Skip to main content

PODCAST

2024’s Must-Read | FINRA’s Annual Regulatory Oversight Report

January 09, 2024

As a self-regulatory organization, information sharing is key to FINRA's pursuit of its mission of investor protection and market integrity, and no single resource is a better example of that than FINRA's Annual Regulatory Oversight Report. 

On this episode, Ornella Bergeron, Senior Vice President of Risk Monitoring, Omer Meisel, Executive Vice President of the National Cause and Financial Crimes Detection Program, Claire O'Sullivan, Vice President and Regulatory Advisor of Stakeholder Engagement, and Michael Solomon, Senior Vice President of Examinations, join us to discuss highlights from the 2024 report.

Resources mentioned in this episode:

2024 FINRA Annual Regulatory Oversight Report

Reg Notice 23-20: Guidance and Resources Related to Regulation Best Interest

Reg Notice 23-11: Concept Proposal for a Liquidity Risk Management Rule

Reg Notice 21-35: Proposed Order Routing Disclosure Requirements

SEC FAQ on Form CRS

CAT NMS Plan Website

Episode 136: An Introduction to FINRA’s Crypto Asset Work and the Crypto Hub

Episode 137: The Crucial Role of FINRA’s CAI Team

Episode 138: FINRA’s Blockchain Lab

Episode 129: A New Twist on New Account Fraud

Listen and subscribe to our podcast on Apple PodcastsGoogle PodcastsSpotify or wherever you listen to your podcasts. Below is a transcript of the episode. Transcripts are generated using a combination of speech recognition software and human editors and may contain errors. Please check the corresponding audio before quoting in print. 

FULL TRANSCRIPT

00:00 - 00:23

Mike Rote: As a self-regulatory organization, information sharing is key to FINRA's pursuit of its mission of investor protection and market integrity, and no single resource is a better example of that than FINRA's Annual Regulatory Oversight Report. On this episode, we hear from four leaders within FINRA's Member Supervision department to discuss highlights from the 2024 Report. 

00:23 – 00:32

Intro Music

00:32 - 00:43

Mike Rote: Welcome to FINRA Unscripted. I'm Mike Rote. I'm excited to be joined by my colleagues Ornella Bergeron, Omer Meisel, Claire O'Sullivan and Michael Solomon. Welcome to the program. 

00:43 - 00:44

Ornella Bergeron: Great to be here. 

00:44 - 00:45

Omer Meisel: Hey, Mike. 

00:45 - 00:46

Michael Solomon: Thanks, Mike. 

00:46 - 00:54

Mike Rote: Several of you have participated in previous episodes of this series, but would you please introduce yourselves and tell us what you do at FINRA? Ornella, why don't we start with you? 

00:55 - 01:39

Ornella Bergeron: My name is Ornella Bergeron, and I'm Senior Vice President in Member Supervision over the Risk Monitoring Program. And for those of you that may not be as familiar with Risk Monitoring, those are the teams that are a firm's primary point of contact on numerous regulatory matters. And they're also responsible for monitoring a firm for financial operational conduct and trading risks for all member firms of FINRA. And my teams work very closely with Omer's and Michael's team. I've been with FINRA since 2007, since inception, and prior to that, I was at the New York Stock Exchange in various risk monitoring and examination roles. 

01:40 - 01:41

Mike Rote: Great. Michael, how about you? 

01:41 - 02:13

Michael Solomon: My name is Michael Solomon. I head FINRA's National Examination Program, its Membership Application Program, and its Statutory Disqualification Program. The National Exam Program executes about a thousand exams a year, both for financial and business conduct risks. I've spent about half my career either at FINRA or the NYSE and half in the industry. I've been a general counsel and chief compliance officer, and I've worked in some senior roles in legal and compliance at some large financial institutions. 

02:14 - 02:15

Mike Rote: And Omer? 

02:15 - 03:06

Omer Meisel: I'm the Executive Vice President of FINRA's National Cause and Financial Crimes Detection Program, or NCFC, which includes two sections: the National Cause Program, or NCP, and the Complex Investigation and Intelligence Program, or CII. Prior to leading NCFC, I was a Senior Vice President of CII, and also in 2022, I was selected to lead FINRA's crypto asset strategy and chair FINRA's Crypto Hub. Prior to joining FINRA, I spent approximately 22 years at the FBI conducting investigations into securities fraud, white collar crime, counterterrorism, counterintelligence, and cybercrime, and I held various leadership positions within the FBI. Before joining the FBI, I was an investigator at NASD, FINRA's predecessor, as well as at the SEC. 

