Believe it or not, the old fashioned telephone may be one of your best defenses to a data breach and corresponding fraud. How so, you may ask.
One of the greatest data security risks that firms have is not necessarily a hack into your IT systems. Instead, the hacking into your client’s email account may pose an even greater risk.
For example, an email account can be hacked and the hacker pose as your client and then makes an email request for a wire transfer of a significant amount of money. The easiest way to ensure that the email is legitimate is to pick up that thing that sits on the corner of your desk and call your client to confirm that he/she is requesting the wire.
This phone call takes no more than five minutes and will avoid you having to file a SAR and being out of pocket to your client. You should have a written policy that all wires should be confirmed over the phone where the failure to do so will be termination.
Hackers are getting more and more creative. Yet, the oldest technology in your office may be the difference between a data breach and a satisfied customer. Don’t forget to use it.
In this day and age of instant information and overstretched supervisory personnel, you have to be careful to avoid forgoing a very useful supervisory tool. Meeting face to face with those associated persons under your supervision on a regular basis could mean the difference between routing out rogue advisors and being subject to regulatory and civil actions.
Face to face meetings are even more important where the people you supervise are in regional offices. In other words, those advisors you do not see on a regular basis. With these people in particular, you must go to their offices for regular visits.
You may ask why it is so important to have face to face contact with the people you supervise. After all, you monitor email and correspondence on a daily basis. The advisor submits her outside business and AML forms on at least an annual basis. So who cares about a face to face?
Believe it or not, people lie on forms. It is easier to lie on paper (real or electronic) than it is in person. Also, seeing someone in their natural environment may make it easier to solicit information from them because they are relaxed.
Face to face meetings also help to show whether a person is living beyond his or her means. For example ,what would it mean if a mediocre producer is now driving a Ferrari? Maybe nothing, but maybe a lot more.
People living beyond their means can be a sign that they have another source of income, legitimate or not. You would never know if there is a potential issue if you did not bother to go to this person’s office for a face to face. That person could be the next Madoff, but you would never know if you only sat in your office and stared at a computer screen all day.
If you are going to supervise, then do it. Never forget the value of face to face meetings with those under your supervision.
The SEC recently charged four investment advisors who allegedly used free dinners to entice older clients to their firm. At these dinners, these individuals allegedly provided fraudulent marketing materials to the attendees and ultimately did not invest all of the money that they were given.
Granted these four advisors may just be bad apples and not an indictment of the use of free lunches or dinners to attract new clients and money. However, if you do engage in these types of “seminars”, this enforcement action should be a wake-up call.
The SEC and FINRA have made it very clearly how they intend to approach marketing efforts directly at seniors. Both regulators will be taking a hard look at these types of seminars used to attract elder investors.
So, if you are going to offer a free meal, make sure that you are giving something of value to your prospects. Do everything on the up and up when offering these types of opportunities because your regulator is watching.
Unlike lawyers, especially litigators, the business model of a financial advisor is not dependent upon clients being stupid. Instead, financial advisors depend on their clients making smart decisions after full disclosure and consideration after speaking with their financial advisor. So what do you do when clients make stupid decisions?
In defending brokers over the years, I have seen multiple instances where clients made stupid decisions. From a legal standpoint, there is generally no duty to prevent a client from making a stupid investment decision. It is what the advisor does in response that is the most important lesson to learn.
The mistake is when the advisor ignores his client’s stupid decision in light of an advisor having provided proper advice in the first place. The key thing is to document any instance where your client ignores your advice and does something stupid. A brief story solidifies this point.
A number of years ago, an advisor told his client not to sell his life insurance policy to take the cash out until the client cleared underwriting on a new policy. Of course, the client ignored the advice, went over the advisor’s head and cashed out the policy without clearing underwriting on the new policy. Turns out the client was “deathly” allergic of bee stings.
We were able to successfully defend because of something that the advisor did. He documented his recommendation not to cash out the old policy without underwriting being completed on the new policy.
But for the smart actions of the advisor, this situation would have turned out much differently. It is just as if not more important to document when a client ignores your advice as it is when you give advice to your clients. Doing nothing is never an option.
Over the years that I have defended broker-dealers and investment advisors, a more robust overview of outside business activity (OBA) disclosures would have gone a long way to disprove a number of claims. So where did these firms go wrong?
The biggest issue that I have seen is a firm’s willingness to take the OBA of a representative or IAR at face value and not do any more due diligence. In one instance, that due diligence could have unraveled a Ponzi scheme at its inception, instead of years after the facts and millions of dollars lost.
In that case, the representative disclosed a beneficial interest in another business and that certain of his clients used that other business for tax preparation services. Although that other entity was not subject to the firm’s authority, the firm could have done more than nothing.
For one, the firm could have conditioned its approval of the OBA on the representative providing bank account statements for the other firm so that the FINRA-regulated firm could have assessed the scope of its clients using that other firm. By doing so, the firm could have uncovered that its clients were transferring money in not insignificant sums from their brokerage accounts to this third-party.
Conversely, if the representative refused or unable to get these statements, the firm could have denied approval of the OBA. Although this extra step may not have exonerated the firm from its representative’s use of the OBA to perpetrate a fraud, it would have provided a solid argument that it should have no liability because the representative acted outside the scope of his authority.
The moral of the story is that there is no perfect system for assessing OBAs. The important thing, however, is to take nothing at face value. Ask questions and push for information. If your employee is unwilling or unable to get that information, then the best thing is to not approve the OBA and lay the foundation for a defense if you are ever questioned about your employee’s outside business activity.
