Header graphic for print

Securities Compliance Sentinel

Analysis of cutting-edge securities industry issues

A Look Ahead: SEC to Adopt CEO-Pay Ratio Rule?

Posted in Corporate Governance, Dodd-Frank, Financial Industry Trends, SEC Compliance

According to Andrew Ackerman and Joann Lublin of the Wall Street Journal, the Securities and Exchange Commission is “poised to complete a rule requiring companies to disclose the pay gap between chief executives and employees”. Under the proposed rule, companies would be forced to disclose median worker pay as compared to their CEO compensation.  This rule was a measure included in Dodd-Frank, and could be approved by the SEC as early as next week.

A point of contention appears to be the money and calculatorexclusion of overseas workers.  The WSJ expects that the SEC will allow companies to exclude 5% of their international workers’ compensation from the pay-ratio calculation; however, companies are pressing for a larger exclusion.  There is also concern among stakeholders that the cost associated with compiling such information will outweigh the benefit of it.

Whether the SEC takes action on this rule next week or not, it is expected to implement a pay-ratio rule in the not-so-distant future.  Thus, companies should continue to provide their comments to the SEC now before the rule passes, and prepare for its eventual impact.

How can a phone call save your career

Posted in Cyber-Security, Financial Industry Trends, FINRA CRD, FINRA Enforcement

A 17-year veteran advisor recently agreed to a lifetime ban for falsifying the signatures of a client on 10 documents transferring money out of the client’s accounts over a period of two months. Part of this transfer also involved 17 unauthorized trades in the client’s non-discretionary accounts. So how could a phone call have saved this advisor’s career?

It turns out that the advisor was the subject of a phishing scam. Apparently, the client’s email account had been hacked and the hacker emailed the advisor asking for funds to be transferred. This type of scam is commonly called phishing; the hacker is probing a potential victim to get information or money.

The advisor could have avoided this entire problem if he would have simply picked up the phone and called the client to confirm the instruction to transfer funds; FINRA’s records are not clear whether such an attempt was made.27782265_s

Firms can avoid this headache a couple of way. First, firms should require all trades/redemptions to be requested via telephone, followed by proper documentation of that request. Second, firms should prohibit advisors from taking trade/redemption requests via email.

The hijacking of email accounts is one of the oldest and least sophisticated cyber-crimes out there. Yet, people continue to fall for the scam.

Protect yourself. Pick up the phone and call your client. You may save your career and get more business at the same time.


Who wants to know some pre and post data breach considerations

Posted in Books and Records, Cyber-Security, Financial Industry Trends, Internal Investigations

In a recent blog by Chris Pogue (a digital forensic expert), he highlighted a handful of considerations for firms both pre and post data breach. After all, the issue is not really whether you will suffer a breach, but when and how bad will it be.

Those considerations bear repeating, and include the following:

  1. Retention of counsel to navigate the firm through the legal issues that arise from a breach.
  2. Retention of external forensic experts to triage when a breach takes place.19196909_s
  3. Notification of relevant law enforcement, such as the FBI regarding the breach.
  4. Designate one person in the company who will communicate in response to media inquiries; ensure the accuracy of whatever is said because you cannot take it back.
  5. Fully inform executives, investors, the board of directors and customers regarding the breach; i.e., what happened, why and what is being done to remediate.
  6. Should you pursue the hackers criminally/civilly, or focus on the remediation and prevention of future breaches.

Taken together, these considerations have one focus. You want to able to demonstrate to your constituents that you took immediate action to understand what happened, correct why it happened, and put yourself in the best position to avoid it from happening again.

In light of the highly sophisticated nature of the hackers, it may be impossible to prevent a breach of some kind. It is not impossible, however, to have an action plan to deploy in the event of the breach so that you can protect your company in your constituents’ minds. Prepare now or pay for it later.

FINRA Board Shake-up Coming?

Posted in Broker-Dealer Regulation, FINRA Compliance, FINRA Enforcement, Investment Adviser Regulation

Later this month, on July 30th, FINRA will hold its annual meeting in Washington, D.C., during which it will conduct an election for three open seats on its Board of Governors.  On FINRA’s 24-member Board of Governors, Votethere are 10 seats that are reserved for industry representatives from small, medium and large firms.  Of those 10, there are three openings: one Large Firm Governor, one Mid-Size Fim Governor, and one Small Firm Governor.  Here are the candidates:

  • Large Firm Governor:  One candidate, John Thiel, head of Merrill Lynch Wealth Management, is running unopposed as the FINRA-nominated large-firm governor candidate.
  • Mid-Size Firm Governor: Two candidates, John Muschalek, vice chairman of First Southwest Co., and Brian Kovack, president and co-founder of Kovack Securities Inc., are running as mid-size firm governor candidates.  However, only Muschalek was nominated by FINRA.
  • Small Firm Governor:  Two candidates, Stephen Kohn, president and CEO of Stephen A. Kohn & Associates Ltd., and Joe Romano, president of Romano Wealth Management, are running as small firm governor candidates. Neither were nominated by FINRA.

