FINRA Audit Support
Is there a chance that your business will be facing a FINRA audit this year? Considering the Financial Industry Regulatory Authority, or FINRA, conducts more than 1500 audits annually, you could be. If you are not compliant with the rules set forth by FINRA, you could face the disciplinary action that comes with non-compliance. Turn to the Los Angeles IT technicians here at Be Structured Technology Group and let us be your FINRA audit support specialists. We understand what all goes into FINRA compliance and can help make sure your company has all of the correct policies and procedures in place to ensure that if you are ever audited, or going through an annual audit, you have nothing to worry about.
Be Structured is not a FINRA auditing firm, but our clients often need IT support and changes to their IT infrastructure when going through a FINRA audit. We have a number of FINRA regulated clients and are familiar with the requirements and can help you get through quickly and easily.
What is FINRA?
FINRA is a very important part of the financial system in America because they ensure the integrity of brokers and firms during financial transactions. They work under the direct supervision of the SEC, or Securities and Exchange Commission. FINRA has some key responsibilities, including:
- Writing and enforcing the rules that govern how ethically registered brokers and broker-dealer firms operate.
- Looking over each firm to ensure compliance with the rules that were written.
- Encouraging transparency within the financial markets.
- Educating anyone that has invested in the industry.
These efforts are put in place to help protect the public from issues like bad practices and fraud. Many people are taken advantage of annually, and FINRA is there in an attempt to lower those numbers, ideally stopping them in the future. When FINRA finds out about an unethical broker or firm, they step in and do what they can to help. In some cases, they can work with the authorities to help charge these people with fraud and help restore some financial stability to some people’s lives. As an example of how they work, as of 2018, they were able to:
- Levy over $60 million in fines.
- Refer nearly 1,000 cases directly to the SEC and similar agencies for prosecution.
- Carry out more than 900 actions to discipline registered firms and brokers that practiced unethical behavior.
- Order that more than $25 million be returned to defrauded investors.
If FINRA believes that you are a registered broker or firm that is not being ethical with how you treat clients or they believe that you are not protecting the data of your transactions or clients, they can come through and audit you. In this case, you need to make sure you and your business are totally compliant, so that you do not face additional problems once the audit is complete. Depending on how businesses operate and how well they keep up with compliance, the firm or broker can face an audit, or they can get a cycle examination. This can happen every year, every two years, every three years, or every four years. The more compliant a firm or broker is, the less likely FINRA is to audit them.
The Importance of Data Protection
When anyone works with sensitive financial transactions, that also means there is sensitive data that needs protection. This is part of the process and something that often gets overlooked when it comes to the scope of FINRA compliance. When talking about making sure the data from these transactions remain safe, there are several aspects to accomplishing this goal.
- First, the threats must be identified and assessed to determine their scope.
- Second, steps must be taken to ensure outside intrusions are stopped before any asset is accessed.
- Third, a detection system must be put in place that notifies administrators when any part of their system or asset has been improperly accessed or potentially compromised.
- Fourth, a plan needs to be created as to how any type of compromise or intrusion is responded to.
- Finally, a plan needs to be put in place that helps with the recovery of stolen, lost, or otherwise unavailable assets for the corporation.
There need to be specific protocols that are set up with each brokerage or firm to ensure that all data is kept as safe as possible. Each branch needs to have its own set of safety protocols to cover all data that is gotten from investors and all financial transactions. This should involve procedures for the supervisory regulations, plus formal oversight procedures that each office must follow. There should also be a working inventory that lists all assets from hardware and software, plus all data that would be included should any type of cyber-attack happen. The protection of the data is nearly as important as making sure each transaction is ethical and in the best interest of the client. That is why these steps must all be in place.
A FINRA Investigation Precedes An Audit
The first step when someone notifies FINRA of a potential problem is done through the gateway portal that the firm or broker has with FINRA. This involves the investigator going through the documents on the site as well as all cybersecurity programs the location has. Plus, a team will show up and perform an on-site investigation to look at the complaints, any possible breaches, and what types of training the personnel have received in terms of cybersecurity protocols. The firm or broker will be notified up to 60 days before the arrival, plus it details the process for the investigation. If you are the broker or the head of the firm, you will also get specific details as to when documentation from you is required. The documentation that you must send before the team arrives on-site allows for FINRA to have an effective strategy for evaluating the activities of the firm or broker.
As soon as someone from the FINRA team shows up, they will request an office tour. Once the tour is complete, they will set up meetings with the leaders of compliance within the business, and with the people that lead the business directly. There may also be meetings with the different security personnel to see what controls are in place protecting the data and systems within the business. Most teams will also ask to see the asset inventory created to keep track of all systems and data in case of a cyberthreat, along with the log of how often the inventory is updated. There will also be requests for additional documents and proof of compliance at this time in most instances. Your firm needs to make sure that all communication is prompt and efficient to help ensure the quickest possible resolution to the audit process. Weekly meetings are to be expected during this process so that as issues arise, they can be remedied, and adjustments can be made.
FINRA Exit Meeting
When the audit nears its end, the FINRA team will hold an exit meeting to discuss the areas of concern and hand over recommendations to correct any of the issues discovered during the audit process. There will also be an exit meeting report for you to look over and respond to. Each item will be discussed, and you will need to have responses to each item in the report. This can be a difficult situation and should not be entered into without the help of a Los Angeles-based FINRA audit IT support team by your side.
