By Suzanne Cosgrove
In a letter commenting on a proposed FINRA pilot program that could make remote supervision of firms a bona fide alternative, the North American Securities Administrators Association (NASAA) has urged FINRA to take a more prescriptive approach toward risk assessments, written supervisory procedures and firms’ supervisory capabilities.
FINRA’s proposed plan amends its Rule 3110 (Supervision) to adopt a voluntary, three-year remote inspections pilot program that would allow member firms to elect to fulfill their by conducting inspections of branch offices and locations remotely without an on-site visit to such office or location, subject to specified terms.
The proposed program would not change current regulatory requirements under Rule 3110, but it would provide firms with greater flexibility on how they could satisfy their inspection obligations.
Is change needed? FINRA’s pilot proposal, dated April 28, 2023, significantly changes how firms carry out fundamental supervisory responsibilities, “but it does not establish a sufficient record to demonstrate the need for or the acceptability of such a change,” the NASAA said in written comments. “In particular, the pilot proposal lacks meaningful data despite most firms operating remotely (including supervision) for more than three years” during COVID.
The data from the program shared so far represents information from only about 18 firms, the NASAA said. Sixteen are large firms with corresponding resources, have conducted a similar number of inspections in the remote environment and reported similar numbers of findings. However, according to the NASAA’s comment letter, these firms’ conclusions do not appear to have considered the relative quality of the inspections or whether the nature of findings changed from prior on-site inspections.
In addition, FINRA’s proposal makes general references to advancements in technology, but it provides little information about how, and to what extent, these technologies are being used by firms, whether firms are using them effectively, or why these technologies can replace the advantages of in-person inspections designed to detect and prevent customer harm, the NASAA said.
Because there is no guarantee that associated persons will use firm systems that purportedly enable remote surveillance, and because many of the same technologies touted as supporting the proposal can also serve as vehicles to operate outside of firm systems, FINRA’s pilot proposal could result in firms failing to detect investor harm, the NASAA said.
The path forward. In the NASAA’s view, FINRA can avoid detection failures by withholding approval until firms have demonstrated that conducting remote inspections will not materially impair investor protection and compliance with the securities laws. “The safest way to do so is to require FINRA to conduct a fulsome examination sweep, produce a public report of its findings, and offer a proposal consistent with the evidence gathered,” the NASAA said.
If an examination sweep is not an option, additional safeguards should be implemented before the pilot program is approved, the group added. Those protections include requiring a firm to conduct and document a risk assessment after identifying any “red flags,” and reporting it to FINRA, even if it has already completed a previous risk assessment for that office or location.
“Requiring firms to document these decisions and provide the information to FINRA would help to maintain accountability by requiring firms to articulate a sound basis for these decisions based on analyses of the risks,” the NASAA said.
Further, firms should be required to report, “with specificity,” the technologies used by the firm and provide evidence that the firm and its supervisory personnel have sufficient access to and proficiency with those technologies.
The fundamental purpose of any pilot program is to gather information to determine an appropriate course of action, the NASAA said. If the pilot program is approved, it should maximize the opportunity to collect data that will inform policy discussions regarding investor protection.
“As such, we maintain that Proposed Rule 3110.18 should be clearer and more specific about what information firms need to collect and provide,” the group added. “Such specificity is necessary to ensure that FINRA can supervise the pilot program appropriately, as well as to enable the SEC to conduct its own examinations of firms and oversee FINRA itself,” the NASAA said.