Most financial authorities in the US offer mitigation programs for firms that choose to cooperate with them, and FINRA is no exception. This is good news for firms that make a concentrated effort to keep their dealings ethical but sometimes are unable to control the actions of individual broker-dealers. FINRA allows firms to mitigate their exposure in these cases, though many are confused as to how the program can work for them.
FINRA Rule 4530 already requires firms to report issues within their ranks as soon as they’re notified. That’s a bit confusing, as it appears there’s really no option for self-reporting an issue. It’s just a requirement. However, FINRA’s fine mitigation program deals with the extent to which firms report and try to make good on issues, under a clause known as “extraordinary cooperation.”
What is “Extraordinary Cooperation” Under FINRA?
FINRA’s cooperation program is similar to the FCPA’s, with a significant flaw: Its program has no strict policies in place. The credit that firms receive for their cooperation appears to be completely subjective with no set of strict criteria to qualify. However, based on the results of the past, it appears the following situations meet the burden of “extraordinary cooperation”:
- Voluntary disgorgement – In a case that involved mutual fund overcharges, FINRA elected to apply no sanctions or penalties. It appeared that the driving cause of this was that the firm reported overcharges, explained them, and refunded clients about $50 million.
- Strong risk assessment programs – Failure to detect an issue is enough to get sanctions, provided the issue is one which should have been detected. By having a risk-based strategy and a proactive response to suspicious activity, firms may be able to mitigate damages under this oversight burden.
- Whistleblower support – FINRA prevents firms from blocking whistleblowers from reporting concerns to the agency. Firms that stand behind whistleblowers and take their concerns seriously are far more likely to see less severe treatment.
- Third party due diligence – When firms work with third parties who expose them to sanction risk, firms that complete a due diligence investigation may be able to avoid being guilty by association.
While FINRA doesn’t lay out specific rules for its program, it’s easy to see a common theme in what they consider extraordinary cooperation. Firms which are proactive, take measures to reduce risk, and report concerns quickly will likely see better treatment than those who do not. This all involves taking a risk-based approach to compliance assessment.
Creating a Risk-Based Compliance Program
A risk-based compliance program, in its basic form, is one which looks at everything from a worst-case scenario point of view. It’s a system that assumes all your employees are unethical, your records keeping procedures are weak, and your cybersecurity protocols don’t go far enough. While that’s rarely the case, it’s a method that works to turn you into a proactive company that’s able to escape fines and penalties when the worst happens. Mainly, you need to concentrate on these key areas:
- Recordkeeping – FINRA recently levied fines against 12 different financial firms due to those firms not keeping customer records in the proper electronic format. The format, “write once, read many,” or “WORM” is required, as it prevents files from being altered or destroyed. Ensuring records are in the proper format and that the retention schedule meets FINRA’s standards, is a good way to avoid risk in this area and show proactive efforts to prevent record keeping issues.
- Cybersecurity – Cybersecurity is becoming a growing area for FINRA sanctions. It involves all aspects of how customer information is stored, protected, and assessed. Cybersecurity doesn’t just require strong password management but proactive tests of the system to determine its risk level.
- Proper automated processes – Firms can be held responsible when they should have known something but didn’t. Using an automated program to regularly screen transactions helps clue you into suspicious activity – like if all trades suddenly start going to a specific company – so you can act on it.
- Employee risk – Employee risk is your biggest risk when you’re dealing with FINRA. The best way firms can separate themselves from unethical brokers is to have a consistent vetting process which covers:
- Annual background screenings – It’s not enough to do a background check at the time of employment, you need to do it regularly to show that you have updated records that address any new issues.
- Risk spot checks – A Remote Risk Assessment policy, which uses technology to conduct automated interviews, can be a good way to weed out potential threats by identifying risk. These assessments can be completed remotely, in under ten minutes, and can be used to ensure compliance with FCPA and FINRA regulations.
At some point or another, any large firm will likely have to deal with a FINRA investigation. The decision whether to open yourself up to that investigation or to mitigate your damages will be a difficult one. It’s hard to tell what FINRA considers extraordinary cooperation. However, history tells us that using proactive risk management tools is a big part of it.
AC Global Risk offers RRA as a screening option for staying in compliance with FINRA. We can complete full assessments and create a risk heat map of your firm, so you can mitigate your damages. For more information about our solutions, contact us.
Image Source | Unsplash user Maxime Le Conte des Floris