Header graphic for print

Securities Compliance Sentinel

Analysis of cutting-edge securities industry issues

How to avoid being sued 2.0

Posted in Arbitration, Compliance and Supervision, FINRA Compliance, FINRA CRD, Public Customer Arbitrations, Registered Representatives, Securities Litigation

Over the years that I have defended financial advisors and their firms, I have frequently spoken and written about ways to avoid the risk of being sued. I prepared a guidebook a couple of years ago that detailed some common sense approaches to risk avoidance. I have updated that guidebook to take into account new issues that you face.  You can access this material by clicking on guidebook.

I hope that you find this of use in avoiding the risk of being sued.

Cybersecurity: FINRA’s Take

Posted in Compliance and Supervision, Financial Industry Trends, FINRA Compliance, SEC Compliance

We recently highlighted the Security and Exchange Commission’s 2014 OCIE Cybersecurity Initiative.  Not to be outdone, FINRA also released its Report on Cybersecurity Practices, which provided a much more in-depth report on cybersecurity.  Therein, FINRA offered its own insights into what it expects from firms’ cybersecurity risk management practices:

  • FINRA recommends that firms have a sound governance framework with strong leadership, including board- and senior-level engagement on cybersecurity issues.
  • Firms should conduct comprehensive risk assessments if external and internal threats, as well as asset vulnerabilities.
  • FINRA expects firms to implement sound technical controls, such as identity and access management, data encryption, and penetration testing.
  • FINRA recommends that firms develop, implement, and test incident response plans, which should include containment and mitigation, eradication and recovery, investigation, notification, and making customers whole.
  • Regarding the use of vendors, FINRA recommends that firms should establish appropriate contract terms and perform strong due diligence before and during the engagement.
  • FINRA emphasizes the need for training that is tailored to staff needs.
  • FINRA encourages firms to take advantage of intelligence-sharing opportunities to protect themselves from cyber threats.

Firms that are deficient in any of these areas should review FINRA’s Report in detail and consult outside counsel regarding implementation of cybersecurity risk management practices to ensure compliance.  Not doing so leaves deficient firms open to more than just the increased threat of data breach – the SEC and FINRA could come down hard on firms that do not have a fulsome cybersecurity policy, either during an examination or after a breach.  Do not fall behind on cybersecurity.

For more information and resources related to cybersecurity, check out Fox Rothschild’s Privacy Compliance & Data Security blog.

New Look For FINRA.org

Posted in Financial Industry Trends, FINRA Compliance, FINRA Enforcement

Earlier this week, FINRA launched its redesigned website FINRA.org.  The website boasts a cleaner and more intuitive design, making information easier to find and read for users.  Streamlined navigation also allows users to more quickly access tools and resources on this site, such as BrokerCheck, investor education, and information about registration and qualification exams.  In particular, BrokerCheck users can expect an improved experience.

Additionally, FINRA.org has improved is searching capabilities.  Users can now narrow and sort search results according to content type, date, and other parameters.  This improved search functionality is simple, yet effective, and will save time by allowing users to focus their searches and receive targeted results.

FINRA.org also now has a mobile-friendly platform, which differs depending on whether you are using a smartphone or tablet.  Certainly this addition is long overdue and will allow users to more easily access FINRA’s website on the go.

FINRA.org is an excellent source of information regarding FINRA’s past, present, and future actions and decisions.  Previously, I found the website to be outdated and not user-friendly, and would often just use Google to search for FINRA related information.  I am hopeful that with these changes, particularly the search functionality, FINRA.org has become a more useful database for practitioners.  Time will tell.

The Top 10 Best Practices for Using Social Media as an Investing Tool

Posted in Cyber-Security, FINRA Compliance, SEC Compliance

More and more investors are using social media as a tool for their investing needs. As a result of the inherent risks associated with social media, the SEC has issued an Investor Bulletin to highlight best practices for those clients.

It makes sense for firms to review this Bulletin so that you are in the best position to advise your clients accordingly about their use of social media as an investing tool. The SEC’s tips included the following:

  1. Check the security default settings and modify them before posting any information on social media.
  2. Consider customizing the privacy settings to minimize the amount of available biographical information.
  3. Never communicate account information through social media; a financial advisor’s social media site may not be firm-sponsored and subject to firm-specific security settings.fraud.jpg
  4. Think long and hard before accepting “friend” requests from a financial services provider, particularly when considering the purpose of the social media site.
  5. Investors should understand the functionality of the site before broadcasting any financial information because certain information may be widely seen.
  6. Investors should always have a strong password, at least eight characters and with a mix of letters, numbers and symbols.
  7. Use separate and unique passwords for each social media site.
  8. Investors should avoid accessing their social media accounts through public or shared computers.
  9. Be very careful before clicking on a link, even if it appears to be one from a “friend”.
  10. Secure your mobile devices with a unique password, especially if the mobile device is linked to any of the investors’ social media accounts.

