking water, local health care facilities, libraries and other necessary amenities. From defending investors against white-collar crimes like insider trading and Ponzi schemes to facilitating capital information, the SEC aims to ensure a level playing field for everyone involved in securities transactions.
WHAT IS FINRA AND WHAT DOES IT DO?
Supervised by the SEC, the Financial Industry Regulatory Authority (FINRA) is a not-for-profit, nongovernmental entity that monitors broker-dealers in the U.S. Like the SEC, it helps safeguard the public against fraudulent and manipulative practices, ensuring the broker-dealer industry operates fairly and ethically.
The organization was developed after the merging of the National Association of Securities Dealers and the New York Stock Exchange’s enforcement, regulation and arbitration operations. This consolidation aimed to eliminate redundant and overlapping regulations and the complexity and costs associated with compliance. The SEC approved the merger in July 2007.
FINRA assumes the following roles:
- Creates and enforces rules regulating registered U.S. brokers and broker-dealer firms.
- Ensures anyone who sells a securities product is tested, licensed and qualified.
- Ensures every securities product advertisement is honest and not misleading.
- Ensures investors receive full disclosure about the investment before the transaction.
- Provides resources such as BrokerCheck to protect investors.
- Administers the qualifying exams for securities professionals.
FINRA uses innovative artificial intelligence learning technologies to closely monitor the market, supporting investors, policymakers, regulators and other stakeholders. It’s also important to note that FINRA’s monthly disciplinary activity report only applies to formal actions, excluding informal ones like cautionary letters to individuals and firms.
FINRA is designed to give each investor an equal opportunity to participate in the country’s capital markets, all while receiving the basic protection they deserve.
WHAT IS THE DIFFERENCE BETWEEN SEC AND FINRA?
While the SEC and FINRA are both key players in America’s financial system that help protect investors, there are a few differences between the two organizations to note, primarily in two main areas — government regulation and responsibilities:
- Government regulation: While authorized by Congress and granted regulatory powers, FINRA isn’t affiliated with the government. It’s the securities industry’s largest self-regulatory organization within the U.S. Conversely, the SEC is a federal government agency overseen by five president-appointed, U.S. Senate-approved commissioners. It also oversees FINRA.
- Responsibilities: While the SEC regulates the securities market, including registered investment advisers and broker-dealers, FINRA primarily oversees U.S. broker-dealers and their agents. FINRA ensures compliance with its own rules and the SEC’s more extensive securities laws. Both organizations safeguard investors, but the SEC has broader authority over the securities markets than FINRA.
In the next few sections, we’ll explore these responsibilities more in-depth by reviewing some examples of SEC and FINRA rules.
WHAT ARE THE SEC COMPLIANCE REQUIREMENTS?
While you can read these rules in full on the SEC’s website, here are some specific compliance areas the agency addresses.
1. QUARTERLY AND ANNUAL REPORTS
The SEC requires financial institutions to file ongoing quarterly reports on Form 10-Q and annual reports on Form 10-K. Your company’s chief executive officer and chief financial officer must certify all financial information and other data in annual and quarterly reports.
2. CURRENT REPORTS
In addition to quarterly and annual reports, your company must file current reports on Form 8-K to report certain events, usually within four business days after the event. Examples of these events include but aren’t limited to:
- Changes in control of the company.
- Changes in your company’s certifying accountant.
- Amendments to charter and bylaws.
- Election, appointment and departure of directors and principal officers.
- Completion of an acquisition or disposition of assets.
- Unregistered equity securities transactions.
All of this data must be filed electronically through the SEC’s Electronic Data Gathering, Analysis and Retrieval platform. The information will become publicly available immediately after filing.
WHAT ARE THE FINRA COMPLIANCE REQUIREMENTS?
Next, let’s look at some examples of FINRA compliance rules. You can view these requirements in full on FINRA’s website.
1. REGULATION BEST INTEREST
Regulation Best Interest requires broker-dealers to offer strategies and advice to their retail clients, acting only in their best interest. Broker-dealers must fill out form CRS, a short-form disclosure document for all retail accounts to verify ethical practices.
FINRA plans to expand its testing and review requirements to ensure member firms comply with the rules and treat their clients fairly. The agency encourages firms to perform the following measures:
- Require all registered sales supervisors and representatives to complete thorough training regarding best interest standards.
- Encourage representatives to make a recommendation and offer potential alternatives.
- Detect potential conflicts of interest that could affect recommendations to retail customers.
- Maintain records to demonstrate compliance.
Additionally, FINRA customer complaint rules state that firms must report customer complaints on a quarterly basis.
With the ever-increasing reliance on digital technologies, cybersecurity threats are a concern. It’s vital for financial institutions to take the proper precautions, especially to ensure their customers’ personal information and records remain secure.
FINRA requires these organizations to consider their risk profiles and employ cybersecurity programs that address the following areas:
- Encrypting nonpublic, all-confidential data.
- Installing strong access controls.
- Resolving all potential cybersecurity issues at the branch office level.
- Training their personnel on major cybersecurity threats and how to mitigate them.
- Ensuring their vendors have the appropriate cybersecurity measures in place.
3. PUBLIC COMMUNICATIONS
As addressed in Rule 2210, broker-dealers must uphold certain standards when communicating with the public. These standards include:
- Giving customers complete disclosure regarding potential investment risks.
- Implementing diligent customer onboarding.
- Ensuring all promotional materials clearly state the investment risks and clarify the relationship between the broker-dealer and investment.
