By Stephen Murphy, VP BD Services
In Sergio Leone’s classic spaghetti western, “The Good, the Bad, and the Ugly,” one is left guessing exactly which character deserves each moniker and which character(s) we may, perhaps unfortunately, resemble. Sergio Leone spells it out for us in the final scene. It appears FINRA might take a little longer to make a similar determination.
Following on FINRA’s announcements to use risk based metrics to determine its exam schedule, their efforts to make most efficient use of examining staff now includes inquiries about a firm’s “culture of compliance.” The 2016 Examination Priorities Letter in January was a harbinger of the Targeted Exam Letter that came out in February. The opening salvo in the Targeted Letter is lifted straight out of the Priorities letter. This is no passing fad.
FINRA did not issue a checklist in this letter but rather essay prompts to drive the spirit and context of where they are headed, such as:
- A summary of the key policies and processes by which the firm establishes cultural values. In the summary, include whether this is a board-level function at your broker-dealer or at the corporate parent of the firm. If it is a board-level function, describe the board’s involvement. Also, provide a description of any steps you have initiated or completed in the past 24 months to promote, strengthen or change your firm’s culture.
- A description of the processes employed by executive management, business unit leaders and control functions in establishing, communicating and implementing your firm’s cultural values. Include a description of how executive management communicates, promotes and establishes a “tone from the top” as it relates to cultural values (to the extent not covered by the previous question). Include a description of the firm’s approach to ensure that its cultural values are adopted and applied by middle management.
- A description of how your firm assesses and measures the impact of cultural values (to the extent assessments and measures exist) and whether they have made a difference at your firm in achieving desired behaviors. Provide a summary of the policy statements, procedures, mission statements or other related documents that reflect your firm’s assessments and measures.
- A summary of the processes your firm uses to identify policy breaches, including the types of reports or other documents your firm relies on, in determining whether a breach of its cultural values has occurred. Please focus your summary on those activities your firm considers to be directly related to reinforcing its culture.
- A description of how your firm addresses cultural value policy or process breaches once discovered. What efforts are used to promptly address these policy or process breaches? What is the escalation process to surface and resolve such breaches?
- A description of your firm’s policies and processes, if any, to identify and address subcultures within the firm that may depart from or undermine the cultural values articulated by your board and senior management?.
- A description of your firm’s compensation practices and how they reinforce your firm’s cultural values.
- A description of the cultural value criteria used to determine promotions, compensation or other rewards. Describe opportunities for promotion to the managing director or equivalent level available to personnel of your compliance, legal, risk and internal audit functions
While FINRA states this information is requested merely to “better understand industry practices”, it is understandable that CCOs may have given a collective shudder when the letter was released. FINRA should be applauded for taking these steps and recognizing that more rules do not necessarily make violators comply with better standards and often cause more of a burden on those that are the least susceptible to ethical lapses and client malfeasance.
The ramifications of the Targeted Letter at first blush may appear to be just another routine burden. However, it points to an interesting change of focus by FINRA. Firms are being asked to evaluate (and seemingly to justify) their policies and procedures not in the context of a particular rule but with an introspective analysis of how their culture promulgates effective compliance. Cycle exams are good at exposing sundry mistakes, omissions, and oversights and dividing groups into the compliant and the not-so-compliant. This initiative by FINRA suggests that being compliant is not enough. If you want to walk off into the sunset, being compliant is not enough, you have to be good.