Financial Industry Trends

Contrary to what the title may suggest, I am not referring to students who are about to graduate from high school or college. Instead, this post is about that group of our society who all too often (based upon my years of defending broker-dealers) are claimants in FINRA arbitrations; senior investors.

As part of its ongoing effort to protect seniors, FINRA recently introduced Rule 2165 and amended Rule 4512. Both rules reflect a growing trend to provide greater protection to seniors.

Rule 2165 allows a member firm who reasonably believes that senior financial exploitation may be occurring to hold for up to 15 business days the disbursement of money or securities from a senior’s account. This rule gives a firm a safe harbor to take action when it reasonably suspects such exploitation. The firm can extend the hold an additional 10 days.

24752961 - grunge rubber stamp with text disclosure,vector illustration
24752961 – grunge rubber stamp with text disclosure,vector illustration

At the same time, FINRA amended Rule 4512 (providing for the firm to make a reasonable effort to obtain the name of a trusted contact person to place on a newly opened account) further defined the trusted person to be someone that the customer authorized the firm to contact and disclose information to in the event that there is possible financial exploitation. Importantly, the firm is only obligated to make a reasonable effort to obtain this information.

So what does all of this mean for the industry? For one, I do not think that FINRA has to paint you a picture to show you how serious it is taking financial exploitation of seniors. Considering the ongoing greying of the baby boomers, this focus will likely become even more heightened as the years pass.

Many people see the green of cannabis as a way to the pot of gold at the end of the rainbow. If you are going to invest in a legal (at a state level) cannabis business, you need to make sure that you know what you purchase.

Whistleblowers
Copyright: lightwise / 123RF Stock Photo

The SEC recently charged a company and its founder with promoting “record” revenue numbers to investors and touting itself as a leader in the cannabis industry, all the while it generated certain of its earnings from sham transactions through a secret corporate affiliate. The company and its principal agreed to settle the charges, with the principal agreeing to pay $12 million in disgorgement and penalties and accepting a bar from serving as an officer or director of a public company or participating in any penny stocks.

So what do these events tell us? First, there are potential big rewards through investing in this burgeoning industry. Second, there are people looking to take advantage of your desire for large profits.

Investing in these businesses is fine, but make sure your eyes are wide open. Ask question, perform due diligence, and ask more questions. You don’t want to see your investment go up in smoke.

The SEC recently published its latest investor bulletin. The SEC publishes these from time to time to bring awareness to the investing public on certain issues.

The current bulletin notes that the investor.gov web page provides a number of resources for the investing public, which include:

  1. The ability to check on an investment professional.
  2. Self-education about various products.
  3. To learn about online tools to make investing a simpler process.
  4. To learn how to avoid investment fraud.
  5. To stay current with SEC resources.
  6. To start researching public companies.
  7. To consider fees associated with investing.
  8. To gain an understanding of how the market works.
  9. To plan for retirement.
  10. To find SEC contact information.Core Values

For investment professionals, you should be asking yourself why the SEC has issued such guidance. I think that the easy answer requires you to look yourself in the mirror. Apparently, the SEC does not think you are doing a good enough job educating your clients.

The fact that the SEC thinks these are important areas of interest should be notice to you to make sure your own house is in order. Are you doing enough to educate your clients on most of these topics? If not, you may want to revisit your customer service before the SEC does it for you.

According to a recent report of the Eversheds Sutherland firm, 2016 was a banner year for FINRA-assessed fines. FINRA collected a record $176 million in 2016. So what gives?

The increase in fines was attributable to two things. First, a significant number of fines in the $1 million plus range. Second, of those fines, a fair number were in excess of $5 million.

Money and calculator
Copyright: denikin / 123RF Stock Photo

Of particular note, the report shows that FINRA is seeking and obtaining very large fines even when there is limited or no measurable client harm. Historically, the lack of client harm was the siren call of a firm defending itself. In other words, no fine if there is no client harm.

So what does this all mean? For one, FINRA is pressing hard on enforcement even in the absence of client harm. It also reflects that FINRA is willing to go the distance so to speak to recoup the maximum fines possible.

I do not think that firms should anticipate FINRA taking 2017 off by any means. Now is as good a time as any to ensure that you have your compliance and supervision house in order. If not, break out the big checkbook. This one is going to hurt.

The SEC recently issued regulatory guidance for robo-advisors. This guidance focuses on what robo-advisors must do to meet their disclosure obligations.

Among other things, the SEC has recommended robust disclosures in the following areas:

  1. The use of algorithms, overrides, third parties, fees and client information.
  2. The limits on use of the robo-advisor model to ensure adequate disclosures.
  3. Adequate and clear investment questionnaires to ensure suitability of investments.

Robo-advisors are a growing trend. Thus, it is only logical that the SEC would provide such guidance. Now that the SEC has spoken, it is on you to ensure that you take the message to heart; or learn the hard way.

The Office of Compliance Inspections and Examinations (or OCIE) recently issued a Risk Alert that identified the five most frequent compliance topics that arising from OCIE examinations. These compliance topics include the following:

  1. Deficient compliance programs,
  2. Late or insufficient filings,
  3. Violations of the custody rule,
  4. Code of Ethics compliance deficiencies, and
  5. Books and records.

