The SEC recently created a new position associated with cybersecurity; senior adviser to the chair for cybersecurity (Christopher R. Hetner). Mr. Hetner has an extensive background in information technology and, in particular, cybersecurity.
According to the SEC, Mr. Hetner will be responsible for (i) coordinating cybersecurity efforts across the SEC; (ii) engaging with external stakeholders; and (iii) enhancing SEC mechanisms for assessing broad-based market risk. This appointment could have a wide-ranging on the industry.
As we know, the SEC has made cybersecurity an exam priority over the last few years. The SEC is also actively conducting cybersecurity investigations and undertaking enforcement actions where appropriate. According to Chairperson White, the SEC is looking to bolster its risk-based approach. So what does this mean on a day-to-day basis?
Understand that the SEC has just upped the stakes. By retaining an industry expert who is solely focused on data-security related issues, the industry must be prepared for the SEC and FINRA to come after firms regardless if the firm sustains a breach or clients suffer harm as a result. Firms with weak or no data-security programs will surely be targeted.
Are you prepared to handle this even more focused mission of the SEC? If not, you need to more fully review you systems and procedures, both internally and externally facing. Are you testing your systems and procedures on a regular basis? If not, you better start.
The SEC is prepared; are you?
If you thought the SEC and FINRA were serious about elder issues, welcome to the Alabama, Indiana and Vermont. Each has focused on elder abuse issues.
These states will have mandatory reporting to state officials in instances involving the disabled or those over 65 years of age. They will also allow advisors to cease disbursing funds from clients and providing advisors with immunity associated with doing so. So what does this all mean?
For one, states are starting to run on the coattails of federal regulators who have made elder issues an examination priority in recent years. In addition, such state laws should be a wake-up call for brokerage and advisory firms who service elder clients.
The actions of these states should force you to ask yourself; what is my firm doing to prevent, detect and report elder abuse. Although a FINRA proposed rule does not require reporting, its goal is the same because it would allow advisors to designate a third-party to who they can inform of suspected problems.
In the absence of reporting requirements, firms should consider having clients aged 65 or above designate a trusted family member or friend when the advisor suspects that the client may be the subject of some abusive conduct. At that point, you may have a group approach to address suspected abuse.
Firms may also want to consider requiring these elder clients to designate a trusted family member or friend to receive copies of account statements. This way, someone who is “independent” can check an account for irregular activity as well.
Whether you are required to address elder abuse or not, firms should make sure that they are taking special care with their elder clients. Federal regulators and now states are focused on the issue. Are you doing anything to make sure your firm does not get into an elder abuse nightmare?
If you cannot answer this question, you may have an issue when you have your next FINRA exam. After all, firm culture is a FINRA exam priority. Does your firm have a culture of compliance?
This question only leads to another; what is a culture of compliance. For one, this is something that has to resonate from the top down. If senior management ascribes to uphold firm compliance, that should promote the “culture of compliance.”
For example, does senior leadership enforce the firm’s written supervisory processes and procedures? In doing so, does senior management hold everyone accountable the same way, or are exceptions made for the “big producers”. If exceptions are made, you are not promoting a culture of compliance.
Does senior management ensure that there is adequate training of all personnel? There should be a robust and mandatory training program to account for changes to the rules and to make your personnel aware of risks and how to avoid them; one of the biggest being data security.
These are only two of many considerations for assessing whether there is a culture of compliance. The key in it all is leadership from the top. After all, people cannot follow a leader who does not lead. Be a leader.
My friend and a legend in the securities regulatory field, Edwin Nordlinger, who served as Deputy Regional Director in the SEC’s New York office for years, was one of the nation’s premier experts on the SEC’s net capital and customer protection rules. He taught hundreds of SEC staff members and others about these rules over the years. However, when Ed would begin one of these lectures, he would always introduce himself by saying: “Hello, I am Ed Nordlinger from New York, where you do not go to jail for killing people, but you will go to jail if you violate the net capital or customer protection rules.” Well, Ed, you continue to be right on point about these rules and their impact.
