Securities Regulation: Opportunities Exist to Improve SEC's Oversight of the Financial Industry Regulatory Authority
Highlights
What GAO Found
Historically, the Securities and Exchange Commission’s (SEC) oversight of the Financial Industry Regulatory Authority’s (FINRA) programs and operations varied, with some programs and operations receiving regular oversight and others receiving limited or no oversight. Through its inspection process, SEC conducted routine and special inspections of various aspects of FINRA regulatory programs, including examinations, surveillance, and enforcement programs. SEC has also conducted routine inspections of FINRA’s advertising and arbitration programs but not as frequently as it had planned. SEC has also regularly reviewed FINRA proposed rule changes that are subject to SEC approval to determine consistency with the Securities Exchange Act of 1934 and related rules and regulations. However, neither SEC nor FINRA conducts retrospective reviews of FINRA’s rules. GAO and others have reported on the usefulness of retrospective reviews as they allow agencies to assess the effectiveness of their rules, and some federal financial regulators, including SEC, have begun pursuing plans to conduct retrospective reviews of their rules in light of a recent executive order that encourages independent regulatory agencies to do so. By not conducting these reviews, FINRA may be missing an opportunity to systematically assess whether its rules are achieving their intended purpose and take appropriate action, such as maintaining rules that are effective and modifying or repealing rules that are ineffective or burdensome. Further, by not reviewing what steps FINRA takes in reviewing its existing rules, SEC may not capture sufficient information to form an opinion about FINRA’s efforts to review its rules. Further, SEC has conducted limited or no oversight of other aspects of FINRA’s operations, such as governance and executive compensation. According to SEC, these operations were not historically considered due to competing priorities and resource constraints. Specifically, SEC officials said that SEC focused its resources on FINRA’s regulatory departments, which were perceived as programs that have the greatest impact on investors.
SEC is in the process of enhancing and expanding its oversight of FINRA using a more risk-based approach. To assess the risks facing FINRA, SEC has collected a substantial amount of information on FINRA’s regulatory programs and operations, including for programs and operations of FINRA for which it has not previously conducted oversight. SEC has analyzed the information it collected, and, according to SEC staff, will use this information as it implements its enhanced risk-based oversight of FINRA later this year. SEC has followed some elements GAO has previously found to be important in a risk-management framework, but officials have not articulated or documented how they will implement all of the elements, such as considering alternative oversight approaches and monitoring the effectiveness of its oversight. Incorporating these other elements will better position SEC to prioritize evolving and varying risks, evaluate alternatives, and monitor its oversight efforts. Without such elements, SEC may be missing opportunities to take a more comprehensive, risk-based approach in overseeing FINRA.
Why GAO Did This Study
SEC oversees FINRA, which is charged with regulatory oversight of all securities broker-dealers conducting business with the public in the United States. In light of recent events in the financial markets, SEC and FINRA have faced questions about their oversight roles. The Dodd-Frank Wall Street Reform and Consumer Protection Act required GAO to study SEC’s oversight of national securities associations registered under section 15A of the Securities Exchange Act of 1934, a provision which applies only to FINRA. This report examines (1) how SEC has conducted oversight of FINRA, including FINRA rule proposals and the effectiveness of its rules, and (2) how SEC plans to enhance its oversight of FINRA. To address these objectives, GAO reviewed SEC documentation, policies and procedures for inspections of FINRA and reviews of FINRA rule proposals; reviewed documentation on SEC’s plans for enhanced FINRA oversight; and interviewed SEC and FINRA officials.
Recommendations
SEC should encourage FINRA to conduct retrospective reviews of its rules and establish a process for examining FINRAs reviews, and SEC should follow all elements of a risk-management framework in developing its future oversight plans. SEC generally agreed with GAOs recommendations.
Recommendations for Executive Action
| Agency Affected | Recommendation | Status |
|---|---|---|
| United States Securities and Exchange Commission | As SEC works to enhance its oversight of FINRA, the SEC Chairman should encourage FINRA to conduct retrospective reviews of its rules and establish a process for examining FINRA's reviews. |
Closed – Implemented
Consistent with GAO's recommendation, SEC's Office of Compliance Inspections and Examinations (OCIE) sent a letter to FINRA in April 2013 stating that FINRA should conduct a retrospective review of its rules. In 2014, FINRA implemented a retrospective rule program, and OCIE's Office of FINRA and Securities Industry Oversight (FSIO) has established a process for examining FINRA's reviews by integrating FINRA's retrospective rule review program into its FINRA risk-assessment process and by including the program as part of its annual FINRA risk-assessment and inspection planning process. GAO obtained copies of the April 2013 letter to FINRA and materials related to FSIO's review of FINRA's retrospective rule program, and determined that SEC has implemented GAO's recommendation.
|
| United States Securities and Exchange Commission | As SEC works to enhance its oversight of FINRA, the SEC Chairman should direct Office of Compliance Inspections and Examinations (OCIE) to follow all elements of a risk-management framework as it develops plans for an enhanced risk-based approach to FINRA oversight, such as developing plans for how it will prioritize risks related to oversight of FINRA and assessing the effectiveness of its risk-based model. |
Closed – Implemented
SEC's Office of Compliance Inspections and Examinations (OCIE) and its Office of FINRA and Securities Industry Oversight (FSIO), with assistance from OCIE's Office of Strategy and Operational Risk, have worked with a consultant to develop a risk management framework for its oversight of FINRA. The framework is in a document entitled "Office of FINRA and Securities Industry Oversight Risk Management Framework Guidance" that was approved on September 7, 2018. We reviewed the Guidance and determined that it contains all elements of a risk-management framework. This includes a risk management framework that will assist FSIO in setting goals and objectives, identifying risks to the achievement of those goals and objectives, assessing those risks, determining appropriate responses to those risks, including an evaluation of various alternatives to respond to those risks, and monitoring any implemented activities for effectiveness.
|