In its never-ending effort to thwart senior investor fraud, FINRA recently proposed a new rule to the SEC. This proposal would require member firms to obtain the name of a trusted contact person for the customer’s account. The new rule would also allow firms to place temporary holds on the disbursement of funds or securities when there is a reasonable belief of exploitation, and notify the trusted contact of such a hold.

This proposed rule is consistent with the advice I have been giving clients over the years as senior issues became more and more prevalent. So what does the potential formalized rule mean for the business?Conference Room

It should come as a relief to firms to have this type of safeguard. It is a difficult situation to say the least when a firm is uneasy with what a family member may be doing with a senior client of the firm. This rule change will give you somewhat of an out.

The key for having this proposal work is for the right selection of the trusted contact person. Assuming such a person can be identified, I think that it is a good idea for that person to be designated as a fiduciary to the client on the account applications and the account coded so that this trusted person receives regular account statements regarding the senior account.

By doing this, you as a firm have a separate set of eyes on the account activity by someone who may know the family/personal dynamics better that you. Having that person designated as a fiduciary on the account documents also should lend you some protection in the event that the trusted person is not so trustworthy.

Either way, this new rule should be embraced a positive step to protect both firm and clients.

Consistent with the ongoing guidance/requirements from the SEC and FINRA, all firms must have and enforce data security policies and procedures.  Even the best policies and procedures may, however, not protect the firm in every instance.  So what do you do if there is a breach?19196909_s

One of the most important things to determine is what law governs.  In other words, if you have clients in all 50 states, it is possible that there are 50 different data breach laws that may be implicated.  Fox Rothschild LLP has a free app, Data Breach 411, which provides an overview of state data breach laws.

Knowing what you need to know is imperative when assessing a data breach.

 

 

In the hectic world of financial services, registered representatives and investment adviser representatives are always looking to increase their assets under management. At what cost? Are there situations where you would be better off just saying no to accepting that one additional client?

In my many years of defending representatives and advisers from customer complaints, the unqualified answer is yes; there are situations when you are better off just saying no. Any good risk avoidance program will provide for the proper screening/selection of prospective clients. I have addressed this very issue in a risk avoidance handbook.whistle

The key to this screening process is being able to sniff out the types of clients that you do not want to accept. For example, are you the fourth adviser that this client has come to in the last four years? Does the client profile not fit your personal/company investment philosophy? Does the client have unrealistic expectations on what she is expecting you to deliver?

If the answer to any of these questions is in the affirmative, there should be a huge stoplight in front of you flashing red. Any client who fits any of these descriptions is also the client most likely to bring a claim against an adviser.

So before you take on any client with a little money, be cautious. Are there red flags coming into the relationship? If so, just say no.

Over the years that I have defended broker-dealers and investment advisors on customer-initiated claims, I have seen many things that would make any compliance officer cringe. One spine tingling (not in the good way) type of conduct is when an advisor engages his/her client when the client makes an informal complaint, instead of routing the complaint to compliance/supervision.whistle

So why is engagement against the rules of engagement? The most important reason is that engagement (aka arguing) may only make a simple customer service issues into a formal complaint. Rather than engage, my experience suggests that it is better to get the complaint (assuming it is in writing) to the proper person in compliance/supervision.

Dealing with an oral complaint is a little trickier because you are put on the spot. Nevertheless, the best course, as hard as it may be, is to try to defuse the situation by expressing that you understand the issue that is being raised, you will look into the issue and, finally, will respond further as soon as possible.

By defusing instead of engaging, you give all sides the opportunity to let cooler heads prevail. Many times a customer service issue can be easily addressed by taking a little time to consider the issues and formulate a response/course of action instead of blurting out the first thing that comes to mind; that is invariably the worst thing to say.

If you get a complaint; don’t jump to respond. Use your resources and formulate a well-reasoned response. Sometimes the client is wrong, but arguing with the client gets you nowhere except guaranteeing litigation.

The SEC recently created a new position associated with cybersecurity; senior adviser to the chair for cybersecurity (Christopher R. Hetner). Mr. Hetner has an extensive background in information technology and, in particular, cybersecurity.

19196909_sAccording to the SEC, Mr. Hetner will be responsible for (i) coordinating cybersecurity efforts across the SEC; (ii) engaging with external stakeholders; and (iii) enhancing SEC mechanisms for assessing broad-based market risk. This appointment could have a wide-ranging on the industry.

As we know, the SEC has made cybersecurity an exam priority over the last few years. The SEC is also actively conducting cybersecurity investigations and undertaking enforcement actions where appropriate. According to Chairperson White, the SEC is looking to bolster its risk-based approach. So what does this mean on a day-to-day basis?

Understand that the SEC has just upped the stakes. By retaining an industry expert who is solely focused on data-security related issues, the industry must be prepared for the SEC and FINRA to come after firms regardless if the firm sustains a breach or clients suffer harm as a result. Firms with weak or no data-security programs will surely be targeted.

