Archives: Investment Adviser Regulation

It was great speaking at the May 17 New York NSCP regional conference on risk issues facing firms where Ernie Badway and I discussed cyber-security, risk issues, regulatory matters, issues involving elder clients and ways compliance personnel can protect themselves.  For those of you who could not make the conference, these topics are frequently discussed in our various publications.  Feel free to access them here and use them as you see fit.  Core Values

Client relationships and expectations can be the source of success and liability at the same time.  Ernie Badway and I will be speaking on May 17 in New York City at a regional conference of the National Society of Compliance Professionals.  We will be speaking about risk avoidance techniques that you can use in the everyday world, as well as highlighting issues and challenges that you face managing risk.  For more information about the conference, go to  We hope to see you there.

With the exception of those of you who have literally been asleep for the last few years, you are well-versed in the attention FINRA and the SEC are giving to issues surrounding elder investors. Among other things, there is a real focus on elder abuse.

Some commentators believe that all of this attention may inevitably lead to additional regulations regarding how you handle older investors. Like most things from a regulatory/legislative standpoint, the loudest wheel will get the most oil.confusion.jpg

With the graying of the baby boomers, this section of society will undoubtedly have a large voice in whatever regulations or laws may come to pass. It seems as though most of the claims I have defended over the last 20 years have involved investors over the age of 60 such that I can say there is a real issue with how firms handle older clients.

Is there anything that can be done to avoid this potential regulatory headache? I think that there are things that can be done on both a macro and micro level.

The macro solution requires firms to take a big picture view of its customer composition. Assuming that there is a graying component to your customer base, you should have specific firm-wide policies and procedures that address elder issues; i.e., heightened supervision, alternate decision-makers, a committee that addresses elder issues, etc.

The micro solution is tied to the macro and can be addressed by a simple question. What are you as a firm doing to ensure your policies and procedures pertaining to elder investors are being carried through as written by your advisors/representatives? If you cannot answer this question, you might as well be signing off on those regulations.

Avoiding elder client regulations may still be in your hands. Are you doing enough to address the issue at your firm? Only time will tell.

  • photo from

Those famous words of the immortal Yogi Berra hold true when it comes to the SEC exam priorities for 2016. Among those at the top of the list are two familiar friends; protecting retail investors and investors saving for retirement.

It is clear that the SEC is looking in particular toward how retail firms are dealing with their older clientele since it is fair to assume that older client are those most likely preparing for retirement. So what does the SEC want to know?whistle

The SEC is looking at retirement services being offered, focusing on whether there is a reasonable basis for recommendations, conflicts of interest, supervision and compliance controls, as well as marketing and disclosure practices. If you compare these priorities to FINRA’s exam priorities, you will see the overlap.

The overlap of these priorities should sound alarms bells off in your head. The SEC and FINRA have told you twice what your regulators will analyze during your next exam. You have a choice.
You can ignore these areas and not take prophylactic measures to make sure that your policies and procedures in these are consistent with current industry standards, or you can take a serious look at what your firm is doing for your clients who are focused on retirement investing. Something tells me that taking the path of least resistance will not win you any awards with your regulators.

So take affirmative steps and give your policies and procedures in these areas will deep thought. Do you have any policies and procedures in place? If so, do they go far enough and are they consistent with current industry trends and practices? FINRA and the SEC are doing some of your work for you, don’t miss out on the free advice they are giving you.

     The SEC is conducting an exam sweep that focuses on retirement advice being given to clients of investment advisors and broker-dealers. Some commentators see this as a turf war between the SEC and the Department of Labor (DOL) because the sweep focuses on things that may come under the DOL’s jurisdiction.
Whether the exam sweep intrudes upon the DOL’s purview is really not the point. The real take away as I see it is the general subject matter and those clients who would be most and calculator
This past year, the SEC and FINRA issued a joint report with their findings from an exam sweep focused on elder clients. This current SEC sweep can, at least in part, be seen as an extension of that work; elder clients may be the ones most impacted by retirement account advice.
So what does this mean for you? If your firm is not razor focused on what it is doing with elder clients and retirement accounts, you may be in for a rude awakening during your next regulatory exam.
As the year ends, dust off your WSPs and take a hard look at it for elder and retirement account issues. Are you addressing prior findings of the SEC and FINRA that they have made available in various reports? Has anything changed this year with the way you are running your business that may warrant a different approach? Do you need to do things differently because of changes to your business model?
Ask these questions internally now and maybe you can avoid answering the same to your regulator. You may not like the response you get from the regulator.

The SEC recently issued an investor bulletin regarding one of our favorite topics; data security of customer accounts. The primary areas of the SEC’s focus were:

  1. Have a strong password, keep it secure and change it often.
  2. Use a two-step verification process if the firm offers it.
  3. Use different passwords for different on-line accounts.
  4. Avoid using public computers to access on-line accounts.
  5. Cautiously use wireless access to on-line accounts.
  6. Check and double check any links that are sent to you via email purporting to come from your advisory firm.
  7. Secure your mobile devices.
  8. Regularly check your account statements and confirmations for unusual activity.

In my view, the above guidance offers you opportunities with your clients. For example, you should offer a two-step verification process for on-line account access. By doing so, you are telling your clients that you value their business and the protection of their confidential information.

