Retail Investors and Cybersecurity Top FINRA 2022 Priorities

Mar 16th '22

There was a retail trading frenzy in 2021, with approximately six million people downloading trading apps in January alone. This led to record-high average daily volumes for trading with retail brokerages.


In light of this surge, Financial Industry Regulatory Authority (FINRA) is focusing their efforts on investor protection and market integrity in 2022. Smarsh has distilled the 175-page report into four key areas of focus:


  • Protecting retail investors
  • Supervising public communications
  • Clarifying Regulation Best Interest (RegBi) policies
  • Staying current with cybersecurity


Watch the webinar on-demand on BrightTALK.


1. Protecting retail investors

A major FINRA focus in 2022 is on the influx of retail investors, many of whom are Gen Z or newer investors. Firms are attracted to this new and growing market, but it also is a market of less sophisticated investors, making it ripe for potential market abuses.


Social media is a popular channel for this demographic, and both firms and financial influencers (or finfluencers) know this. While some firms, such as Fidelity, have social media accounts that are designed to engage these investors with educational material, other individuals and firms are using social channels in a way that is concerning to regulators.


I think the next year is going to touch on a lot of things like gamification and other digital engagement practices surrounding the retail investor,” says Tiffany Magri, Regulatory Advisor at Smarsh. “Are firms engaging in these activities to educate and inform and increase returns for retail investors? Or are they only considering their own returns when engaging in these types of activities?


Firms can expect FINRA to pay extra attention to ensure firms are applying compliance policies and practices and supervising social media activities. If representatives are acting as finfluencers, supervisors are obligated to capture, store and monitor these types of communications.


“Are firms engaging in these activities to educate and inform and increase returns for retail investors? Or are they only considering their own returns when engaging in these types of activities?”


2. Supervising public communications

With more advisors and representatives working from home, FINRA will continue to focus on communications with the public and more specifically Outside Business Activities (OBA) in 2022. In addition to reviewing firm records, it’s expected that FINRA will also scrub social media and online forums during their reviews. Firms will need to perform due diligence on their own representatives to reduce the risk of undisclosed outside business activities.


Video was also a part of the public communications focus. FINRA called for firms to create best practices and protocols around video content, including developing procedures around livestream public appearances and scripted presentations. In September 2021, FINRA added the use of visual aids like whiteboards or instant messages and polls in presentations to be considered communications with the public.


Firms need to review how they are using those digital communications and making sure that those communications fit into their procedures and practices,” says Magri.


3. Clarifying Regulation Best Interest (RegBi) policies

Firms can also expect another wave of Regulation Best Interest (RegBi) enforcements. According to Elin Cherry, CEO and founder of Elinphant, FINRA has fleshed out the guidance on RegBi and will continue to do so.


I think what FINRA has found is that firms haven’t implemented it correctly,” says Cherry. “Firms did the bare minimum by adding standard boilerplate language into their policies and procedures, but now FINRA will clarify guidance to make sure policies and procedures are buttoned up.”


Magri adds, “One of my favorite parts of the best interest section in the exam letter is that it essentially says, ‘Don’t just state what the policies are, but include how you’re going to fulfill them.’”


An important aspect of RegBi is that it is interwoven with many other policies and procedures firms already have in place. FINRA does point this out so firms can evaluate their policies and procedures holistically to ensure that necessary items and records are captured . As a best practice, firms should monitor communications channels for red flags indicating possible infractions to these policies.


It’s really looking at this rule and evaluating all the different items and making sure you’re testing those practices and maintaining those records,” says Magri. “Designating a supervisor who really understands RegBI to maintain these polices is going to be crucial for firms going forward.”


4. Stay current with cybersecurity

The new model of having new data, new office locations and a new class of investors creates more opportunities for intentional wrongdoing. FINRA also released notices cautioning firms to be on higher alert and readiness given some of the geopolitical events going on in the world today.


It’s increasingly important for firms to have robust policies in place for confidential and sensitive data. Cyberattacks are constantly evolving and getting more sophisticated and common. Cybersecurity needs to evolve with it.


Firms need to have a cybersecurity “playbook” that has strategies to:


  • Integrate periodic risk assessments
  • Categorize and prioritize those assessments
  • Detect and monitor cyber incidents
  • Respond to cyber incidents
  • Partner and collaborate with cybersecurity professionals


If a firm stores its data in the cloud, the firm must make sure its technology partner is suited for that purpose and have a security infrastructure, protocols, and strategy in place.


Firms need to perform due diligence on their technology vendors annually,” says Cherry. “A vendor hired five years ago may not have kept up with all the cybersecurity changes.”


Digital communication will play a larger role this year

Digital communication is the lynchpin of FINRA’s focus, which makes sense for three key reasons:


  • The financial services industry will remain in a hybrid scenario
  • Retail investors are making a clear impact
  • Communication channels will continue to evolve with advancing technologies and investor preferences


Digital communications seem front and center in this report, which makes sense since we’re all digitized and remain in a hybrid scenario,” notes Robert Cruz, VP of Information Governance at Smarsh. “But it’s also because this generation of retail investors are choosing different communication vehicles. They engage in non-traditional ways, and I see more firms embracing that.”


Firms need to be able to adequately capture, retain and supervise digital communication records. More importantly, there needs to be a supervision solution in place that can help identify communication red flags with precision to get ahead of potential misconduct.


“Firms need to make sure that they have a good due diligence process at the front door when they’re making decisions about which tools to allow and which tools to prohibit,” adds Cruz.


While FINRA has laid out its focus for this year, firms can be confident that this guidance will persist as long as digital communication technologies play a role in reaching and engaging investors.


Featured guide: Hybrid Workforce Risk Assessment Scorecard – Get the Scorecard


Source: Smarsh


About Smarsh

Smarsh® is the recognized global leader in electronic communications archiving solutions for regulated organizations. The Smarsh Connected Suite provides innovative capture, archiving, e-discovery, and supervision solutions across the industry’s widest breadth of communication channels.


Scalable for organizations of all sizes, the Smarsh platform provides customers with compliance built on confidence. It enables them to strategically future-proof as new communication channels are adopted, and to realize more insight and value from the data in their archive. Customers strengthen their compliance and e-discovery initiatives and benefit from the productive use of email, social media, mobile/text messaging, instant messaging and collaboration, web, and voice channels.


Smarsh serves a global client base that spans the top banks in North America and Europe, along with leading brokerage firms, insurers, and registered investment advisors. Smarsh also enables federal and state government agencies to meet their public records and e-discovery requirements. For more information, visit


About us

At LS Consultancy, we provide a cost-effective and timely copy advice and copy development services to make sure all your advertising and campaigns are compliant, clear and suitable for their purpose.


We are experts in Marketing and Compliance, and work with a range of firms to assist with improving their documents, processes and systems to help mitigate risk.


Contact us today for a chat or send us an email to find out how we can support you in meeting your current and future challenges with confidence.


Explore our full range today.


Contact us



Why Not Download our FREE Brochures! Click here.


Call Us Today on 020 8087 2377 or send us an email.


You can see our Google reviews here.


We’re looking for guest writers with business know-how and experience to create outstanding articles to feature on our website. Sound like you? Then find out more…