Ketchum: Finra is beefing up its examination program

The following remarks were delivered May 24 by Richard G. Ketchum, chairman and chief executive of the Financial Industry Regulatory Authority Inc., at its annual meeting in Washington.

Today I want to share with you some of what we’re focused on right now at Finra, including changes to our exam program. I’d also like to offer some observations about what we’re seeing from the industry, both in terms of improved compliance and challenges facing firms, as well as areas that I think we both should be thinking about as the industry looks toward a fiduciary standard.

I’ll start with the work we’re doing on our exam program and our continued effort to make sure our exam teams are more focused on those areas that present a real risk to investors.

In the past year, we’ve added 20 more coordinators to our district staff, for a total of 90 district staff dedicated to the surveillance function. Our goal is to have a much more in-depth understanding of your business and how it’s changing from the standpoint of business model, products and market events.

We are also digging deeper on areas that pose the most risk. For example, we are using both paper and electronic means to verify that customer assets exist and are being held on behalf of customers in secure locations.

We would also like more granularity in some of the financial data we receive from firms. For this, we have a rule proposal that will allow us to collect supplementary information to the FOCUS [Financial and Operational Combined Uniform Single] report. The first report that has been developed and issued for comment is a supplementary income statement schedule. This schedule will provide us with a more informed understanding of the drivers of your business, which we can use to tailor our exams, and focus on the areas where you are earning your revenue.

Looking ahead two to three years, there are several other changes that we are looking to make to our exam program. These changes are focused on broader data collection and more-sophisticated analysis of that data, with the goal of having our examiners better prepared when they arrive at firms.

We are using more-sophisticated risk analysis to help ensure our examiners are asking the right questions when they walk in the door. To help target examination protocols, we are developing comprehensive profiles of your business models and underlying risks. We also will be asking firms to provide detailed securities and financial transactional data, including purchase and sales data, customer data and data about the broker. For the past few years, we have been working with the largest carrying and clearing firms to receive data in a standardized format that enables us to test for compliance with the customer protection rule and to perform comparisons to outside custodians electronically.

Ultimately, we will develop profiles that can be subjected to risk and compliance scenarios. These procedures will enable our examiners to be more effective when it comes to identifying the issues that deserve their attention.

Our examiners will devote more time to understanding risks and how well they are managed or mitigated. The new examination technology we are developing will place greater emphasis on open-ended thematic reviews that require a more-complete understanding of your business and the areas that are vulnerable to breakdowns in controls.

FOCUS ON BRANCHES

We are also paying closer attention to branch-level activity — increasing the number of branch exams and refocusing our exams at the point of sale. During 2011, the examination staff also plans to spend more time on site at the branch offices and, depending on the firm, less time at the main office. This is because we believe that the point of sale and interface is where we have historically found troubling conduct occurring, and we want to target our resources better. There will be a number of core areas that examiners will look at during these on-site visits and likely more dialogue with branch management as part of that process.

The combination of the qualitative information we collect through coordinators and our on-the-ground exam staff — and the quantitative information we gather through data collection and analysis — will better enable us to identify risk and decide where, how and with what intensity to apply our resources.

I’d like to turn to trends we’re seeing at firms. I know that some of you probably have the impression that we only focus on the problems, so let me spend a few minutes highlighting the improvements we’ve seen recently.

First, firms are doing a better job of not hiring representatives who have been subject to significant disclosures or complaints. We’re seeing expanded use of background and disciplinary checks through the Central Registration Depository and BrokerCheck. There’s more due diligence and less willingness to overlook an employment history containing large numbers of complaints.

We’re also seeing firms go beyond simple window dressing when making changes to address internal problems that we find during our exams and investigations.

At many larger firms, we are seeing improvements in monitoring market and credit risk. They not only are paying more attention to the size of their balance sheets but also the quality of the assets on their balance sheets, and leverage levels. We have witnessed more-rigorous stress testing and enhanced communication between market and credit risk teams and the treasury function. We’ve seen more investment banks maintain excess liquidity pools at the broker-dealer, rather than the holding company, which provides us with greater comfort that the banks will be able to withstand the next market shock.

Another improvement that our examiners have noted is more-sophisticated exception reports that combine a wide array of red flags and scenarios.

For example, we’ve seen several firms implement electronic tracing programs to track changes to customers’ private information. The programs allow the firm to use an electronic signature to trace who changes that information. The programs provide alerts and exception reports if customer information is changed, removed or downloaded to a disc or thumb drive.

We’re also seeing firms use off-the-shelf software to track customer account activity, profit and loss, cost equity, etc., and combine the different numbers into risk scenarios. Each risk scenario is scored and appropriate action is prescribed for each score range.

