Each year, thousands of regulatory changes are made that
could materially affect the insurance industry, and the number is rising. In
any given year, more than 40,000 regulations—including legislative bills,
administrative rules, bulletins, advisories, alerts, directives, and interpretive
guidance—must be vetted to determine if they affect the business of insurance. According
to RegEd’s internal research, there were about 2,400 new or revised state regulations
enacted or adopted that directly affected the insurance industry in 2013. In
2019, there were about 3,600, an increase of 53%. As the number escalates, new regulations
themselves are becoming more complex, especially around risk management,
corporate governance, cyber-security, and privacy, with wider-ranging effects that
reach further across geographies, business lines, products, and processes.
Managing the regulatory change process can be complicated and
time consuming. Simply to identify a new regulation is a monumental task, to
say nothing of methodically analyzing each one to determine how—and whether—it
could affect an insurance company’s sales operations, actuarial procedures,
product features, financial obligations, or any number of other areas of the
business. When a new regulation does affect the organization, an organization
must take steps to bring itself into compliance. Finally, a company must
demonstrate compliance to regulators.
A Repeatable Closed-Loop Process
If an organization has implemented an established and repeatable closed-loop process to manage regulatory change, it can avoid missing key regulations, determine how new regulations affect the organization with more precision, take measures to bring itself into compliance more efficiently, and demonstrate proof of compliance with comprehensive documentation and reporting. There are five steps: Be aware of new regulations; determine relevance to your organization; identify areas of ownership and translate changes into business requirements; execute, monitor, and validate a workflow plan to bring the company into compliance; and demonstrate compliance to regulators and internal stakeholders.
1. BE AWARE
An organization must be aware of what new, revised, and
amended regulations have been made, and each year, there could be thousands of rule
changes. As insurance regulation is decentralized, the process can be
enormously challenging. There are at least 50 separate insurance jurisdictions,
and it’s necessary to monitor each state legislature and agency that has the
authority to regulate the business of insurance—there is no central
clearinghouse. An organization’s compliance department has to know where to
Myriad state and local agencies are authorized to regulate
the insurance industry. State departments of insurance are an obvious place to
start, but it’s critical not to overlook others that may not regulate as often
or as widely, including departments of transportation, departments of labor,
and departments of health and human services. Equivalent regulations in
different states may have different requirements, and if the company offers numerous
lines of insurance in different markets, the company is subject to each rule
for each product in each state.
Once aware of new regulations, it’s best to have a central system
to manage them actively. Regulations that are handled through different
departments within the organization with different methodologies, workflow
practices, and levels of accountability can easily be lost or addressed
inconsistently, creating a risk of noncompliance and inefficiencies throughout the
2. DETERMINE RELEVANCE
Once in the door, a regulation must be reviewed and
evaluated for relevance to an organization’s business, its spirit and intent, the
areas and processes it may affect, and the types of changes necessary to
comply. It’s a time-consuming and laborious process that can take months for a
single regulation, and it involves a great deal of research and dialogue. In
many instances, a new regulation’s relevance may not be obvious, and although a
regulation ultimately may be deemed not applicable to the organization, the
process to make this determination can represent a great deal of staff time,
effort, and other resources.
CHANGES INTO BUSINESS REQUIREMENTS
When it’s determined that a new regulation affects the
business, an organization must identify the areas of ownership—claims
department, underwriting, or actuarial, for example—and the individuals who are
responsible to bring the company into compliance. As some legislative bills and
administrative rules can reach hundreds of pages with a high degree of
complexity, it is critical to review, interpret, package, and deliver—in plain
English—a new or revised regulation to the different affected parts of the
organization. This can represent a lot of work, but someone on the receiving
end may not be able to interpret legal or legislative language in an effective
way that’s actionable and makes sense for the business.
Many companies, especially those that haven’t established a
strong compliance management cycle, don’t have the staff and resources to translate
new regulations effectively. When left to individual divisions to interpret a
new regulation and take measures to comply, the effort often can be like a fire
drill: reactive, incomplete, and inconsistent with other areas of the company.
Without a central, managed closed-loop process, this step is almost impossible
to do; merely hoping for the best outcome rarely results in the best outcome.
MONITOR, AND VALIDATE
An organization’s compliance department must assign the recommended
tasks and requirements to the correct departments to make sure the changes needed
to bring the company into compliance are in fact made within the required time
frame. This should include guidance and a complete framework of workflow, with
processes for oversight, monitoring, and accountability built in. Organizations
that don’t have an established, closed-loop process can find this difficult—email
usually can’t handle the job.
5. DEMONSTRATE COMPLIANCE
It’s not uncommon for regulators to ask an insurance company
to show what it did to comply with a new regulation. After all, it’s the law,
there are consequences for not being compliant, and the entire process is
useless unless an organization can provide positive proof. In addition to
providing legitimacy to regulators, it serves as valuable risk management data
to senior management and other internal stakeholders.
A closed-loop process makes managing regulatory change
vastly easier. Without one, complications can arise when regulators arrive,
such as during a market conduct examination, that can result in a fire
drill—tracking down the people involved, looking through email correspondence,
searching for documents, and wading through files—that can be chaotic. If done
correctly, running a quick report can provide proof by highlighting the details
of how and when an organization complied.
REGULATORY CHANGE MANAGEMENT
RegEd’s Regulatory Change Management incorporates a complete, workflow-enabled, closed-loop process to be aware, determine relevance, create and execute a compliance strategy, and demonstrate compliance with all regulatory changes.
Subject Matter Experts and Specialists
A full staff of subject matter experts with deep, hands-on
experience in the insurance industry, monitors the regulatory landscape,
documents changes, and evaluates each new or revised regulation for relevance
Regulatory specialists interpret, summarize, and translate
legal language to business-appropriate plain English before distributing them
through RegEd’s system to clients based on their lines of business. Streamlined
tools enable the tasks necessary to achieve compliance and reporting functions demonstrate
to executive management and regulators that an organization was aware of a regulatory
change and steps were taken to comply along with a current status report and a
full audit trail.
About the Author
Merlinda Johnson is the Director of Insurance Regulatory Compliance at RegEd, Inc.
