BISA Portfolio Podcast
BISA Portfolio Podcast
Portfolio Podcast Episode 10: Managing Exam Priorities With Carol Goulding & Serina Shores
Managing SEC and FINRA exam priorities isn't always a walk in the park, but guest host Carol Goulding (M&T Securities) and guest Serina Shores (Huntington Financial Advisors) break down how they do so effectively — and have fun along the way — in this edition of the BISA Portfolio Podcast. Topics discussed include:
- Process for analyzing letters (8:12)
- Finding best practices (10:45)
- Contacting regulators directly (12:52)
- Addressing results of FINRA analysis (15:47)
- Involving legal staff (16:46)
- Reporting to the board (19:16)
- Implementing and tailoring training (21:24)
Please note that all comments represent the opinions of the speakers and don't necessarily represent the opinions of their firms.
Carol Goulding is a senior vice president with banking and securities industry experience concentrating on regulatory and compliance issues. She is currently the senior compliance manager for Wilmington Trust’s Wealth Division and is responsible for overseeing business policies and procedures to ensure compliance with regulatory and ethical sales practices. She holds several FINRA licenses as well as a Life, Accident and Health license.
Serina Shores is the senior vice president - chief compliance officer of Huntington Financial Advisors. She has over 23 years of experience in the industry in various roles. Prior to Huntington Financial Advisors, she served in multiple capacities at Washington Mutual’s WM Financial Services and JP Morgan Chase’s Chase Investment Services Corp. She is married and has two children and a running partner — Buster the Cavachon dog.
BISA's Regulatory & Compliance Program serves as a resource for BISA member companies in an increasingly stringent regulatory environment. BISA partners with qualified firms to provide strategic insights and regulatory, compliance and risk management expertise through regular editorial content submission, training and education, conference programming and other monitoring and risk management information services that would benefit BISA members. BISA accomplishes this through two yearly regulatory and compliance summits, one in the fall and one in the spring. Learn more about these events here. BISA members are also welcome to join the monthly Regulatory & Compliance Networking Gr
BISA is the leading financial services industry association dedicated to serving those responsible for the marketing, sales and distribution of securities, insurance and other financial products and advisory services through the bank channel.
Carol Goulding 0:09
Hello, I would like to welcome everyone to the BISA Portfolio Podcast, a podcast elevating the voices of Bank Insurance & Securities Association members. I'm Carol Golding, guest host of this episode exploring the ins and outs of the FINRA priority exam letter. Today, I'm speaking with Serena shores, who is Chief Compliance Officer of Huntington Investment Company. But first, I want to remind you to please subscribe to this podcast. And leave it a rating and review while you're at it. It's available wherever you listen to your podcasts. So make sure you're subscribed, whether that be on Apple Podcasts, Spotify or another platform. And if you enjoyed our discussion today, please share with your network. I also want to take a moment to introduce myself and how I'm connected to BISA. I work at M&T Securities as senior compliance manager. I also serve as chair of the BISA Regulatory Compliance Education Committee, a position I've held since approximately 2015. The regulatory and compliance Education Committee launched in 2014 as part of the regulatory and compliance program. The program serves as a resource for BISA member companies in an increasingly stringent regulatory environment. BISA partners with qualified firms to provide strategic insights and regulatory compliance and risk management expertise through regular editorial content submission, training and education, conference programming and other monitoring and risk management information services that would benefit BISA members. One way BISA accomplishes this is through summits for our members. We have a fall compliance summit, typically held in November and a spring event in February. I'm looking forward to seeing many of our listeners at the fall event. Also, the Education Committee posts monthly meetings to discuss timely topics. Please visit our website to learn more. Now that I have summarized the background of our regulatory and compliance program, just a little bit of homework. I just want to mention our comments reflect our opinions and our not necessarily the opinions of our firms. But now I'm excited to welcome Serina Shores. Serina, can you tell us a little bit about yourself?
Serina Shores 2:46
Hello, and welcome everyone, as we say at Huntington. Carol, thank you for having me today. My name, as Carol mentioned, is Serena Shores, and I am the chief compliance officer for Huntington Financial Advisors, or Huntington Investment Company as it is legally known. I've been in the industry for over 23 years. And as the chief compliance officer for Huntington Investment Company, I believe my responsibility does not end with ensuring that our firm has a strong compliance program that is appropriately designed to prevent any violation of industry rules and regulations. But also importantly, that I built a strong relationship with our regulators to ensure they understand our business and our registered representative.
