On October 2, 2017, the SRO and States Subcommittee of the ABA Securities Litigation Committee hosted two senior FINRA lawyers who oversee exams and two senior in-house counsel who manage regulatory exams to discuss best practices in this critical area. The program featured Scott Gilbert and Manuel Rosario from FINRA, Suzanne Elovic from UBS Americas, and Matthew Applebaum from LPL Financial. Together, the panel discussed best practices for addressing various issues that often arise during FINRA exams, including the sufficiency of notice, handling document requests, computer system errors, preservation of privilege and remediation.
The regulators and corporate counsel discussed why FINRA examiners provide notice to firms about the scope of exams and their expectations. Mr. Gilbert explained that FINRA examiners attempt to be transparent and aim to provide as much notice targeted to the scope of their examination to tailor the exam and allow the target firm to pull responsive documents. However, there are instances when FINRA examiners do not give a target firm notice about the exam or its scope. When FINRA becomes aware of potentially egregious conduct, it may commence an exam soon after learning of the allegations. These instances of no notice or limited notice typically occur in branch exams. Mr. Gilbert reminded the audience that “no notice” exams are exceptions to FINRA’s general practice and occur to protect the public’s interest. Mr. Applebaum reminded the audience to have open and robust communication with examiners. He recommended that target firms learn what FINRA examiners’ concerns are and discover what is needed. Second, Ms. Elovic emphasized the importance for target firms to be transparent with regulators. In her opinion, nothing good will come from hiding egregious conduct. Based on Ms. Elovic’s experience, transparency should be the first rule for all firms.
A discussion on best practices when remediating FINRA examiner findings followed the targeted notice discussion. The panel noted that member firms may not be able to resolve examiners’ concerns immediately. In those instances, Mr. Applebaum recommended that firms address “low hanging fruit” first, such as issuing a compliance alert or creating a task force, to address the issue. Taking some action, in his opinion, is evidence that the member firm takes FINRA’s concerns seriously and is better than doing nothing. Mr. Rosario cautioned that if firms implement “workarounds” to address an issue, those firms should test their workarounds periodically to ensure that they are remediating the issue. In his experience, FINRA examiners want to see what firms are doing to achieve complete resolution of outstanding concerns, not just temporary solutions. Ms. Elovic recommended that corporate counsel continue to communicate with regulators after exams conclude about issues raised during the exam until all outstanding matters are resolved.
Additionally, the panel addressed best responses to examiners’ requests for firm data and emails. Data and email requests can be voluminous and burdensome. The requester is not always aware of the extent of the request, or the amount of material that has to be reviewed before production. Before turning over documents, firms need to review the material for privileged, confidential, and proprietary information. The best practice firms can pursue when faced with the need to review large amounts of data in a short amount of time is to describe the burden of FINRA’s request to the FINRA examiner and negotiate the scope of the request. For example, firms might be able to limit the scope of FINRA’s request with the use of key-word searches if firms explain the projected time and costs associated with producing documents related to the request without the use of key-word searches. In addition, firms may be able to limit the search to a shorter time frame.
The panel also discussed best practices after computer system errors occur and emphasized the importance of detecting issues early and working to ensure that they are properly resolved. When a system error or “glitch” occurs, FINRA may examine the error and assess its impact on reporting and the public. The best practice tip in this instance is that firms should install detection and prevention systems. Such systems can enable firms to know when issues are one-off or systemic. While one-off issues may be traced to a specific or isolated factor, systemic issues are larger in scope and derive from problems inherent in the entire system.
In connection with the discussion regarding data and email production, the panel shared thoughts on invoking privilege after a FINRA request. While firms have the right to object to the production of privileged information, is it always a best practice to invoke this privilege? Ms. Elovic recommended that firms avoid invoking the privilege objection. Instead, firms should try to find a way to share the information with FINRA in order to be transparent. Mr. Applebaum shared Ms. Elovic’s view and stated that his firm makes every effort to comply to fairly simple requests. Mr. Gilbert emphasized that FINRA is looking for cooperation and best efforts. A knee-jerk exercise of privilege may raise a red flag without cause.
In sum, the panel provided solid practical advice on what attorneys should do when responding to FINRA exams. Counsel should communicate and be transparent with FINRA to understand what FINRA is seeking, ensure matters are properly remediated, negotiate favorable terms and avoid suspicious behavior. Equally important, counsel should have their firms maintain robust detection and prevention systems that identify systemic issues.