The SEC’s net capital rule, SEC Exchange Act Rule 15c3-1, requires firms to maintain certain capital so that the firms will be able to meet their financial obligations to customers and other creditors. Similarly, SEC Exchange Act Rule 15c3-3, the customer protection rule, requires a firm that clears transactions to maintain certain reserve amounts to protect customers in the event of a firm failure.
Recently, the SEC found a firm to have violated the customer protection rule, and settled the matter with the firm whereby the firm agreed to pay a fine of $358 million and a total amount of $415 million. https://www.sec.gov/news/pressrelease/2016-128.html. Further, the SEC also charged the firm’s regulatory reporting officer and financial operations principal for aiding and abetting the violations by misleading regulators about the real reason behind certain transactions that caused the violations. In particular, the SEC claimed that the firm used synthetic securities transactions solely to reduce the reserve calculation and release capital. The firm also apparently used non-qualifying bank accounts that could be subject to bankruptcy if the firm were to fail.
The real kicker, however, is the SEC’s announcement that it plans to undertake a targeted sweep of firms to find potential violations by other firms of the customer protection rules. Of course, the SEC also encouraged firms to self-report any potential violations of the customer protection rule.
In short, Ed, after all these years, you are still right. Firms need to seriously undertake compliance with these rules, or there will be significant consequences. Accordingly, although the rules may seem technical with no fraud or customer losses, the SEC plans major activity to ensure compliance.
Anyone in a professional service business, like being a stock broker, have been faced with a client who decides to make a stupid decision. But the issue we all face is when that decision results in the client losing money; who is to be held accountable.
Fortunately, the law does not require you to stop a client from making a stupid decision with their investments. As long as a broker-dealer’s advice was suitable and the investment advisor’s advice is in keeping with the fiduciary duty, you should not be held accountable.
But this does not mean a client who has now lost money won’t try to hold you accountable for letting them make a stupid business decision. So how do you protect yourself?
The best way to protection yourself is to send the client a letter or email at the time that the client makes the bad decision. The communication should detail why you think it is a bad decision and the potential ramifications associated with that decision.
At a minimum, you should make a note in your file, either electronic or in hard copy, that the client made the bad decision and that you (presumably) advised against it.
The law should protect you from stupid clients, but make sure you protect yourself. Contemporaneous communication to the client and notation to the file may save you millions of dollars in the future.
The SEC recently commenced an enforcement action against an investment advisory firm and its principal in connection with the failure to disclose material conflicts of interest in connection with new mutual funds that the firm recently created and managed. The SEC is seeking disgorgement and an injunction against the firm and its principal.
Clients of the firm paid a fee for investment advice. Initially, the clients were invested in an ETF program. The firm subsequently created its own mutual funds that it managed for a fee.
Without disclosing that it would be paid both an investment advisory fee and fees for managing the mutual funds, the firm moved its clients into the mutual funds, which mirrored the investments in the ETF program. So why did the SEC take issue with this?
For one, the firm did not disclose the conflict of interest associated with this new strategy. The conflict of interest is that the firm is going to be paid two fees for an investment program that was the same as the prior program for which clients were only charged one fee.
Interestingly, the SEC in its complaint does not contend that the charging of two fees is per se improper. Instead, the issue is the fact that the firm did not disclose the conflict to its client before shifting the investment program. So what does this mean?
It all comes down to disclosure. If you disclose all conflicts of interest in sufficient detail, you may be able to avoid these types of enforcement issues.
The SEC recently announced that an equity advisory firm and its owner agreed to pay more than $3.1 million to resolve charges that they improperly engaged in brokerage activity, as well as charging fees without registering as a broker-dealer. In other words, the firm acted like a broker-dealer but never bothered to register as one.
