Investment Firms Failing To Meet FINRA Enterprise Risk Management Requirements
Steven Minsky | Dec. 9, 2014
In the last year alone, FINRA has disciplined more than 1,000 companies and individual investment advisors with over $34 million in penalties over failure to meet enterprise risk management requirements.
FINRA, the Financial Industry Regulatory Authority, is dedicated to investor protection and market integrity through effective and efficient regulation of the securities industry. A key focus has been due diligence on third parties, which covers warehouses, banks and RIAs.
Specifically, FINRA has called out product and vendor due diligence as a high priority for examinations on Investment Advisor and Broker-Dealer Firms. Due diligence of this magnitude, covering hundreds or even thousands of alternative investment products, spans multiple products that are issued by numerous investment firms. This makes the process costly and complex, as it requires both financial and human resources to manage and engage third parties.
The SEC and FINRA have moved away from describing the treatment of individual products, and have transitioned to an enterprise-wide, risk-based approach. Meanwhile, organizations are struggling with manual processes, timeliness of outreach and response from third parties, and concerns of their ability to provide evidence of due diligence during their exams.
Over the course of 2014, FINRA has already made a significant statement on the rigor of their examination process, and their commitment to regulatory action for those firms that are not meeting their enterprise risk management mandate:
- Over $26 million in company fines, over $8 million in individual fines
- Over 1,000 disciplinary actions on individuals with 646 employees sanctioned by disbarment or suspension
- 96 complaints filed with 8 firm suspensions and expulsions
An effective and robust enterprise risk management and governance framework allows companies to meet all FINRA compliance requirements. Had these firms put such a program in place, they would have avoided or completely eliminated any penalties and employee or company sanctions.
Under Federal Sentencing guidelines, having a demonstrable integrated risk management software plan with infrastructure for improvement can greatly reduce or even exempt companies from compliance and enforcement actions including monetary penalties.