Compliance Culture – A FINRA Priority

March 2016

On January 5, FINRA released its 2016 Regulatory and Examination Priorities Letter (Priority Letter).  The first page highlights a priority, Culture, which is not based on any rule and reminds the reader that “Firm culture has a profound influence on how a firm conducts its business and manages its conflicts of interest.”  Undoubtedly, this is true.  Also on page one, the Priority Letter provides:

While firms may have their own definition of “firm culture,” we use it here to refer to the set of explicit and implicit norms, practices, and expected behaviors that influence how firm executives, supervisors and employees make and implement decisions in the course of conducting a firm’s business.

Initially, as I read (and re-read) the above, I was alarmed that FINRA was delving into the social psychology of an organization (“implicit norms,” “expected behaviors” and how people make decisions), a field that is the subject of numerous books and the focus of an entire organizational behavior profession made up of people with doctorate and master’s degrees.

Specifically, I wondered how FINRA could possibly prepare their field examiners to take on this task.

The Priority Letter makes clear that FINRA seeks to understand how a firm’s culture “affects compliance and risk management practices at firms” and that understanding “will inform

[FINRA’s] evaluation of individual firms and the regulatory resources [FINRA] devote[s] to them.”  In other words, if I read this correctly, FINRA is saying that a lax compliance and risk management culture, as demonstrated by behavior, can influence the scope and extent of a FINRA exam.

The Priority Letter explains that FINRA will assess five “indicators” of a firm’s culture to determine whether:

  1. Control functions are valued within the organization
  2. Policy or control breaches are tolerated
  3. The organization proactively seeks to identify risk and compliance events
  4. Supervisors are effective role models of firm culture
  5. Sub-cultures (g., at a branch office, a trading desk or an investment banking department) that may not conform to overall corporate culture are identified and addressed

It goes on to provide that firms should take “visible actions that help mitigate conflicts of interest, and promote the fair and ethical treatment of customers” and offers, by way of an example that “material breaches of firm policies and procedures should not be tolerated, and compliance functions should be equipped with necessary resources to help firms navigate a complex and changing regulatory and market environment.”

This is quite a bit to digest.  Many I have spoken with in the compliance community and in supervisory roles are scratching their heads and are concerned that FINRA field examiners will spend countless hours trying to understand and assess the five indicators above.  Significant concern is expressed with regard to indicators 1 (Control Functions), 4 (Supervisors) and 5 (Sub-cultures) and how FINRA will assess whether control functions are valued or if a supervisor is an effective role model of the firm’s culture.  These appear to be highly subjective “indicators.”  How will an examiner go about gaining an understanding of a firm’s overall culture and sub-cultures?  Two professionals I spoke with reminded me that completing such a task could require countless interviews with members of senior management (for starters).

Some have suggested that the process described in the Priority Letter is simply FINRA creating an overarching exam approach that allows them to focus on whatever they deem appropriate.  I don’t agree with this perspective and suggest that the intent is more likely to weed out bad actors (firms and/or individuals) and provide a mechanism for FINRA to make an assessment and, where warranted, devote the necessary resources.  This premise is supported by the following statement: “Firm culture has a profound influence on how a firm conducts its business and manages its conflicts of interest.”

Undoubtedly, firm culture influences every aspect of a business. A culture that promotes transparency, broad communication, respect and integrity will promote and embody certain behavior while a culture of “win at all costs,” combined with a disregard for integrity and policies and procedures will set a tone for bad behavior, violation of rules, regulations and laws.

One can understand that indicators regarding whether policy or control breaches are tolerated (Indicator 2) and whether the organization proactively seeks to identify risk and compliance events (Indicator 3), make sense and can be relatively easily assessed.  In fact, this ties back to what many market participants experience – an examination process that looks beyond policies and procedures to if and how a firm documents its compliance and a demonstration of how risk and compliance are identified.

Recent rule additions, amendments and examinations highlight the importance of documentation.  The need has never been greater.  The Best Execution Rule for Munis, effective this March, requires documentation of enhanced diligence; the MA Rule, effective this summer, requires documentation of numerous items; Time-of-Trade Disclosure suggests documentation of communication of material information and associated risks (a recent Morgan Stanley arbitration decision and SEC and FINRA focus on minimum denomination support this as well as the MSRB’s Notice 2010-37). One can also surmise that the MCDC initiative and the required Independent Consultant reports will emphasize the importance of documenting one’s diligence to support compliance with policies and procedures.

Despite the validity of some elements of a cultural assessment, I do worry about the attempt to assess the more subjective aspects of a firm’s culture.  Professionals spend years in school studying organizational behavior and devote their careers to the same.  To suggest that a field examiner, well versed in rules and regulations, can adequately assess if a culture is valued, if one is a good role model or if sub-cultures exists is impractical, at best.

We are often asked for our perspective around certain rules given we routinely work with market participants to address their compliance and business needs and periodically speak with industry regulators in an attempt to best understand rules and regulations.  In this regard, we leave you with some basic thoughts:

  • Ensure you understand the rules and regulations. If you don’t, ask for guidance.
  • Document your work – not just your policies and procedures but be able to demonstrate how you comply with the rules and your policies and procedures. As several clients have said, “it is no longer acceptable to check the box, you need to show you have complied.”
  • When an issue is identified, address it, irrespective of the actor. That doesn’t mean fire the person, but it does mean having a consistent approach when addressing breaches of firm policy and demonstrating that no person, no matter how much they produce, is above the rules.

Understanding your culture is a priority for FINRA.  While some doubt if and how FINRA can do this, there are steps your firm can take to demonstrate adherence to rules and regulations that have an  impact on the objective “indicators” of FINRA’s cultural assessment.  As for those subjective “indicators,” perhaps hard facts associated with the objective “indicators” and documentation will support a positive review of your firm’s culture.


Have a great week,

Gregg Bienstock, Esq.

CEO & Co-Founder