The SEC’s investigation demonstrated that the firm performed brokerage services in-house, instead of using investment banks or broker-dealers to handle the acquisition and sale of portfolio companies for a pair of equity funds they advised. Interestingly, the firm disclosed to its customers that it would provide brokerage services and charge customers a fee for doing so.
The problem is that the firm provided those services itself even though it was not registered to do so. This action should serve as warning, particularly for firms who may be engaged in Reg. D offerings.
If part of the offering you find yourself engaged in the sale of securities, you better be registered as a broker-dealer to be doing so. Alternatively, you could have retained the services of a broker-dealer to sell interests in the fund. The law is clear; you need to do one of the two.
Another point of interest is that the SEC uncovered this improper conduct through an ordinary examination of the investment advisory firm. In other words, there was no customer complaining that it suffered any harm. So what lessons are to be learned?
For one, only broker-dealers can engage in brokerage services. Second, the SEC in its exam process is looking for such activity and going after it. Don’t make the same mistake; register as a broker-dealer or retain one to provide those services for you.
Unfortunately, a bad broker does not take on the same attributes as a fine wine. Bad brokers do rarely improve with time.
At least this was the recent message of Robert Ketchum, head of FINRA. But should all brokers who have any pings on their record be foreclosed from the industry? Certainly not, but what should you do?
The question is tougher when the broker coming to you with some knocks on his record has been a historically high producer for his prior member firm. Surely, there must be more to the story.
In my experience, there usually is more to the story. Just because someone has some marks does not mean he/she is not worthy to be with your firm. But be careful.
Anyone coming to your firm with any pings on their U-4 should be brought on under heightened supervision. This way you can personally assess this person and test the reasons why this person has been pinged in the past. Maybe the registered representative was just the victim of circumstance in the past.
Either way, if you are going to bring someone on with a checkered past, you better be willing to take the time to watch over this person. After all, by bringing them to your firm, you have assumed responsibility for them. Take caution on the front end or be ready to pay the price later.
Business Insurance reported late last week that the Securities and Exchange Commission will award $5-6 million to a whistleblower who provided information on securities violations that would have been “nearly impossible” for the SEC to detect on its own. Such an award would be the third larges award ever granted to a whistleblower by the SEC. This also comes on the heels of a $3.5 million whistleblower award from the week before.
The takeaway is that the SEC continues to heavily incentivize company insiders to report possible securities violations. It is critical to have internal controls and monitoring to catch these problems before a whistleblower runs into the SEC. Self-reporting can drastically reduce exposure to damages and fines, but if you do not have proper compliance checks in place, you may never even catch the problem yourself. Routine internal investigations and a rigorous compliance and monitoring system will go a long way to preventing and spotting securities issues early, and thereafter managing and mitigating the fallout.
By most recent estimates, the medical marijuana business is generating at least $4.5 billion a year in revenue. Naturally, many people want to cultivate their own opportunities in this ever growing business.
Now that Pennsylvania has become the latest state to authorize medical marijuana, many people will look to invest in this industry. Some businesses in this industry may try to raise capital by having a Reg. D offering. Before investing in such an opportunity, it is important to read the “fine print” in any statutory or regulatory scheme on the subject.
Pennsylvania, for example, will require a criminal history record check (through the State Police and FBI) “of the principals [and] financial backers . . . .” The stated purpose of such a check is to determine the “fitness and suitability” of the principals and financial backers to serve in those capacities. The criminal background check does not apply, however, to an owner of securities of a publicly traded company as long as the owner of securities is not “substantially involved” in the operations of the business.
So what does this all mean? For those of you looking for investors, you should do your own legwork on all potential investors in your venture. For those of you looking to invest in this smoldering industry, you need not apply if you have a criminal background, especially one involving the sale of controlled substances.
There are many opportunities in this industry. But ownership or financial backing of such a business in Pennsylvania comes at a price. Before you buy in, make sure you are willing to pay the price.