Broker-Dealer Regulation

Nearly a year ago, FINRA adopted Rule 2165 (Financial Exploitation of Specified Adults) and amended Rule 4512 (Customer Account Information). This new rule and amended rule were ways to address the myriad of issues dealing with senior clients.

With nearly a year gone by, FINRA has now published responses to frequently asked questions involving Rules 2165 and 4512. The responses to the FAQs are broken down into the following categories.

  1. Placement of temporary holds.
  2. Extensions of temporary holds.
  3. Trusted contact.
  4. Disclosure.

For anyone who has any senior clients, a review of these FAQs is necessary because they reflect FINRA’s ongoing focus of senior clients. Reviewing the FAQs will only take a few minutes, defending yourself in a lawsuit brought by a senior will take years. How would you rather spend your time?

FINRA recently issued a report regarding its examination findings. FINRA issued this report so that firms can gain insight from the work of FINRA’s examination of other firms.

Among the FINRA’s findings are the following areas that need additional attention:

  1. Cybersecurity, including access management, risk assessments, vendor management, branch office security, segregation on internal duties and data loss prevention.
  2. Outside business activities and private securities transactions, including failure to provide notice to firms, notice reviews and post private securities transaction approval conduct.
  3. Anti-money laundering compliance programs, including maintaining adequate policies and procedures for suspicious activities, responsibility for AML monitoring, exclusions from data feeds used for AML monitoring, resources for AML monitoring and independent testing for AML monitoring.
  4. Product suitability, including unit investment trusts, multi-share class and complex products and training.
  5. Best execution.
  6. Market access controls, including establishing pre-trade financial thresholds, implementing and monitoring aggregate financial exposures, tailoring erroneous or duplicative order controls, implementing effective fixed income financial controls, reliance on vendors for fixed income financial controls, and effective testing for fixed income financial controls.

This list and the items in it should provide other firms with the benefit of hindsight. Review the report and then self-critique your firm. Do you have any of these issues? If so, implement modifications and adjustments to address them.

In Notice to Members 17-38, FINRA has put out for comment a change to Rule 3110 that would allow the remote inspection of certain “qualifying offices” as that term is defined by FINRA. In its Notice to Members, FINRA highlighted the point that technology and a changing industry mandate reconsideration of requiring mandatory, in-person inspections.

A “qualified office” is an office that meets the following conditions:

  1. A location where there are no more than three associated persons that conduct business for the firm.
  2. A location that is not held out to the public as an office of the firm.
  3. The associated person at that location conducts business for the firm solely through the firm’s authorized electronic systems.
  4. All required books and records are maintained by the firm other than at the location.
  5. No customer funds or securities are handled at the location.
  6. The location is either (i) not required to be annually inspected; (ii) designated as an OSJ solely because of supervisory activities described in Rule 3110(f)(1)(D) through (G); or (iii) designated as a branch office solely because of supervisory activities described in Rule 3110(f)(2)(B).
  7. No registered person at the location has a disciplinary history and no associated person at the location is subject to statutory disqualification.

Although there are a number of conditions to satisfy the exception to in-person branch office inspections, this proposed change is a start in the right direction. Compliance and supervision take substantial overhead, and the proposed change is just an acknowledgement of reality that inspections can be performed without the need of boots on the ground. Time will tell if this rule change happens.


The SEC recently upheld a statutory disqualification that FINRA imposed where the representative filed a false U-4 and falsely answered compliance questionnaires. It appears as though the registered representative failed to disclose tax liens and a bankruptcy on his U-4. So is statutory disqualification the proper punishment for this misdeed.

According to FINRA and the SEC, the answer is a resounding yes and, unfortunately for the registered representative, this makes sense. After all, the U-4 is the lynchpin of what must be disclosed to FINRA and members firms. The answers serve as the basis for whether a registered representative will be hired, retained and supervised.

24752961 – grunge rubber stamp with text disclosure,vector illustration

Similarly, firms use compliance questionnaires to determine if there are compliance issues that need to be addressed. The firm cannot satisfy that purpose when the responses are a lie.

The moral of the story, do not lie on your U-4 and compliance questionnaires. It is only a matter of time before you are caught, and you will be caught. Why throw away your career when the true answers may not have had any impact on the person’s career or position with the member firm.


Over the last several months, the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) has been conducting a “sweep examination” of over 70 broker-dealers and investment advisers to assess their cybersecurity policies and procedures.  In particular, OCIE looked at their preparedness regarding governance and risk assessment; access rights and controls; data loss prevention; vendor management; training; and incident response.

For the most part, OCIE found policies and procedures in place, and these firms did, in fact, conduct penetration tests and vulnerability scans; used a system to prevent data loss; installed software patches; adopted response plans; and conducted vendor risk assessments.  However, all the news was not good.  OCIE believes that these firms should have better tailored policies and procedures; conduct enhanced employee training; replace outdated systems; and make sure that various vulnerabilities were addressed in a timely fashion.  OCIE also informed these firms that it will continue to be vigilant in the cybersecurity sphere in both its examinations and testing.

In sum, with the exception of tweets from the White House, no area is getting more attention from the public and the government than cybersecurity precautions and detection.  It is critical that senior management and compliance at broker-dealers and investment advisers take this threat seriously or there could be serious repercussions if their business is attacked.

The CEO of FINRA recently announced that FINRA plans to provide firms with additional resources to deal with recidivist brokers. So what does this mean?

For years, FINRA’s exam priorities have focused on, among other things, brokers who are repeat violators of FINRA rules. FINRA has made this a priority as a way to weed out brokers who do not deserve to be in the industry because they are likely causing more harm than good.

FINRA is effectively asking the firms to do their part in cleansing the industry of bad brokers. What can a firm do in this regard?

First, firms must take more care in the hiring process. Your due diligence cannot begin and end by pulling the registered representative’s CRD. You should run a Google (or similar) style search on the broker. There are also services you can use to find out if there are judgments, liens or lawsuits against the broker. This way, you can find red flags that may not appear on CRD.

Second, once you hire the broker, you have to make sure he/she is coming under a robust supervisory and compliance overview. Be proactive if you sense there is a problem. By doing do, even if there is a problem, you may be able to cut it off before it gets worse.

There is no easy solution. From FINRA’s perspective, however, you are either part of the solution or part of the problem. The choice is yours.

FINRA is currently reviewing its rules regarding outside business activities and private securities transactions. From time to time, FINRA reviews its rules and application of those rules to see if anything needs to be tweaked. Is there any significance to FINRA looking at these particular rules?

From my experience, some bad brokers have used the outside business activity disclosure process as the tool to cover their tracks while engaging in activity that the firm would otherwise want to know about. In some case, the undisclosed outside business turned out to be a Ponzi scheme.Core Values

The purpose of requiring outside business disclosures is for a firm to make sure that it and its clients know about any conflicts of interest that their brokers may have. For example, the firm would want to know if the broker had a real estate broker’s license because that business may compete with the time the broker can give to her securities investing clients.

FINRA exploring this area should be a message to firms that they need to ask critical questions about what they are doing regarding outside business disclosures.

Ask yourself:

  • Are you doing enough to make sure you receive honest and complete disclosures?
  • What, if any, ramifications are there for incomplete or untimely disclosures?
  • Are you asking enough follow-up questions to understand the proposed outside business activity?
  • What follow-up, if any, do you make with brokers who make disclosures?

If you cannot answer these questions, you need to do more homework or be exposed to the bad broker who may be in your midst.