As the regulatory landscape is constantly evolving, Compliance Risk Concepts (“CRC”) is issuing its monthly review and summary of FINRA, SEC, and NFA notices and bulletins to assist our clients in keeping abreast of notable regulatory developments and deadlines in an effort to strengthen their compliance and regulatory initiatives.
Per Notice 21-19, FINRA is requesting comment on potential enhancements to its short sale reporting program. FINRA is considering whether amendments to its short interest reporting and dissemination program would be appropriate to improve the regulatory and public utility of the information. FINRA also is considering whether any changes to other aspects of its short sale regulatory program would be beneficial. FINRA is considering: (1) modifications to its short interest reporting requirements (Rule 4560); (2) a new rule to require that participants of a registered clearing agency report to FINRA information on allocations to correspondent firms of fail-to-deliver positions; and (3) other potential enhancements related to short sale activity. FINRA believes that these potential changes could improve the usefulness of short sale-related information to FINRA, other regulators, investors and other market participants. FINRA encourages all interested parties to comment on this request for comment. Comments must be received by August 4, 2021.
Per Notice 21-20, FINRA warns member firms of an ongoing phishing campaign that involves fraudulent emails (see sample in Appendix) purporting to be from FINRA and using the domain name “@gateway-finra.org.” The email asks the recipient to click a link to “view request” and provide information to “complete” that request, noting that “late submission may attract penalties.” FINRA recommends that anyone who clicked on any link or image in the email immediately notify the appropriate individuals in their firm of the incident. The domain of “gateway-finra.org” is not connected to FINRA and firms should delete all emails originating from this domain name. FINRA reminds firms to verify the legitimacy of any suspicious email prior to responding to it, opening any attachments or clicking on any embedded links. FINRA notes that it has requested that the Internet domain registrar suspend services for "gateway-finra.org." For more information, firms should review the resources provided on FINRA’s Cybersecurity Topic Page, including the Phishing section of our Report on Cybersecurity Practices - 2018.
Per Notice 21-21, effective September 1, 2021, FINRA is amending its rulebook to eliminate the Order Audit Trail System (OATS) rules in the FINRA Rule 7400 Series and FINRA Rule 4554 (Alternative Trading Systems — Recording and Reporting Requirements of Order and Execution Information for NMS Stocks) (collectively referred to as the “OATS Rules”). FINRA has determined that the accuracy and reliability of the Consolidated Audit Trail (CAT) meet the standards approved by the SEC and has determined to retire OATS as of September 1, 2021. As of September 1, 2021, the updated rule text will be available in the FINRA Manual.
Per Notice 21-22, FINRA warns member firms of an ongoing phishing campaign that involves fraudulent emails (see sample in Appendix) purporting to be from “FINRA SUPPORT” with the email address “email@example.com”. The email asks the recipient to pay attention “to the report attached below that requires your immediate response” and states that “[t]he attachment contains our updated Public Policy information.” The emails may not include an attachment.
FINRA recommends that anyone who clicked on any link or image in the email immediately notify the appropriate individuals in their firm of the incident. The domain of “westour.org” is not connected to FINRA and firms should delete all emails originating from this domain name. FINRA reminds firms to verify the legitimacy of any suspicious email prior to responding to it, opening any attachments or clicking on any embedded links. FINRA has requested that the Internet domain registrar suspend services for "westour.org".
Per Notice 21-23, FINRA reminds member firms of longstanding Securities and Exchange Commission (SEC) and FINRA rules and guidance concerning best execution and payment for order flow, which the SEC has defined very broadly to refer to a wide range of practices including monetary payments and discounts, rebates, or other fee reductions or credits. Under these rules and guidance, member firms may not let payment for order flow interfere with their duty of best execution.
Per the Notice dated 6/30/21, FINRA requests comment of effective methods of educating new investors. FINRA seeks comments that will help inform and guide the investor education initiatives FINRA and the FINRA Investor Education Foundation (the FINRA Foundation) undertake. They seek input from firms, investors, investor advocates, academics and other stakeholders who are knowledgeable about investor behavior regarding the most effective methods for educating newer investors. This Notice is not focused on existing regulatory requirements applicable to member firms and their interactions with investors. FINRA encourages all interested parties to comment on the Special Notice. The comment period ends August 30, 2021.
Questions concerning this Special Notice should be directed to:
Per Release No. 33-10948, the SEC is adopting amendments to Volumes I and II of the Electronic Data Gathering, Analysis, and Retrieval system (“EDGAR”) Filer Manual (“EDGAR Filer Manual” or “Filer Manual”) and related rules. The EDGAR system was upgraded on June 18, 2021. The rule is upon publication to the federal register.
There were no proposed rules in June.
There were no interim final rules in June.
There were no interpretive releases in June.
Per Notice I-21-17: NFA has learned of an ongoing phishing campaign that involves fraudulent emails purporting to be from NFA staff, including Kathleen Clapper and Joe Hawrysz (see Sample Phishing Email below). Other staff member names may be used as well. These emails have a source domain name "@nfa-futures.com" and may include an attachment.
The domain of "@nfa-futures.com" is not connected to NFA. Firms should not open any attachments from this domain and should delete all emails originating from this domain.
