As you may be aware, the term “culture of compliance” has garnered much attention (read this) thus far this year, as Finra doubles-down on the notion that a firm must establish, communicate and implement cultural values intended to guide business conduct. And with this targeted examination letter, Finra adds more specificity to exactly what they’re looking to assess.
To start, Finra offers one definition of firm culture of compliance in this context: the set of explicit and implicit norms, practices and expected behaviors that influence how employees make and carry out decisions in the course of conducting the firm’s business. Finra goes on to say that a given firm may have its own definition of firm culture – and that definition can be used as the foundation of discussions that Finra intends to have with firms on this topic.
It’s important to note, as Finra points out, that the basis of this targeted examination is not an indication that Finra has concerns about a given firm’s culture or that it has determined that a given firm has violated any rules or regulations. Instead, Finra’s goal is to better understand industry practices and determine whether firms are taking reasonable steps to properly establish and implement their own cultural values. This can help Finra develop potential future guidance for the industry on this topic.
8 Questions to Assess “Culture of Compliance”
In terms of adding specificity around what Finra is seeking to assess as it relates to culture of compliance, and to prepare targeted firms for future meetings, Finra outlined 8 questions that firms should answer and submit, as follows:
- A summary of the key policies and processes by which the firm establishes cultural values. In the summary, include whether this is a board-level function at your broker-dealer or at the corporate parent of the firm. If it is a board-level function, describe the board’s involvement. Also, provide a description of any steps you have initiated or completed in the past 24 months to promote, strengthen or change your firm’s culture.
- A description of the processes employed by executive management, business unit leaders and control functions in establishing, communicating and implementing your firm’s cultural values. Include a description of how executive management communicates, promotes and establishes a “tone from the top” as it relates to cultural values (to the extent not covered by the previous question). Include a description of the firm’s approach to ensure that its cultural values are adopted and applied by middle management.
- A description of how your firm assesses and measures the impact of cultural values (to the extent assessments and measures exist) and whether they have made a difference at your firm in achieving desired behaviors. Provide a summary of the policy statements, procedures, mission statements or other related documents that reflect your firm’s assessments and measures.
- A summary of the processes your firm uses to identify policy breaches, including the types of reports or other documents your firm relies on, in determining whether a breach of its cultural values has occurred. Please focus your summary on those activities your firm considers to be directly related to reinforcing its culture.
- A description of how your firm addresses cultural value policy or process breaches once discovered. What efforts are used to promptly address these policy or process breaches? What is the escalation process to surface and resolve such breaches?
- A description of your firm’s policies and processes, if any, to identify and address subcultures within the firm that may depart from or undermine the cultural values articulated by your board and senior management?
- A description of your firm’s compensation practices and how they reinforce your firm’s cultural values.
- A description of the cultural value criteria used to determine promotions, compensation or other rewards. Describe opportunities for promotion to the managing director or equivalent level available to personnel of your compliance, legal, risk and internal audit functions.
With this action, it’s clear that Finra wants firms to take culture of compliance seriously and this can be interpreted, perhaps, as a sign of things to come – that Finra will no longer tolerate firms that take a reactive, disconnected approach to compliance and a proactive model is now necessary. And we’re starting to see a reaction from large firms, as there has been increased discussion of late around moving the compliance function closer to the front office versus the middle office.
You can read Finra’s targeted examination letter directly, here.