Other firms are using reports designed to monitor potential discretionary trading without authorization and/or unauthorized trading. These programs track multiple orders by the same registered representative in the same security, and then compare the orders to telephone records, in order to review for customer contact.

ONE-TIME DEPOSITS

I’ve talked in the past about major life events and firms’ being able to monitor large, one-time deposits of assets into baby boomers’ accounts resulting from inheritance or retirement. We’ve noted that a number of firms are able to identify these events and have put heightened monitoring programs in place to review the activity.

Another area where we’ve noticed improvement at some firms is e-mail surveillance. Firms have implemented more-enhanced e-mail review capability to help them conduct more-precise and targeted e-mail reviews.

The final improvement I’d like to mention is what we are seeing in self-reporting. For example, when firms’ controls are compromised, they’re telling us. We’re also finding that when we are investigating firms, they often come to us with additional information that’s unrelated to the investigation.

In two recent enforcement matters, firms were given significant credit for cooperation. The first involved a firm that self-reported a delivery failure that dwarfed the matter then under review by staff. The second involved a firm that voluntarily undertook a broad-ranging internal review-of-order issue, which saved Finra staff hundreds of hours of investigative time and eliminated the need for a dozen on-the-record interviews.

As you know, Finra’s new reporting-requirement rule has a self-reporting component. While we will not reward bare-bones self-reports that meet the requirements of the rule — but do not save the staff investigative time or resources — we will continue to give cooperation credit to those who go above and beyond in self-reporting and remediating problems upon discovery. So I can allay your fears — or at least what we’ve heard are fears. First, we are not looking to bring stand-alone cases under the new rule. Second, when we do bring a case, it will be in connection with a pattern of serious misconduct which culminates in an intensive internal investigation that is not reported to Finra.

All of these improvements I’ve just touched on are good for investors. Just as important, these changes are also good for all of you at firms. They will reduce the likelihood of breakdowns in compliance and equip you to address problems quickly.

Of course, for all of us, there are still many challenges.

As I mentioned in my introduction, one of the biggest challenges is keeping pace with regulatory change, particularly new requirements coming out of Dodd-Frank that will likely have short implementation periods. Of course, these new requirements come at a time when many firms are looking for ways to reduce expenses. We realize this is difficult. But the reality is that your firms are going to need to put just as much effort and energy into meeting current compliance standards as you invest in implementing the technology changes related to new rules coming out of Dodd-Frank. And as you know, implementation is not an overnight, flip-the-switch process. You also need to leave adequate time for system testing and staff training as part of your broader compliance responsibilities.

We fully appreciate the challenges you’re facing to keep pace with the Finra rulebook consolidation. While many of the rules do not create new standards, others have broader compliance implications with respect to modifying systems and educating staff. Our new rules governing “know your customer” and suitability obligations are one example. We heard your concerns that the original implementation did not allow enough time for you to prepare. So we extended the implementation date by nine months to July 2012.

AREAS OF CONCERN

But amid the focus on implementation and pending changes to the Finra rule book, I don’t want firms to lose sight of their responsibility to investors. There are continuously new challenges to address.

Let me give you a few examples of some areas of concern that we have and how some firms are addressing them.

The increasing availability of complex and sophisticated products to retail investors, while beneficial in some ways, can present challenges to a compliance department. Investors can trade exchange-traded products that provide the ability to speculate on the volatility of the securities markets or the spread between various asset classes. The structured-retail-products market has grown in the last few years: Over 8,000 retail structured products were sold in 2010.

The breathtaking pace of innovation and availability of these more sophisticated and complex products pose significant challenges to firms. A solid understanding of an investment product is at the core of suitability analysis and sound sales practices. I am pleased to hear that many firms are taking this challenge extremely seriously and enhancing their product training programs.

I am also pleased that some firms are establishing new control measures around their distribution processes. At the outset, firms should determine which products they are comfortable allowing their reps to sell to retail customers. Many firms have established new product committees to vet new products and determine which ones they will prohibit. The best review programs are dynamic and require that the firm monitor market and economic conditions that could change the firm’s view about the appropriateness or suitability of a particular product.

Some firms have even established additional controls with respect to those complex products they do permit. Some firms require retail customers who are interested in purchasing these complex products to complete an option account approval process. Some firms also pre-qualify retail customers and require them to sign specialized investor qualification agreements. These agreements may explain product features and risks in plain English, and require customers to attest to having read the materials provided, understanding the risks and wanting to invest in the product.