NFA reminds all Members to be vigilant when it comes to email requests. All legitimate emails from NFA will come from an address ending in @nfa.futures.org, firstname.lastname@example.org or @nfa-swaps-proficiency-requirements.moonami.com in the case of NFA's Swaps Proficiency Requirements. Always be sure to scrutinize the sender's address.
In general, Members should not trust unsolicited emails, especially emails that ask for personal or financial information. With any email, Members should verify the sender prior to responding and ensure the validity of links or attachments prior to clicking on them.
If you have any questions on this Notice, please contact NFA's Information Center (312-781-1410 or 800-621-3570 or email@example.com).
Sample Phishing Email
Subject: [FIRM NAME] - NFA
Dear [INDIVIDUAL NAME],
I hope you're doing well. Following regulatory requirements, the National Futures Association (NFA) has released new information to its members.
Please see the letter above and update your files using the information in section 1 & 2A.
Let me know if you have any questions.
Managing Director, Compliance
National Futures Association
One New York Plaza, #4300
New York, NY 10004
Cell: [(XXX) XXX-XXXX]
Per Notice I-21-18: Given the recent volatility in the virtual currency market, NFA reminds Members engaging in virtual currency activities that they must fulfill certain ongoing disclosure and reporting requirements.
NFA requires futures commission merchants (FCM), introducing brokers (IB), commodity pool operators (CPO) and commodity trading advisors (CTA) that engage in activities related to virtual currencies or virtual currency derivatives to comply with the customer disclosure requirements established in NFA's Interpretive Notice entitled Disclosure Requirements for NFA Members Engaging in Virtual Currency Activities.
NFA requires FCMs and IBs that solicit or accept orders in virtual currency derivatives and CPOs and CTAs that execute transactions involving virtual currencies or virtual currency derivatives to immediately notify NFA by amending the Annual Questionnaire.
Per Notice I-21-20: Reminder: Effective date for NFA rules establishing CPO notice filing requirements
In April 2021, NFA issued Notice to Members I-21-15 announcing the adoption of Compliance Rule 2-50 and a related Interpretive Notice entitled Compliance Rule 2-50: CPO Notice Filing Requirements, which require commodity pool operator (CPO) Members to file notice with NFA when a market or other event affects a commodity pool's ability to fulfill its participant obligations. Compliance Rule 2-50 specifies four events that require NFA notification. The related Interpretive Notice further defines each of the notification events and provides guidance on events that do not trigger the requirement.
This rule and Interpretive Notice became effective on June 30, 2021.
To file notice with NFA, CPOs will use EasyFile Extensions and Notice Filings, which is currently utilized to file notices for pool extension requests and fiscal year-end changes. When filing notice pursuant to Compliance Rule 2-50, firms must upload a summary of the event, as well as specify all relevant subsection(s) of Compliance Rule 2-50 and the impacted pool(s). NFA covered the CPO notice filing requirements at its recent virtual Member Regulatory Workshop. Further, step-by-step instructions for filing any type of notice are available in NFA's EasyFile Extension and Notice Filing Help guide.
Per the release on June 29th, NFA has ordered Chicago, Ill. swap dealer (SD) The Northern Trust Company (Northern Trust) to pay a $999,000 fine.
The Decision, issued by NFA's Business Conduct Committee (BCC), is based on a Complaint issued by the BCC and a settlement offer submitted by Northern Trust, in which it neither admitted nor denied the allegations. The Complaint alleged that Northern Trust failed to establish adequate written procedures reasonably designed to ensure the firm executed written swap trading relationship documentation with counterparties prior to or contemporaneously with entering into a swap transaction. The Complaint also alleged that Northern Trust failed to provide swap counterparties with certain material disclosures prior to entering into a swap transaction and failed to provide required pre-trade mid-market marks and daily marks to some counterparties. The Complaint also alleged that Northern Trust failed to sufficiently implement procedures designed to ensure compliance with CFTC business conduct standards and failed to establish and implement procedures reasonably designed for the handling, management response, remediation, retesting and resolution of non-compliance issues. Finally, the Complaint alleged that Northern Trust failed to establish and implement an adequate system to diligently supervise its SD activities.
In its Decision, the BCC found that Northern Trust committed the alleged rule violations and considered Northern Trust's recent remediation efforts in accepting the settlement offer.
Cybercrime is constantly developing. With attacks becoming more prevalent and sophisticated. Now is the time to perform a cybersecurity check for your firm to ensure not only compliance with industry standards, but confirm the firm’s ability to prevent, detect, and respond to evolving cyber threats. Prevention begins with training; make certain that in addition to proper security measures, applicable personnel has been rigorously trained with respect to information and technology security measures.
Regulators continue to demonstrate their commitment to protecting investors by aggressively pursuing bad actors and reviewing and updating regulations to guard investors against constantly evolving threats.
The best approach to regulatory compliance is a proactive one. Staying ahead of the curve by taking note of statements and guidance released by regulators and using them as a barometer to assess the current regulatory climate can help ensure that a firm is prepared for a regulatory exam. Rather than scrambling to rectify issues or meet deadlines, a thorough, active compliance program that considers and incorporates regulatory developments is in a better position to satisfy regulators and preserve operations so they can best serve their clients.
p. (646) 346-2468
p. (917) 568-6470