03:06 - 03:08

Mike Rote: And last but not least, Claire. 

03:08 - 03:33

Claire O'Sullivan: I'm Claire O'Sullivan. I recently joined FINRA as Vice President for the Office of Strategic Engagement and Regulatory Advisor for Member Supervision. Among other things, my office leads the drafting of the annual report. Prior to joining FINRA, I was at the SEC in a variety of roles for around nine years, most recently as trading and markets counsel for Commissioner Crenshaw. 

03:33 - 03:49

Mike Rote: Great. Well, welcome to you all. FINRA recently published the 2024 FINRA Annual Regulatory Oversight Report, which is an extremely important publication for FINRA and broker-dealer firms. Claire, sticking with you, for those who aren't familiar with the report, can you describe it for us? 

03:49 - 04:48

Claire O'Sullivan: So, this is a report that's intended to provide member firms with insight into key findings and observations from FINRA's Regulatory Operation Program, which refers to Member Supervision, Market Regulation and Enforcement. The idea is that firms can use this information to assess and strengthen their own compliance program. So, for each of the 26 topics covered in the report, we identify the relevant rules, we highlight key considerations for member firms to think about in assessing and strengthening their compliance program, we summarize some noteworthy findings and observations from our oversight activities, and we outline effective practices that FINRA staff have observed through those oversight activities. We also provide some additional resources that may be helpful to member firms in reviewing their supervisory procedures and controls and fulfilling those compliance obligations. 

04:49 - 04:56

Mike Rote: So, Michael, you mentioned your time as a CCO in the industry. Can you fill us in on how firms would receive or use this report? 

04:56 - 05:56

Michael Solomon: I found the report particularly helpful in a number of ways. First, as it comes out earlier every year, and it's early January when it will come out, it was a unique opportunity to use the report, and its extensive, to really help design and drive our firm's annual testing plan, our compliance testing plan for the year. As a firm, we were able to look at where we were doing well relative to areas of the report and areas where we felt we could have some enhancements in our procedures and help maximize the efficiency of our annual testing program. I also found it quite useful to design a summary of the report, particularly the salient points related to a firm's business, and present that and walk through that with senior business leaders to be able to show them where FINRA's mindset is in terms of what it's looking at and what it's seeing. And also, frankly, it was utilized as a means to try to ask for more resources in certain areas where we may have been understaffed or under-resourced relative to aspects of the report. 

05:57 - 06:04

Mike Rote: Okay, so, Claire, the 26 or so topics in the report, do they represent FINRA's priorities? 

06:04 - 06:59

Claire O'Sullivan: That's a great question. The answer is no. This is not a priorities letter. FINRA has moved away from the priorities letter format, which we did publish for many years. And the SEC also publishes a priorities letter every year. But the Regulatory Oversight Report is really meant to be more of a mirror, reflecting what the regulatory operations staff have seen over the past 12 to 18 months, which we can then package up for firms to help them address a broader set of topics within their own compliance program. And I'd also like to note that our discussion of certain substantive highlights from the report today aren't an indication that those items are necessarily particular priorities for FINRA. We're just pointing out some new and interesting material, and we would really recommend that firms review the full report and think about which topics are relevant for them in their business model. 

07:00 - 07:06

Mike Rote: Now, the first thing people are probably going to notice is the new name. What's behind the name change of this resource? 

07:06 - 07:39

Claire O'Sullivan: So, the 2021 to 2023 versions of the report were all published as the Report on FINRA's Examination and Risk Monitoring Program. The new title, which is the 2024 FINRA Regulatory Oversight Report, reflects our ongoing efforts to increase the integration of FINRA's Regulatory Operations program. So, it demonstrates that the report is really a holistic view of all our regulatory activities, and that we do get input from Market Regulation, Enforcement and Member Supervision staff. But we couldn't add them all to the name without making it too long. 

07:40 - 07:51

Mike Rote: So, let's talk specifically about what each of your areas are seeing. Michael, let's start with you. One topic in the report that stands out is off-channel communications. Can you walk us through that topic? 