These are only a handful of suggestions from the SEC. If you have clients using social media for investing tools, you would be well-served to give them this guidance, or else they too may be the victim of internet crime.*

* photo from freedigitalphotos.net

Do Not Fall Behind On Cybersecurity

Posted in Broker-Dealer Regulation, Compliance and Supervision, Financial Industry Trends, FINRA Compliance, Investment Adviser Regulation, SEC Compliance

Cybersecurity is more than just a trending topic.  As hacks and leaks continue to be publicized, the Securities and Exchange Commission is stepping up its game and increasing its focus on cybersecurity compliance.

The SEC’s Office of Compliance and Inspections recently released an initial summary of their findings from their 2014 OCIE Cybersecurity Initiative.  The OCIE examined 57 registered broker-dealers and 49 registered investment advisers to better understand how they address the legal, regulatory, and compliance issues associated with cybersecurity.  While the OCIE admits that their staff “is still reviewing the information to discern correlations between the examined firms’ preparedness and controls and their size, complexity, or other characteristics”, the Cybersecurity Examination Sweep Summary details the OCIE’s initial observations related to cybersecurity.

The OCIE found that most of the examined firms have implemented the following cybersecurity initiatives:

  • Adopted written information security policies;
  • Conduct periodic risk assessments, on a firm-wide basis, to identify cybersecurity threats, vulnerabilities, and potential business consequences;
  • Conduct firm-wide inventorying, cataloging, or mapping of their technology resources;
  • Use some form of encryption; and
  • Provide clients with suggestions for protecting their sensitive information.

Regarding certain cybersecurity initiatives, however, the OCIE frequently found broker-dealers to be better positioned than advisers.

  • 72% of broker-dealers incorporate cybersecurity risk policies into contracts with vendors and business partners, compared to only 24% of advisers that incorporate such requirements.
  • 68% of broker-dealers have an explicitly designated Chief Information Security Officer (“CISO”), while only 30% of advisers follow suit (instead opting to direct cybersecurity responsibilities towards their CTO, CCO, CEO, COO, or even a third-party consultant).
  • 58% of broker-dealers maintain insurance for cybersecurity incidents, while only 21% of advisers maintain cybersecurity insurance.

The OCIE’s summary also noted that less than half of the examined firms identify best practices through information-sharing networks.  This is an area in which firms could improve their cybersecurity efforts across-the-board.

FINRA has also identified cybersecurity as one of its areas of focus in 2015, promising to “review firms’ approaches to cybersecurity risk management, including their governance structures and processes for conducting risk assessments and addressing the output of those assessments” this year.  FINRA recently released its Report on Cybersecurity Practices, which provides a much more in-depth report on cybersecurity and encourages firms to pursue various cybersecurity initiatives as well.

Cybersecurity remains a real threat.  Indeed, in its summary, the OCIE found that “[m]ost of the examined firms reported that they have been the subject of a cyber-related incident.”  Firms that have not yet adopted the above cybersecurity initiatives should consider doing so, as the SEC and FINRA are clearly sending a not-so-subtle messages about the areas of cybersecurity compliance they expect to find during examinations.

For more information and resources related to cybersecurity, check out Fox Rothschild’s Privacy Compliance & Data Security blog.

What Is Happening To FINRA Arbitration

Posted in Arbitration, Intra-Industry Arbitrations

The SEC recently approved a FINRA proposal that will further restrict who can serve as “public” arbitrators. Under this new formulation, individuals who have worked in the securities industry and lawyers, including those who represent claimants, could not be considered “public” arbitrators for a period of time.

The big change under this new rule, is that any lawyer who has devoted 20% or more of his/her time over the last five years representing claimants would be considered nonpublic instead of public arbitrators. These lawyers can reenter the public arbitrator sphere after a five year cooling off period.

The new rule will also exclude certain professionals from being a public arbitrator. Any attorneys, accountants and other professionals who have worked for financial firms for more than 20 years cannot be a public arbitrator. If they have worked in the industry for less time, they can become a public arbitrator after a five year cooling off period after the cessation of their employment.buyholdsell.jpg

This new rule when coupled with the prior rule that allowed a claimant to select an all public panel is seen as another way to level the playing field. I am still firmly of the view, however, that these rule changes will make the use of experts a necessity.

When you had an industry person on the panel, both sides could Use that person as a conduit to explain the nuances of the securities business to the other panelists, many times you could do this without an expert. In other words, an effective presentation could result in the industry person actually acting like an expert for either or both sides.

I believe that this new rule will make arbitration more not less expensive because an expert will be a necessity. The secondary risk is that all public panels with no industry representation will do nothing to level the playing field in arbitration. Instead, inexperienced panels will likely result in bizarre awards and more efforts to challenge those awards. Time will tell . . . .

