Financial Industry Trends

Consistent with the ongoing guidance/requirements from the SEC and FINRA, all firms must have and enforce data security policies and procedures.  Even the best policies and procedures may, however, not protect the firm in every instance.  So what do you do if there is a breach?19196909_s

One of the most important things to determine is what law governs.  In other words, if you have clients in all 50 states, it is possible that there are 50 different data breach laws that may be implicated.  Fox Rothschild LLP has a free app, Data Breach 411, which provides an overview of state data breach laws.

Knowing what you need to know is imperative when assessing a data breach.



In the hectic world of financial services, registered representatives and investment adviser representatives are always looking to increase their assets under management. At what cost? Are there situations where you would be better off just saying no to accepting that one additional client?

In my many years of defending representatives and advisers from customer complaints, the unqualified answer is yes; there are situations when you are better off just saying no. Any good risk avoidance program will provide for the proper screening/selection of prospective clients. I have addressed this very issue in a risk avoidance handbook.whistle

The key to this screening process is being able to sniff out the types of clients that you do not want to accept. For example, are you the fourth adviser that this client has come to in the last four years? Does the client profile not fit your personal/company investment philosophy? Does the client have unrealistic expectations on what she is expecting you to deliver?

If the answer to any of these questions is in the affirmative, there should be a huge stoplight in front of you flashing red. Any client who fits any of these descriptions is also the client most likely to bring a claim against an adviser.

So before you take on any client with a little money, be cautious. Are there red flags coming into the relationship? If so, just say no.

That is the question that the SEC has essentially posed for registered investment advisers in a National Exam Program Risk Alert. In doing so, the SEC has stated that it will be “examining compliance oversight and controls of registered investment advisers that have employed or employ individuals with a history of disciplinary events . . . .”

The SEC will essentially be examining the investment advisers business and compliance practices, particularly focused on higher risk individuals. Does this mean that you should not hire or retain someone who may have a disciplinary past?Core Values

Of course, not. Instead, this alert should be telling you that such people, if you do decide to hire (or retain) them, should come under some form of heightened supervision for a period of time, if not forever. But be forewarned that the SEC is going to check up on you by reviewing certain information, including the following:

  1. Your compliance program , including the practices surrounding the hiring and ongoing reporting obligations of investment adviser representatives.
  2. The firm’s disclosures (i.e., Form ADV) that it makes to its customers to ensure that they are accurate.
  3. The conflict of interest that the firm discloses.
  4. The firm’s marketing.

By reviewing these areas, the SEC believes that it can better understand how firms are handling and representing advisers with a past to their customers. If you decide to hire or retain such advisers, you should focus on what you are saying to the public about them through your words and actions before you are in the SEC doghouse following an examination.

Every time that I start a FINRA arbitration, I find myself having the same internal debate; did we pick the right person to serve as the arbitration chair. Unfortunately, you will not know the answer to that question until after your arbitration begins, or, more likely, after the award is issued. FINRA has proposed a rule change to open up the filed for chair arbitrators.Conference Room

Under the proposed rule, attorneys can serve as public arbitrator chair with less experience than they were required to have in the past. Pursuant to this proposal, attorneys would only need to have served on at least one arbitration that went to an award and the complete chair training.

FINRA’s stated purpose for the rule is to “protect investors and the public interest” by increasing the pool of eligible chairpersons. This way, chairs would ideally no longer have to travel to serve as a chair.

In theory, this all makes sense. If there are more available chairs, then investors and the industry will be better served. But will this work?

In my view, much still falls on the parties to critically review the CVs of potential chairs and do your due diligence. Call other lawyers who have had arbitrations with that person. Do some research of the professional backgrounds of the potential chair. After all, just because a lawyer passes FINRA’s vetting processing does not mean that you would want that person as your chair.

Over the years that I have defended broker-dealers and investment advisors on customer-initiated claims, I have seen many things that would make any compliance officer cringe. One spine tingling (not in the good way) type of conduct is when an advisor engages his/her client when the client makes an informal complaint, instead of routing the complaint to compliance/supervision.whistle

So why is engagement against the rules of engagement? The most important reason is that engagement (aka arguing) may only make a simple customer service issues into a formal complaint. Rather than engage, my experience suggests that it is better to get the complaint (assuming it is in writing) to the proper person in compliance/supervision.

Dealing with an oral complaint is a little trickier because you are put on the spot. Nevertheless, the best course, as hard as it may be, is to try to defuse the situation by expressing that you understand the issue that is being raised, you will look into the issue and, finally, will respond further as soon as possible.

By defusing instead of engaging, you give all sides the opportunity to let cooler heads prevail. Many times a customer service issue can be easily addressed by taking a little time to consider the issues and formulate a response/course of action instead of blurting out the first thing that comes to mind; that is invariably the worst thing to say.

If you get a complaint; don’t jump to respond. Use your resources and formulate a well-reasoned response. Sometimes the client is wrong, but arguing with the client gets you nowhere except guaranteeing litigation.

When faced with a customer complaining through a letter or email, it is human nature to try to appease the customer with a conciliatory response or no response at all. I have seen this “human nature” all too often when defending brokers and advisor from customer complaints.

