February 07, 2023

2023 Report on FINRA's Examination and Risk Monitoring Program

You've Reached Your
Free Article Limit This Month
Register for free to get unlimited access to all OnPractice content.
Register Now

On Jan. 10, 2023, the Financial Regulatory Authority (FINRA) released its 2023 Report on FINRA's Examination and Risk Monitoring Program ("Report") in which it identifies the year's areas of examination focus for FINRA Member Firms ("Firms"). This is the third year for FINRA's new reporting system, which replaced the prior format for examination focus, the Risk Monitoring and Examination Program Priorities Letter. The Report builds on last year's (see GT Alert) by adding a new focus area-Financial Crimes-and adding new materials related to established areas of focus.

The Report addresses several key topics from five distinct categories: Financial Crimes, Firm Operations, Communications and Sales, Market Integrity, and Financial Management. Highlighted areas from these categories are:

  • Regulation Best Interest ("Reg BI") and Form CRS (customer relationship summary)
  • Consolidated Audit Trail (CAT)
  • Order Handling, Best Execution, and Conflicts of Interest
  • Mobile Apps
  • Cybersecurity
  • Complex Products and Options

A more thorough discussion of these highlighted topics follows below. The Report also contains an Appendix that describes how Firms can use the Report in their compliance programs.

Reg BI and Form CRS

Reg BI and Form CRS continue to be FINRA's focal points. Firms are expected to ensure: (1) recommendations adhere to Reg BI's Care Obligation; (2) conflicts of interest are identified and addressed; (3) all material facts related to conflicts of interest are disclosed to retail customers; (4) adequate written supervisory procedures are established and enforced; and (5) accurate Forms CRS are filed, delivered, and tracked. Firms should regularly consider new interpretative guidance from the SEC when reviewing and updating their compliance approaches.


Continuing from last year, FINRA will evaluate Firms that receive/originate orders in National Market System (NMS) stocks, over-the-counter (OTC) equity securities, and listed options to ensure compliance with the Securities Exchange Act of 1934 ("Exchange Act"), Rule 613, and the CAT NMS Plan FINRA Rule 6800 Series ("Consolidated Audit Trail Compliance Rule") (collectively, CAT Rules). When determining whether Firms complied with CAT Rules, FINRA checks that Firms are doing timely reportable event and correction submissions, reporting complete/accurate CAT records, and effectively supervising third-party vendors.

Order Handling, Best Execution, and Conflicts of Interest

FINRA also continues to evaluate whether Firms comply with their best execution obligations, pursuant to FINRA Rule 5310 and Rule 606 of Regulation NMS. FINRA assesses whether Firms fully and promptly execute marketable customer orders, adequately conduct "regular and rigorous reviews," and conspicuously disclose specific terms related to all profit-sharing relationships with venues used to route orders. Additionally, the Report includes findings and observations from the targeted exam started in 2020, targeted efforts noted in last year's Report, and targeted reviews of wholesale market makers and their order handling practices for customer orders received from other broker-dealers.

Mobile Apps

While FINRA pointed out in last year's Report that there are many benefits to investors regarding mobile apps, they also noted that such apps raise novel questions and potential concerns. Such concerns include the potential to encourage retail investors to engage in trading activities and strategies that may not be consistent with their investment goals or risk tolerance, as well as concerns about the apps' interface designs and functionality and their influence on investor behavior. Potential issues that FINRA has observed with some mobile apps include not adequately distinguishing between products and services of the broker-dealer and those of affiliates or other third parties (such as transactions involving crypto assets). FINRA also continues to monitor how mobile apps disclose and explain risks of higher-risk products or services.


FINRA believes cybersecurity threats continue to be one of the most significant risks many customers and Firms face. They note that the frequency, sophistication and variety of attacks continue to increase; including such attacks as customer account intrusions, ransomware attacks and cyber-enabled fraud. In August 2022, FINRA established the Cyber and Analytics Unit (CAU) to enhance their ability to deal with cyber threats as well as the growth of the crypto-asset market. FINRA's CAU utilizes teams that examine Firms' cybersecurity risk management through reviews of their control; conduct investigations of cyber-related fraud; and investigate and examine crypto-asset activity.

