Other than the non-defined "culture", FINRA's 2016 exam priorities are also focused on supervision and risk management. At least these categories are a bit more defined so that you are not left guessing what FINRA means.

Under these broad topics, FINRA is focused on four primary areas, which include:

  1. Management of conflicts of interest, including incentive structures, investment banking and research business lines, information leakage, and position valuation.
  2. Technology, including the ever-present cyber-security, technology management and data quality governance.
  3. Outsourcing; what are firms doing to reduce costs by outsourcing but, at the same time, maintain responsibility for the work performed by that third-party.
  4. Anti-money laundering monitoring and controls.

So what do all of these have in common? Yes, you guessed it; all would fall within the general culture of compliance that is also a focus of these exam priorities.

All of the above-referenced priorities have appeared in some form in the past, but a couple warrant special attention; technology and outsourcing. This is a particular issue for smaller firms who, because of cost and infrastructure limitations, need to outsource cyber-security.

If so, the most important thing to remember is that you can outsource the work, but not the responsibility. So what do you have to do when you outsource?

For one, you need to vet your vendors. What are they doing to make sure they are adequately protected and, in turn, protect your electronically stored information? What does your contract provide for in the event of a breach under the vendor's watch? Will the vendor defend and indemnify you?

These are only a couple of the issues to explore, but explore you must. After all you can never delegate the responsibly to protect customer information from cyber-attack. FINRA will want to know.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.