In February 2020, the National Association of Insurance Commissioners (NAIC) approved revisions to its Suitability in Annuity Transactions Model Regulation (#275). The revised regulation requires that all annuity recommendations by producers and insurers meet a “best interest” standard.
Under the new model regulation, insurance producers and carriers may not place their financial interests ahead of the consumer’s interest when recommending an annuity product. Furthermore, insurers are required to establish and maintain a system to supervise producer recommendations, so the insurance needs and financial objectives of consumers are addressed effectively. The new model also prohibits an insurer from issuing an annuity product to a consumer unless the insurer has a reasonable basis to believe the annuity would address the consumer’s insurance needs and financial objectives effectively.
The NAIC’s new best interest standard uses the Securities and Exchange Commission’s recent Regulation Best Interest as a model. For the past 10 years, insurance regulators have used a “suitability” standard, similar to the Financial Industry Regulatory Authority’s (FINRA), to regulate annuities sales. The best-interest standard on sales and recommendations of annuity products by insurance producers is a higher standard than the 2010 model regulation’s suitability requirements, but it does not reach the level of a fiduciary duty.
A producer would be deemed to have acted in the consumer’s best interest if the producer meets the obligations of care, disclosure, conflict of interest, and documentation that are detailed in the model regulation. Insurance companies are required to supervise producer compliance with this rule and to maintain compensation systems that will not undermine the best interest of clients.
Like the 2010 model regulation, the new model regulation requires that producers be trained in its requirements. For producers new to selling annuities, the new model calls for a four-hour training course. For veteran producers who were trained under the old model regulation, the new model regulation allows for a one-hour update course, although the regulation makes this option available only for the first six months after their state adopts the new rule (states may vary this time period).
The new model regulation applies only to the recommendation or sale of an annuity. It also provides for various exemptions from its requirements, such as exemptions for certain group annuities. The model also provides a safe harbor for sales and recommendations made in compliance with “comparable standards,” for example, those that comply with applicable SEC or FINRA securities requirements for broker-dealers and registered investment advisers.
The NAIC recommends that states amend their annuity sales regulations in response to the new model regulation. The NAIC’s 2010 Model Regulation was adopted by 45 states and the District of Colombia in the wake of the 2010 Dodd-Frank Wall Street Reform and Consumer Protection Act. Previous projections suggested that half the states could adopt the model regulation in some form by the end of 2020, but may be delayed due to the COVID-19 pandemic.
Best Interest Obligation: Reasonable
Diligence, Care, and Skill
Under the NAIC’s revised Suitability in Annuity Transactions Model Regulation (#275), producers must now “exercise reasonable diligence, care, and skill” when recommending an annuity and shall act in the best interest of the consumer, under the circumstances known at the time the recommendation is made, without placing the producer’s or the insurer’s financial interest ahead of the consumer’s interest.
A producer’s obligations regarding care, disclosure, conflict of interest, and documentation include making appropriate recommendations that consider the consumer’s financial situation, insurance needs, and financial objectives, and reasonable efforts must be made to obtain consumer profile information from the consumer before making a recommendation.
Thus, a producer must be familiar with the annuity options available. Of those annuities the producer is authorized and licensed to sell, the producer must have a reasonable basis to believe the consumer would benefit from certain features of the annuity, such as annuitization, death or living benefit, or other insurance-related features. The producer must also be able to communicate the basis of the recommendation.
Consumer profile information; characteristics of the insurer;
and product costs, rates, benefits, and features are generally relevant factors
in determining whether an annuity addresses a consumer’s financial situation,
insurance needs, and financial objectives. While each factor’s importance may
vary depending on a consumer’s circumstances, each factor may not be considered
Producers must make an effort to gather customer profile
information to determine whether a recommendation addresses the consumer’s
financial situation, insurance needs, and financial objectives, including age, income,
assets and liabilities, financial experience, objectives, time horizon, use of
the annuity, liquidity needs, risk tolerance, and tax status.
When exchanging or replacing an annuity, a producer must
consider the whole transaction, factoring in surrender charges, commencement of
a new surrender period, loss of existing benefits, increased fees, and other
exchanges or replacements made within the previous five years. The new product
must substantially benefit the consumer in comparison to the replaced product
for its duration.
The model regulation requires specific disclosures of the
customer relationship between the producer and consumer, the products the
producer is authorized or licensed to sell, and the producer’s compensation. The
model regulation requires the use of a disclosure form (“Insurance
Agent [Producer] Disclosure for Annuities”)signed
by both the producer and customer; an example is provided as an appendix.
relationship: Before making a recommendation or selling an annuity, a producer
must disclose in writing the scope and terms of the relationship with the
consumer and the producer’s role in the transaction.
producer must state which products the producer is licensed and authorized to
sell (fixed, fixed-indexed, and variable annuities; life insurance; mutual
funds; stocks and bonds; and certificates of deposit).
producer must provide a statement describing the insurers for which the
producer is authorized, contracted, appointed, or otherwise able to sell
insurance products by indicating one insurer, from two or more insurers, or
from two or more insurers although primarily contracted with one insurer.
producer must also describe the sources and types of cash and non-cash
compensation received, including whether the producer is to be compensated for
the sale of a recommended annuity by commission as part of a premium or other
remuneration received from the insurer, intermediary or other producer or by a fee
as a result of a contract for advice or consulting services; and a notice of
the consumer’s right to request additional information regarding cash
compensation. Upon request, the producer must disclose a reasonable estimate of
the amount of cash compensation to be received, which may be stated as a range
of amounts or percentages; and whether it’s a one-time or multiple occurrence
amount, and if a multiple occurrence amount, the frequency and amount, which
may be stated as a range of amounts or percentages.
of Interest: A producer shall identify and avoid or reasonably manage and
disclose material conflicts of interest, including material conflicts of
interest related to an ownership interest.
