Broker-Dealer Regulation

Recently, the Office of Compliance Inspections and Examinations (“OCIE”) released an alert to broker-dealers and registered investment advisers regarding the risks associated with credential stuffing.  See https://www.sec.gov/files/Risk%20Alert%20-%20Credential%20Compromise.pdf.

Credential stuffing is an automated attack on web-based user accounts and direct network login account credentials. Cyber attackers obtain lists of usernames, email addresses, and corresponding passwords from

The SEC’s Office of Compliance and Inspections (“OCIE”), recently, issued an alert—more like a shot across the bow—to BDs and RIAs regarding its concerns over activities in the industry concerning the challenges encountered by COVID-19.  See https://www.sec.gov/files/Risk%20Alert%20-%20COVID-19%20Compliance.pdf.  As part of its efforts, OCIE made certain recommendations concerning: (1) investor asset protection; (2) personnel supervision; (3)

Sadly, the hackers of the world have not let the pandemic get in the way of their nefarious activities.  In particular, BDs and RIAs have been primary targets.   In our prior blog postings, we discussed business continuity plans and the requirement these plans include cybersecurity provisions.   We believe that the SEC, FINRA, and the various

Ernie Badway, the Chair of Fox Rothschild’s Securities Industry Group, will be speaking at the National Conference of the  National Society of Compliance Professionals.  Registration information may be found at: https://www.foxrothschild.com/ernest-e-badway/events/the-secs-challenging-new-guidance-on-the-solely-incidental-broker-exemption/

Nearly a year ago, FINRA adopted Rule 2165 (Financial Exploitation of Specified Adults) and amended Rule 4512 (Customer Account Information). This new rule and amended rule were ways to address the myriad of issues dealing with senior clients.

With nearly a year gone by, FINRA has now published responses to frequently asked questions involving Rules

FINRA recently issued a report regarding its examination findings. FINRA issued this report so that firms can gain insight from the work of FINRA’s examination of other firms.

Among the FINRA’s findings are the following areas that need additional attention:

  1. Cybersecurity, including access management, risk assessments, vendor management, branch office security, segregation on internal duties

In Notice to Members 17-38, FINRA has put out for comment a change to Rule 3110 that would allow the remote inspection of certain “qualifying offices” as that term is defined by FINRA. In its Notice to Members, FINRA highlighted the point that technology and a changing industry mandate reconsideration of requiring mandatory, in-person inspections.

The SEC recently upheld a statutory disqualification that FINRA imposed where the representative filed a false U-4 and falsely answered compliance questionnaires. It appears as though the registered representative failed to disclose tax liens and a bankruptcy on his U-4. So is statutory disqualification the proper punishment for this misdeed.

According to FINRA and

Over the last several months, the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) has been conducting a “sweep examination” of over 70 broker-dealers and investment advisers to assess their cybersecurity policies and procedures.  https://www.sec.gov/files/observations-from-cybersecurity-examinations.pdf.  In particular, OCIE looked at their preparedness regarding governance and risk assessment; access rights and controls; data loss prevention;