Securities Regulation:

Opportunities Exist to Improve SEC's Oversight of the Financial Industry Regulatory Authority

GAO-12-625: Published: May 30, 2012. Publicly Released: May 30, 2012.


Additional Materials:


Angela N. Clowers
(202) 512-8678


Office of Public Affairs
(202) 512-4800

What GAO Found

Historically, the Securities and Exchange Commission’s (SEC) oversight of the Financial Industry Regulatory Authority’s (FINRA) programs and operations varied, with some programs and operations receiving regular oversight and others receiving limited or no oversight. Through its inspection process, SEC conducted routine and special inspections of various aspects of FINRA regulatory programs, including examinations, surveillance, and enforcement programs. SEC has also conducted routine inspections of FINRA’s advertising and arbitration programs but not as frequently as it had planned. SEC has also regularly reviewed FINRA proposed rule changes that are subject to SEC approval to determine consistency with the Securities Exchange Act of 1934 and related rules and regulations. However, neither SEC nor FINRA conducts retrospective reviews of FINRA’s rules. GAO and others have reported on the usefulness of retrospective reviews as they allow agencies to assess the effectiveness of their rules, and some federal financial regulators, including SEC, have begun pursuing plans to conduct retrospective reviews of their rules in light of a recent executive order that encourages independent regulatory agencies to do so. By not conducting these reviews, FINRA may be missing an opportunity to systematically assess whether its rules are achieving their intended purpose and take appropriate action, such as maintaining rules that are effective and modifying or repealing rules that are ineffective or burdensome. Further, by not reviewing what steps FINRA takes in reviewing its existing rules, SEC may not capture sufficient information to form an opinion about FINRA’s efforts to review its rules. Further, SEC has conducted limited or no oversight of other aspects of FINRA’s operations, such as governance and executive compensation. According to SEC, these operations were not historically considered due to competing priorities and resource constraints. Specifically, SEC officials said that SEC focused its resources on FINRA’s regulatory departments, which were perceived as programs that have the greatest impact on investors.

SEC is in the process of enhancing and expanding its oversight of FINRA using a more risk-based approach. To assess the risks facing FINRA, SEC has collected a substantial amount of information on FINRA’s regulatory programs and operations, including for programs and operations of FINRA for which it has not previously conducted oversight. SEC has analyzed the information it collected, and, according to SEC staff, will use this information as it implements its enhanced risk-based oversight of FINRA later this year. SEC has followed some elements GAO has previously found to be important in a risk-management framework, but officials have not articulated or documented how they will implement all of the elements, such as considering alternative oversight approaches and monitoring the effectiveness of its oversight. Incorporating these other elements will better position SEC to prioritize evolving and varying risks, evaluate alternatives, and monitor its oversight efforts. Without such elements, SEC may be missing opportunities to take a more comprehensive, risk-based approach in overseeing FINRA.

Why GAO Did This Study

SEC oversees FINRA, which is charged with regulatory oversight of all securities broker-dealers conducting business with the public in the United States. In light of recent events in the financial markets, SEC and FINRA have faced questions about their oversight roles. The Dodd-Frank Wall Street Reform and Consumer Protection Act required GAO to study SEC’s oversight of national securities associations registered under section 15A of the Securities Exchange Act of 1934, a provision which applies only to FINRA. This report examines (1) how SEC has conducted oversight of FINRA, including FINRA rule proposals and the effectiveness of its rules, and (2) how SEC plans to enhance its oversight of FINRA. To address these objectives, GAO reviewed SEC documentation, policies and procedures for inspections of FINRA and reviews of FINRA rule proposals; reviewed documentation on SEC’s plans for enhanced FINRA oversight; and interviewed SEC and FINRA officials.

What GAO Recommends

SEC should encourage FINRA to conduct retrospective reviews of its rules and establish a process for examining FINRA’s reviews, and SEC should follow all elements of a risk-management framework in developing its future oversight plans. SEC generally agreed with GAO’s recommendations.

For more information, contact A. Nicole Clowers at (202) 512-8678 or

Recommendations for Executive Action

  1. Status: Closed - Implemented

    Comments: Consistent with GAO's recommendation, SEC's Office of Compliance Inspections and Examinations (OCIE) sent a letter to FINRA in April 2013 stating that FINRA should conduct a retrospective review of its rules. In 2014, FINRA implemented a retrospective rule program, and OCIE's Office of FINRA and Securities Industry Oversight (FSIO) has established a process for examining FINRA's reviews by integrating FINRA's retrospective rule review program into its FINRA risk-assessment process and by including the program as part of its annual FINRA risk-assessment and inspection planning process. GAO obtained copies of the April 2013 letter to FINRA and materials related to FSIO's review of FINRA's retrospective rule program, and determined that SEC has implemented GAO's recommendation.

    Recommendation: As SEC works to enhance its oversight of FINRA, the SEC Chairman should encourage FINRA to conduct retrospective reviews of its rules and establish a process for examining FINRA's reviews.

    Agency Affected: United States Securities and Exchange Commission

  2. Status: Open

    Comments: SEC officials said that they are working with a consultant to finalize a plan to follow all elements of a risk management framework for its oversight of FINRA. When we confirm additional actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: As SEC works to enhance its oversight of FINRA, the SEC Chairman should direct Office of Compliance Inspections and Examinations (OCIE) to follow all elements of a risk-management framework as it develops plans for an enhanced risk-based approach to FINRA oversight, such as developing plans for how it will prioritize risks related to oversight of FINRA and assessing the effectiveness of its risk-based model.

    Agency Affected: United States Securities and Exchange Commission


Explore the full database of GAO's Open Recommendations »