Are you prepared to handle this even more focused mission of the SEC? If not, you need to more fully review you systems and procedures, both internally and externally facing. Are you testing your systems and procedures on a regular basis? If not, you better start.

The SEC is prepared; are you?

If you thought the SEC and FINRA were serious about elder issues, welcome to the Alabama, Indiana and Vermont. Each has focused on elder abuse issues.

These states will have mandatory reporting to state officials in instances involving the disabled or those over 65 years of age. They will also allow advisors to cease disbursing funds from clients and providing advisors with immunity associated with doing so. So what does this all mean?

For one, states are starting to run on the coattails of federal regulators who have made elder issues an examination priority in recent years. In addition, such state laws should be a wake-up call for brokerage and advisory firms who service elder clients.money and calculator

The actions of these states should force you to ask yourself; what is my firm doing to prevent, detect and report elder abuse. Although a FINRA proposed rule does not require reporting, its goal is the same because it would allow advisors to designate a third-party to who they can inform of suspected problems.

In the absence of reporting requirements, firms should consider having clients aged 65 or above designate a trusted family member or friend when the advisor suspects that the client may be the subject of some abusive conduct. At that point, you may have a group approach to address suspected abuse.

Firms may also want to consider requiring these elder clients to designate a trusted family member or friend to receive copies of account statements. This way, someone who is “independent” can check an account for irregular activity as well.

Whether you are required to address elder abuse or not, firms should make sure that they are taking special care with their elder clients. Federal regulators and now states are focused on the issue. Are you doing anything to make sure your firm does not get into an elder abuse nightmare?

If you cannot answer this question, you may have an issue when you have your next FINRA exam. After all, firm culture is a FINRA exam priority. Does your firm have a culture of compliance?

This question only leads to another; what is a culture of compliance. For one, this is something that has to resonate from the top down. If senior management ascribes to uphold firm compliance, that should promote the “culture of compliance.”CEO tree

For example, does senior leadership enforce the firm’s written supervisory processes and procedures? In doing so, does senior management hold everyone accountable the same way, or are exceptions made for the “big producers”. If exceptions are made, you are not promoting a culture of compliance.

Does senior management ensure that there is adequate training of all personnel? There should be a robust and mandatory training program to account for changes to the rules and to make your personnel aware of risks and how to avoid them; one of the biggest being data security.

These are only two of many considerations for assessing whether there is a culture of compliance. The key in it all is leadership from the top. After all, people cannot follow a leader who does not lead. Be a leader.

Anyone in a professional service business, like being a stock broker, have been faced with a client who decides to make a stupid decision. But the issue we all face is when that decision results in the client losing money; who is to be held accountable.whistleblower

Fortunately, the law does not require you to stop a client from making a stupid decision with their investments. As long as a broker-dealer’s advice was suitable and the investment advisor’s advice is in keeping with the fiduciary duty, you should not be held accountable.

But this does not mean a client who has now lost money won’t try to hold you accountable for letting them make a stupid business decision. So how do you protect yourself?

The best way to protection yourself is to send the client a letter or email at the time that the client makes the bad decision. The communication should detail why you think it is a bad decision and the potential ramifications associated with that decision.

At a minimum, you should make a note in your file, either electronic or in hard copy, that the client made the bad decision and that you (presumably) advised against it.

The law should protect you from stupid clients, but make sure you protect yourself. Contemporaneous communication to the client and notation to the file may save you millions of dollars in the future.

Unfortunately, a bad broker does not take on the same attributes as a fine wine. Bad brokers do rarely improve with time.

At least this was the recent message of Robert Ketchum, head of FINRA. But should all brokers who have any pings on their record be foreclosed from the industry? Certainly not, but what should you do?Core Values

The question is tougher when the broker coming to you with some knocks on his record has been a historically high producer for his prior member firm. Surely, there must be more to the story.
In my experience, there usually is more to the story. Just because someone has some marks does not mean he/she is not worthy to be with your firm. But be careful.

Anyone coming to your firm with any pings on their U-4 should be brought on under heightened supervision. This way you can personally assess this person and test the reasons why this person has been pinged in the past. Maybe the registered representative was just the victim of circumstance in the past.

Either way, if you are going to bring someone on with a checkered past, you better be willing to take the time to watch over this person. After all, by bringing them to your firm, you have assumed responsibility for them. Take caution on the front end or be ready to pay the price later.

It was great speaking at the May 17 New York NSCP regional conference on risk issues facing firms where Ernie Badway and I discussed cyber-security, risk issues, regulatory matters, issues involving elder clients and ways compliance personnel can protect themselves.  For those of you who could not make the conference, these topics are frequently discussed in our various publications.  Feel free to access them here and use them as you see fit.  Core Values