Archives: FINRA Compliance

Over the years that I have defended broker-dealers and investment advisors on customer-initiated claims, I have seen many things that would make any compliance officer cringe. One spine tingling (not in the good way) type of conduct is when an advisor engages his/her client when the client makes an informal complaint, instead of routing the complaint to compliance/supervision.whistle

So why is engagement against the rules of engagement? The most important reason is that engagement (aka arguing) may only make a simple customer service issues into a formal complaint. Rather than engage, my experience suggests that it is better to get the complaint (assuming it is in writing) to the proper person in compliance/supervision.

Dealing with an oral complaint is a little trickier because you are put on the spot. Nevertheless, the best course, as hard as it may be, is to try to defuse the situation by expressing that you understand the issue that is being raised, you will look into the issue and, finally, will respond further as soon as possible.

By defusing instead of engaging, you give all sides the opportunity to let cooler heads prevail. Many times a customer service issue can be easily addressed by taking a little time to consider the issues and formulate a response/course of action instead of blurting out the first thing that comes to mind; that is invariably the worst thing to say.

If you get a complaint; don’t jump to respond. Use your resources and formulate a well-reasoned response. Sometimes the client is wrong, but arguing with the client gets you nowhere except guaranteeing litigation.

The SEC recently created a new position associated with cybersecurity; senior adviser to the chair for cybersecurity (Christopher R. Hetner). Mr. Hetner has an extensive background in information technology and, in particular, cybersecurity.

19196909_sAccording to the SEC, Mr. Hetner will be responsible for (i) coordinating cybersecurity efforts across the SEC; (ii) engaging with external stakeholders; and (iii) enhancing SEC mechanisms for assessing broad-based market risk. This appointment could have a wide-ranging on the industry.

As we know, the SEC has made cybersecurity an exam priority over the last few years. The SEC is also actively conducting cybersecurity investigations and undertaking enforcement actions where appropriate. According to Chairperson White, the SEC is looking to bolster its risk-based approach. So what does this mean on a day-to-day basis?

Understand that the SEC has just upped the stakes. By retaining an industry expert who is solely focused on data-security related issues, the industry must be prepared for the SEC and FINRA to come after firms regardless if the firm sustains a breach or clients suffer harm as a result. Firms with weak or no data-security programs will surely be targeted.

Are you prepared to handle this even more focused mission of the SEC? If not, you need to more fully review you systems and procedures, both internally and externally facing. Are you testing your systems and procedures on a regular basis? If not, you better start.

The SEC is prepared; are you?

If you thought the SEC and FINRA were serious about elder issues, welcome to the Alabama, Indiana and Vermont. Each has focused on elder abuse issues.

These states will have mandatory reporting to state officials in instances involving the disabled or those over 65 years of age. They will also allow advisors to cease disbursing funds from clients and providing advisors with immunity associated with doing so. So what does this all mean?

For one, states are starting to run on the coattails of federal regulators who have made elder issues an examination priority in recent years. In addition, such state laws should be a wake-up call for brokerage and advisory firms who service elder clients.money and calculator

The actions of these states should force you to ask yourself; what is my firm doing to prevent, detect and report elder abuse. Although a FINRA proposed rule does not require reporting, its goal is the same because it would allow advisors to designate a third-party to who they can inform of suspected problems.

In the absence of reporting requirements, firms should consider having clients aged 65 or above designate a trusted family member or friend when the advisor suspects that the client may be the subject of some abusive conduct. At that point, you may have a group approach to address suspected abuse.

Firms may also want to consider requiring these elder clients to designate a trusted family member or friend to receive copies of account statements. This way, someone who is “independent” can check an account for irregular activity as well.

Whether you are required to address elder abuse or not, firms should make sure that they are taking special care with their elder clients. Federal regulators and now states are focused on the issue. Are you doing anything to make sure your firm does not get into an elder abuse nightmare?

If you cannot answer this question, you may have an issue when you have your next FINRA exam. After all, firm culture is a FINRA exam priority. Does your firm have a culture of compliance?

This question only leads to another; what is a culture of compliance. For one, this is something that has to resonate from the top down. If senior management ascribes to uphold firm compliance, that should promote the “culture of compliance.”CEO tree

For example, does senior leadership enforce the firm’s written supervisory processes and procedures? In doing so, does senior management hold everyone accountable the same way, or are exceptions made for the “big producers”. If exceptions are made, you are not promoting a culture of compliance.

Does senior management ensure that there is adequate training of all personnel? There should be a robust and mandatory training program to account for changes to the rules and to make your personnel aware of risks and how to avoid them; one of the biggest being data security.

These are only two of many considerations for assessing whether there is a culture of compliance. The key in it all is leadership from the top. After all, people cannot follow a leader who does not lead. Be a leader.

