FINRA Annual 2024: Industry execs take on Gen AI, Reg BI, WFH and more

At the FINRA annual conference, industry executives talked about how SEC and FINRA rules work in practice.

Industry participants took to the stage at the Financial Industry Regulatory Authority’s (FINRA’s) annual conference to discuss pressing compliance and legal trends.

Robert Colby, Executive VP and Chief Legal Officer at FINRA, asked the participants for their thoughts on Regulation Best Interest (Reg BI), the use of generative artificial intelligence (AI) in their businesses and the issue of an aging workforce and safeguarding aging investors. Their remarks revolved around constantly updated and continuously supplied training, as they moved from one topic to another.

Reg BI

Peggy Ho, General Counsel and Chief Risk Officer at Commonwealth Financial Network, kicked off the discussion about training tools early. In answer to Colby’s question on Reg BI compliance, she said that at her firm it means an emphasis on making sure advisers know what to do to comply and promptly documenting their efforts – supplying details from the advice given to which customers and why.

When the advisers discuss reasonably available alternative products to clients, they know what to do based on their training. Ho added that vendors have great tools that help you keep track of your obligations and recordkeeping in this area.

“Collect it with AI – but don’t approve it with AI.”

Scott Kursman, Managing Director and CCO, Citigroup Global Markets Inc

Jennifer Grego, CCO at Morgan Stanley Wealth Management, said it’s important to remember that client pricing and adviser compensation schemes are aligned, to tamp down on any appearance of conflicts of interest. The robustness of disclosure is key here.

“Make sure you have the right surveillance to track when alternative investments are being offered and to make sure advisers are not defaulting to certain product recommendation,” Grego said.

Speaking from the small-firm perspective, Wendy Lanton, CCO at Herald Lantern Investments, Inc, reminded us that smaller businesses have to do a lot manually, so the need for effective training is paramount. As is the supervision of employees. “You need to take a nuanced approach and have a lot of conversations about sales approaches, what these products really are all about and why they’re suitable for some versus others, starting from that basic point first,” she said.

Colby then asked the panelists about the impact on their businesses of the Department of Labor’s (DOL’s) fiduciary rule, finalized last month, that aims to expand strict fiduciary standards of conduct to cover more retirement plan advisers.

Grego said her firm’s Reg BI rules will help, but she said she’s mindful of how the DOL rules cover new products and require new attestations.

Lanton agreed, saying new training will be needed, especially as it applies to annuity products.

Supervising hybrid and remote work

Lanton was quite blunt in saying she does not like the work-from-home arrangements because she can’t as easily control the environment. She said she worries about data security, bring-your-own-device use, and even wonders if some employees are going to claim they’re independent contractors now. She said each company needs to do an analysis of what its risk is in having remote employees, based on their varying characteristics and what they sell.

Scott Kursman, Managing Director and CCO at Citigroup Global Markets Inc., pointed out that FINRA has helpfully introduced two pilot programs involving remote location supervisory locations and inspections, and that such things help families and naturally aid in creating more diverse workforces.

Grego said the pilot programs will help firms better navigate the remote-work arrangements, and she reminded the audience to involve HR and Operations teams members in these supervision-related discussions, not just Compliance and Legal.

Gen AI use

Colby asked about the use of AI tools in the workplace and the policies and procedures around them. Grego said the risk-management framework around the use of AI totally depends on its use by the business. If it’s for internal use only and within your firewall, that will require far less supervision than client-facing AI. But whether it will collect personally identifiable information (PII) and how it will use it is the differentiator.

She also stressed transparency on use. Even if the tools are just being used internally; everyone needs to know where the data is going and how it’s being used, including any vendor’s use of it at all.

Kursman said the industry is, so far, treading lightly with client-facing use of AI. At Citi, the main use has been streamlining processes to help with trade and electronic communications analysis, particularly sentiment analysis – the process of analyzing text to determine if the message is positive, negative or neutral.

“Make sure you have the right surveillance to track when alternative investments are being offered and to make sure advisers are not defaulting to certain product recommendation.”

Jennifer Grego, CCO and Head of Operational Risk, Morgan Stanley Wealth Management

“It can help you evaluate more than what you can get from just words,” he said.

Lanton said she wants to use it to eliminate “noise” and just be more efficient overall. But she reiterated her call for training on these tools and the parameters around them, noting that PII can wind up going out externally even from internal channels and that AI responses can be totally fabricated (hallucinated).

Ho said you need strong governance around the risk posed here. And since you’re likely depending on some vendors in this arena, your vendor due diligence needs to be strong as well.

Kursman said some major risks to be mindful of include hallucinates, data privacy rules and laws, the use of AI for illicit use (to get around sanctions rules) and deepfakes that could bypass authentication controls by being so well-designed.

He said human must review all output generated by these tools. “Collect it with AI – but don’t approve it with AI,” he said, quoting speaker Ira Gluck, Senior Director at FINRA in Advertising Regulation, who had spoken in a conference panel the previous day.

Aging clients and workforce

Although Colby asked about elderly clients who are sometimes more vulnerable, a couple of the panelists took the opportunity to talk about aging advisers.

Lanton says she worries about it and emphasized the importance of succession planning, or preparing them and the firm for their leaving the business. Ho agreed, saying your employees’ performance can change with age and the trusted contacts of both emp[loyees and clients must be reviewed annually. To that end, she recommended a FINRA video about trusted contacts.

Grego said it’s not really age that’s the issue – it’s keeping on top of every employee’s performance and practice of their jobs and always looking for scams that can dupe anyone at this point, considering how sophisticated the bad actors have become.

Pace of new rulemaking

Colby asked about the burden and pace of new rulemaking by the SEC and FINRA, and Kursman said at Citi new rulemaking is viewed as a new risk, but they tackle it early with planning and budgeting to make it less onerous when the compliance date arrives.

He said he worries about regulatory overlap, such as with the DOL fiduciary duty standard and Reg BI.

Lanton said the burden on her business has been significant – especially the new T+1 settlement process and timeframe on top of Reg BI and the Customer Relationship Summary form that must be filled out, along with the heightened duty of care. “We need new policies and procedures and need to customize them for our firm, and we can’t really do what is the centerpiece of our business because we’re preparing constantly for new rules.”

Ho said she worries the SEC’s overzealousness is leading to fewer investor choices, as businesses pare back their offerings.

Grego said she regrets how new rules can sometimes push back or completely derail other initiatives the business would like to institute to benefit clients – likely an unintended but sometimes real consequence of rulemaking. And she said at a larger business “who does what” in the face of some many requirements gets tricky.

“I worry about keeping pace with rulemaking while being proactive and reactive with my risk management,” she said.