3 Valuable Takeaways From FINRA's 2024 Regulatory Oversight Report
The 2024 FINRA Report puts emphasis on financial crime, with manipulative trading and fraudulent ACATS transfers emerging as new threats.
Every year, broker-dealers and other industry professionals await certain key publications from regulators and self-regulatory organizations (SROs). Key among those is a publication by the Financial Industry Regulatory Authority (FINRA) known as the FINRA Annual Regulatory Oversight Report. FINRA now also accompanies the Report release with a podcast episode produced by FINRA Unscripted. Firms are well-advised to leverage these resources and keep a critical eye on their current compliance programs.
What is the FINRA Annual Regulatory Oversight Report?
FINRA is careful to clarify that this Report is not a summary of FINRA’s priorities for the coming year, but rather a 12-18 month lookback, intended to guide internal reviews of compliance programs and consider how to assess and where to strengthen compliance controls.
“The Regulatory Oversight Report is meant to be more of a mirror, reflecting what the regulatory operations staff have seen over the past 12-18 months, which we can then package up for firms to help them address a broader set of topics within their compliance program.”
Claire O'Sullivan, vice president and regulatory advisor of Stakeholder Engagement
That being said, compliance professionals may reasonably identify certain themes and the prioritization of topics as noteworthy. Such publications can help drive management attention to areas that may need initiative funding or resource commitments.
Top 3 financial crime takeaways for 2024
Location, location, location
Financial crime is at the top of a long list of important topics covered by FINRA and it's the second year in a row that substantial focus has been dedicated to this. Despite the decrease in the last two years in the number of public anti-money laundering (AML) enforcement actions, which was the #1 enforcement theme for FINRA from 2016-2021, the current prioritization of this theme suggests FINRA is keeping financial crime at the forefront of topics for firm consideration, examination, and potential enforcement.
Its placement as a top FINRA theme suggests that firms must remain committed to investing in all aspects of financial crime transaction monitoring programs, remaining mindful of obligations to report potentially suspicious activity that is conducted (or attempted) at, by, or through a broker, dealer, intermediary, or custodian (i.e., FINRA 3310, SEC 17a-8).
Detecting and reporting suspicious activity is central to an effective program, and cannot be delegated to other participants in the transaction (e.g., introducing firms or clearing firms). Firms need to be asking what they need to do differently to respond to this heightened risk of AML enforcement. With the introduction and maturation of advanced technologies, it is no longer acceptable to have 99.9% false positive rates. Innovative firms have adopted newer technologies and proven that new approaches can deliver radically better results.Manipulative trading
In addition to the traditional financial crime themes of AML, fraud, sanctions, and cybersecurity, the Report also includes manipulative trading as a key topic. Many FINRA cases involving insider trading, fraudulent securities offerings, and elder abuse have been enforced using the AML rules. Firms have been fined for failing to identify and report activity that FINRA determined they “should have identified and reported as suspicious,” even in the absence of reasonable knowledge of a broader manipulative or fraudulent trading scheme. FINRA relies heavily on firms identifying and reporting red flags in activity or relationship patterns, which help them identify broader schemes and bad actors.
As a result, the past decade has seen a noted shift of manipulative trading violations enforced as predicate offenses under AML rules. These acts are financial crimes—executing fraudulent trading activity to generate illicit proceeds, create the appearance of value, or transfer the value of an illicit activity to other players. Manipulative trading schemes, like AML offenses, are often executed by networks of bad actors connected indirectly, and through a series of problematic transactions, rather than a single instance.
It's important to enable your organization with the right tools–for example, graph analytics–to find illicit activities, such as manipulative schemes and insider trading, and bad actors consistently. Firms are now being challenged by FINRA and other regulators to consider AML and manipulative trading as synergistic topics for transaction monitoring. Financial institutions can greatly benefit from entity resolution that combines vast amounts of internal and external data, applies advanced network-based scoring techniques, and provides visualization of trading behaviors and relationships.New account fraud via ACATS transfers
As part of FINRA’s commitment to individual investor protection and protection of the integrity of the capital markets, the organization periodically issues a Notice to Members (NTM) communications of emerging risks, reminders of firm obligations, or areas where FINRA has observed an increase in suspicious or fraudulent activity. Upon the release of NTMs, FINRA expects registered firms to pay close attention to the highlighted risks and take measures to address any control deficiencies, “where new threats to the industry apply to the firm." This includes a consideration of whether current AML or fraud transaction monitoring programs are adequate to identify and report the risk.