The challenges posed by the growth of these products affect our regulatory programs, as well. Finra monitors product development for many of the same risk factors considered by firms. We look at the complexity of products, and assess the likelihood that investors and registered representatives will understand and appreciate the risks they present. We look at the transparency of key components of products, such as embedded leverage, optionality, counterparty risks, and fees and expenses that raise concerns.

This analysis helps us better understand where emerging risks may arise, and identify opportunities to provide guidance to firms and educational materials to investors.

Effective supervision is rooted in a thorough understanding of the product risks, coupled with robust broker training regarding the clients for whom the product is appropriate. Brokers cannot rely on firm approval alone to satisfy their suitability obligations. This is particularly important with the proliferation of increasingly complex financial products and at a time when certain investors are tempted to chase yield in today’s low-interest-rate environment.

Concerns about products and supervision are part of our continued focus on Reg D offering cases. We are now looking closely at individuals responsible for the due diligence on Reg D offerings and the responsibility of individual reps for reasonable-basis suitability if they sell a product in the face of red flags.

NEGATIVE CONSENT

Another area of focus is the transfer of a customer account using negative consent or changing a customer’s sweep option using negative consent. It’s important that your firm consider whether you are exercising discretion in the customer’s account or whether the transfer is in the best interest of the customer.

We are taking a close look at excess charges for routine services, which some firms appear to be treating as an additional de facto commission. Such charges include postage and handling charges for particular trades. You can expect to see some enforcement activity in this area with respect to particularly egregious examples.

These examples point to a simple question: Is your firm acting in the best interest of the customer? And what should you be thinking about as we move the bar toward a fiduciary standard?

Let’s start with disclosure. It is one of the key ingredients needed to address fiduciary issues but alone is not sufficient. As I’ve said many times before, and I’m sure you’ll agree, we need to get away from today’s environment in which account statements contain too much legalistic information, leaving them downright turgid and causing investors to simply ignore them. That is, in my mind, a fundamentally flawed approach to disclosure.

QUESTIONS TO ASK

There are a few questions I suggest firms address and ask with respect to relationships with your customers. How do we interact in an effective way with investors? How do we foster knowledge and understanding among investors? And how do we deliver that message, both with respect to existing technology tools and with respect to how your financial advisers go through the message?

Our concept proposal is designed to address these questions. The proposed rule would require firms, at or prior to commencing a business relationship with a retail customer, to provide a written statement that describes the types of accounts and services it provides. Firms also would be required to disclose the conflicts associated with such services.

How to disclose information, from accounts to conflicts, is really the challenge. We need to figure out the right combination of how to capture investors’ attention upfront, how to provide detail from a web-based standpoint and how to use minimalist but effective point-of-sale disclosure to remind customers of the questions they should be asking again and again.

The result would be to move to an environment dramatically different than what we have had for the past 20 years. The presumption would be that you have conflicts, and you have incentives, as all firms do. Knowing that, how would you provide disclosure and effective communication with customers so that they’re able to make those decisions in a rational way? It’s an exciting opportunity.

Another area where Finra has identified the need for reform is debt research. We believe it’s time to expand the conflict-of-interest rules beyond equity research to include debt research. In March, we published for comment a proposed debt research rule. The concept proposal presents a tiered approach to debt research regulation — one that would apply aspects of the equity rules to debt, based on whether the research is distributed to retail or institutional investors.

This approach recognizes a bifurcated debt research landscape in which retail investors and institutional investors are treated as customers and counterparties, respectively — but it also provides an opt-in for institutions who desire the full range of protections.

We are in the process of reviewing comments and plan to bring a final proposal to the board in July. That proposal will go out for comment again before eventually being submitted to the Securities and Exchange Commission as a rule filing.

FULL DISCLOSURE

We’re also in the process of strengthening our rules that require disclosure of conflicts of interest related to mutual fund revenue-sharing arrangements. Under a proposed rule change that is currently out for comment, when fund companies provide firms with cash compensation that is beyond the normal sales charges and service fees, these firms would have to disclose the existence of these arrangements. And they would have to make this disclosure before a customer first purchases shares of a mutual fund.

In conclusion, these regulatory changes all go to address what I think are the fundamentals of a fiduciary relationship and really are the fundamentals of a successful control relationship with your clients. Avoid conflicts where possible, fully disclose them where not, and take actions — and be able to justify those actions — in the best interests of customers. But the effectiveness of the changes, over the long term, is linked to what I touched on at the start of my speech — communication and cooperation between industry and regulators.

It’s events like this conference that help foster that dialogue and reinforce the importance of industry and regulators’ working together in a meaningful way.

Related Topics: Financial Industry Regulatory Authority