Documentation: At the time
of recommendation or sale, a producer must document any recommendation and its
basis in writing. Should a customer refuse to provide consumer profile
information, the producer must obtain a statement signed by the consumer that
documents the customer’s refusal and the customer’s understanding of the
implications of not providing consumer profile information. The model
regulation provides a sample form (“Consumer Refusal to Provide Information”) as
an appendix. Furthermore,
a producer must obtain a statement signed by the consumer acknowledging that the
annuity transaction is not recommended if a customer decides to buy an annuity
that is not recommended by the producer.
of best interest: Any requirement that applies to one producer must apply to each
producer who was involved in the recommendation and has received direct
compensation as a result, regardless of consumer contact. Providing marketing
or educational materials, product wholesaling or other back office product
support, and general supervision of a producer do not, in and of themselves,
constitute material control or influence.
not based on a recommendation: A producer shall have no obligation to a consumer if no
recommendation is made, if a recommendation was made and was later found to
have been based on materially inaccurate information provided by the consumer, if
a consumer refuses to provide relevant consumer profile information and the
annuity transaction is not recommended. If a consumer decides to purchase an
annuity transaction that is not based on a recommendation, a disclosure must be
made in writing and signed by both the producer and consumer. The model
regulation provides a sample form (“Consumer Decision to Purchase an
Annuity NOT Based on a Recommendation”) as an appendix.
Reasonable basis: Except as described under transactions not based on a recommendation, an insurer may not issue a recommended annuity unless there is a reasonable basis to believe it would effectively address a consumer’s financial situation, insurance needs, and financial objectives, based on the consumer’s consumer profile information.
insurer must establish and maintain a supervision system that is reasonably
designed to achieve the insurer’s and its producers’ compliance with model
regulation #275, including:
The insurer shall establish and maintain procedures for the review of each annuity recommendation prior to issuance that are designed to ensure that there is a reasonable basis to determine that the recommended annuity would effectively address the particular consumer’s financial situation, insurance needs and financial objectives.
The insurer shall establish and maintain reasonable procedures to detect recommendations that are not in compliance, including confirmation of the consumer’s profile information, systematic customer surveys, producer and consumer interviews, confirmation letters, producer statements or attestations, and internal monitoring. The insurer shall establish and maintain reasonable procedures to identify and address suspicious consumer refusals to provide consumer profile information.
The insurer shall establish and maintain reasonable procedures to assess, prior to or upon issuance or delivery of an annuity, whether a producer has provided to the consumer the required information.
The insurer shall establish and maintain reasonable procedures to identify and eliminate any sales contests, sales quotas, bonuses, and non-cash compensation that are based on the sales of specific annuities within limited periods of time. The insurer is not required to make its compensation system incentive-neutral with those of other carriers that may have different system. (But differences between carriers are still subject to the rule that prohibits placing the producer’s or insurer’s interests ahead of the consumer’s.)
Effectiveness of supervision program
The insurer shall annually provide a written report to senior management, including to the senior manager responsible for audit functions, which details a review, with appropriate testing, reasonably designed to determine the effectiveness of the supervision system, exceptions found, and any corrective action recommended or taken.
Recommendations and sales of annuities made by registered broker-dealers, investment advisers, or a plan fiduciary in compliance with business rules, controls, and procedures that conform to a comparable standard, such as the SEC’s Regulation Best Interest, shall satisfy the requirements under this regulation as long as the insurer monitors the relevant conduct of the financial professional or the entity responsible for supervising the financial professional.
Compliance Mitigation, Penalties, Enforcement
are responsible for compliance with this regulation. If a violation occurs, the
commissioner may order an insurer or agency to take reasonably appropriate
corrective action for any consumer harmed by an insurer’s failure to comply or
that of a producer or contracted agent for the insurer. Appropriate penalties
and sanctions may apply as well. Applicable penalties for a violation may be reduced
or eliminated if corrective action is taken for the consumer is taken promptly
and if the violation is not part of a pattern or practice.
general agents, independent agencies, and producers must maintain records of
information collected from the consumer; disclosures made to the consumer,
including summaries of oral disclosures; and other information used in making
the recommendations that were the basis for insurance transactions. Each state will
specify the required number of years after the annuity transaction is completed
that records are to be kept.
producer who has completed an annuity training course approved by the
department of insurance prior to the effective date of the amended regulation
must complete either a new four-credit training course approved by the
department of insurance or an additional one-time, one-credit training course
approved by the department of insurance and offered by an approved education provider.
The training must focus on appropriate sales practices, replacement
and disclosure requirements in the amended regulation. An insurer must verify
that a producer has completed the required annuity training course before
allowing the producer to sell an annuity product.
offers the two courses that meet the requirements of the NAIC’s revised model
regulation #275, which will be submitted for approval and continuing education
(CE) credit in each state as their versions of this regulation become
Annuities Under the NAIC Best Interest Standard (490)
is the standard four-hour training course required of insurance agents before
they may sell annuities. It details the standard of care agents must adhere to
when recommending annuities to clients. It discusses the fact finding and
analysis required to make a recommendation that is in the best interest of the
client. It discusses conflicts of interests, disclosures to clients, and
documentation. In addition, the course reviews the operations of different
types of annuities and how they are used to meet different client needs.
Recommending Annuities Under the New NAIC Best Interest Standard—One-Hour Update Course(491)
insurance agents who previously qualified to sell annuities under their state’s
version of the NAIC annuity suitability regulation may take this one-hour
update course to qualify to sell annuities under the new NAIC best-interest
standard. This course details the standard of care agents must adhere to when
recommending annuities to clients. It discusses the fact finding and analysis
required to make a recommendation that is in the best interest of the client.
It discusses conflicts of interests, disclosures to clients, and documentation.
RegEd is ready to assist insurance companies manage the process of revising the standards of the Suitability in Annuity Transactions Model Regulation (#275), including tracking recommendations, managing disclosures, documentation, and other compliance obligations, supported by efficient and enabling technology and people with deep experience in the process. For more information: email@example.com, www.reged.com, or 800-334-8322.
About the Authors
Brandi Brown is the Senior Vice President of Regulatory Affairs at RegEd, Inc.
Margie Webber is the Director, Regulatory Compliance BD/IA at RegEd, Inc.
These are certainly interesting days. So much is
taking the attention of compliance professionals. By now everyone has
implemented their business continuity plans (BCP) and likely made modifications
to them here and there as the true test of these plans has been realized.
BCP has now become yet another compliance ball to juggle for the foreseeable
future. BCP recordkeeping will be important so be sure to track as you
go. Regulators are certain to ask about this in upcoming exams.