The election to watch will be for the mid-size firm governor position, as it pits the FINRA nominated candidate, Muschalek, against Kovack, who is looking to shake things up.  Conference RoomAccording to ThinkAdvisor, Kovack is running what he dubs a “dissident” campaign and is calling for “immediate reforms” to FINRA policies in three areas:  FINRA’s arbitration system, the exam process, and U4 disclosures.  Thus, in just two weeks, the results of the mid-size firm governor election could signal whether or not it will continue to be business-as-usual within the FINRA Board of Governors.


Who wants more cyber-security guidance

Posted in Books and Records, Cyber-Security, Financial Industry Trends

In a recent article written by Bill Winterberg in the Journal of Financial Planning he highlighted a number of pitfalls that advisors commonly fall into that expose sensitive client data and information to hackers and phishers. By falling into these pitfalls, advisors are unknowingly becoming the tool of the fraudster.

Winterberg noted that the following practices should be given a lot of attention:robber.jpg

  1. How strong are the passwords on all of your electronic devices.
  2. Are you using passwords on PDF because there are inexpensive programs that can easily decode these passwords.
  3. Are you sending sensitive client information via email. If you need to use email, consider a secure email service.
  4. Do you give employees guidance about only browsing secure websites, such as those that use https:// connections or secure connections using SSL or TLS protocols.
  5. Don’t get lulled into the trap of sharing information through social media sites.
  6. Are employees in sales, finance and procurement being well-trained on data security; studies show that employees in these positions are a focus of cyber-attacks.
  7. Have you planned for a data breach; the question is not whether you will be attacked, but when.

These points should certainly kick-start a critical self-analysis. Do you have a password policy that requires passwords of a certain length and characters? How is sensitive client information sent to your clients? Are your employees being trained sufficiently so that they are not used as a hacker’s pawn?

If you do not have robust answers to all of these questions, it is fair to say that you have placed your firm and your client’s sensitive information at risk. Although we may all be victims at some point of a breach, put the odds in your favor and minimize the damage, if any.*

* photo from freedigitalphotos.net

Takeaways from the NYSE glitch

Posted in Compliance and Supervision, Cyber-Security, Securities Exchanges, Uncategorized

Earlier this week, the New York Stock Exchange halted trading for nearly four hours due to a technical “glitch”.  While the shutdown caused a lot of uncertainty among investors and ruffled some feathers on Wall Street, there are some important takeaways for securities practitioners.

This was a reminder of the importance of data security.  The NYSE is one of the most secure systems on the planet, yet is still obviously susceptible to technical problems.  While there is still no clear explanation on what caused the glitch (a software update rolled out the day before is currently taking the blame), this should serve as a wake-up call that you can never be too confident in your data systems, and should be on guard for these types of technical issues, with an action plan should something like this happen to you.

Going forward, it will be interesting to see if regulators get more involved on the technical side of trading.  Certainly, Wednesday’s NYSE glitch caused issues for traders, which are certainly the types of issues that regulators hope to avoid.  Keep a close watch for any policy revisions or increased oversight in the wake of this week’s trading halt on the NYSE, as they are likely to follow.

Do you really need a reason why not to provide your client with a personal email address

Posted in Books and Records, Broker-Dealer Regulation, Compliance and Supervision, Financial Industry Trends, FINRA Compliance, Investment Adviser Regulation, Law Firms and Lawyers, Public Customer Arbitrations

Not too long ago, I tried a case that had, among other issues, the improper use of the advisor’s personal email account. That improper use serves as a valuable lesson of what can go wrong when you deviate from using the firm approved email.

The client emailed complaints about the handling of the account to the advisor’s personal email address. In hindsight, the client appears to have done so to manipulate the situation. He was successful.

The advisor responded from his personal email without forwarding the complaint to the compliance department. Compounding that issue, the email he sent was construed to contain admissions of wrongdoing. We lost the trial.spying.jpg

The reasons are obvious why personal email should never be used for business purposes. For one, there is no oversight. Second, it can and will put you in an awkward position vis-à-vis the client and the firm.

What makes this situation even more pronounced is the reason why the advisor gave the client his personal email address in the first place. The client would not stop sending hardcore porn and racist humor to the company email address.

From my perspective, this was a client (regardless of account size) who had trouble written all over him. Rather than report the client and take some more drastic action (such as firing the client or barring the use of email), the advisor took an easy way out and paid dearly for that mistake.

