Heightened “Culture of Compliance” Requirements Merit Action
FINRA’s rules create an obligation for firms to establish and maintain a system to supervise the activities of their associated persons that is designed to achieve compliance with securities laws and regulations, and with FINRA rules. In 2016, FINRA says it will focus on four areas where it has increasingly raised concerns around securities firms’ business conduct and the integrity of the markets: management of conflicts of interest, technology, outsourcing and anti-money laundering (AML).
While metrics around assessing a firm’s liquidity management practices are fairly well-established, measuring a firm’s commitment to compliance practices could well represent a new level of challenge for many in the broker-dealer market.
“Assessing a firm’s compliance culture is an area of increasing regulatory emphasis, as FINRA’s latest communiqué shows,” says Barbara Boehler, securities subject matter expert at Wolters Kluwer Financial Services. “But it poses an equally challenging area in which firms must demonstrate their compliance. Reading FINRA’s list of priorities clearly presents securities firms with a heightened need for expertise in managing these regulatory compliance issues.”
FINRA will evaluate how culture affects a firm’s compliance and risk management practices, focusing on the frameworks firms use to develop, communicate and evaluate conformance with their culture. Additionally, its letter explicitly indicates that firms “should be equipped with necessary resources to help them navigate a complex and changing regulatory and market environment.”
Boehler notes that the following indicators will be essential parts of the agency’s regulatory oversight:
- Are control functions valued within the organization?
- Are policy or control breaches tolerated?
- Does the organization proactively seek to identify risk and compliance events?
- Are immediate managers effective role models of firm culture?
- Are sub-cultures that may not conform to overall corporate culture identified and addressed?
“It is not enough for a firm to have a process,” said Boehler. “It must be able to convincingly demonstrate that process to the regulators, and thereby help advance a culture of compliance throughout the organization.”