Now that everyone is settled into their temporary work
environments and any BCP gaps have been shored up, the looming June 30, 2020
compliance date for Regulation Best Interest (Reg BI) and Form CRS
(client/customer relationship summary) is once again the primary focus for most
broker-dealers (BDs) and investment advisers (IAs). SEC Chairman Jay
Clayton has recently signaled there will be no regulatory relief around the
June 30th compliance date.
On April 7th, the Office of Compliance
Inspections & Examinations (OCIE) released two Risk Alerts providing BDs
and IAs with insight around initial regulatory examinations to assess
implementation of Reg BI and Form CRS. OCIE’s implementation assessment
exams will likely occur within one-year of the June 30th compliance
date. FINRA also released a statement
that they will take the same approach as OCIE on their initial examinations of
firms’ compliance with Reg BI and Form CRS.
(and FINRA) will assess whether firms made good faith efforts to implement
policies and procedures that are reasonably designed to achieve compliance with
the general obligation of Reg BI to make recommendations that are in the best
interest of the retail investor before or at the time the recommendation is
made. You demonstrate compliance with the general Reg BI obligation by
complying we each of the four (4) component obligations of Reg BI. The
Disclosure Obligation, the Care Obligation, the Conflict of Interest Obligation
and the Compliance Obligation.
The Disclosure Obligation requires BDs, prior to or
at the time of a recommendation to a retail customer, to provide written, full
and fair disclosure of all material facts relating to the scope and terms of
the relationship with the retail customer; and all material facts relating to
conflicts of interest that are associated with the recommendation being made to
the retail customer. BDs can expect regulators to review the content of
their disclosures as well as ‘other firm records’ to make a compliance assessment.
Do your disclosures
define the capacity in which the recommendation is being made?
Do your disclosures
provide applicable material fees and costs?
Are any material
limitations on the securities or investment strategies involving
securities that may be recommended to the retail customer included in your
Are you making your disclosures ‘timely’ (prior
to or at the time of recommendation)?
Care Obligation requires BDs to exercise reasonable diligence, care, and
skill when making a recommendation to a retail customer.
the BD understand potential risks, rewards, and costs associated with the
these factors considered in light of the retail customer’s investment profile?
the recommendation made in the retail customer’s best interest?
can expect regulators to review the information collected from retail customers
to develop their investment profiles (i.e. new account forms, correspondence,
agreements between customer and BD). Regulators will want to understand:
process taken by the BD to determine a reasonable basis exists to believe that
the recommendations are in the best interest of the retail customer.
considered by the BD to assess potential risks, rewards, and costs of the
recommendations in light of the retail customer’s investment profile.
process for having a reasonable basis to believe that it does not place its
financial or other interests ahead of the interest of its retail customers.
the BD makes recommendations related to significant investment decisions, such
as rollovers and account recommendations, and how the BD has a reasonable basis
to believe that such investment strategies are in a retail customer’s best
the BD makes recommendations related to more complex, risky or expensive
products and how the BD has a reasonable basis to believe that such investments
are in a retail customer’s best interest.
Conflict of Interest Obligation requires BDs to establish, maintain, and
enforce written policies and procedures reasonably designed to address
conflicts of interest associated with its recommendations to retail customers.
Of course regulators will review the BD’s policies and procedures to determine
your policies and procedures address conflicts that create an incentive for an
associated person to place its interest or the interest of the BD ahead of the
interest of the retail customer?
they include material limitations such as only limited product menu, only
offering proprietary products, or products with third-party arrangements?
the BD eliminated sales contests/quotas/bonuses/non-cash compensation based on
the sale of specific securities or specific types of securities within a
limited period of time?
the policies and procedures establish a structure for identifying the conflicts
that the BD or its associated person may face?
they provide for disclosing, mitigating or eliminating conflicts?
Compliance Obligation requires BDs to establish, maintain, and enforce
written policies and procedures reasonably designed to achieve compliance with
Reg BI as a whole. Regulators will assess compliance with this obligation
by reviewing policies and procedures and evaluating controls, remediation for
noncompliance, training, and periodic review and testing of the BD’s policies
in this Risk Alert is an Appendix that should be reviewed as it provides a
sample list of information the regulators may request in order to determine
compliance with Reg BI.
with Reg BI, the Form CRS obligation applies to IAs as well as BDs. BDs
and IAs are required to deliver to retail investors a brief relationship
summary (Form CRS) providing information about the firm. By June 30, 2020, the
Form CRS must be filed with the SEC through Web CRD for BDs, or IARD for IAs
(both Web CRD & IARD for dual registrants using one Form CRS for both
brokerage and advisory services). In addition, if the firm has a public
website, the Form CRS must be posted there. After the June 30th
compliance date, regulators will assess for a good faith effort to comply with
the Form CRS obligation.
the firm filed its Form CRS including any amendments?
the firm have a public website and if so, has the Form CRS been posted there?
is the process for delivering Form CRS to existing and new retail investors?
the firm’s policies and procedures address the delivery process and dates?
the Form CRS include all required information; does it contain true and
accurate information; does it omit material facts?
does the firm describe the relationship and services it offers, including
statements regarding account monitoring and investment authority?
does the firm describe fees and costs?
How does the firm
describe its conflicts of interest, including incentives related to proprietary
products, third-party payments, revenue sharing, and principal trading?
Does the firm
accurately disclose if the firm or its financial professionals have legal or
Is the Form CRS
formatted in accordance with Form CRS instructions?
Do policies and
procedures provide for Form CRS updating?
Has the firm retained
applicable records related to its delivery of the Form CRS?
should expect regulators to review records of the dates that each relationship
summary was provided to retail investors to validate whether the firm has
complied with the delivery obligations.
existing retail investors, firms must deliver the summary by July 30, 2020 and
before or at the time of:
a new account that is different from existing accounts held by the retail
a rollover of assets from retirement accounts into a new or existing accounts;
a new brokerage or investment advisory service or investment that does not
necessarily involve the opening of a new account and would not be held in an
new retail investors, Form CRS must be delivered before or at the earliest of:
into an investment advisory contract with the retail investor;
to a retail investor an account type, a securities transaction, or an
investment strategy involving securities;
an order for the retail investor; or
a brokerage account for the retail investor.
thorough review of these two (2) risk alerts should enable firms to be ready
for the initial compliance assessments expected by OCIE and FINRA within one
year of the June 30, 2020 compliance date.