Similarly, you should consider providing similar guidance as an investor alert or the like t27782265_so all of your clients who have on-line access. First, this gives you another opportunity to be in front of your clients. Second, it demonstrates that your firm takes the issue of data security very seriously.

Although the prospects of suffering a data breach may be ominous, you can do something to educate your clients so that they do not become unwitting targets. Providing this type of client service can only strengthen your client relationships. There is no time like the present to take this affirmative step. Make yourself a valued resource for your clients.

Andrew Donohue, SEC Chief of Staff, recently commented on what a person needs in order to be a competent CCO; he identified nine things. The overarching theme from this list is experience. According to Donahue, in no particular order, a CCO must:

  1. Have a “first hand knowledge” of the regulatory environment.
  2. Have a detailed understanding of the firm, its operations and structure.CEO tree
  3. Be able to readily identify conflicts of interest, report and resolve them.
  4. Have an understanding of the firm’s business model, including knowledge of firm available products and their profitability.
  5. Have an understanding of the compliance and technology platforms at the firm.
  6. Have an understanding of the firm policies and procedures, including how the firm deploys and monitors them.
  7. Have an understanding of the applicable markets in which the firm transacts business.
  8. Have the ability to create an atmosphere that puts the client first.
  9. Have an ability to identify firm gaps and to determine what needs to be done to resolve those gaps.

The key takeaway is that firms must hire those who have a highly developed skill set in the industry. By having such a skill set, that person will be best able to understand the firm and to create policies and procedures to best serve the firm and its clients. This explains why firms typically handle former regulators to serve as CCO.

Depending on the size of the firm, the CCO should have some staff who can learn the ropes so to speak and be able to assist the CCO in carrying out his/her duties. With data security and elder issues garnering ever increasing attention from the SEC and FINRA, having people with honed subject matter skill sets can only make the CCO that much more effective.

Stated another way, don’t go cheap when it comes to hiring your CCO and his/her staff. Those people may ultimately save the firm from regulatory purgatory and civil liability.

As recently reported in the Investment News, the North American Securities Administration Association (NASSA) reported on the results of state coordinated examinations. The relative good news was that there were 30% fewer deficiencies from 2013 to 2015.

These examinations revealed, however, five areas of particular concern for state based investment advisors. These issues are:money and calculator

  1. Not adequately documenting the suitability of investment recommendations being the biggest concern.
  2. Failing to adequately explain fees in contracts.
  3. Inconsistencies in the FORM ADV Parts 1 and 2.
  4. Charging fees not as outlined in the Form ADV.
  5. Improper client invoices for direct-fee reduction.

If you are a state-based advisor, you should be asking yourself if you have any of these deficiencies. If your conduct falls within any of these areas of deficiency, you should take action now to correct them, or face regulatory exposure in the future.

A recent article in highlighted certain areas of focus for investment advisors/broker-dealers when it comes to addressing cyber-threats. The article focused on four areas of particular significance.

First, a firm must have a robust risk assessment approach to cyber-security. After all, a firm cannot develop and deploy cybersecurity policies and procedures unless and until the firm identifies what are its risks.

Just as important, the risk assessment cannot be a one and done project. Best practices dictate that firms continually conduct risk assessments to determine new risks. The hackers are changing their tactics, so you may have to as well.19196909_s

Second, once you develop and deploy policies and procedures, you should create and test incident response plans. Otherwise, how will you know these policies and procedures work when confronted with an actual data breach.

Third, if you use vendors, perform due diligence on them on an ongoing basis to assess their cyber-security risks. For example, if you outsource email retention, you will want to know how that vendor is going to protect its email storage databases from an unwanted intrusion. Equally important, you want to revisit what the vendor is doing for cyber-security on a regular basis.

Fourth, train and retrain your staff so that they avoid inadvertently exposing the company to malware. Among other things, you should consider a policy for staff to follow before they download anything from an external email or web site.

These are just a few suggestions for this ever increasing focus for both firms and their regulators. Avoid being a victim; assess risk, develop plan/procedures, test the plan/procedures, and educate your staff.

The FINRA Board of Governors election results are in.  There were three vacancies among the 10 seats reserved for industry representatives:  one Large, one Mid-Size, and one Small Firm Governor.  John Thiel, head of Merrill Lynch Wealth Management, who ran unopposed, won the Large Firm Governor Seat.  Joe Romano, president of Romano Wealth Management, won the Small Firm Governor Seat.  And, interestingly, Brian Kovack, Votepresident and co-founder of Kovack Securities Inc., won the Mid-Size Governor Seat.

Additionally, as reported by Bernice Napach of ThinkAdvisor, two new governors were appointed to the FINRA board.  Kathleen Murphy, president of personal investing at Fidelity Investments, was appointed as an industry board governor.  Randal Quarles, managing partner and co-founder of the Cynosure Group, was appointed as a public governor.

Kovack’s win stands out as somewhat of a coup, having defeated the FINRA-nominated candidate to represent mid-size firms FINRA’s Board.  As we reported last month, with credit to Melanie Waddell of ThinkAdvisor, Kovack ran a “Dissident” campaign, calling for “immediate reforms” to FINRA’s arbitration system, the exam process, and U4 disclosures.  Given Kovack’s victory last week and presence on FINRA’s Board for the next three years, we should expect to see proposals – or at least discussions – on reforming FINRA’s arbitration process, exams, and U4 disclosures going forward.