Carol Goulding 3:34
Thank you Serina. As you just mentioned as compliance officers, we know that it is in our best interest to seriously review any communication from regulators, including the SEC and FINRA. The regulators provide hints or direction with respect to the important topics for us to review. We know two of the primary publications from the SEC and FINRA, namely the high priority letters, are issued typically in the first quarter. Serina, can you tell our listeners the process you have implemented to analyze and disect the SEC and FINRA letters. How do you begin analyzing those letters?
Serina Shores 4:17
I am happy to. As you stated we don't often know exactly what our regulators think. These exam priorities letters are our way of knowing what is going on and what the expectations are, and how the regulators interpret some of the rules and regulations that we deal with daily. So for my company specifically, the compliance managers will meet in person to conduct a review of these letters alongside our written supervisory procedures. The review does not only focus on that year's priorities letters, we also look at prior years, the preceding two years' priorities letters, and we compare and contrast and also look at our W. SP, what is needed, if there are any gaps.
Carol Goulding 5:09
Thank you, Serina. So you mentioned that the compliance managers are involved in analyzing the letters. Are there different levels in the organization that are included, are decision makers involved in the analysis of what the requirements are?
Serina Shores 5:25
So the first take Carol is the compliance manager. We will set out, as I said and review what the priorities are, best practices that will mention all exam findings from these letters, both the SEC, and the FINRA letters. And based on what we identify, we will take it to the compliance risk management committee, which consists of compliance personnel, the line of business, senior leadership, risk folks, as well as our audit and legal folks. We go over the priority letters, what pertains to our business, some of the gaps that we may have identified, and what we will suggest or our proposal is to the business to do going forward.
Carol Goulding 6:16
So Serina, how do you go about analyzing the different requirements? I'm a little familiar with those letters. And they're broken up into different sections. Do you take each one of the sections, and perhaps put them on some type of spreadsheet and determine where you are satisfying the requirements? Or where there's a gap? And perhaps if they're pointed to a WS P procedure? Or how do you specifically analyze the requirements?
Serina Shores 6:52
So Carol, as you mentioned, you know, these are in sections. The good news is the regulators have a good layout with these regulations and where they will apply to any firm's WSP. So what we do, unfortunately, I wish I could tell you 'we have an AI system, a technology that could just review all of this and do the comparison for us' -- we don't. So we use Excel spreadsheets. We will capture all the issues that were identified in both letters from the SEC and from FINRA. And then on the other side will be our written supervisory procedures. We will look and see what really pertains to our business first and foremost. And then from there, if there are any best practices that were identified, that we noticed, or WSP may be missing, and might need to be updated to include those best practices, assuming it's relevant. Also, if it's not best practices, and its actual findings, we will also review to see if we have a gap and what needs to be done. Once that is captured, you will identify what part of the WSP may need to be updated. If there needs to be any training, or any communications, just to make people aware of what is going on industry.
Carol Goulding 8:12
You mentioned best practices. Where do you find these best practices? How are they identified? Is there a source for these best practices? Where do you go to determine what seems to be industry practice? And therefore best practice?
Serina Shores 8:28
That's a good question, Carol, you know, this is the beauty about being a member of BISA. In addition to what the best practices are from the regulator's letter, we will either consult with some of our members. And in some of you, yourself included, we will call you or even send a quick email or get on these either monthly or quarterly meetings and pose those questions about hey, how do you do XYZ? And our member friends are very, very willing to share their best practices and some of the issues they have encountered. How do you address those issues? We learned a lot from those conversations. And we may sometimes have to consult with in-house counsel, outside counsel, but I can tell you the best practices that you're gonna get. It's usually from somebody or a company that is doing the day-to-day or has encountered an issue similar to what you were talking about, not just the theoretical aspect of the rule, but the practical application of the rule. You gain from speaking with somebody who's done it or been there.
Carol Goulding 9:41
Ah, I see, very good, very good. So if you contact various peers in the industry, is there ever any fear that they could identify a gap that you seem to be owning up to or that you're uncertain and they could use any of that information? That's not something that you're concerned about is it?
