Good news for compliance officers joyously eager to participate in your firm’s FINRA reviews this year: FINRA has just published its examination priorities for 2016, and you will be involved up to your eyeballs.
FINRA grouped its exam priorities into the categories of culture and ethics; risk management and controls; and liquidity. None of those is any great surprise. Throughout the financial sector we continue to see regulators worried about whether weak ethics and hard-driving culture subvert good governance, and whether your trading strategies are so complicated that your risk controls can’t tame them. (See whale, London, going belly up at JP Morgan.) Those failures, in turn, might threaten your firm’s liquidity, and then we all panic about systemic risk causing another crisis.
The question for compliance officers is how to handle those examination goals. Let’s not delude ourselves; much of the actual work involving in these reviews will be operational, and many of FINRA’s secondary priorities are decidedly nuts-and-bolts: cybersecurity, high-risk microcap securities, private placements, 529 college savings plans. You and your staff could easily fall into the trap of responding to FINRA’s specific requests (especially if you are at a smaller firm), without ever stepping back to consider how your firm might achieve FINRA’s broader goals around culture, risk management, and liquidity more strategically. So let’s talk about that.
FINRA’s guidance calls out the importance of firm culture loudly: “FINRA does not seek to dictate firm culture, but rather to understand how it affects compliance and risk management practices at firms.” That’s fair, because you probably spend plenty of time wondering how firm culture helps or hinders your job as a compliance officer, too. To find an answer, compliance officers need to ask themselves several questions.
Some of those questions are practical. Foremost, do you have enough authority at your firm to be taken seriously? Companies everywhere, including those far removed from the financial sector, struggle with that mightily. For example, FINRA will want to know whether the firm investigates errant practices or behavior in branch offices. Does your compliance team have the resources and permission to do that? Can you implement new policies to fix any problems? Will the CEO and CFO support you on that?
You also need to ask some questions that are more philosophical: Where does your firm’s culture come from, anyway? (I’ve seen culture driven by nasty office receptionists as much as by blowhard senior managers.) And do you personally want to take a strong role in driving ethical culture? That doesn’t mean you will expose yourself to more personal liability for a compliance failure—but you do have to drink the Kool-Aid. You do need to believe that strong ethics matter.
Take conflicts of interest as an example, and specifically information sharing or leakage (since FINRA uses that very example in its guidance). Employees don’t share information when they take ethics seriously, and firms don’t accidentally leak when they take controls seriously. The key is “taking seriously.” That’s driven by culture.
Now all you have to do is think about everything the firm does through that lens. Easy, right? Right?