Header graphic for print

Securities Compliance Sentinel

Analysis of cutting-edge securities industry issues

Is This A Preview of FINRA’s Approach to Rule 3110(e)

Posted in Broker-Dealer Regulation, Compliance and Supervision, FINRA Compliance, FINRA CRD, FINRA Enforcement, Raiding/Moving Firms, Registered Representatives

In a recent Acceptance, Waiver and Consent (“AWC”) a broker dealer was censured and fined for, among other things, the failure to conduct an adequate pre-hire investigation of a registered representative. The importance of this AWC is that it may signal FINRA’s mindset for what firms must do under Rule 3110(e).

Under Rule 3110(e), FINRA expects member firms to more of a background check than simply reviewing the new hire’s CRD, and requires firms to have written supervisory procedures specifically designed to verify the accuracy and completeness of the information on the applicant’s U-4. The AWC noted that the member firm only reviewed the new hire’s CRD, and did not conduct any more investigation of that information even though the CRD showed the following: reportable events, including criminal charges, a termination for cause and customer complaints of unauthorized trading.idea.jpg

Although the AWC pre-dates the “go-live” date for Rule 3110(e), it is instructive to member firms. The AWC echoes the fact that a firm will not be insulated if it limits its pre-hire review to the information that appears in the CRD of the potential new hire. Instead, the member firm must do more to get behind the information contained on the CRD for a more detailed understanding.

Rule 3110(e) becomes effective on July 1, 2015. Between now and then, firms should be reviewing their written supervisory procedures regarding pre-hire due diligence. Make sure you have procedures that go above and beyond the CRD, or be faced with possible consequences for the failure to do so.

* photo from freedigtalphotos.net

Who Needs The SEC Anyway

Posted in Breach of Fiduciary Duty, Broker-Dealer Registration, Conflicts of Interest, SEC Compliance

At least one New York City official would answer that question in the negative. The city comptroller released a proposal that would require a financial advisor to clearly state whether he or she must act in the investor’s best interests.

In other words, do what the SEC has yet to do through a uniform fiduciary duty for all advisors who provide retail investment advice. Under the city comptroller’s proposal, an advisor would have to provide the following disclosure at the beginning of the relationship and frequently thereafter:

“I am not a fiduciary. Therefore, I am not required to act in your best interests, and am allowed to recommend investments that may earn higher fees for me or my firm, even if those investments may not have the best combination of fees, risks and expected return for you.”confusion.jpg

A concern raised by this proposal is that it is not neutral, but instead unfairly focuses on broker dealers. That concern could be addressed by adding to the statement a message about the suitability standard that broker dealers must follow.

Although it is unclear whether this proposal will ever make it to the legislature, it shows a growing impatience with the SEC’s failure to adopt a uniform fiduciary duty standard. Maybe this proposal will send a message that the SEC has to finally take action on the long promised uniform standard.

* photo from freedigitalphotos.net

How to avoid being sued 2.0

Posted in Arbitration, Compliance and Supervision, FINRA Compliance, FINRA CRD, Public Customer Arbitrations, Registered Representatives, Securities Litigation

Over the years that I have defended financial advisors and their firms, I have frequently spoken and written about ways to avoid the risk of being sued. I prepared a guidebook a couple of years ago that detailed some common sense approaches to risk avoidance. I have updated that guidebook to take into account new issues that you face.  You can access this material by clicking on guidebook.

I hope that you find this of use in avoiding the risk of being sued.

Cybersecurity: FINRA’s Take

Posted in Compliance and Supervision, Financial Industry Trends, FINRA Compliance, SEC Compliance

We recently highlighted the Security and Exchange Commission’s 2014 OCIE Cybersecurity Initiative.  Not to be outdone, FINRA also released its Report on Cybersecurity Practices, which provided a much more in-depth report on cybersecurity.  Therein, FINRA offered its own insights into what it expects from firms’ cybersecurity risk management practices:

  • FINRA recommends that firms have a sound governance framework with strong leadership, including board- and senior-level engagement on cybersecurity issues.
  • Firms should conduct comprehensive risk assessments if external and internal threats, as well as asset vulnerabilities.
  • FINRA expects firms to implement sound technical controls, such as identity and access management, data encryption, and penetration testing.
  • FINRA recommends that firms develop, implement, and test incident response plans, which should include containment and mitigation, eradication and recovery, investigation, notification, and making customers whole.
  • Regarding the use of vendors, FINRA recommends that firms should establish appropriate contract terms and perform strong due diligence before and during the engagement.
  • FINRA emphasizes the need for training that is tailored to staff needs.
  • FINRA encourages firms to take advantage of intelligence-sharing opportunities to protect themselves from cyber threats.