- Reviewing communications with online customers to determine whether these communications could be considered recommendations.
WHAT WILL HAPPEN IF YOUR FIRM ISN’T SEC- OR FINRA-COMPLIANT?
FINRA outlines a clear set of sanction guidelines so businesses understand what disciplinary measures apply to different violations. Consequences include suspensions, fines, and in events of serious misconduct, brokerage industry bars. When necessary, FINRA orders individuals and firms to compensate harmed customers.
Likewise, the SEC performs confidential investigations to ensure businesses comply with requirements. Since SEC investigations aren’t typically public, the Enforcement Division won’t confirm or deny the investigation’s existence unless the SEC presses charges against an entity or individual.
SEC investigations are civil, not criminal. The agency can charge businesses and individuals for violating federal securities laws, seeking remedies such as:
- Monetary penalties.
- Repayment of ill-gotten gains.
- Barring their ability to work in the securities industry.
- Barring their ability to serve as a public company director or officer.
SIGNS YOUR FIRM MAY NOT BE SEC- OR FINRA-COMPLIANT
If your firm lacks some of the necessary fundamentals that help your compliance team prepare for an examination or audit, it’s time to readjust your business’s system and policies to meet these requirements. Below are some indicators you may not be up to par with SEC and FINRA requirements.
1. YOUR FIRM DOESN’T KNOW WHAT TO ARCHIVE
A common reason for noncompliance is businesses aren’t aware FINRA and SEC regulators require them to archive everything related to their business, including:
- Email records.
- Text messages.
- Website pages.
- Instant messages.
- Social media.
- Communications via internal collaboration platforms.
While email remains the most commonly requested data type, SEC and FINRA representatives may ask your firm to produce various electronic communications records at any point. These communication archive requests are continually expanding, especially as companies rapidly adopt new platforms and channels.
Remember that the SEC and FINRA won’t excuse a no-texting policy. Examiners can check your employees’ mobile phones. If they find out staff members have been using personal text messages to send or receive business-related information, you’ll need to provide archived records of those conversations, even if you have a policy prohibiting the use of this channel within your organization.
2. YOUR FIRM LACKS WRITTEN SUPERVISORY PROCEDURES
Many SEC and FINRA noncompliant entities have faced disciplinary actions because they both failed to archive business-related records and didn’t have the required supporting documentation regarding their supervisory practices.
During examinations, FINRA and SEC representatives will request your written supervisory procedures. This is in conjunction with FINRA Rule 3110, which states that a firm’s written supervisory procedures must address transaction supervision, internal communications, customer communications and customer complaints.
3. YOUR FIRM DOESN’T KNOW HOW TO ARCHIVE OR WHY IT’S IMPORTANT
To maintain compliance with FINRA and SEC recordkeeping requirements, your firm must archive all business-related messages received and delivered from any mobile devices within your business. If your business doesn’t have an archiving solution that helps your team archive, retrieve, search and produce messages on various communications platforms, it could present a problem come examination time.
Because representatives can request records at any moment, ensure your firm has an archiving and compliance solution to manage and organize messages. That way, you can produce this data quickly and won’t have to sift through thousands of records in different archives during an examination.
SEC OR FINRA COMPLIANCE TIPS
You now know the signs that a firm is noncompliant with FINRA and SEC requirements, but what are some actions you can take to change that? To ensure your business is ready to take on an examination, here are some tips for keeping your firm FINRA- and SEC-compliant:
- Establish a books and records requirements checklist. FINRA provides a Books and Records Requirements Checklist for broker-dealers, which outlines some of the documents needed for firms to maintain compliance with Rules 17a-3 and 17a-4 under the 1934 Securities and Exchange Act.
- Implement a CAT onboarding checklist. FINRA also developed a Consolidated Audit Trail (CAT) Small Firm Onboarding Checklist. If your firm is a broker-dealer that’s a member of a national securities exchange or FIRNA, you have a CAT reporting obligation, meaning you must register for and earn access to CAT. This handy resource outlines how to register, designate account administrators and other essential steps.
- Use a compliance calendar. FINRA’s Compliance Calendar provides broker-dealers and firms with a list of upcoming events and deadlines.
- Use a cybersecurity checklist. FINRA’s Cybersecurity Checklist can help you establish a solid cybersecurity program. It addresses areas like detecting cybersecurity threats, preserving assets from cyber attacks, detecting when assets and systems have been compromised, planning a response to this compromise, and implementing a plan to retrieve lost or stolen assets.
- Employ an archiving solution. Have weekly archives of business-related communications sent and received from all devices used within your business. This makes it easier to organize and locate messages from different communication channels.
ACHIEVE SEC AND FINRA COMPLIANCE WITH VIGILANT COMPLIANCE
Ensuring your business complies with FINRA and SEC requirements is crucial, and our team at Vigilant Compliance can help you do just that. Having provided investment advisers with comprehensive compliance solutions for over 18 years, you can turn to us for reliable solutions that protect your business, employees and clients.
From strategic planning and analysis to regulatory oversight, our compliance solutions cover a variety of services to meet your needs. Our team stays updated with compliance policies, helping you navigate the latest developments. We also provide mock exams to help you prepare for routine inspections and audits and training sessions for your staff members.
Staying on top of the latest compliance regulations isn’t always easy when you have a business to run and clients to assist. Let us make things simpler with our compliance solutions and well-versed personnel. Contact us to learn more about our services or request a proposal today!