07:52 - 09:29

Michael Solomon: In my time in the industry, I've rarely seen one issue permeate legal and compliance as off-channel communication has in the last year or two. It's an area that we know is of keen interest to firms, and firms are asking questions about best practices and compliance in this space. So, through our exam program, we've essentially seen two types of firms or firms that have allowed business communications on non-firm provided platforms. And we're looking to see how those firms are reasonably supervising that, surveilling that communication and ensuring that they're maintained and preserved. We also have firms that have an outright prohibition against text messaging or non-firm platforms. And in those instances, we're testing to see how those firms are ensuring that their employees are complying with that prohibition and how they're handling discipline to the extent employers may violate that policy. 

The report is, I think, really our first attempt at providing some guidance in some areas where firms should think about this area, and it provides some key considerations in terms of firms assessing their compliance in this important space, including surveillance, training and discipline procedures, including annual attestations and changes in that regard that firms may have implemented. Through both our ongoing exams in this area, and we have scoped this issue into numerous exams and engagement with the membership, we are continuing to work to try to put out additional information and guidance and provide some best practices in where firms are having difficulty from both a technological perspective, a supervision and surveillance perspective. So, that will be additional guidance we hope to put out going forward. 

09:29 - 09:40

Mike Rote: That's great. Thank you. Now, though not a new topic this year, the SEC's Regulation Best Interest section is certainly one that firms will zero in on. What can you tell us about what we're seeing in this area? 

09:40 - 13:16

Michael Solomon: So, Reg BI has been a significant part of our National Exam Program and our Cause Program since 2020. We've scoped into our annual exams in 1,200 different exams since that time, in the firm exam program, and about 560 cause exams have had a Reg BI or Form CRS aspect to them. So, it's a large aspect of our examination investigation program. This year alone, we have almost 350 of our annual exams have had Reg BI scoped into that exam, and it's been about 140 cause exams in that space. The exception rate, when we look at this area in the exam program is typically between 50 to 70%. So, there's still many firms that aren't quite getting everything right. The good news is that the majority of the exceptions that we see are not significant exceptions that warrant enforcement referrals. So, only about 10% of the instances where we find a deficiency during an exam, in terms of Reg BI or Form CRS, are instances where those are referred to Enforcement for further investigation. 

Of course, many of the things we send to the Enforcement division doesn't ultimately become a formal case against firms. So, there's a number of areas that we're focusing on this year, in particular, the area of reasonably available alternatives that firms need to think about each time their advisor is recommending a particular product or strategy to a customer. Essentially, we're looking to see how firms are assisting and guiding their registered representatives to compare products and solutions at that point of sale, and how they're documenting that. We're looking to see whether these alternatives are encompassing the potential risk, rewards and costs of an alternative versus the product or strategy that's being designed or suggested to the client. We're also looking at whether firms have a process to identify the scope of reasonable, available alternatives. Obviously, it doesn't have to be every possible alternative, but we're looking to see how firms are dealing with this particular issue. And we're particularly focused on instances where a product that is being offered is either complex or is a high cost to the customer, and looking to see what alternatives should be considered by the advisor in that instance. 

In particular, two areas that we seem to see more instances of problems with respect to Reg BI are the variable annuity space and the private placement space. And we have beefed up our exam teams in both those areas to develop more expertise and to focus on those two areas that are both complex and high cost to customers. We're also obviously focusing on compensation practices and conflicts of interest, particularly as they relate to compensation for point-of-sale issues for financial advisors. As we've been in this space for a couple of years now, we're also looking to follow up on prior exceptions that we've seen a year or two ago. So, if you have had a prior exception, you should hurry up and fix that before we come back again to see if that remains open. There's a lot of resources available that FINRA has provided. We've just recently had a Regulatory Notice 23-20 that has links to a myriad of things that firms can consider: FAQs, guidance, risk alerts. It's a great document that has all in one place area for firms to look for guidance. The SEC has also put out a recent FAQ regarding Form CRS. So, there's a lot of material out there that FINRA and the SEC has provided to help firms here. 

13:17 - 13:24

Mike Rote: It sounds like a trove of information about Reg BI in the report. What's another topic that stands out to you in this year's report, Michael? 

13:24 - 14:47

Michael Solomon: One area that I think has always been a focus of mine that's in the report is the accuracy of regulatory event reporting and how firms are providing information to FINRA both in U4, U5 and 4530 filings. We have seen instances where there have been potentially inaccurate U5 filings, including where there's a voluntary U5. When we look into it, it looks like it should be more of a discharge or an ‘other’ that would require an explanation as to the termination of the registered person. We also want to see that there's sufficient detail in U5s, so that a reasonable person can understand why somebody was discharged from a firm. 