In almost all instances, the complaining customer now claims that the conciliatory comment or non-response is the functional equivalent of an admission by the broker/advisor that he/she did something wrong. In turn, the broker denies that he/she made any admissions by being conciliatory or silent. While I generally agree with the advisors, it is always an issue that must be overcome.whistleblower

So what should an advisor do when confronted with a nasty/accusatory email/letter? Most important, forward the communication to the person/persons who are designated in your company to handle customer complaints regardless if you “think” this person is just blowing smoke.

Someone should always respond to such a communications. The responding communication does not have to be the functional equivalent of beating up baby seals with a bat. Instead, it should be nice, but be firm at the same time.

If a client claims that you misrepresented an investment that you recommended, the response should remind the client in detail what was discussed, and why the investment falls within the client’s overall investment objectives, goals and tolerance for risk. Ideally, prior written communications on the subject will be sent back to the customer as part of this “reminder.”

Although nothing will ultimately keep a client from suing you if he/she is really inclined to do so, avoid potentially making it worse by not responding or being too conciliatory to a complaining email/letter. The last thing you want to have do is explain away the poor response (or absence of any response) to an arbitrator or jury who may not really understand you were just trying to be nice.

The SEC recently created a new position associated with cybersecurity; senior adviser to the chair for cybersecurity (Christopher R. Hetner). Mr. Hetner has an extensive background in information technology and, in particular, cybersecurity.

19196909_sAccording to the SEC, Mr. Hetner will be responsible for (i) coordinating cybersecurity efforts across the SEC; (ii) engaging with external stakeholders; and (iii) enhancing SEC mechanisms for assessing broad-based market risk. This appointment could have a wide-ranging on the industry.

As we know, the SEC has made cybersecurity an exam priority over the last few years. The SEC is also actively conducting cybersecurity investigations and undertaking enforcement actions where appropriate. According to Chairperson White, the SEC is looking to bolster its risk-based approach. So what does this mean on a day-to-day basis?

Understand that the SEC has just upped the stakes. By retaining an industry expert who is solely focused on data-security related issues, the industry must be prepared for the SEC and FINRA to come after firms regardless if the firm sustains a breach or clients suffer harm as a result. Firms with weak or no data-security programs will surely be targeted.

Are you prepared to handle this even more focused mission of the SEC? If not, you need to more fully review you systems and procedures, both internally and externally facing. Are you testing your systems and procedures on a regular basis? If not, you better start.

The SEC is prepared; are you?

If you cannot answer this question, you may have an issue when you have your next FINRA exam. After all, firm culture is a FINRA exam priority. Does your firm have a culture of compliance?

This question only leads to another; what is a culture of compliance. For one, this is something that has to resonate from the top down. If senior management ascribes to uphold firm compliance, that should promote the “culture of compliance.”CEO tree

For example, does senior leadership enforce the firm’s written supervisory processes and procedures? In doing so, does senior management hold everyone accountable the same way, or are exceptions made for the “big producers”. If exceptions are made, you are not promoting a culture of compliance.

Does senior management ensure that there is adequate training of all personnel? There should be a robust and mandatory training program to account for changes to the rules and to make your personnel aware of risks and how to avoid them; one of the biggest being data security.

These are only two of many considerations for assessing whether there is a culture of compliance. The key in it all is leadership from the top. After all, people cannot follow a leader who does not lead. Be a leader.

Anyone in a professional service business, like being a stock broker, have been faced with a client who decides to make a stupid decision. But the issue we all face is when that decision results in the client losing money; who is to be held accountable.whistleblower

Fortunately, the law does not require you to stop a client from making a stupid decision with their investments. As long as a broker-dealer’s advice was suitable and the investment advisor’s advice is in keeping with the fiduciary duty, you should not be held accountable.

But this does not mean a client who has now lost money won’t try to hold you accountable for letting them make a stupid business decision. So how do you protect yourself?

The best way to protection yourself is to send the client a letter or email at the time that the client makes the bad decision. The communication should detail why you think it is a bad decision and the potential ramifications associated with that decision.

At a minimum, you should make a note in your file, either electronic or in hard copy, that the client made the bad decision and that you (presumably) advised against it.

The law should protect you from stupid clients, but make sure you protect yourself. Contemporaneous communication to the client and notation to the file may save you millions of dollars in the future.

Core ValuesThe SEC recently commenced an enforcement action against an investment advisory firm and its principal in connection with the failure to disclose material conflicts of interest in connection with new mutual funds that the firm recently created and managed. The SEC is seeking disgorgement and an injunction against the firm and its principal.

Clients of the firm paid a fee for investment advice. Initially, the clients were invested in an ETF program. The firm subsequently created its own mutual funds that it managed for a fee.
Without disclosing that it would be paid both an investment advisory fee and fees for managing the mutual funds, the firm moved its clients into the mutual funds, which mirrored the investments in the ETF program. So why did the SEC take issue with this?

For one, the firm did not disclose the conflict of interest associated with this new strategy. The conflict of interest is that the firm is going to be paid two fees for an investment program that was the same as the prior program for which clients were only charged one fee.

Interestingly, the SEC in its complaint does not contend that the charging of two fees is per se improper. Instead, the issue is the fact that the firm did not disclose the conflict to its client before shifting the investment program. So what does this mean?

It all comes down to disclosure. If you disclose all conflicts of interest in sufficient detail, you may be able to avoid these types of enforcement issues.