Anyone in a professional service business, like being a stock broker, have been faced with a client who decides to make a stupid decision. But the issue we all face is when that decision results in the client losing money; who is to be held accountable.whistleblower

Fortunately, the law does not require you to stop a client from making a stupid decision with their investments. As long as a broker-dealer’s advice was suitable and the investment advisor’s advice is in keeping with the fiduciary duty, you should not be held accountable.

But this does not mean a client who has now lost money won’t try to hold you accountable for letting them make a stupid business decision. So how do you protect yourself?

The best way to protection yourself is to send the client a letter or email at the time that the client makes the bad decision. The communication should detail why you think it is a bad decision and the potential ramifications associated with that decision.

At a minimum, you should make a note in your file, either electronic or in hard copy, that the client made the bad decision and that you (presumably) advised against it.

The law should protect you from stupid clients, but make sure you protect yourself. Contemporaneous communication to the client and notation to the file may save you millions of dollars in the future.

Unfortunately, a bad broker does not take on the same attributes as a fine wine. Bad brokers do rarely improve with time.

At least this was the recent message of Robert Ketchum, head of FINRA. But should all brokers who have any pings on their record be foreclosed from the industry? Certainly not, but what should you do?Core Values

The question is tougher when the broker coming to you with some knocks on his record has been a historically high producer for his prior member firm. Surely, there must be more to the story.
In my experience, there usually is more to the story. Just because someone has some marks does not mean he/she is not worthy to be with your firm. But be careful.

Anyone coming to your firm with any pings on their U-4 should be brought on under heightened supervision. This way you can personally assess this person and test the reasons why this person has been pinged in the past. Maybe the registered representative was just the victim of circumstance in the past.

Either way, if you are going to bring someone on with a checkered past, you better be willing to take the time to watch over this person. After all, by bringing them to your firm, you have assumed responsibility for them. Take caution on the front end or be ready to pay the price later.

It was great speaking at the May 17 New York NSCP regional conference on risk issues facing firms where Ernie Badway and I discussed cyber-security, risk issues, regulatory matters, issues involving elder clients and ways compliance personnel can protect themselves.  For those of you who could not make the conference, these topics are frequently discussed in our various publications.  Feel free to access them here and use them as you see fit.  Core Values

On Tuesday, May 17, Ernie Badway and I are the keynote speakers at the NSCP Spring Conference in New York, entitled “Juggling Compliance Risks — Maintaining the Balance“. BoardAmong other things, Ernie and I will be speaking about cybersecurity, risk avoidance techniques, government regulations, elder client issues and compliance.  We hope to see you at the conference.

Believe it or not, the old fashioned telephone may be one of your best defenses to a data breach and corresponding fraud. How so, you may ask.

19196909_sOne of the greatest data security risks that firms have is not necessarily a hack into your IT systems. Instead, the hacking into your client’s email account may pose an even greater risk.

For example, an email account can be hacked and the hacker pose as your client and then makes an email request for a wire transfer of a significant amount of money. The easiest way to ensure that the email is legitimate is to pick up that thing that sits on the corner of your desk and call your client to confirm that he/she is requesting the wire.

This phone call takes no more than five minutes and will avoid you having to file a SAR and being out of pocket to your client. You should have a written policy that all wires should be confirmed over the phone where the failure to do so will be termination.

Hackers are getting more and more creative. Yet, the oldest technology in your office may be the difference between a data breach and a satisfied customer. Don’t forget to use it.

In this day and age of instant information and overstretched supervisory personnel, you have to be careful to avoid forgoing a very useful supervisory tool. Meeting face to face with those associated persons under your supervision on a regular basis could mean the difference between routing out rogue advisors and being subject to regulatory and civil actions.Core Values

Face to face meetings are even more important where the people you supervise are in regional offices. In other words, those advisors you do not see on a regular basis. With these people in particular, you must go to their offices for regular visits.

You may ask why it is so important to have face to face contact with the people you supervise. After all, you monitor email and correspondence on a daily basis. The advisor submits her outside business and AML forms on at least an annual basis. So who cares about a face to face?

Believe it or not, people lie on forms. It is easier to lie on paper (real or electronic) than it is in person. Also, seeing someone in their natural environment may make it easier to solicit information from them because they are relaxed.

Face to face meetings also help to show whether a person is living beyond his or her means. For example ,what would it mean if a mediocre producer is now driving a Ferrari? Maybe nothing, but maybe a lot more.

People living beyond their means can be a sign that they have another source of income, legitimate or not. You would never know if there is a potential issue if you did not bother to go to this person’s office for a face to face. That person could be the next Madoff, but you would never know if you only sat in your office and stared at a computer screen all day.

If you are going to supervise, then do it. Never forget the value of face to face meetings with those under your supervision.