- How does your firm respond to policy and procedure breaches?
- Does firm management exemplify the values and culture of the organization?
- Is compliance valued within the organization?
- Do individual departments within the organization exemplify the corporate culture?
Supervisions, risk management, and controls will be a one of the broadest focus areas for FINRA, and will cover a wide range of areas including managing conflicts, technology infrastructure, outsourcing, and anti-money laundering. Specifically within technology infrastructure, FINRA will be looking at hardware, software and the personnel tasked with its management. Firms will have to demonstrate compliance with cybersecurity controls, data quality and governance, vendor assessments, and reporting practices. As you begin to review your firm’s approach to risk management and controls, consider the following questions:
- Which controls are in place to prevent and mitigate data loss?
- How robust is your firm’s cybersecurity framework?
- Which types of reporting practices does your firm have in place for data quality and governance?
- How are third party vendors assessed and supervised?
The final four focus areas include liquidity, sales practices, financial and operational controls, and market integrity. FINRA will be assessing these focus areas in order to ensure that controls are in place to protect investors and lessen financial and operational risks.
Regulatory oversight of the financial industry will only continue to increase, so now is the time to begin assessing your firm’s current policies and procedures and making the appropriate revisions based on the current guidance. Stay tuned for next week’s post, which will delve into FINRA’s focus on technology infrastructure and how you can prepare.