Note:RegEd is not engaged in rendering legal, accounting or other professional services. If legal or other professional advice is warranted, the services of an appropriate professional should be sought.
About the Author
Margie Webber is the Director, Regulatory Compliance BD/IA at RegEd, Inc.
Every year, RegEd reviews the latest guidance on CE Council Firm
Element topics. Several times a year, the
CE Council, established by FINRA to oversee the continuing education rules, writes
the regulatory element exams and issues guidance on what they consider
appropriate FE training topics.
Following are some highlights of new or updated topics as they appear in the recent Fall Advisory.
Digital Assets: Updated for Reg. Notice 19-24: Encourages firms to keep FINRA abreast of their activities related to digital assets.
Cryptocurrencies: An alert to warn investors to be cautious when considering shares of companies that tout the high returns associated with cryptocurrency-related activities without the business fundamentals and transparent financials to back up such claims. (RegEd Course 912)
Supervision: Complex Products: FINRA Notice 12-03. Identifies characteristics that may render a product “complex” for purposes of determining if a product is subject to heightened supervisory and compliance procedures and gives examples of heightened procedures. (RegEd Course 916)
Suspicious Activity Reporting: Updated for Reg. Notice 19-18 on red flags. (2020 AML Update course, 35AU20)
FINRA Regulatory Notice 19-31 (September 19, 2019): Disclosure Innovations In Advertising And Other Communications With The Public.
Communications Related To Departing Registered Representatives: Updated for Reg. Notice 19-10. FINRA Provides Guidance on Customer Communications Related to Departing Registered Representatives.
Imposter Websites: Updated for Info Notice April 29, 2019. FINRA Provides Guidance to Firms Regarding Suspicious Activity Monitoring and Reporting Obligations. (We will add this info to our existing Cybersecurity courses 876_2 and 897)
FINRA Information Notice: October 2, 2019: Cybersecurity Alert: Cloud Based Email Account Takeovers.
Fraudulent Phishing Emails: Updated for Info Notice February 13, 2019. FINRA Warns of Fraudulent Phishing Emails Targeting Member Firms.
Financial Responsibility Rules for Broker-Dealers
Capital, Margin and Segregation Requirements: New. Discusses SEC Rel. No. 34-86175. The SEC adopted capital and margin requirements for security-based swap dealers (SBSDs) and major security-based swap participants (MSBSPs), segregation requirements for SBSDs, and notification requirements with respect to segregation for SBSDs and MSBSPs. (We will update course 922, which addresses the current status of Dodd-Frank.)
Supervision: Municipal Advisors: Updated for FINRA Reg. Notice 19-28 on Guidance Regarding Member Firms’ Supervisory Obligations When Participating in Investment-Related Activities with Municipal Clients. (Covered in the 2020 Supervision Update.)
Exchange Traded Notes: New.Discusses FINRA Reg. Notice 19-21 on new higher strategy-based margin requirements for ETNs and options on ETNs.
General: New. Discusses MSRB Reg Notice 2019-15. SEC Approves Amendments to MSRB Rules and Data Collection Related to Primary Offering Practices. (2020 Municipal Securities Update)
General: Advertising Rule Changes: New. Discusses amended Rule G-21 on advertising by brokers, dealers, or municipal securities dealers. (2020 Municipal Securities Update.)
General: Best Execution Rule: Updated to discuss MSRB Reg Notice 2019-5 amending implementation guidance on MSRB Rule G-18. (2020 Municipal Securities Update)
Obligations to Customers (New)
Regulation Best Interest: New. The SEC is adopting a new rule, Reg BI, establishing a standard of conduct for broker dealers and natural persons who are associated persons of a broker-dealer when they make a securities recommendation to a retail customer. Enhances the standard of conduct beyond existing suitability obligations, and aligns it with retail customers’ reasonable expectations. (Course 923, Regulation Best Interest & Form CRS)
Suitability: Know-Your-Customer and Suitability Obligations. Same discussion of Rules 2090 and 2111 as contained in the last FE Advisory.
Outside business activities and private securities
transactions were a focus of FINRA’s
January 2020 Disciplinary Actions Report with at least nine (9) cases
being cited within the report. Several registered persons were sanctioned
for failure to notify and obtain prior written approval from their member firm
before engaging in an outside business activity or private securities
Those who failed to cooperate with FINRA’s investigation by
refusing to provide on-the-record testimony have been barred from the
For those who did cooperate in the FINRA investigation, all
but one received fines. Fines ranged from $10,000 to $30,000. (A
fine was not issued in one case due to the registered representative’s
financial status.) All received suspensions ranging from three (3) months
to eighteen (18) months. The most egregious case resulted in a $30,000
fine and an eighteen (18) month suspension. This case involved outside
business activities that took place at the member firm branch office and
involved customers of the member firm, private securities transactions as well
as false statements on annual compliance and branch office
questionnaires. Several other cases also involved false statements
on compliance questionnaires.
Sanctions around outside activities vary based on facts and circumstances. FINRA’s 2019 Sanctions Guidelines provides information on principal considerations and sanctions:
Outside Business Activities
Principal considerations in determining
Whether the outside activity involved customers
of the firm.
Whether the outside activity resulted directly
or indirectly in injury to other parties, including the investing public, and,
if so, the nature and extent of the injury.
The duration of the outside activity, the number
of customers and the dollar volume of sales.
Whether the respondent’s marketing and sale of
the product or service could have created the impression that the employer
(member firm) had approved the product or service.
Whether the respondent misled his or her
employer member firm about the existence of the outside activity or otherwise
concealed the activity from the firm.
The importance of the role played by the
respondent in the outside business activity.
Monetary fines range from $2,500 to $77,000
(disgorgement could also be considered).
Suspensions range from ten (10) days up to two
(2) years (or could include a complete bar in lieu of suspension).
Private Securities Transactions
Principal considerations in determining
The dollar volume of sales.
The number of customers.
