The Office of Compliance Inspections and Examinations (or OCIE) recently issued a Risk Alert that identified the five most frequent compliance topics that arising from OCIE examinations. These compliance topics include the following:

  1. Deficient compliance programs,
  2. Late or insufficient filings,
  3. Violations of the custody rule,
  4. Code of Ethics compliance deficiencies, and
  5. Books and records.

Among other things, OCIE noted that it continues to see untailored “off-the-shelf” manuals, deficient or non-existent annual reviews, as well as the systemic failure to follow procedures. So what does this all mean?Core Values

It would certainly appear from OCIE’s analysis that firms continue to take the easy way out when it comes to compliance. There is nothing per se wrong with an “off-the-shelf” compliance manual. The impropriety comes when the firm does nothing to modify that manual to conform to its business model. Not conforming a compliance manual to your individual circumstances is no different from not having a manual.

Equally problematic are the lack of meaningful annual reviews. Any annual review must be meaningful to have any regulatory significance. A meaningful review can look differently from firm to firm, but there are a few components were noting.

First, everyone at the firm must participate in the review process. Compliance comes from the tone at the top. Second, the firm should employ a checklist of required elements, and those that may be firm specific. Third, correct any deficiencies found through this process.

Compliance is not easy. But don’t take the easy way out. Having a robust compliance program takes hard work. Do it now, or pay the SEC later.

In the hectic world of financial services, registered representatives and investment adviser representatives are always looking to increase their assets under management. At what cost? Are there situations where you would be better off just saying no to accepting that one additional client?

In my many years of defending representatives and advisers from customer complaints, the unqualified answer is yes; there are situations when you are better off just saying no. Any good risk avoidance program will provide for the proper screening/selection of prospective clients. I have addressed this very issue in a risk avoidance handbook.whistle

The key to this screening process is being able to sniff out the types of clients that you do not want to accept. For example, are you the fourth adviser that this client has come to in the last four years? Does the client profile not fit your personal/company investment philosophy? Does the client have unrealistic expectations on what she is expecting you to deliver?

If the answer to any of these questions is in the affirmative, there should be a huge stoplight in front of you flashing red. Any client who fits any of these descriptions is also the client most likely to bring a claim against an adviser.

So before you take on any client with a little money, be cautious. Are there red flags coming into the relationship? If so, just say no.

The SEC recently created a new position associated with cybersecurity; senior adviser to the chair for cybersecurity (Christopher R. Hetner). Mr. Hetner has an extensive background in information technology and, in particular, cybersecurity.

19196909_sAccording to the SEC, Mr. Hetner will be responsible for (i) coordinating cybersecurity efforts across the SEC; (ii) engaging with external stakeholders; and (iii) enhancing SEC mechanisms for assessing broad-based market risk. This appointment could have a wide-ranging on the industry.

As we know, the SEC has made cybersecurity an exam priority over the last few years. The SEC is also actively conducting cybersecurity investigations and undertaking enforcement actions where appropriate. According to Chairperson White, the SEC is looking to bolster its risk-based approach. So what does this mean on a day-to-day basis?

Understand that the SEC has just upped the stakes. By retaining an industry expert who is solely focused on data-security related issues, the industry must be prepared for the SEC and FINRA to come after firms regardless if the firm sustains a breach or clients suffer harm as a result. Firms with weak or no data-security programs will surely be targeted.

Are you prepared to handle this even more focused mission of the SEC? If not, you need to more fully review you systems and procedures, both internally and externally facing. Are you testing your systems and procedures on a regular basis? If not, you better start.

The SEC is prepared; are you?

FINRA has identified that firm culture is in its cross-hairs. But what is firm culture?

Trying to figure out what’s meant by firm culture reminds of my law school days studying First Amendment law and, in particular, cases addressing pornography. A former Supreme Court Justice, Potter Stewart, seemed to get it right when he said something along the line of, I don’t know what pornography is, but I know it when I see it.CEO tree

I think that the same can be said about firm culture. No one really knows what it is, but FINRA is sure to determine when there is a failure of firm culture when FINRA sees it. So what should you think about when it comes to firm culture?

I think that the easiest way to think about firm culture is what does the leadership from the top down look like. How does the firm’s upper management approach issues involving compliance with the law and regulations, as well as the firm’s own written policies and procedures?

If the firm leadership does not take these issues seriously, then that same leadership cannot expect its registered representatives and staff to take those things seriously as well. In other words, the do as I say not as I do philosophy is a failed philosophy.

FINRA has identified firm culture as an exam priority and has recently reemphasized that point in its planned targeted examinations. It is now the put up or shut up moment. Is your firm’s leadership making compliance and supervision issues a top priority? If no, you should expect FINRA finding a problem with your firm’s culture. FINRA is sure to know it when it sees it.

FINRA released its 2016 Exam Priorities yesterday, and its top priority ventures into a very grey area.  FINRA has announced that beginning this year, it will formalize a process of assessing “firm culture”.  In doing so, FINRA appears to be focused primarily on ethics and conflicts of interest and insists that it “does not seek to dictate firm culture”.

