By Alma Angotti
In its 2023 Report on Examination and Risk Monitoring Program1 (the Report), the Financial Industry Regulatory Authority, Inc. (FINRA) provided insights and observations into core regulatory topics related to Financial Crimes that will be the focus of the Special Investigations Unit.2
For the first time, this year’s Report provides a section focused entirely on Financial Crimes consisting of three topics: (1) Cybersecurity and Technology Governance; (2) Anti-Money Laundering (AML), Fraud, and Sanctions; and (3) Manipulative Trading. AML and Cybersecurity previously were part of a different section of the last year’s report, and Manipulative Trading is a completely new topic for 2023. According to FINRA, the addition of the Financial Crimes section was to underscore its increased focus on protecting investors and safeguarding market integrity against these threats.3
Below, we provide a brief overview of the Financial Crimes priorities highlighted in the 2023 Report that firms and Guidehouse clients might find useful to consider when identifying potential gaps in their compliance programs, performing risk assessment, or improving their supervisory procedures and controls.
We will be covering each of the focus areas in more detail in upcoming alerts.
Financial Crimes Priorities
FINRA Highlights the Following Financial Crimes Priorities in the Report:
Cybersecurity and Technology Governance — FINRA notes its recent establishment of a Cyber Analytics Unit in August 2022 that includes a team that examines firms’ cybersecurity risk management through reviews of their controls, a team responsible for conducting investigations of cyber-related fraud, and a team that examines crypto-asset activity. In December 2022, FINRA issued Regulatory Notice 22-294 to provide firms with questions they can use to evaluate their cybersecurity programs, information about possible additional ransomware controls, and relevant resources. The Report identifies numerous new cybersecurity-related considerations, including instances where firms did not have reasonably designed procedures to investigate cyber events and whether a suspicious activity report filing should be made. FINRA also provides an update on effective cybersecurity practices, including specific risks associated with ransomware and firms’ critical vendors and third-party providers.
AML, Fraud, and Sanctions — Notably in this section, FINRA calls out several emerging areas for firms. Specifically, FINRA underlines (1) Manipulative Trading in Small Cap IPOs, for which FINRA reminds firms to review Regulatory Notice 22-255 for potential indicators of these schemes and evaluation of their compliance and risk management programs to confirm that they are addressing this type of activity; (2) Russia-related Sanctions Evasion, indicating that sanctions and sanctions evasion risks were a major focus for FINRA’s AML Investigations Unit in 2022;6 and (3) Automated Customer Account Transfer Service (ACATS) fraud. FINRA observed an increased number of fraudulent transfers of customer accounts through ACATS, where bad actors use the stolen identity of a legitimate customer to open a brokerage account, transfer the customer’s assets to that account, and then move the ill-gotten assets to an account at another financial institution. The Report covers FINRA’s findings and discusses effective practices firms are employing to mitigate these threats.
Manipulative Trading — New for 2023 is FINRA’s reminder that several FINRA rules prohibit firms from engaging in impermissible trading practices, including manipulative trading. The Report’s findings for this topic principally centered on firms’ failure to (1) implement adequate written supervisory procedures to identify specific steps and personnel to monitor for and escalate manipulative conduct; (2) implement surveillance controls to capture manipulative trading; and (3) monitor customer activity to identify patterns of potential manipulation.
How Guidehouse Can Help
Guidehouse can help you assess your company’s compliance, supervisory, and risk management programs with respect to the guidance set forth in the Report. We have supported our clients with various aspects of Financial Crime compliance by conducting gap analyses, risk assessments, developing policies and procedures, performing look-backs and independent testing, and developing and implementing updates to the clients’ operations, processes, controls, and technology. Given its extensive expertise in AML, fraud, sanctions, trade compliance, cybersecurity, and technology governance, Guidehouse is well-positioned to proactively identify and address the risks specific to your business in a reasonable manner that is also consistent with current regulatory requirements and industry best practices.
Complexity demands a trusted guide with the unique expertise and cross-sector versatility to deliver unwavering success. We work with organizations across regulated commercial and public sectors to catalyze transformation and pioneer new directions for the future.