The length of time over which the selling away
Whether the product sold away has been found to
involve a violation of federal or state securities laws or federal, state or
Whether the respondent had a proprietary or
beneficial interest in, or was otherwise affiliated with, the selling enterprise
or issuer and, if so, whether respondent disclosed this information to his/her
Whether respondent attempted to create the
impression that his or her member firm sanctioned the activity, for example, by
using the employer’s premises, facilities, name and/or goodwill for the selling
away activity or by selling a product similar to the products that the member
Monetary fines range from $5,000 to $77,000
(disgorgement could also be considered).
Suspensions range from ten (10) days to twelve
(12) months based on extent of selling away (dollar amount of sales, number of
customers, length of time over which selling away occurred).
How confident are you in your compliance program around
outside business activities and private securities transactions? When was
the last time you trained your registered persons on how to report such
activities to your firm for approval? Are you adequately supervising the
activities you do approve or condition? How are you documenting your
supervision of these activities? If you’ve denied activities, do you
monitor to ensure activities aren’t taking place? Do you have best
practices in place to validate the information you receive in response to your
annual compliance questionnaires and branch office questionnaires? Do you
require your non-registered persons to report such outside activities as a best
RegEd is ready to assist with your compliance challenges. Our solutions deliver proven,
robust, compliance-optimized capabilities that enable extraordinary efficiency
and strong compliance oversight, dramatically reducing the risk of
non-compliance. If you’d like to learn more, schedule a personalized
consultation with our solution and subject
matter experts. We’ll provide an overview of how RegEd’s enterprise platform
enables our clients to improve efficiency, effectiveness and transparency
across the enterprise.
February 13, 2020—This afternoon, the National Association
of Insurance Commissioners (NAIC) voted to recommend that the states amend
their annuity sales regulations to require insurance agents to “act in the best
interest of the consumer when making a recommendation of an annuity.”
The action came in the form of an amendment to the NAIC’s
2010 Suitability in Annuity Transactions Model Regulation, which was adopted by
45 states and the District of Colombia in the wake of the 2010 Dodd-Frank Wall
Street Reform and Consumer Protection Act.
The new best-interest standard requires insurance agents to
exercise a greater degree of care in selecting annuities for their clients, to
avoid conflicts of interest, to make certain disclosures to clients, and
maintain adequate documentation to show that they have acted in the best
interest of the client. Insurance companies are required to supervise agent
compliance with this rule and to maintain compensation systems that will not
undermine the best interest of clients.
Like the 2010 model regulation, the new model regulation
requires that agents be trained in its requirements. For agents new to selling
annuities, the new model calls for a 4-hour training course. For veteran agents
who were trained under the old model regulation, the new model regulation
allows for a 1-hour update course, but the regulation makes this option
available only for the first 6 months after their state adopts the new rule.
RegEd has two courses completed that meet these requirements
(which will be submitted for approval and continuing education (CE) credit in
each state as their version of this regulation comes on line):
Recommending Annuities Under the NAIC Best Interest Standard (490) This is the standard 4-hour training course required of insurance agents before they may sell annuities. It details the standard of care agents must adhere to when recommending annuities to clients. It discusses the fact finding and analysis required to make a recommendation that is in the best interest of the client. It discusses conflicts of interests, disclosures to clients, and documentation. In addition, the course review the operations of different types of annuities and how they are used to meet different client need.
Recommending Annuities Under the New NAIC Best Interest Standard—1 Hour Update Course Veteran insurance agents who previously qualified to sell annuities under their state’s version of the NAIC annuity suitability regulation may take this 1-hour update course to qualify to sell annuities under the new NAIC best-interest standard. This course details the standard of care agents must adhere to when recommending annuities to clients. It discusses the fact finding and analysis required to make a recommendation that is in the best interest of the client. It discusses conflicts of interests, disclosures to clients, and documentation.
These courses will be available in each state upon approval.
The state of Arizona has already announced that it is going
ahead with its process for adopting its version of the NAIC model regulation.
In June 2019, the SEC adopted requirements (SEC Release 34-86032) for registered investment advisers, broker-dealers, and dual-registrants that do business with retail investors to file Form CRS (customer relationship summary). Form CRS is intended to inform retail investors about:
types of client/customer relationships and services the firm offers;
costs, conflicts of interest, and required standard of conduct associated with
those relationships and services;
the firm and its financial professionals currently have reportable legal or
to obtain additional information about the firm.
Form CRS applies to registered investment advisers, broker-dealers, and dual registrants that do business with retail investors. See page 189 of SEC Release 34-86032 for the definition specific to Form CRS and more information.
investment advisers, Form CRS is known as Part 3 of Form ADV.
broker-dealers, Form CRS is known as such and has no association with Form BD.
CRS does not apply to those who do business only with institutional investors.
CRS is an additional disclosure requirement. It does not eliminate any existing
CRS may be delivered as part of a disclosure packet, but it must be the first
document. For example, some investment advisers are considering a disclosure
packet approach to include Form ADV Part 2B disclosure supplements.
registrants may have particular challenges. For example, if the firm is a dual registrant,
but the financial professional engaging with the retail investor is qualified
only as a registered representative, it must be made clear in the relationship
The deadline for firms to be compliant with Form CRS is June 30, 2020.
Form CRS is designed to help retail investors better understand the nature of the relationship and what services they can expect from a financial firm and its individual professionals, primarily in terms of a fee-based account with an investment adviser, a transaction-based account with a broker-dealer, and the significance, roles, and duties of an investment advisory representative versus those of a registered representative.
Firms must respond to each item and must provide responses in the same order as the items appear in the instructions.
The relationship summary must not exceed the equivalent of two pages, for standalone investment advisers or broker-dealers, or four pages, for dual registrants, using reasonable paper size, font size, and margins. If delivered electronically, the relationship summary must be the equivalent of the paper formatting.
The relationship summary should be concise and direct, using short sentences and paragraphs. It must be written in plain English (see the SEC’s A Plain English Handbook: How to Create Clear SEC Disclosure Documents), taking into consideration retail investors’ level of financial experience. Responses to each item must be written as if speaking to the retail investor, using “you,” “us,” “our firm,” etc. Responses must be factual and provide balanced descriptions to help retail investors evaluate services.