So, the report provides some good guidance in terms of best practices here, in terms of surveillance, firms reviewing communication channels to see whether there are unreported written customer complaints. And that's particularly important in the off-channel space that I think firms are receiving fewer and fewer hardcopy complaints. Things used to come in through email, and now they're more likely to potentially come in as a complaint through text messaging. So, we're focused in that area, as well as the training for staff. It's every registered person's responsibility to escalate a complaint however it comes into the firm for 4530 reporting purposes. So, we want to see that that training, that's understood well by the registered personnel at a firm. 

14:48 - 15:00

Mike Rote: Thanks, Michael. There's a lot there to think about. Switching over to you, Ornella. There are a couple of topics in the financial management section I'm interested to get your thoughts on. What can you tell us about the liquidity risk management segment? 

15:01 - 17:17

Ornella Bergeron: Thanks, Mike. So, liquidity is always an area that I enjoy talking about. It's a topic that's been in our annual letter for many years now, and an area where we spend a lot of time examining and also monitoring, especially given all of the many market events that we've experienced over the last several years. These events always reinforce the importance of having effective liquidity control framework. So, to help us better assess the liquidity risk exposure at our member firms, those that have the largest customer and counterparty exposures, we are now collecting additional liquidity information on the supplemental liquidity schedule, which is a form of the focus report. And while the additional information we're collecting has been very helpful in assessing liquidity risk at firms, this area is still an area where we continue to see instances where firms have not adopted sufficient processes to mitigate their liquidity risk. And you can see some of our observations in our report. So, we are working through the process for a proposed rule related to liquidity risk management. 

And we did issue a Reg Notice last year, Reg Notice 23-11, basically seeking comment on a content proposal to adopt a rule that would establish liquidity risk management requirements for just a subset of our firms, which is really intended to make sure that firms that would be subject to the role have sufficient liquidity, maintain sufficient liquidity, both in normal conditions as well as stress conditions. So, we are in the process of reviewing comments and meeting with those that commented. And for anyone who's interested in reading a lot more about liquidities and our proposal, I suggest reviewing the Reg Notice 23-11. So, in the meantime, the liquidity risk management topic in the report does include some new guidance, such as new factors for firms to consider when evaluating their liquidity management plans and conducting stress tests, which I think you'll find very helpful. 

17:17 - 17:24

Mike Rote: Great. Thank you. Staying with financial management, there's a segment on net capital. What's FINRA seeing in this space?

17:24 - 19:57

Ornella Bergeron: So, net capital is one of our core areas that we spend a lot of time, both from the Risk Monitoring perspective and also examining for. After all, all member firms are required to have capital at all times and compliance with the net capital rule in order to conduct business. So, in addition to the work that we do in this space for firms that are on our exam plan, during 2023, we also conducted focused examinations at a subset of smaller member firms, really focusing on financial controls and net capital compliance. We did identify minor deficiencies as well as some more material findings, such as certain firms not including supervisory reviews of various key functions, such as wire movements and financial report preparation. There are some firms that weren't properly designating a fin op for the firm. 

We also observed misclassifications of assets and liabilities, inadequate reconciliations, not adequately accruing liabilities, which all of these items led to capital adjustments, in some cases material and in some cases, you know, leading to net capital deficiencies. And then also allowing certain individuals not associated with the broker-dealer to have authority over their bank accounts, thereby allowing them to perform certain covered functions without proper registrations. So, as far as the other net capital work that we did, we are still seeing issues. For example, with firms that are computing incorrect capital charges on open contractual commitments, inaccurate net capital charges being taken for certain inventory reported on focused reports, as well as inaccurate reporting of revenue and expenses, among other issues. Those are just some of the highlights. So, in regards to the open contractual commitment charges, we're still continuing to see issues in this space. 

It's so important to ensure that a firm's role is clear within the underwriting agreement as it relates to what their role is in the underwriting, whether it's the best efforts role or whether they are firm commitment role. Also establishing a process to track open contractual commitments in which the firm is involved in at all times, which is really what's causing some of the issues that we're seeing in this space. The report also includes some other really great practices and questions that we encourage firms to think about related to their net capital calculation. 