Among other things, OCIE noted that it continues to see untailored “off-the-shelf” manuals, deficient or non-existent annual reviews, as well as the systemic failure to follow procedures. So what does this all mean?Core Values

It would certainly appear from OCIE’s analysis that firms continue to take the easy way out when it comes to compliance. There is nothing per se wrong with an “off-the-shelf” compliance manual. The impropriety comes when the firm does nothing to modify that manual to conform to its business model. Not conforming a compliance manual to your individual circumstances is no different from not having a manual.

Equally problematic are the lack of meaningful annual reviews. Any annual review must be meaningful to have any regulatory significance. A meaningful review can look differently from firm to firm, but there are a few components were noting.

First, everyone at the firm must participate in the review process. Compliance comes from the tone at the top. Second, the firm should employ a checklist of required elements, and those that may be firm specific. Third, correct any deficiencies found through this process.

Compliance is not easy. But don’t take the easy way out. Having a robust compliance program takes hard work. Do it now, or pay the SEC later.

Like it has in the past, FINRA is sharply focused on examining brokers with a disciplinary past, including the identification and examination of such brokers being placed at the top of its 2017 exam priorities. Does this mean that firms cannot hire brokers with a past?

The short answer is no, but the longer is a bit more involved. A FINRA examination team is going to be conducting a quantitative analysis to review the broker’s test scores, number of prior employers and disciplinary history.Core Values

When FINRA finds such brokers, it will contact the employing firm’s compliance department to ensure that they know of this history. FINRA will also inquire about the type of supervision being used for the individuals. So what does this mean?

For one, you can hire individuals with a past, but you must do so with caution. That caution would necessarily entail placing such a broker on some form of heightened supervision for at least a period of time. At the end of that time, you can then consider removing or downgrading that supervision, assuming that the broker does not have any additional issues.

The key to remember is that FINRA’s goal is to protect the markets and the consumers who hire brokers who may have a past. Hiring brokers with a history and protecting consumers are not mutually exclusive. However, make sure you take special care in the decision to hire and then supervise such individuals because FINRA is watching.

On March 1, New York will go live with cybersecurity rules for financial service providers such as banks, insurance companies and others subject to the Department of Financial Services’ jurisdiction. At its core, the rules require these entities to have cybersecurity programs directed to consumer protection.

New York firms must now have written policies and procedures, as well as a designated chief information security officer to oversee, train, enforce the program and report hacking to the state. Any report of hacking must take place within 72 hours of the hack, where the hack has a reasonable likelihood to impact firm operations.

This program will necessarily create new costs for these companies. Specifically, there is a cost in finding an adequately trained and certified individual to serve in the role of chief information security officer. Additional costs will arise from the mandate that firms monitor all data leaving it and to have email systems that block certain forms of information like Social Security numbers.27782265_s

With this cost, however, will come added protection for consumers and, in turn consumer confidence in their financial institutions. This one of a kind program is likely not to be the only one in the coming years.

More and more states will implement such data security protocols for the purpose of consumer protection.   Are you doing enough now in the absence of regulation to protect consumer information?

A recent Investment News article highlighted a burgeoning market for financial advisors looking to protect their practices; namely, data breach insurance. Although such insurance seems like a great idea, you need to exercise due care when purchasing such insurance.19196909_s

According to the article, more and more firms are buying this insurance to supplement any gaps that may exist in regular D&O insurance. After all, the typical D&O insurance policy either does not cover or provides little coverage for the harm caused by a data breach.

Although this may make it seem as though data breach insurance is the easy answer, it may not be. For one, this insurance has historically been fairly expensive when compared to D&O insurance. In addition, data breach insurance often has many exclusions that can limit the coverage your purchase. So what should you look for in such insurance.

According to the article, you want a policy that covers as many of the following business expense as possible:

  • Lost data restoration.
  • Repairing or replacing damaged software or hardware.
  • Hiring public relations firms to address reputational damage.
  • Compensating clients for credit monitoring services.
  • Forensic investigators to investigate the incident.
  • Civil lawsuits, regulatory fines and penalties.
  • Lost profits caused by fraudulent wire transfers.

This list runs the spectrum, but are things you should consider before leaping into a cybersecurity insurance policy. Otherwise, you may not get what you pay for.

A broker-dealer recently agreed to pay a $650,000 fine after an OSJ’s cloud vendor failed to adequately protect customer information. Apparently, an outside hacker was able to gain access to non-public personal information about the firm’s customers.27782265_s

This breach and resulting fine should certainly serve as a wake-up to all firms, but, in particular, to smaller firms. These firms are those who are more likely to use outside vendors to maintain cost, but are at greater risk.

If anything, this fine only enhances the fact that firms are responsible for the vendors that they hire. A partner of mine taught me long ago that you can always delegate the task, but not the responsibility. The same holds true here.

It is perfectly fine to use a cloud vendor or some other third-party for your firm operations, but you must, at the same time, engage in heightened diligence. You must do more to protect yourself.

Although you cannot rid yourself of the responsibility to protect client information, you could assign the risk of loss to the other firm. In other words, the other firm would have to indemnify you for any fines if their system is breached.

At the same time, part of your due diligence when hiring a firm must include asking tough questions. Like, have you ever sustained a breach. And, if so, have you had another one since.

In short, go ahead and outsource, but make sure you know who you are using. Ask the hard questions, and protect yourself with negotiated terms in your contract.