Serina Shores 10:01
No, I am not. Because you know, among all of us are BISA members and other regulatory roundtable, we have a common understanding that what is said in the room is left in our room. We should be able to trust each other to be able to share this information. consulting with somebody for best practices does not mean a crime has been committed. So if one finds or sees the need to go escalate it or report it to somebody, unfortunately, that's their cup of tea. But I am never concerned with consulting with any of our BISA members or the industry members for best practices, as we all do you know what?
Carol Goulding 10:45
Right, right, we certainly have as well, Serina, and I've contacted you frequently. Another question, have you ever contacted the regulators directly? Have you ever contacted FINRA directly to ask them what they're seeing in the industry and whether or not they've seen some best practices that they'd be willing to share and provide us some insight as to what others are doing and what they perceive to be an appropriate practice or procedure that's in place? Have you contacted the regulators for anything like that?
Serina Shores 11:18
Yes, I have Carol. You know, old school way of thinking, we used to be told I mean, compliance personnel were told, 'do not reach out to your regulator, because whatever you say, may and can be used against you.' However, the industry has evolved including our regulators, especially when FINRA moved from the coordinator to the risk analyst structure. I have contacted my risk analyst on multiple occasions, one eitherto inform her about what my company is looking to undertake. And what does she think, based on what I've laid out to her, or what she's seen in the industry doc will help me either avoid some of the mistakes people have made, or you know, shortfalls, you know, address those before I implement either a procedure, a policy or even a product, onboarding product. And I can tell you, those conversations have been crucial. In a lot of cases, I've learned a lot from my analysts than I have from reading the rule by itself or even contacting some of my friends in the industry. So leveraging your compliance, your federal analyst, it's really important. Find that relationship ahead of time before you need to speak with them about best practices or anything else you plan to do.
Carol Goulding 12:52
Good advice, Serina. So let's talk a little bit more about the federal letter and what you do with the results of that particular analysis. And you mentioned that if you identify a gap, obviously, you're going to work with your business partners, and put in place some type of procedure or a process to close that gap. Or if you think that the regulators perhaps are digging deeper into a particular issue. Even if you have procedures in place, it may serve you well to enhance those procedures. But let me ask you this question. We all know that we are evaluated by FINRA on a regular basis. Have you discussed with them? Or have you shown them the analysis that you've prepared of the letter that they produce on an annual basis? Have you showed them those results or discussed with them the results or the process that you have in place to review better?
Serina Shores 13:55
So I may be a little different than some of compliance officers out there because I do have an ongoing recurring meeting with my FINRA risk analysts. And when these letters come out, either the SEC or the FINRA priorities letters come up. As I said, after reviewing these, if I noticed some gap as a company, or some best practices that we think is useful. During one of my recurring meetings with my analyst, I may even ask the question of what I've seen that is different from practices that we've had in the past by sometimes may even ask, what is the premises behind that recommendation within that letter. You get to get some answers and sometimes they will tell you they don't know. But I will share my analysis, not in a written form, but during a telephone conversation, and a lot of times that is because I'm trying to gain more intel if I may say so or information from this analyst. Truth be told, the analysts usually have more information available to them than we do as to where the regulator is heading and what they're seeing out there. So it pays to leverage some of that, by speaking about this analysis that my department has conducted, I get to gain a lot more from her as to what she sees. But as I said, I don't present her with a written analysis of what we've done. This is something we keep, if ever needed, depending on the situation I made, but I have never presented it in writing.
Carol Goulding 15:37
Okay, that's interesting, but she's probably aware of the fact that you have prepared this type of document, but she's never requested it.
Serina Shores 15:46
That's correct.
Carol Goulding 15:47
Okay. All right. Have you ever put it under attorney client privilege to the attorneys? Does your legal staff have an opportunity to review it? Have you ever discussed any of the matters with them? Or is that not that necessary?
Serina Shores 16:02
Fortunately, we haven't had any incidents during any of these reviews that would have rised to that level. However, I'm not saying it's during the review process we identify an issue that may be of a regulatory concern, or even firm wide, it could be HR or anything else, we will consult with our legal department, we have a fantastic relationship with our legal and risk folks. So I typically will reach out if there is anything that I think needs to be escalated and have a more in-depth and open communication
Carol Goulding 16:39
That's better, always serves us well to be open with the folks that can provide us such guidance and assistance. So, you've reviewed the letters, you've identified where your strengths are, you've looked for the best practices, you found gaps, perhaps, or enhancements that you'd like to put in place. And now you come to the endpoint, you provide a summary and you provide that to the board, or what entities within your organization or are actually provided a summary report or some type of report to indicate that you've reviewed the letter and that you are either fully compliant, or maybe you have a little bit of work to do.