* photo from freedigitalphotos.net

What FINRA Is Doing About Private Placements

Posted in Broker-Dealer Regulation, Financial Industry Trends, FINRA Compliance, Private Placements

FINRA recently censured and fined a broker-dealer $175,000.00 for failing to perform appropriate due diligence and supervision regarding private placements that the firm and its registered representatives offered. This penalty should serve as a wake-up call that FINRA is taking a sharp look at the due diligence that firms perform before and after offering a private placement to its clients.

The firm had a number of missteps regarding a handful of private placements that FINRA discovered during a routine examination, which included the following:

  1. The firm approved an offering even though the firm highlighted shortcomings in the offering such as a failure to describe the company’s business; FINRA found the firm providing additional disclosures did not satisfy Rule 2111.
  2. The firm distributed a private placement memorandum to potential investors even though it did not include certain material facts and relied on flawed methodology for projecting ROI.pointing.jpg
  3. The firm sold an offering in which one of its associated persons was affiliated without adequate supervision of that person.
  4. The firm failed to confirm that certain offering documents were filed with FINRA.
  5. Another associated person participated in an offering away from the company without supervision.
  6. The firm allowed associated persons to send consolidated reports to its customers, but failed to adequately supervise these reports.

This conduct implicates a number of FINRA Rules (i.e., 2010, 3010, 3040 and 5122), and demonstrates that FINRA is looking at many different kinds of conduct when it comes to private placements. Although these types of investments offer firms diverse investment options for their clients, firms must take a step back before taking three forward.

FINRA’s sanction highlights that firms must fully review offerings before approving them and then properly supervise the sale of the offerings and those persons selling the offerings. Otherwise, you will likely get stung for not doing so in your next examination.

* photo from freedigitalphotos.net

FINRA in 2015 – High-Risk and Recidivist Brokers

Posted in Broker-Dealer Regulation, Compliance and Supervision, Financial Industry Trends, FINRA Compliance, Registered Representatives

FINRA is planning on turning up the heat on perceived “high-risk” brokers this year, and the firms that hire them.  Continuing our discussion regarding FINRA’s 2015 Regulatory and Examinations Priorities Letter, this blog entry will discuss FINRA’s planned activities to prevent and/or stop registered representatives from engaging in actual misconduct.

In an effort to protect the investing public from potential fraud, FINRA is planning to take extra steps this year to identify and remove “unscrupulous registered representatives who prey on investors”.  To achieve this, FINRA promises to expand its use of data mining, analytics, and specially targeted examinations, in addition to increasing their use of expedited investigations and enforcement actions.

FINRA is also focused on firms that seek to hire high-risk brokers, including “statutorily disqualified and recidivist brokers”.  FINRA plans to review firms’ due diligence on prospective brokers during the hiring process.  FINRA also is focused on firms’ supervision of high-risk brokers, including whether the firm implements and follows a stated supervisory plan.

Firms should expect increased scrutiny this year as FINRA tries harder than ever to identify high-risk brokers and prevent misconduct.  Per FINRA’s suggestions, firms should consider updating and/or creating (if one does not already exist) a plan regarding the hiring and supervision of potentially high-risk brokers, so as to meet FINRA’s expectations during an examination.

FINRA in 2015 – Wealth Events

Posted in Broker-Dealer Regulation, Compliance and Supervision, Financial Industry Trends, FINRA Compliance, FINRA Enforcement, Investment Adviser Regulation, Uncategorized

FINRA’s 2015 Regulatory and Examinations Priorities Letter provides guidance regarding areas of focus in the “Sales Practice” for this year.  Previously, we discussed the various sales products that FINRA will be monitoring this year; and yesterdayJosh Horn discussed FINRA’s recently adopted Supervision Rules that affect the Sales Practice.  This blog entry will discuss FINRA’s focus on firms’ controls regarding “Wealth Events”, particularly Individual Retirement Account (IRA) Rollovers.

FINRA is concerned with the long term impact of brokers’ recommendations when approached by an investor that is faced with a decision about what to do with a large amount of money arising from an inheritance, life insurance payout, sale of a business or other major asset, divorce settlement, or an IRA rollover, among other “Wealth Events”.  FINRA plans to closely monitor firms’ controls for compliance, supervision, suitability, and disclosures regarding these “Wealth Events” in 2015.

As more than 25% of Americans are investing their retirement savings in IRAs, FINRA plans to specifically focus on firms’ controls in this area.  In particular, FINRA appears concerned with firms’ marketing their own broker-dealer sponsored IRAs.  FINRA will closely monitor communications and firm policies, focusing on practices regarding the disclosure of fees and costs related to the IRAs.

Firms and broker-dealers that provide investment advice regarding Wealth Events, particularly IRAs, should take extra steps to ensure they are FINRA compliant this year.  FINRA has explicitly targeted this area for additional oversight in 2015.  Thus, firms should conform their policies, procedures, controls, disclosures, and training to meet FINRA’s expectations.