19:58 - 20:21

Michael Solomon: Ornella, thanks for mentioning the exams where we focused on net capital. So, because we did see exceptions at the majority of firms where we did these narrowly tailored exams just on net capital, we're going to continue to do that in 2024 on firms to focus on this discrete issue, in addition to the general exams that we do on our 1,000 firms. And I think we provided good feedback to firms in each of these instances. 

20:21 - 20:28

Mike Rote: As you said, Ornella, that's a topic that affects all firms. So, all the firms are going to want to pay attention to that section. 

20:28 - 20:29

Ornella Bergeron: Absolutely. 

20:29 - 20:31

Mike Rote: Is there another section you'd like to highlight? 

20:32 - 22:40

Ornella Bergeron: The Consolidated Audit Trail topic, or CAT, is really an incredibly important regulatory area for us. It's been highlighted in our letters since the CAT rules went into effect. It's been over three years now, and really an area that we've been reviewing, for the most part, on all of our trading exams. So, a lot of focus on CAT compliance. So, the good thing is that we know from the work we've been doing in this space that firms really have dedicated significant resources to implementation. And overall compliance with CAT reporting remains high, which is really great. During 2024, we're going to continue to review member firms' compliance with CAT, including timely submission of reportable events and corrections, CAT reporting accuracy and completeness, and supervision of third-party vendors that firms may be relying on for CAT submissions and clock synchronization. 

So, as you'll see from the report, reporting issues, and it's really the reporting issues and the supervisory controls over vendors, that are some of the more common findings that we continue to see as we examine for capital compliance. It is incredibly important for firms that are relying on a vendor for CAT reporting, clock synchronization, or anything else for that matter, that there needs to be an agreement in place with the vendor or the third party. And it's so important to not forget that you still have supervision responsibility over the vendor or the third party. Supervision doesn't go away just because you're leveraging a vendor or another third party. And then just finally, just a reminder for everyone out there that full customer and account information system reporting, or CAIS, does go into effect in May 2024. So, I just wanted to mention that FINRA has provided guidance related to CAIS reporting deadlines that firms can access at the CAT NMS Plan website. There's a link in our report. And actually, our report also does include some effective practices related to CAIS supervision that I think would be really helpful for folks. 

22:40 - 22:48

Mike Rote: Excellent. That's a great reminder. Thanks, Ornella. Turning to Omer, there's a brand-new section on crypto asset developments. Can you walk us through those highlights? 

22:49 - 25:11

Omer Meisel: Absolutely. So, crypto assets have generated a significant amount of interest across our member firm community and investors. And so, we wanted to highlight some of those regulatory requirements. And FINRA is advancing our core mission through our critical crypto asset related regulatory work across the organization. And to help fulfill our regulatory mission, FINRA established a Crypto Hub in late 2022 as an enterprise-wide initiative. The Crypto Hub is comprised of representatives from nearly every FINRA department working collaboratively to coordinate and program manage FINRA's regulatory crypto asset work. And this work includes gathering information about member firms and associated persons' crypto asset activities, reviewing members for compliance with applicable rules and regulations, conduct risk-based examinations and investigations into crypto asset activities being conducted by member firms and associated persons, and pursuing initiatives to build for the future and enhance our overall capabilities in this space. 

And as a side note, if you're interested in hearing more about FINRA's crypto asset strategy and the Crypto Hub, I recommend listening to our three-part series on FINRA's Unscripted podcast. Now, overall, we've seen an expansion in crypto asset related activity by member firms. We have firms approved to engage in crypto activities, such as serving as placement agents and private placements of crypto asset securities, operating alternative trading systems, or ATS', for crypto asset securities, and provide custodial services for crypto asset securities, referred to as a special purpose broker-dealer or SPBD. Now, to address the regulatory requirements for crypto assets, firms may want to prepare for crypto asset-related risk by reviewing and evaluating their supervisory programs and how they interact with that crypto asset activity. And we've highlighted themes in the annual report, which includes, but are not limited to, areas such as cybersecurity controls, AML compliance programs, and establishing policies, procedures and controls related to their associated persons involvement in crypto asset-related outside business activities or OBAs, and private security transactions. 

25:12 - 25:18

Mike Rote: And during 2023, we actually reached out to firms about their crypto asset activity. Is that right? 