Don’t give your clients your personal email address. If you do, report anything in the nature of a complaint to the firm before trying to respond. It is better to take the heat over using personal email than possibly admit to liability.  Don’t get caught with your pants down!*

* photo from freedigitalphotos.net

So why is that you want to be a CCO

Posted in Compliance and Supervision, Investment Adviser Regulation, SEC Compliance, SEC Enforcement

Recent SEC enforcement actions suggest that being a CCO is not all that it’s cracked up to be; the SEC recently sanctioned two CCOs. SEC Commissioner Gallagher’s dissents and his recent comments regarding those dissents have really framed the issue.

The SEC Rules only provide that an “adviser” must have and implement written supervisory procedures. Yet, the SEC sanctioned CCOs even though they are not the “advisers”. By doing so, Commissioner Gallagher sees this as an improper opening of the door for CCO liability because the SEC has not provided any guidance on the meaning of the applicable rule.pointing.jpg

Commissioner Gallagher’s objections are well-noted. All a CCO can do is provide the written supervisory procedures to the advisers who have to follow/enforce them. If they fail to do so, the CCO has no ability to fire or sanction that failure, only a supervisor would have that authority. So what should CCOs do?

Without further guidance from the SEC, a couple of scenarios are possible. You may see that qualified people no longer want to serve in this capacity. Alternatively, you may see very detailed paper trails to avoid having the SEC look at the CCO for a failure to supervise issue.

Neither result is all that palatable. In the absence of some real SEC guidance, the best thing CCOs can do is well document their actions. Hopefully with that sort of “paper trail” the SEC will not sanction the CCO when someone at the firm violated the supervisory rules governing the firm.*

* photo from freedigitalphotos.net

So who really thinks the SEC is not focused on elder investors

Posted in Breach of Fiduciary Duty, Broker-Dealer Regulation, Compliance and Supervision, Conflicts of Interest, FINRA Compliance, FINRA Enforcement, SEC Compliance, SEC Enforcement

If there is any question that the SEC is focused on elder investor issues, look no further than its recent program announcement. The SEC initiated a program designed to examine retirement planning guidance.

Under this program, the SEC intends to explore whether the compensation advisers receive presents a conflict of interests and, if so, how those conflicts are managed. The SEC is also going to scrutinize whether the adviser’s marketing materials are accurate, and assess whether adviser due diligence on investments is adequate. Finally, the SEC is going to review investment recommendations, especially those that entail selling assets held in an employment retirement plan and the rolling over of those assets into an individual retirement plan.idea.jpg

This program should come as no surprise because the SEC and FINRA have made elder investment-related issues a target in their exam priorities. In reality, however, the core focus of this examination program should have always been on your front-burner.

With the graying of our society, advisers need to make sure that they conduct heightened due diligence when it comes to older clients, especially where a retirement plan is at issue. The SEC has given you a road-map of the areas on which you need to focus. The failure to do so will surely result in an unpleasant experience with the SEC.*

* photo from freedigitalphotos.net

Twitter: More than just Social Media

Posted in Financial Industry Trends, Social Media

Since Al Gore invented the internet, we have had an unprecedented amount of information and data right at our fingertips.  However, given the immeasurable quantity of this information, it has always been a challenge to quickly and efficiently gather intel and perform research on the internet, especially in the context of a securities practice.  While search engines like Google and Yahoo have helped, they do not always provide the up-to-the-second results that are demanded in the securities world.

To describe the securities industry as “fast paced” is a gross understatement.  In a world where high frequency trading has become acceptable and securities respond almost instantaneously to breaking news, it is critical to have up-to-the-second access to news, information, and search results.  For the most part, news sites and search engines fail in this regard.  However, there is one online tool, which is often overlooked, that does provide moment-by-moment news and information:  Twitter.

For those who have never accessed Twitter before, you may just think of it as another social media tool, like Facebook or LinkedIn.  However, unlike those sites, Twitter provides its users access to ALL of the information that is being posted on its site in an up-to-the-second streaming and searchable fashion.  When news breaks, users tweet about it.  They share information, data, links, photos, and even on-the-ground details about what is happening.

No other forum on the internet exists with so many sources of information (236 million users and counting) and provides short, concise, and instantaneous updates about anything you are interested in knowing about.  Importantly, Twitter has been adopted almost universally by reporters and news outlets, which will often tweet out breaking news before it even hits their own websites.  However, it is often the average Joe, who may just be in the right place at the right time, to first to share the news on some major happening; and if he or she is on Twitter, that is where the news will break.

So if you are not already familiar with the streaming news and search functions of Twitter, you should get familiar with it.  Whether you are in the securities industry or catering to its demands, you need information as fast as you can get it.  In today’s internet, the best place for that is Twitter, and there is no rival.