Serina Shores 17:21
So we do, I mentioned earlier that we have a compliance risk committee that meet every quarter. The review and an analysis is captured on an Excel spreadsheet, showing where the gaps are, best practices and where within our WSP the written supervisory procedures, this will be applicable. And we will create a summary of either finance gap or even if we do well, we will create analysis of that. And we present it on the quarterly compliance risk committee meeting. And this meeting has, as I said, members of our leadership, the CEO is there. We have our counsel, in-house counsel that is, on this. We also have the director of principal review desk as part of the meeting, director of supervision as part of this meeting, we have the sales managers, you know, the director of the National Sales Director, it's on this meeting, we have our audit directors on the meeting, we have even risk partners on the meeting. So audit stakeholders are represented at this meeting, this is presented to them. And we invite comments or opinions, what they see and how they can collectively help if there's a gap to address the gap. If it is something not, it's just to make others aware, they know who to communicate and when to communicate it. And then, that summary is also presented to our board of directors as well. But we do it in both places.
Carol Goulding 19:01
Very good. So everyone is well informed of the status and how compliance or if any changes need to be put in place or any technology changes need to be put in place, which is always a time consuming endeavor when technology's involved. So now you've analyzed the letters, you've identified gaps, you have people, folks working on closing those gaps. The board's aware of it, all the pertinent individuals are fully aware of the summary. So now you need to communicate it to the people that actually affect these changes. So how is training done in your organization? How does that occur? And how do these folks become aware that there may be some changes in procedures?
Serina Shores 19:46
So we do have a training group that is responsible for training all of our employees. And then we also have within the compliance department, the manager who is responsible for compliance specialists training. So depending on the type of gap or the training need, either the compliance department will create it. Or we will have the line of business training, who creates the training. And all parties will review to ensure that the training is addressing what we need address based on the findings, schedule a meeting with everybody else, and the various managers who are responsible for supervision, to make sure, one, our training calendar is in line with whatever else is going on. And it can free up the colleagues who are supposed to take the training, or participate, whether it's a live training webinar via teams, or if it is going to be a training piece that is on our systems, you know, our company's website, we call it essential where the training can be delivered. Once that is done, we will communicate out to the general register representative or associate of the firm as to when the training needs to be taken, which means and also the deadlines for each one. In some cases, we will even have call schedule, follow up call schedule for q&a. Let's say you took the training and you still have questions. There may be session for q&a, live call for people to answer those questions.
Carol Goulding 21:24
So I think I heard you say that there may be different training types, depending on the topic. And there may also perhaps the difference training designed for the recipient of that training, so that they not everyone necessarily needs to receive the same training. So is it tailored to the recipient?
Serina Shores 21:45
It sure is, because an associated person who is not necessarily registered does not have any licenses may have a different training requirement versus somebody who is in a sales capacity, or a back office capacity or principal capacity. So the trainings are typically tailored to the needs of the recipient. And sometimes we also will look at the training pieces and say, 'how can we get it delivered?' What majority of the people will be receptive to is it better to do it live? Is it better to do it as a recorded training? Is it better to do it on screen kind of training for you to go in and take it or is it better to do regional meetings and present?
Carol Goulding 22:33
Perfect. Well, Serina, it sounds like you've done a very thorough job analyzing the priority letters, you broke them down piece by piece, evaluated the current year to the prior years, presented to the board, and have trained individuals who need to fulfill the requirements. I'd like to thank you for providing this information and enlightening us on your process. Thank you so much for taking your time to share with our listeners. And I hope our discussion today was helpful to our listeners as they prepare to review the FINRA priority exam letter. I know it can be tricky when you first go through the process. But you'll be an expert in no time. Thank you so much Serina for taking the time to share with our listeners.
Serina Shores 23:24
And thank you Carol for having me. Thank you BISA.
Carol Goulding 23:29
Thank you everyone for tuning in. Please remember to rate and review this podcast and share it with your network. Thank you, have a good day.
Transcribed by https://otter.ai