25:18 - 26:20

Ornella Bergeron: Before that, I really just also want to make sure we're reminding firms that it is really important for firms to let us know their involvement or their affiliates' involvement in crypto assets, and remind folks that there is that Reg Notice 21-35, where we encourage member firms to notify us if they or their affiliates are involved, they are engaged, or they plan to engage in crypto activities. And Omer mentioned the Crypto Hub—in Risk Monitoring, we worked very closely with the Crypto Hub to conduct a reach out to a subset of our member firms to really understand their involvement in crypto activities, as well as the activities, again, of their affiliates. We do plan to share any intelligence that comes out of that reach out that we've conducted. The information we have is also obviously being leveraged for our respective regulatory programs. But again, we do plan to publish any helpful observations that we have from the reach out that we conducted. 

26:21 - 27:28

Omer Meisel: I'd also like to highlight that our Advertising Regulation department initiated a targeted examination on crypto asset retail communications, where they examined practices of certain member firms that actively communicate with retail customers about crypto assets and crypto asset-related services. The annual report includes findings from that targeted exam, including some findings that failing to differentiate in communications, including those on mobile apps, between crypto assets offered through an affiliate of the firm and crypto assets offered by the firm itself, comparing crypto assets to other assets, such as securities or cash, without providing a sound basis to compare the benefits and risks of these investments, omitting clear explanations of how crypto assets are issued, held, transferred or sold, and misrepresenting the extent to which federal securities laws or FINRA Rules apply to crypto assets, and the extent certain crypto assets are protected by SIPC, which is the Securities Investor Protection Corporation. 

27:28 - 27:35

Mike Rote: Thanks, Omer, and for the second year, a robust section on financial crimes. That's your group's area. What are some highlights there? 

27:36 - 28:58

Omer Meisel: Yeah, there's a lot of great content in the report related to such areas as anti-money laundering, fraud and sanctions evasion. But the report highlights a new emerging threat related to new account fraud, which occurs when a bad actor uses stolen or synthetic identification, which is often extracted during a cyber intrusion or hack, and then sold on the dark web to enable bad actors to fraudulently open an account. The risk of new account fraud has grown, in part as a result of the growth of investors opening up brokerage accounts through online platforms. 

Moreover, new account fraud may be a precursor to other fraud schemes such as fraudulent ACATS requests, fraudulent ACH transfers and wire transfers, and depositing or moving fraudulently obtained funds from government benefit programs such as the COVID relief funds. The report also highlights guidance and resources for firms to address new account fraud, as well as other schemes by, for example, evaluating their review of red flags during the account opening process and their monitoring of ongoing customer account activity. I'd also point you to another FINRA Unscripted podcast if you're interested in hearing more about new account fraud called A New Twist on New Account Fraud. 

28:59 - 29:03

Mike Rote: A lot of great information in there. And thanks for the plug on the other podcast episode. 

29:04 - 31:32

Omer Meisel: Thank you Mike. Anytime I have a chance to highlight the cyber threat, I jump at the opportunity. The cybersecurity topic is at the forefront again of this year's report with some new content. And that's because today's cyber threat continues to be persistent, multi-factored, it's a blended threat of both criminal and nation state actors sometimes working in concert. And the sophistication level of bad actors continues to increase exponentially. Based on some public reporting that I've seen, ransomware attacks continue at a record-breaking pace, with an increase of 95% from this time last year. And the most heavily targeted industry now is the financial sector, having overtaken the healthcare sector. 

So, from my perspective, the cyber threat remains one of, if not the top threat to the financial industry. And that is why cybersecurity remains a prominent part of the report with new content on such things as FINRA's observations that there has been an increase in the variety, frequency and sophistication of certain cybersecurity incidents, such as ransomware, cyber intrusions at critical vendors utilized by the financial industry, insider threats, and impostor websites. There's new content on identifying, preventing, and mitigating cyber incidents. There is new content highlighting the critical importance of combating cyber threats by establishing supervisory controls related to several key areas, including vendor management, change management and business continuity. The report also highlights the new SEC cybersecurity rule. It stresses the importance of having a robust training and security awareness program. 

And as I like to say, cybersecurity is a team sport that requires everyone in the organization's attention and not just the cybersecurity team. The cyber threat landscape is constantly evolving, and FINRA's Cyber Analytic Unit has been proactive in providing our member firms with up-to-date cyber threat intelligence through a suite of communication products, which include distributing cyber alerts, cyber advisories and Regulation Notices, as well as hosting such events as the FINRA FBI Regional Cyber Threat Briefing Series. And I encourage all firms to bookmark FINRA's Cybersecurity Internet page to see the latest published cyber threat intelligence. 