Firms that are deficient in any of these areas should review FINRA’s Report in detail and consult outside counsel regarding implementation of cybersecurity risk management practices to ensure compliance.  Not doing so leaves deficient firms open to more than just the increased threat of data breach – the SEC and FINRA could come down hard on firms that do not have a fulsome cybersecurity policy, either during an examination or after a breach.  Do not fall behind on cybersecurity.

For more information and resources related to cybersecurity, check out Fox Rothschild’s Privacy Compliance & Data Security blog.

New Look For FINRA.org

Posted in Financial Industry Trends, FINRA Compliance, FINRA Enforcement

Earlier this week, FINRA launched its redesigned website FINRA.org.  The website boasts a cleaner and more intuitive design, making information easier to find and read for users.  Streamlined navigation also allows users to more quickly access tools and resources on this site, such as BrokerCheck, investor education, and information about registration and qualification exams.  In particular, BrokerCheck users can expect an improved experience.

Additionally, FINRA.org has improved is searching capabilities.  Users can now narrow and sort search results according to content type, date, and other parameters.  This improved search functionality is simple, yet effective, and will save time by allowing users to focus their searches and receive targeted results.

FINRA.org also now has a mobile-friendly platform, which differs depending on whether you are using a smartphone or tablet.  Certainly this addition is long overdue and will allow users to more easily access FINRA’s website on the go.

FINRA.org is an excellent source of information regarding FINRA’s past, present, and future actions and decisions.  Previously, I found the website to be outdated and not user-friendly, and would often just use Google to search for FINRA related information.  I am hopeful that with these changes, particularly the search functionality, FINRA.org has become a more useful database for practitioners.  Time will tell.

The Top 10 Best Practices for Using Social Media as an Investing Tool

Posted in Cyber-Security, FINRA Compliance, SEC Compliance

More and more investors are using social media as a tool for their investing needs. As a result of the inherent risks associated with social media, the SEC has issued an Investor Bulletin to highlight best practices for those clients.

It makes sense for firms to review this Bulletin so that you are in the best position to advise your clients accordingly about their use of social media as an investing tool. The SEC’s tips included the following:

  1. Check the security default settings and modify them before posting any information on social media.
  2. Consider customizing the privacy settings to minimize the amount of available biographical information.
  3. Never communicate account information through social media; a financial advisor’s social media site may not be firm-sponsored and subject to firm-specific security settings.fraud.jpg
  4. Think long and hard before accepting “friend” requests from a financial services provider, particularly when considering the purpose of the social media site.
  5. Investors should understand the functionality of the site before broadcasting any financial information because certain information may be widely seen.
  6. Investors should always have a strong password, at least eight characters and with a mix of letters, numbers and symbols.
  7. Use separate and unique passwords for each social media site.
  8. Investors should avoid accessing their social media accounts through public or shared computers.
  9. Be very careful before clicking on a link, even if it appears to be one from a “friend”.
  10. Secure your mobile devices with a unique password, especially if the mobile device is linked to any of the investors’ social media accounts.

These are only a handful of suggestions from the SEC. If you have clients using social media for investing tools, you would be well-served to give them this guidance, or else they too may be the victim of internet crime.*

* photo from freedigitalphotos.net

Do Not Fall Behind On Cybersecurity

Posted in Broker-Dealer Regulation, Compliance and Supervision, Financial Industry Trends, FINRA Compliance, Investment Adviser Regulation, SEC Compliance

Cybersecurity is more than just a trending topic.  As hacks and leaks continue to be publicized, the Securities and Exchange Commission is stepping up its game and increasing its focus on cybersecurity compliance.

The SEC’s Office of Compliance and Inspections recently released an initial summary of their findings from their 2014 OCIE Cybersecurity Initiative.  The OCIE examined 57 registered broker-dealers and 49 registered investment advisers to better understand how they address the legal, regulatory, and compliance issues associated with cybersecurity.  While the OCIE admits that their staff “is still reviewing the information to discern correlations between the examined firms’ preparedness and controls and their size, complexity, or other characteristics”, the Cybersecurity Examination Sweep Summary details the OCIE’s initial observations related to cybersecurity.

The OCIE found that most of the examined firms have implemented the following cybersecurity initiatives:

  • Adopted written information security policies;
  • Conduct periodic risk assessments, on a firm-wide basis, to identify cybersecurity threats, vulnerabilities, and potential business consequences;
  • Conduct firm-wide inventorying, cataloging, or mapping of their technology resources;
  • Use some form of encryption; and
  • Provide clients with suggestions for protecting their sensitive information.

Regarding certain cybersecurity initiatives, however, the OCIE frequently found broker-dealers to be better positioned than advisers.