Core ValuesFINRA has defined “firm culture” as “set of explicit and implicit norms, practices, and expected behaviors that influence how firm executives, supervisors and employees make and implement decisions in the course of conducting a firm’s business.”  In its assessments, FINRA plans to focus on five indicators of acceptable firm culture:

  1. Whether control functions are valued within the organization;
  2. Whether policy or control breaches are tolerated;
  3. Whether the organization proactively seeks to identify risk and compliance events;
  4. Whether supervisors are effective role models of firm culture; and
  5. Whether sub-cultures (e.g., at a branch office, a trading desk or an investment banking department) that may not conform to overall corporate culture are identified and addressed.

While FINRA’s intentions are well-placed, this level of micromanagement is unprecedented.  Assessment of company values and culture is inherently subjective, which makes it difficult for a government regulator to assess and enforce.  Thus, it will be interesting to see how FINRA actually develops its formal evaluation of firm culture.

As we predicted last month, the Securities and Exchange Commission adopted a final rule that requires a public company to disclose the ratio of the compensation of its CEO to the median compensation of its employees.  This measure was mandated under Dodd-Frank (section 953(b)), but the SEC maintains that its rule “provides companies with flexibility in calculating this pay ratio, and helps inform shareholders when voting on ‘say on pay.'”  Specifically, the new rule requires public companies to disclose:

  • The median of the annual total compensation of all its employees, except the CEO;
  • The annual total compensation of its CEO; and
  • The ratio of those two amounts.

However, companies are given flexibility in CEO treeselecting a methodology for identifying their median employee compensation, based on their own facts and circumstances.  In doing so, companies are permitted to take into account either their entire employee population or just a statistical sampling, as well as apply a cost-of-living adjustment.  Companies are also permitted to adjust this methodology once every three years.  However, companies are also required to disclose their methodology for determining their median employee compensation.

Companies are required to make these disclosures in their registration statements, proxy and information statements, and annual reports, which must already include executive compensation information as set forth under Item 402 of Regulation S-K.  However, companies are not be required to disclose the pay ratio information in reports that do not require executive compensation information, such as current and quarterly reports, nor update their disclosure for the most recently completed fiscal year.

The disclosure requirement applies to all companies required to provide executive compensation disclosure under Item 402(c)(2)(x) of Regulation S-K, but not smaller reporting companies, foreign private issuers, MJDS filers, emerging growth companies, and registered investment companies.  Such companies are required to disclose their pay ratio beginning on or after January 1, 2017.

Thus, companies subject to this disclosure should begin testing various methodologies for determining their median employee compensation, so as to be able to disclose a pay ratio that is the best fit for them by 2017.

According to Andrew Ackerman and Joann Lublin of the Wall Street Journal, the Securities and Exchange Commission is “poised to complete a rule requiring companies to disclose the pay gap between chief executives and employees”. Under the proposed rule, companies would be forced to disclose median worker pay as compared to their CEO compensation.  This rule was a measure included in Dodd-Frank, and could be approved by the SEC as early as next week.

A point of contention appears to be the money and calculatorexclusion of overseas workers.  The WSJ expects that the SEC will allow companies to exclude 5% of their international workers’ compensation from the pay-ratio calculation; however, companies are pressing for a larger exclusion.  There is also concern among stakeholders that the cost associated with compiling such information will outweigh the benefit of it.

Whether the SEC takes action on this rule next week or not, it is expected to implement a pay-ratio rule in the not-so-distant future.  Thus, companies should continue to provide their comments to the SEC now before the rule passes, and prepare for its eventual impact.

FINRA recently announced a change to the supervision rule to require hiring firms to conduct background checks on new employees.  This rule change raises the question; what have member firms been doing all along. 

In this day and age of instant information, having a new registered representative complete his/her U-4 should have only been a start of the inquiry.  A simple internet search of the new hire or transfer, including publicly available financial and criminal records can yield critical information that may impact the hiring decision.   

The need for a background check becomes even more critical where new hire comes from another member firm and his/her U-5 has an unclear reason for termination. 

The terminating firm will, to avoid liability, only confirm the former registered representative’s status as being associated with the firm.  What should the new firm do?  The upside of FINRA’s rule change is that your regulator has made the decision for you; perform a background check.   pointing.jpg

A few years ago, I had 40+ day arbitration, and it largely dealt with the issue of a representative leaving one firm and going go to another, but the hiring firm and the claimants did not think that the terminating firm did enough in the U-5 to highlight the reason why the person left the firm.  The representative is now spending a few years in federal prison because he conducted a Ponzi scheme.

By changing the supervision rule, FINRA has taken the burden off of firms to consider whether to conduct a background check.  The risk firms have is how much is enough to weed out a criminal. 

From my perspective, the issue will come down to process and the reasonableness of the background search.  Firms should document every step in their background analysis to address those situations where a hire goes bad.  It may also be worth considering the use of a service to aid in this process.  Either way, verifying the worthiness of a new hire must be a critical component in your risk avoidance program.

* photo from



Former shareholders may pursue narrowed claims against some large private equity firms who allegedly conspired with one another minimizing competition for target companies.  See Dahl v. Bain Capital Partners LLC, D. Mass., 07-12388, 3/13/13),

The plaintiffs previously held shares in various public companies that were, ultimately, acquired by private equity firms.  The complaint alleged that, between 2003 and 2007, the private equity firms engaged in an conspiracy to fix the prices in certain transactions. The court found that the evidence supported an inference that some of the defendants may have colluded.

In short, private equity firms should monitor this case, and avoid potential coordinated activities.