31:33 - 31:45

Mike Rote: Thanks for all of those highlights, Omer. One thing that stuck out to me in the report was the callout box on emerging risks regarding artificial intelligence or, AI. Perhaps. Ornella, can you talk about that one? 

31:45 - 33:52

Ornella Bergeron: Yeah, absolutely. So, we really thought it was important to call out artificial intelligence in our annual report this year. So, while artificial intelligence has been around for a long time, it really has gained momentum and has become more mainstream. It's evolving so quickly, especially with the use of large language models and other generative AI tools. Similar to other industries, broker-dealers and other financial industry firms are exploring, and they are starting to deploy these technologies either using in-house solutions or through third parties, really to help them create operational efficiencies and better serve their customers. So, as you see in the report, while these tools can present really promising opportunities, their development really has raised concerns about things like accuracy, privacy, bias and intellectual property, among other concerns. 

So, as firms do consider to use these new technologies, including the generative AI tools, they should be mindful of how these technologies could implicate their regulatory obligations. When I think about it, they really could implicate virtually all aspect of a firm's regulatory obligations. So, it's so important for firms to conduct a comprehensive evaluation before deploying such technologies. So, in Risk Monitoring, we have been actively engaging with firms to better understand their current initiatives, as well as their future plans related to generative AI and large language models. And honestly, from what we've been hearing so far, firms are being very cautious and they're being very thoughtful when considering the use of AI tools as well as before deploying these technologies. So, while for this year's report, there's not a lot in the AI section by way of specific rules or findings or observations, this is likely a topic we'll be seeing a lot more about in the future. So, definitely keep an eye out for that. 

33:53 - 34:09

Omer Meisel: And Ornella, anytime I have a chance to highlight the cyber threat, I jump at the opportunity. With AI, this is another example where firms need to really be thinking also about the cybersecurity threat as it relates to utilizing some of these tools. 

34:09 - 34:25

Mike Rote: There's a lot happening there. Claire, I'd like to circle back to you. Earlier, you touched upon how FINRA gathers this intel and repackages it for firms into this report, and that's probably not what people would think of as the traditional role of FINRA's regulatory operations, wouldn't you say? 

34:26 - 35:38

Claire O'Sullivan: I can see how you might think that, because the traditional regulatory operations role is to examine for and correct wrongdoing in individual firms or in the markets. But the flip side of that is that engaging in those activities gives us a lot of insight into what is working well at firms, into trends that may be good or bad, and other things that the rest of the industry may find useful, in strengthening their compliance program. So, as a self-regulatory organization, FINRA is really uniquely positioned to engage with firms on these emerging issues and areas of risk, and then to share that intelligence back out with our member firms to help them strengthen their compliance programs. 

So, this really allows FINRA and the firms to work toward the same goal of compliance and fostering confidence in the market. And that's a great way for FINRA to carry out our mission of investor protection and market integrity. So, I think this report really demonstrates one of the strengths of the self-regulatory model, which is that FINRA is really set up to assist firms with their compliance efforts, and we're really dedicated to doing that. 

35:39 - 36:11

Mike Rote: That's great. Thank you. Well, that's it for today's episode of FINRA Unscripted. Ornella, Michael, Omer and Claire, thank you so much for joining me today to talk about the 2024 FINRA Regulatory Oversight Report. I'm sure the firms will have your comments in mind when working their way through it. Listeners, if you don't already, be sure to subscribe to FINRA wherever you listen to podcasts to stay up to date on all our latest episodes. FINRA's episode was produced by me, Mike Rote, engineered by John Williams and coordinated by Hannah Krobock. Thank you for listening to FINRA Unscripted. Until next time. 

36:11 – 36:16

Outro Music 

36:16 - 36:44

Disclaimer: Please note FINRA podcasts are the sole property of FINRA, and the information provided is for informational and educational purposes only. The content of the podcast does not constitute any FINRA Rule or amendment or interpretation to such rules. Compliance with any recommended conduct presented does not mean that a firm or person has complied with the full extent of their obligations under FINRA Rules, the rules of any other SRO or securities laws. This podcast is provided as is. FINRA and its affiliates are not responsible for any human or mechanical errors or omissions. Parties may not reproduce these podcasts in any form without the express written consent of FINRA. 

 

Find us: Twitter / Facebook / LinkedIn / E-mail

Subscribe to our show on Apple Podcasts, Google Play and by RSS.