This year’s report calls out an area of emerging risk, where FINRA has also issued five different NTMs since 2020 (see FINRA Notices 23-06, 22-21, 21-18, 21-14, and 20-32) and published a podcast on new account fraud (NAF) via the Automated Customer Account Transfer Service (ACATS). FINRA highlights the dual concern that this area of attention not only relates to using stolen or synthetic information (e.g., a cybersecurity threat) but also as a concern area for AML Transaction Monitoring programs to detect and report such potentially suspicious activity.
Specific to AML, detection mechanisms are expected to identify suspicious activity related to new accounts executing potentially fraudulent account position transfers from another financial institution (FI) into their FI through the ACATS system operated by the National Securities Clearing Corporation. FINRA guidance states that firms should “evaluate their monitoring of ongoing customer account activity for NAF and other known fraud schemes".
What to do to address these top risks
Serious AML risks are out there—risks that are intentionally obfuscated within high volumes of transactions, among numerous market participants, and buried in legitimate activity. This makes them incredibly hard to find without the right tools. For many years, capital markets firms had few alternatives and largely deployed rules-based detection systems. These produced high rates of false positives and yielded few substantive findings. Now, new alternatives are available and have been proven in the market.
Modernize your compliance program using Quantexa's Decision Intelligence Platform
Quantexa delivers a transparent, open-source solution that uses the latest technology, moving firms beyond the restrictive rules-based paradigm to an understanding of customers and their networks through context—the heart of understanding AML risk in complex capital markets. Through industry-leading entity resolution and advanced network-based analytics, firms using Quantexa now find risks they simply could not see before by using context. By building a trusted data foundation, firms can transform data into visual networks that show reliable connections across customer behaviors and relationships.
To identify risk more efficiently and effectively, firms are adopting Quantexa to:
Create a single view of the customer: Connect internal and external data efficiently and transparently to create a customer-centric view of your customers’ relationships and activity. A truly holistic view of the client not only combines "known" data from your internal systems but also incorporates potentially "unknown" information from external data sources and deterministically connects it to your customer for a broader view.
Build understandable customer networks: A view of customer risk based solely on customer due diligence attributes is insufficient to identify true customer risk. Firms need to understand customer relationships—both direct and indirect—to get a better understanding of a client’s relationships and where unusual or higher-risk connections to known bad actors exist. Customers who are connected to or routinely interact with bad actors need to be readily identifiable to demonstrate a true understanding of customer risk.
Apply advanced analytics across multiple levels of risk: Rules-based systems aren't able to detect risk effectively in capital markets, as looking at risk at a transaction or account level won’t find patterns of suspicious activity. Running rules doesn’t find risk; it only finds a single potential indicator of risk (e.g., settlement to high-risk jurisdiction). Without additional information to create context, an investigator has little indication of whether something should be a concern, or even where to start looking.
Regulators have published pages of AML “red flags,” and no single risk indicator—other than sanctions risk—is typically enough to push any risk concern to an effective case. That is why advanced graph analytics are needed to look for those red flags across the integrated network and use those risk indicators in the detection process. This delivers better cases to your investigators and better detection results.
Firms need a multi-dimensional view of risk and the capability to look for risk indicators related to the customer, direct and hidden relationships, transaction patterns (at scale), issuers, intermediaries, counterparties, transactions currencies, settlement parties, jurisdictions, etc. … all as part of your detection methodology. Quantexa aggregates multiple risk factors associated with common typologies to give investigators a robust set of risk indicators—and a fully defined visual network—to explore risks that, without the context, could be otherwise dismissed as a false positive.Mitigating factors. Finding risk is critical, but knowing when not to alert, either due to lack of identified risk or due to mitigating factors that help offset or explain the risk through context. Using expert knowledge and prior case results, teams can automate such logic and stop producing the same old false positives that clog investigation queues, create backlogs, and drive inefficiencies.
To learn more about how Quantexa can help advance your compliance programs with the power of decision intelligence, click here.