In the near 20 years that I have been defending financial advisors against claims, many of which brought by seniors, the biggest issue that I have seen is the failure to document the file in a proper manner. Why does this matter you may ask?
First and foremost, the way a file is documented tells a story about how the advisor managed the relationship. This is even more important now that there is an intense focus on suitability issues with senior investors. The better and more detailed the documentation in the file, the easier it will be to defend against any suitability claim.
Another key is to document all communications with your clients, especially seniors. This particularly comes into play when a client ignores your advice. When a client ignores your advice, an email or letter to the client detailing that action and the consequences for doing so are key, and can mean the difference between winning or losing a case.
One last comment deserves mention. If your file lacks documentation, do not try to recreate it after a client complains. Speaking from personal experience, recreating documents does not end well for the advisor. You can still defend yourself when file is documentation-light, but you can’t when you alter your file.
So remember, it is all in the documentation. Have very good documentation and protect yourself. Don’t document your file and roll the dice. The choice is yours.
It is no secret that FINRA and the SEC are sharply focused on issues regarding elder clients, including severe disciplinary action. There is another elder “issue” that must be kept in the forefront as well; senior designations.
Senior designations are “certifications” that financial advisors tag onto their other designations like CFA, etc. Such designations are meant to give an advisor an air of credibility or specialization when it comes to servicing elder clients.
However, not all such designations are legitimate. Indeed, some are no different than the secret decoder rings we used to get out of a box of cereal. So what should you do?
You should not let any of your advisors tout any such designations unless and until you have had a chance to vet the legitimacy of the designation and the entity that is promoting it. Is there any sort of testing and continuing education requirement to maintain this designation? Have FINRA or the SEC ever commented on this designation and/or the entity that may be promoting it?
The key to any sort of senior designation is for you to conduct proper due diligence to ensure its legitimacy. Otherwise, you run the risk of running afoul with your regulator for allowing your advisors to tout a specialization that does not exist.
FINRA recently barred a registered representative and fined that person $52,270, which represented the commissions he received from the sale of debentures to 12 senior investors. So what was so bad about those transactions?
For one, the high commission investments were not suitable for these elder investors. Second, there were misleading statements made to seven of the 12.
In addition, all but one were retired at the time of purchase. Nine of the ten investors were over the age of 70 at the time of investment.
This disciplinary action is significant because it enhances two points from FINRA’s 2016 exam priorities. You may recall, FINRA announced that it was going to focus on elder issues and, in particular, suitability of investments.
How should firms address these issues? As I have stated in other blogs, the easiest solution is to put elder clients (those over the age of 65) on something akin to heightened supervision. In other words, someone in a supervisory capacity must scrutinize each and every trade made by one of these investors to ensure investment suitability.This may seem a bit much to manage. There is, however, no denying that FINRA is razor focused on this issue and is not taking elder issues lightly.
So maybe heightened supervision is too much for your firm, but do something. Implement some policies and procedures to ensure that proper steps are undertaken to ensure only suitable investments are sold to your elder clients. Otherwise, expect a call from FINRA.
- photo from freedigitalphotos.net
In a recent SEC enforcement action, a registered representative was suspended for 6 months and fined $75,000 for, among other things, forwarding confidential client information from his personal email to a former registered representative who maintained the initial client relationships. The representative also used his personal email to conduct firm business. In some instances, he emailed customer information from his work email to his personal email.
This unfortunate situation shows another side of data security risks that firms must address; the rouge representative who is handling client information in violation of Regulation S-P. In some ways, this type of data breach can be even more difficult to prevent than an external threat.
If someone really wants to get around your system, that person will likely do so. So what to do?
One thing firms should consider is a logging system when an associated person accesses client information subject to Regulation S-P. This way, firm supervisors can monitor who is gaining access to what information, when and how often. The enforcement opinion was silent on any firm protocols in this regard.
Although this type of access-logging system may not have prevented what happened, it could have put the odds in the favor of firm because it may have revealed unusual activity that the firm could have further explored.
The lesson to be learned is that data security is not just an external threat. There are internal risks that must be accounted for in order to have a fulsome data security program.
FINRA has identified that firm culture is in its cross-hairs. But what is firm culture?
Trying to figure out what’s meant by firm culture reminds of my law school days studying First Amendment law and, in particular, cases addressing pornography. A former Supreme Court Justice, Potter Stewart, seemed to get it right when he said something along the line of, I don’t know what pornography is, but I know it when I see it.
I think that the same can be said about firm culture. No one really knows what it is, but FINRA is sure to determine when there is a failure of firm culture when FINRA sees it. So what should you think about when it comes to firm culture?
I think that the easiest way to think about firm culture is what does the leadership from the top down look like. How does the firm’s upper management approach issues involving compliance with the law and regulations, as well as the firm’s own written policies and procedures?
If the firm leadership does not take these issues seriously, then that same leadership cannot expect its registered representatives and staff to take those things seriously as well. In other words, the do as I say not as I do philosophy is a failed philosophy.
FINRA has identified firm culture as an exam priority and has recently reemphasized that point in its planned targeted examinations. It is now the put up or shut up moment. Is your firm’s leadership making compliance and supervision issues a top priority? If no, you should expect FINRA finding a problem with your firm’s culture. FINRA is sure to know it when it sees it.