White space, charts, graphs, tables, and other graphics design features should be included to make the relationship summary easy to read. For a relationship summary posted on a website or otherwise provided electronically, online tools are encouraged, including links to video or audio messages, mouse-over windows, chat functionality, and hyperlinks to information that enhances a retail investor’s understanding of the material in the relationship summary.
Conversation starter questions must be formatted to make them more noticeable and prominent than the standard surrounding text.
Conversation starter questions must be included in Form CRS. They are intended to engage retail investors in a discussion about the differences between an investment adviser and a broker-dealer and their relationship with a financial professional, including legal obligations, conflicts of interest, and reportable disciplinary history. For example:
a financial professional, do you have any disciplinary history? For what type
must answer “yes” or “no” accordingly and, regardless of the answer, refer
retail investors to Investor.gov/CRS, for additional information.
with disciplinary history should be prepared to answer follow up questions and
direct clients to additional information.
Other conversation starter questions pertain to conflicts of interest. (Item 3. Fees, Costs, Conflicts, and Standard of Conduct; see page 550 of SEC Release 34-86032 for more information.) For example:
are your legal obligations to me when providing recommendations as my
broker-dealer or when acting as my investment adviser? How else does your firm
make money and what conflicts of interest do you have?”
will be required to distinguish firm-level from financial professional–level
Investment advisers must file Form ADV, Part 3 (Form CRS) electronically through IARD. Broker-dealers must file Form CRS electronically through CRD. Dual registrants are to file both. See page 544 of SEC Release 34-86032 for more information.
IARD and CRD systems should be available to accept filings on May 1, 2020; initial filings must be made no later than June 30, 2020.
Delivery Requirements to Clients
Form CRS must be delivered to current and prospective retail investor clients
within 30 days of the regulatory filing deadline of June 30, 2020.
Investment advisers must send Form CRS to clients and prospective clients before or at the time they enter an investment advisory contract with the retail investor. This includes oral agreements. Broker-dealers must send Form CRS to clients and prospective clients before a recommendation of account type, securities transaction, or a recommendation of investment strategy involving securities is made or before placing an order for a retail investor, whichever is earliest. Dual registrants must send Form CRS in accordance with the earliest triggering event of an investment adviser or a broker-dealer.
Form CRS must be amended or revised and filed with IARD or CRD within 30 days of any information becoming materially inaccurate. Amended or revised versions of Form CRS must be delivered within 60 days of change to each retail investor who is a client or considered a prospect of the firm.
The SEC may use the information provided in Form CRS to manage its regulatory and examination programs, and firms will need to integrate the relationship summary into their compliance controls, including policies and procedures, supervisory controls, testing, tracking, training, and recordkeeping.
Investment advisers must retain copies of each relationship summary and each amendment or revision, and they must retain a record of the dates that each relationship summary and any amendments or revisions were given to any client or prospective client who subsequently becomes a client. Records must be retained for a minimum of five years. (Amends Rule 204-2 of the Investment Advisers Act of 1940.)
Broker-dealers must retain a record of the date each relationship summary was provided to each retail investor, including any summary provided before the retail investor opens an account. Records must be maintained for a minimum of six years after the relationship summary is created. (Amends Rule 17a-3 of the Securities Exchange Act of 1934.)
Dual registrants must retain records in accordance with which role they adopt as a financial professional.
RegEd is ready to assist investment advisory firms, broker-dealers, and dual registered firms with various compliance issues related to Form CRS, including managing various disclosures, training, versioning, managing client delivery, and more. For further information, schedule a consultation with RegEd representative.
Merlinda Johnson FLMI, ACS and Rebecca Vasquez, Esq.
For an insurance company, the key objective of a market conduct examination (MCE) is to avoid it. As regulators pay more attention to problem areas, behaving well in the marketplace in the first place mitigates the chances of being examined. The No. 1 defense against an unscheduled market conduct examination is a documented and well managed compliance program, and companies that follow a few best practices find they can stay under the regulatory radar, and when they are selected for examination, they can be fully prepared to make it go smoothly.
1. Know the handbook.
NAIC’s Market Regulation Handbook Examination Standards Summary (available free of charge
as a downloadable PDF)
is a high-level compilation of the market conduct standards found in the more
complete Market Regulation Handbook, available from the NAIC, details each function
within an organization that a market conduct examiner would review during the exam
Make sure your policies and procedures align with each standard in the summary. If they do, you probably have a robust compliance framework already, and you’d be prepared for a regulatory examination.
Monitor and measure these standards. For example, one standard is complaint handling. During an MCE, an examiner will review a company’s complaint records to ensure it follows these standards. This includes complaints being recorded properly and the company taking adequate steps to resolve them appropriately.
2. Understand common exam triggers.
pay close attention to these areas. Manage them successfully to lessen the frequency
of being examined.
Complaints: The most frequent trigger for a market conduct
Claim denials and slow payments
Policy cancellations and non-renewals
Drastic changes in premiums
Regulatory action or activity in other states: State departments of
insurance (DOI) compile data in their jurisdictions and share it with other DOIs.
A red flag in one state can trigger investigations in others.
Market Conduct Annual Statement (MCAS) outliers: MCAS results can be a
strong indicator of a possible market conduct examination. Regulators look for
outliers in the results, like the number of complaints, claim denials, and
New laws and regulations: New laws and regulations are being
adopted around evolving functions, such as cybersecurity and health care, and
regulators focus on how insurers keep on top of the changes.
Market share and premium growth: Larger organizations may
tend to be examined more often than smaller market participants.
3. When it comes time for an exam, be prepared and establish a defined process.
you are chosen for an exam, show that you have your house in order and conduct
yourself positively for the best possible result.
Appoint an exam coordinator who has thorough knowledge of the
company, its organization, and its processes. A well-appointed coordinator can expedite
the process and encourage a positive result.
Prepare for the examiner’s arrival in advance, having read the
coordinator handbook, if relevant. Provide a comfortable, welcoming workplace
and fully functioning technology to avoid unnecessary delays. Being friendly, accommodating,
respectful, and collaborative can only help—especially when negotiating points
in the final report.
Respond to exam criticisms quickly. Acknowledge any
deficiencies, own them, and work with the examiner to develop a remediation
plan in a timely manner to keep the project on track.
