Compliance and Supervision

A chief compliance officer (“CCO”) for a registered investment adviser (“RIA”) found himself barred from any compliance or supervisory role in the future because he willfully refused to fix a number of compliance issues.  See https://www.sec.gov/litigation/admin/2017/34-82397.pdf. 

The RIA had conducted a review that uncovered numerous compliance problems.  Despite having notice of the results of this review, the CCO simply ignored it, and did not address any of the problems, including, among other things, the failure to retain emails, electronic information, or protect customer information.  The CCO also failed to update the compliance manual or conduct an annual review.

Such a step by the SEC is in keeping with its belief that CCOs are on the front lines of ensuring that the public are protected.  Here, it seems that the CCO ignored those responsibilities, and was punished severely.

Nearly a year ago, FINRA adopted Rule 2165 (Financial Exploitation of Specified Adults) and amended Rule 4512 (Customer Account Information). This new rule and amended rule were ways to address the myriad of issues dealing with senior clients.

With nearly a year gone by, FINRA has now published responses to frequently asked questions involving Rules 2165 and 4512. The responses to the FAQs are broken down into the following categories.

  1. Placement of temporary holds.
  2. Extensions of temporary holds.
  3. Trusted contact.
  4. Disclosure.

For anyone who has any senior clients, a review of these FAQs is necessary because they reflect FINRA’s ongoing focus of senior clients. Reviewing the FAQs will only take a few minutes, defending yourself in a lawsuit brought by a senior will take years. How would you rather spend your time?

The SEC recently put out an Investor Bulletin on wrap fees. Although this guidance is steered toward consumers, there are lessons to be learned by firms who offer such programs.

The SEC specifically posed the question of what does the fee cover. Included in that list of possibilities are:

  1. Investment advice.
  2. Brokerage costs.

    24752961 – grunge rubber stamp with text disclosure,vector illustration
  3. Administrative expenses.
  4. Other fees and expenses like those associated with mutual funds.
  5. Third party service provider costs and trading away.

So what can a firm take away from this bulletin? For one, now is as good a time as any to make sure that your wrap fee disclosures are complete and up to date.

In the first instance, do you even have written disclosures that you can provide customers? If you do, do they detail the services being provided and the fees being charged. If the answer to either question is no, you have work to do.

FINRA recently issued a report regarding its examination findings. FINRA issued this report so that firms can gain insight from the work of FINRA’s examination of other firms.

Among the FINRA’s findings are the following areas that need additional attention:

  1. Cybersecurity, including access management, risk assessments, vendor management, branch office security, segregation on internal duties and data loss prevention.
  2. Outside business activities and private securities transactions, including failure to provide notice to firms, notice reviews and post private securities transaction approval conduct.
  3. Anti-money laundering compliance programs, including maintaining adequate policies and procedures for suspicious activities, responsibility for AML monitoring, exclusions from data feeds used for AML monitoring, resources for AML monitoring and independent testing for AML monitoring.
  4. Product suitability, including unit investment trusts, multi-share class and complex products and training.
  5. Best execution.
  6. Market access controls, including establishing pre-trade financial thresholds, implementing and monitoring aggregate financial exposures, tailoring erroneous or duplicative order controls, implementing effective fixed income financial controls, reliance on vendors for fixed income financial controls, and effective testing for fixed income financial controls.

This list and the items in it should provide other firms with the benefit of hindsight. Review the report and then self-critique your firm. Do you have any of these issues? If so, implement modifications and adjustments to address them.

In Notice to Members 17-38, FINRA has put out for comment a change to Rule 3110 that would allow the remote inspection of certain “qualifying offices” as that term is defined by FINRA. In its Notice to Members, FINRA highlighted the point that technology and a changing industry mandate reconsideration of requiring mandatory, in-person inspections.

A “qualified office” is an office that meets the following conditions:

  1. A location where there are no more than three associated persons that conduct business for the firm.
  2. A location that is not held out to the public as an office of the firm.
  3. The associated person at that location conducts business for the firm solely through the firm’s authorized electronic systems.
  4. All required books and records are maintained by the firm other than at the location.
  5. No customer funds or securities are handled at the location.
  6. The location is either (i) not required to be annually inspected; (ii) designated as an OSJ solely because of supervisory activities described in Rule 3110(f)(1)(D) through (G); or (iii) designated as a branch office solely because of supervisory activities described in Rule 3110(f)(2)(B).
  7. No registered person at the location has a disciplinary history and no associated person at the location is subject to statutory disqualification.

Although there are a number of conditions to satisfy the exception to in-person branch office inspections, this proposed change is a start in the right direction. Compliance and supervision take substantial overhead, and the proposed change is just an acknowledgement of reality that inspections can be performed without the need of boots on the ground. Time will tell if this rule change happens.

 

The SEC recently upheld a statutory disqualification that FINRA imposed where the representative filed a false U-4 and falsely answered compliance questionnaires. It appears as though the registered representative failed to disclose tax liens and a bankruptcy on his U-4. So is statutory disqualification the proper punishment for this misdeed.

According to FINRA and the SEC, the answer is a resounding yes and, unfortunately for the registered representative, this makes sense. After all, the U-4 is the lynchpin of what must be disclosed to FINRA and members firms. The answers serve as the basis for whether a registered representative will be hired, retained and supervised.

24752961 – grunge rubber stamp with text disclosure,vector illustration

Similarly, firms use compliance questionnaires to determine if there are compliance issues that need to be addressed. The firm cannot satisfy that purpose when the responses are a lie.

The moral of the story, do not lie on your U-4 and compliance questionnaires. It is only a matter of time before you are caught, and you will be caught. Why throw away your career when the true answers may not have had any impact on the person’s career or position with the member firm.

 

Over the last several months, the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) has been conducting a “sweep examination” of over 70 broker-dealers and investment advisers to assess their cybersecurity policies and procedures.  https://www.sec.gov/files/observations-from-cybersecurity-examinations.pdf.  In particular, OCIE looked at their preparedness regarding governance and risk assessment; access rights and controls; data loss prevention; vendor management; training; and incident response.

For the most part, OCIE found policies and procedures in place, and these firms did, in fact, conduct penetration tests and vulnerability scans; used a system to prevent data loss; installed software patches; adopted response plans; and conducted vendor risk assessments.  However, all the news was not good.  OCIE believes that these firms should have better tailored policies and procedures; conduct enhanced employee training; replace outdated systems; and make sure that various vulnerabilities were addressed in a timely fashion.  OCIE also informed these firms that it will continue to be vigilant in the cybersecurity sphere in both its examinations and testing.

In sum, with the exception of tweets from the White House, no area is getting more attention from the public and the government than cybersecurity precautions and detection.  It is critical that senior management and compliance at broker-dealers and investment advisers take this threat seriously or there could be serious repercussions if their business is attacked.