You need to make sure that you go over the full examination report following the exit meeting. This report will be given to the CEO of the firm. If you provided exception documentation to the exit meeting report, the responses will be in this examination report. However, if there were no exceptions, the exam will be over. Each exception mentioned in this report needs to be responded to before the final treatment is set forth. It could be that FINRA decides that the firm or brokerage needs no additional action, it could be cautionary action, or it could be that a referral to law enforcement is the result. A lot depends on the issues that started the investigation, the communication during the investigation, and the changes made as a result of the investigation.
The Stress of FINRA Investigations
If your brokerage firm is not compliant with the rules set forth by FINRA, you are going to have trouble with them eventually. It is not a matter of if, but a matter of when. You need to be always acting in the best interest of your investors and making sure that each transaction is ethical, plus you need to make sure that your firm has the right protection procedures in place. However, there are times where it may be a matter of a disgruntled investor and not an actual issue where the firm or broker did anything wrong. The only way to know what will be found at the end of an investigation is to go through it. Just understand that the process is going to be stressful. To reduce your stress, make sure you are compliant from the start and have the support to go through the process. Having a Los Angeles cybersecurity firm that can respond for you and submit all required documentation on your behalf can decrease the stress of the investigation exponentially.
Where Did FINRA Come From?
Back in 2007, many different, private organizations that regulate financial dealings went to the SEC and asked for approval to make their own organization. This included members of the National Association of Securities Dealers, and member of the New York Stock Exchange. The SEC approved and FINRA was born.
FINRA has forms that nearly all financial personnel are supposed to file each year. This includes CPAs, firms, brokers, and more. These forms must have been completed within 60 days or less from when the fiscal year ends. FINRA, from there, will take a look at the basic transactions that the professional did during that year and examine the income levels. This can include:
- The money that went to the broker-dealer or the firm as income.
- How much money was paid out during that fiscal year.
- Where the money went.
- Tracking evidence of the money to ensure there was no theft of money along the way.
- Checking how suitable the investments that were made were for the clients’ served.
- If there was any additional education for personnel of the firm.
- How the company advertised and who their target audience was during that time.
This is a normal exam that happens every year. This is not the same as one of the surprise FINRA exams or audits that are akin to an audit done by the state or the SEC. The point of audits is to make sure everything matches between filings and reality, plus make sure that the investments being made make sense according to who they are being invested for.
Since the rules of compliance change so regularly, it may be the best option to consider using a computer software that tracks all of the information for the firm or broker. However, that is an individual decision. What matters is that steps are being taken to keep all information used for these investments safe and out of the prying hands of hackers. It needs to be a conscious effort to make investments ethically plus keep that personal information safe. If this is not followed, chances are a FINRA audit will follow.
Compliance is meant to help keep investment markets stable and safe. That way, people from all over can feel confident investing and keeping the United States economy moving forward. However, if there is ever cause for an audit, the best thing for a brokerage firm or dealer-broker to do is to have proof that they are doing everything legitimately and for the right reasons. What FINRA will want to look at includes:
- Whether or not the dealer-broker or the firm is properly licensed for day-to-day investment transactions. They will also want to see that personnel are being trained, educated, and are registered so that the best financial practices are being followed.
- What the day to day operations look like. FINRA agents will want to be able to observe the activities that happen on a daily basis, and monitor the transactions that are going on. This helps decrease the potential risks to people’s investments.
- FINRA will want to make sure that any advertising the firm makes does not make unethical or untrue claims about returns. The information must be accurate, ethical, and properly explained.
- All practices are being done ethically. If there are any odd transactions, then FINRA will want to look into any evidence that something unsavory is happening. This includes theft, money laundering, and even insider trading. FINRA wants to make sure that all transactions are upstanding and there are legitimate goals that come along with the investments made.
Should there be any non-compliance issues that come up during a FINRA audit, it is important to understand that aggressive action may be taken, depending on what the infraction is. This could include disciplinary actions, fines, suspensions, and even the barring of brokers for severe enough infractions. If there is a breach in compliance, the problem will be outlined and investigated. What happens from there depends on the outcome of the investigation.
Avoiding a FINRA Audit
If you want to avoid a FINRA audit for possible compliance issues, then there are certain things you can do to help. They include:
- Making sure you have supervisory control over all transactions with effective and transparent policies to keep all information accurate. This also makes sure there are no false claims or improper representations of what type of returns to expect.
- Know that audits are coming and prepare for them. By having proof that everything is on the up-and-up, this allows for FINRA to come in and see what is going on without as much stress or worry. Being compliant before any type of examination is key in helping it go right.
- Know what procedures and policies you must follow before starting out, and making sure to follow them. This may seem like common sense and to many it is. However, it cannot be understated to make sure you do things properly from the start and keep them that way.
- Make sure you have proof of everyone’s qualifications. It is vital that only the right staff handle the information. If you want to stay in good graces, make sure to follow this rule and keep track of the qualifications of the staff you have in charge of transactions.
When You Need a Los Angeles MSSP to Help You with a FINRA Audit, Contact Be Structured
Protecting yourself before a FINRA audit hits are vital in coming out the other side unscathed. Make sure you have a Los Angeles security consulting firm help you get ready and stay compliant if you want to help people with their investments. Know that you can keep your company safe by turning to the right professionals from the beginning. Be Structured is here to help. Contact us today, and let us help you be ready for the day when a FINRA audit comes your way.