  • 72% of broker-dealers incorporate cybersecurity risk policies into contracts with vendors and business partners, compared to only 24% of advisers that incorporate such requirements.
  • 68% of broker-dealers have an explicitly designated Chief Information Security Officer (“CISO”), while only 30% of advisers follow suit (instead opting to direct cybersecurity responsibilities towards their CTO, CCO, CEO, COO, or even a third-party consultant).
  • 58% of broker-dealers maintain insurance for cybersecurity incidents, while only 21% of advisers maintain cybersecurity insurance.

The OCIE’s summary also noted that less than half of the examined firms identify best practices through information-sharing networks.  This is an area in which firms could improve their cybersecurity efforts across-the-board.

FINRA has also identified cybersecurity as one of its areas of focus in 2015, promising to “review firms’ approaches to cybersecurity risk management, including their governance structures and processes for conducting risk assessments and addressing the output of those assessments” this year.  FINRA recently released its Report on Cybersecurity Practices, which provides a much more in-depth report on cybersecurity and encourages firms to pursue various cybersecurity initiatives as well.

Cybersecurity remains a real threat.  Indeed, in its summary, the OCIE found that “[m]ost of the examined firms reported that they have been the subject of a cyber-related incident.”  Firms that have not yet adopted the above cybersecurity initiatives should consider doing so, as the SEC and FINRA are clearly sending a not-so-subtle messages about the areas of cybersecurity compliance they expect to find during examinations.

For more information and resources related to cybersecurity, check out Fox Rothschild’s Privacy Compliance & Data Security blog.

What Is Happening To FINRA Arbitration

Posted in Arbitration, Intra-Industry Arbitrations

The SEC recently approved a FINRA proposal that will further restrict who can serve as “public” arbitrators. Under this new formulation, individuals who have worked in the securities industry and lawyers, including those who represent claimants, could not be considered “public” arbitrators for a period of time.

The big change under this new rule, is that any lawyer who has devoted 20% or more of his/her time over the last five years representing claimants would be considered nonpublic instead of public arbitrators. These lawyers can reenter the public arbitrator sphere after a five year cooling off period.

The new rule will also exclude certain professionals from being a public arbitrator. Any attorneys, accountants and other professionals who have worked for financial firms for more than 20 years cannot be a public arbitrator. If they have worked in the industry for less time, they can become a public arbitrator after a five year cooling off period after the cessation of their employment.buyholdsell.jpg

This new rule when coupled with the prior rule that allowed a claimant to select an all public panel is seen as another way to level the playing field. I am still firmly of the view, however, that these rule changes will make the use of experts a necessity.

When you had an industry person on the panel, both sides could Use that person as a conduit to explain the nuances of the securities business to the other panelists, many times you could do this without an expert. In other words, an effective presentation could result in the industry person actually acting like an expert for either or both sides.

I believe that this new rule will make arbitration more not less expensive because an expert will be a necessity. The secondary risk is that all public panels with no industry representation will do nothing to level the playing field in arbitration. Instead, inexperienced panels will likely result in bizarre awards and more efforts to challenge those awards. Time will tell . . . .

* photo from freedigitalphotos.net

What FINRA Is Doing About Private Placements

Posted in Broker-Dealer Regulation, Financial Industry Trends, FINRA Compliance, Private Placements

FINRA recently censured and fined a broker-dealer $175,000.00 for failing to perform appropriate due diligence and supervision regarding private placements that the firm and its registered representatives offered. This penalty should serve as a wake-up call that FINRA is taking a sharp look at the due diligence that firms perform before and after offering a private placement to its clients.

The firm had a number of missteps regarding a handful of private placements that FINRA discovered during a routine examination, which included the following:

  1. The firm approved an offering even though the firm highlighted shortcomings in the offering such as a failure to describe the company’s business; FINRA found the firm providing additional disclosures did not satisfy Rule 2111.
  2. The firm distributed a private placement memorandum to potential investors even though it did not include certain material facts and relied on flawed methodology for projecting ROI.pointing.jpg
  3. The firm sold an offering in which one of its associated persons was affiliated without adequate supervision of that person.
  4. The firm failed to confirm that certain offering documents were filed with FINRA.
  5. Another associated person participated in an offering away from the company without supervision.
  6. The firm allowed associated persons to send consolidated reports to its customers, but failed to adequately supervise these reports.

This conduct implicates a number of FINRA Rules (i.e., 2010, 3010, 3040 and 5122), and demonstrates that FINRA is looking at many different kinds of conduct when it comes to private placements. Although these types of investments offer firms diverse investment options for their clients, firms must take a step back before taking three forward.

FINRA’s sanction highlights that firms must fully review offerings before approving them and then properly supervise the sale of the offerings and those persons selling the offerings. Otherwise, you will likely get stung for not doing so in your next examination.

* photo from freedigitalphotos.net