Build a processto manage workflowand data. Ideally,
an organization would use technology to facilitate the exchange of information
between examiners and different parts of the company.
4. Utilize technology that is designed for the job.
organizations still use ’90s-vintage technology—email, spreadsheets or a secure
file share—for market conduct exams, making the process ad hoc, reactive, cumbersome,
and unreliable. A system that orchestrates all the moving parts can ensure a
vastly better outcome.
A purpose-built solution that manages tagged and searchable market
conduct content specifically, rather than fishing for information in email and shared
files manually. This allows for more timely and accurate responses to
examiners’ criticisms during the market conduct exam process.
Created by people experienced in the market conduct exam
and uses structured project templates to replace manual task tracking.
Accommodation of staff involved by identifying and notifying each one in
advance, allowing for preparation of any obligations and tasks well ahead of deadlines,
and enabling collaboration among them during the process.
5. More Best Practices
Create, test, and verify the implementation of policies and procedures for each exam-triggering area. For example, analyze complaint data to identify trends and implement appropriate corrective action. Implement a solid complaint tracking system that allows for effective management of complaints, and any uptick in complaints should be investigated immediately.
Go to the regulators before they go after you by self-reporting compliance issues before they rise to a regulator’s attention. Most DOIs look favorably on companies that do this.
Review recent examination results of other companies, which are published on some state department of insurance websites. These can provide insight into different states’ market conduct priorities. For example, one state may be more focused on privacy issues while another looks closely at property & casualty claims.
RegEd is ready to assist insurance companies manage the process of a market conduct exam, including task management, document management, communication with the examiners, documentation, audit trails, reporting, and more, supported by efficient and enabling technology and people with deep experience in the process.
Learn more about our Market Conduct Exam Management solution.
About the Authors
Merlinda Johnson is the Director of Insurance Regulatory Compliance at RegEd, Inc.
Rebecca Vasquez is a Senior Regulatory Analyst/Publisher at RegEd, Inc.
One of the findings in the report pertains to failure to
effectively monitor for and react to regulatory changes. Firms are required to review regulatory
changes against their supervisory systems, including their written supervisory
procedures and training programs. FINRA
found that some firms did not adequately respond to recent regulatory changes
such as FinCen’s new Customer Due Diligence (CDD) obligations and requirements
around Financial Exploitation of Specified Adults among other recently adopted
or amended rules.
In addition, branch supervision and inspection programs were found to be inadequate at some firms. The following areas were specifically cited as supervisory and risk management gaps:
Failure to fully understand the activities that are taking place at branch offices, including the unique products and services offered at each branch location;
Failure to conduct periodic inspections of non-branch locations;
Failure to determine relevant areas of review, taking into consideration the nature and complexities of product and service offerings or indicators of irregularities or misconduct;
Failure to reduce the inspections and reviews to a written report;
Failure to follow through with necessary corrective action.
Suitability once again made the Sales Practice and Supervision hit list. Specific findings included:
Inadequate supervision of product exchanges;
Failure to identify and respond to red flags;
Inadequate oversight around customer account information changes;
Failure to recognize unsuitable transaction patterns;
Inadequate supervision of trading activities (excessive trading or churning);
Inadequate training of supervisors;
Unsuitable options strategies to unsophisticated customers.
Digital communications made it into this year’s report. FINRA specifically noted some firms that prohibit for business-related communications the use of text messaging, social media and collaboration applications such as Facebook, did not maintain a process to identify and respond to red flags around the use of the prohibited digital channel communications. Red flags could have been detected through adequate customer complaint management, email monitoring, outside business activity (OBA) reviews as well as advertising reviews. Some effective practices to manage digital communication were flagged, including:
Establishing comprehensive governance structures by leveraging marketing, compliance and technology departments as well as third-party vendors;
Defining and controlling permissible digital channels though supervision; records retention; policies and procedures; blocking prohibited channels; restricting use of messaging and collaboration applications that limit the firm’s ability to retain records;
WSPs to manage the lifecycle of video content which includes live-streamed public appearances, scripted commercials or video blogs;
Training prior to providing RRs access to firm-approved digital channels;
Disciplining misuse of digital communications such as temporarily suspending or blocking channels and requiring additional training.
FINRA also shares a number of cybersecurity-related observations and best practices in their 2019 report in hopes of assisting firms with strengthening their cybersecurity programs. The report reminds firms to evaluate each of the best practices and controls described in the report. Highlighted best practices include:
Maintaining branch-level written cybersecurity policies to protect confidential data;
Implementing procedures to verify that branch office controls were implemented and are functioning adequately;
Documenting formal policies and procedures on vendor and third-party management that include onboarding, ongoing monitoring, off-boarding and disposal of sensitive client information;
Establishing and regularly testing written formal incident response plans that outline procedures to follow when responding to cybersecurity and information security incidents;
Establishing data protection controls such as encryption of confidential data (customer and firm information) whether it is stored internally or at vendor locations;
Ensuring system patching is timely applied;
Applying a ‘Policy of Least Privilege’ around access controls, by only granting access to systems and data when required and removing such access rights when no longer needed;
Implementing multi-factor or two-factor authentication controls for RRs, employees, vendors and contractors accessing firm systems and data from outside the organization;
Maintaining an inventory of critical information technology assets, including hardware, software, data in home and branch offices; legacy assets that vendors no longer support as well as corresponding cybersecurity controls to protect these assets;
Implementation of data loss prevention controls to protect sensitive customer information such as SSN, dates of birth, bank information, driver’s license numbers;
Training for RRs, personnel, third-party providers and consultants;
Implementation of change management procedures to document, review, prioritize, test, approve, manage hardware and software changes.
Training staff on how to implement firm business continuity plans (BCPs) was cited as a BCP best practice in addition to engaging in annual testing of the BCP. Note: FINRA is currently conducting a retrospective review of FINRA Rule 3270 ~ Business Continuity Plans and Emergency Contact Information. See FINRA Regulatory Notice 19-06.
Note:RegEd is not engaged in rendering legal, accounting or other professional services. If legal or other professional advice is warranted, the services of an appropriate professional should be sought.
About the Author
Margie Webber is the Director, Regulatory Compliance BD/IA at RegEd, Inc.