FINRA has also increased cybersecurity threat outreach to member Firms. These efforts include email alerts to Firms' Chief Information Security Officers (CISOs) and Chief Compliance Officers (CCOs), and notifying Firms when they have identified website(s) or social media profiles that may be attempting to impersonate that Firm, one or more of the Firm's current or previous registered representatives, or individuals purporting to be associated with the Firm. In December 2022, FINRA issued Regulatory Notice 22-29 (FINRA Alerts Firms to Increased Ransomware Risks) to provide Firms with questions they can use to evaluate their cybersecurity programs, including information about possible additional ransomware controls and relevant resources.

Complex Products and Options

FINRA will continue to review Firms' communications and disclosures to customers in relation to complex products. FINRA will also review customer account activity to assess whether Firm recommendations regarding complex products are in the best interest of the retail customer given their investment profile and the potential risks, rewards, and costs. In March 2022, FINRA issued Regulatory Notice 22-08 (FINRA Reminds Members of Their Sales Practice Obligations for Complex Products and Options and Solicits Comment on Effective Practices and Rule Enhancements) to reiterate Firms' current regulatory obligations and solicit comments on Firms' effective practices and the regulatory framework regarding complex products and options.

In November 2022, FINRA announced a targeted exam of Firms' retail communications regarding crypto assets. FINRA will be evaluating whether these communications contain false or misleading statements or claims, misrepresent the extent to which the federal securities laws or FINRA rules apply to a crypto asset product or service, or fail to balance the benefits of crypto asset products with their associated investment risks. FINRA will share its findings from these reviews at a future date.

In December 2022, FINRA provided an update on its targeted exam of Firms' practices and controls related to the opening of options accounts and related areas, including account supervision, communications and diligence. The update includes a list of questions for Firms to consider—based on FINRA's observations to date—when evaluating whether their supervisory systems are reasonably designed to address risks related to supervising the approval of options accounts (both self-directed and full-service brokerage accounts) and monitoring the trading activity in options accounts.


FINRA continues to ensure Firms perform their duties and comply with FINRA, SEC, and other rules required of them. This list of priorities, while thorough, is not exhaustive, and priorities and focus are subject to change due to current events and/or changes in the law.

Special thanks to Law Clerk/JD Leisel O. Greig˘ for her valuable contributions to this GT Alert.

˘ Not admitted to the practice of law.


ALM expressly disclaims any express or implied warranty regarding the OnPractice Content, including any implied warranty that the OnPractice Content is accurate, has been corrected or is otherwise free from errors.

More From Greenberg Traurig

The New York Court of Appeals: A Triumph of Merit Selection

By Henry M. Greenberg Greenberg Traurig May 25 , 2023

The current court is a triumph of the merit selection process that New Yorkers voted for in 1977.

Attorney Fees Awards Under the Clean Streams Law

By David Mandelbaum Greenberg Traurig May 24 , 2023

In February, the Pennsylvania Supreme Court decided that the Environmental Hearing Board could award attorney fees and litigation costs to a prevailing third-party appellant under the Clean Streams Law.

GT's The Performance Review Episode 20: All Secrets Revealed: Employee Investigations

By Philip I. Person Greenberg Traurig May 24 , 2023

In this episode, Sue Ann Van Dermyden, co-founder and senior partner at one of the nation’s top investigations firms, joins Philip Person and Ryan Bykerk to discuss the ins and outs of employee investigations.

More From Cybersecurity

UK Imposes New Russia Sanctions on 86 People and Companies, Including Metal and Diamond Industries

By Annabel Thomas Greenberg Traurig May 24 , 2023

The UK announced on May 19 a new wave of sanctions against Russia with the aim of increasing pressure on President Putin.

Labor Department Releases New Guidance on Agency Enforcement of PUMP for Nursing Mothers Act

By Patricia Anderson Pryor Jackson Lewis P.C. May 19 , 2023

The U.S. Department of Labor Wage and Hour Division (WHD) has published guidance for agency officials responsible for enforcing the “pump at work” provisions of the Fair Labor Standards Act (FLSA), including those enacted under the 2022 Providing Urgent Maternal Protections for Nursing Mothers Act (PUMP Act).

Are Syndicated Term Loans Securities Under Reves v. Ernst & Young? 2nd Circuit Solicits SEC Views

By Daria K. Boxer Greenberg Traurig May 18 , 2023

The U.S. Court of Appeals for the Second Circuit has asked the U.S. Securities and Exchange Commission (SEC) to share its views on the issue of whether syndicated term loans are securities for purposes of the Securities Act of 1933, as amended (the “Securities Act”), under the four-prong “family resemblance” test enumerated in Reves v. Ernst & Young, 494 U.S. 56 (1990).

Featured Stories