In Notice to Members 17-13, FINRA announced changes to its sanction guidelines. In other words, FINRA has listed its new top hits that it is pursuing. Two items bear particular attention.

First, FINRA has introduced a “new principal consideration that examines whether a respondent has exercised undue influence over a customer.” This guideline reinforces FINRA heightened focus on senior investors and those who may be otherwise vulnerable, such as those with diminished capacity.Core Values

Second, FINRA has introduced a “guideline related to borrowing and lending arrangements between representatives and customers.”   This guideline is particularly alarming in as much as it suggests that associated persons are actively engaging in such transactions even though firms uniformly ban them.

Notice to Members 17-13 is a strong guidepost for your supervision and compliance teams. The guidelines highlight growing problems in FINRA’s eyes. This is a cue that you should be ever vigilant for the same conduct. Otherwise, you may be the focus of the new sanction guideline that addresses systemic supervisory failures.

Contrary to what the title may suggest, I am not referring to students who are about to graduate from high school or college. Instead, this post is about that group of our society who all too often (based upon my years of defending broker-dealers) are claimants in FINRA arbitrations; senior investors.

As part of its ongoing effort to protect seniors, FINRA recently introduced Rule 2165 and amended Rule 4512. Both rules reflect a growing trend to provide greater protection to seniors.

Rule 2165 allows a member firm who reasonably believes that senior financial exploitation may be occurring to hold for up to 15 business days the disbursement of money or securities from a senior’s account. This rule gives a firm a safe harbor to take action when it reasonably suspects such exploitation. The firm can extend the hold an additional 10 days.

24752961 - grunge rubber stamp with text disclosure,vector illustration
24752961 – grunge rubber stamp with text disclosure,vector illustration

At the same time, FINRA amended Rule 4512 (providing for the firm to make a reasonable effort to obtain the name of a trusted contact person to place on a newly opened account) further defined the trusted person to be someone that the customer authorized the firm to contact and disclose information to in the event that there is possible financial exploitation. Importantly, the firm is only obligated to make a reasonable effort to obtain this information.

So what does all of this mean for the industry? For one, I do not think that FINRA has to paint you a picture to show you how serious it is taking financial exploitation of seniors. Considering the ongoing greying of the baby boomers, this focus will likely become even more heightened as the years pass.

According to a recent report of the Eversheds Sutherland firm, 2016 was a banner year for FINRA-assessed fines. FINRA collected a record $176 million in 2016. So what gives?

The increase in fines was attributable to two things. First, a significant number of fines in the $1 million plus range. Second, of those fines, a fair number were in excess of $5 million.

Money and calculator
Copyright: denikin / 123RF Stock Photo

Of particular note, the report shows that FINRA is seeking and obtaining very large fines even when there is limited or no measurable client harm. Historically, the lack of client harm was the siren call of a firm defending itself. In other words, no fine if there is no client harm.

So what does this all mean? For one, FINRA is pressing hard on enforcement even in the absence of client harm. It also reflects that FINRA is willing to go the distance so to speak to recoup the maximum fines possible.

I do not think that firms should anticipate FINRA taking 2017 off by any means. Now is as good a time as any to ensure that you have your compliance and supervision house in order. If not, break out the big checkbook. This one is going to hurt.

Like it has in the past, FINRA is sharply focused on examining brokers with a disciplinary past, including the identification and examination of such brokers being placed at the top of its 2017 exam priorities. Does this mean that firms cannot hire brokers with a past?

The short answer is no, but the longer is a bit more involved. A FINRA examination team is going to be conducting a quantitative analysis to review the broker’s test scores, number of prior employers and disciplinary history.Core Values

When FINRA finds such brokers, it will contact the employing firm’s compliance department to ensure that they know of this history. FINRA will also inquire about the type of supervision being used for the individuals. So what does this mean?

For one, you can hire individuals with a past, but you must do so with caution. That caution would necessarily entail placing such a broker on some form of heightened supervision for at least a period of time. At the end of that time, you can then consider removing or downgrading that supervision, assuming that the broker does not have any additional issues.

The key to remember is that FINRA’s goal is to protect the markets and the consumers who hire brokers who may have a past. Hiring brokers with a history and protecting consumers are not mutually exclusive. However, make sure you take special care in the decision to hire and then supervise such individuals because FINRA is watching.

A broker-dealer recently agreed to pay a $650,000 fine after an OSJ’s cloud vendor failed to adequately protect customer information. Apparently, an outside hacker was able to gain access to non-public personal information about the firm’s customers.27782265_s

This breach and resulting fine should certainly serve as a wake-up to all firms, but, in particular, to smaller firms. These firms are those who are more likely to use outside vendors to maintain cost, but are at greater risk.

If anything, this fine only enhances the fact that firms are responsible for the vendors that they hire. A partner of mine taught me long ago that you can always delegate the task, but not the responsibility. The same holds true here.

It is perfectly fine to use a cloud vendor or some other third-party for your firm operations, but you must, at the same time, engage in heightened diligence. You must do more to protect yourself.

Although you cannot rid yourself of the responsibility to protect client information, you could assign the risk of loss to the other firm. In other words, the other firm would have to indemnify you for any fines if their system is breached.

At the same time, part of your due diligence when hiring a firm must include asking tough questions. Like, have you ever sustained a breach. And, if so, have you had another one since.

In short, go ahead and outsource, but make sure you know who you are using. Ask the hard questions, and protect yourself with negotiated terms in your contract.

In its never-ending effort to thwart senior investor fraud, FINRA recently proposed a new rule to the SEC. This proposal would require member firms to obtain the name of a trusted contact person for the customer’s account. The new rule would also allow firms to place temporary holds on the disbursement of funds or securities when there is a reasonable belief of exploitation, and notify the trusted contact of such a hold.

This proposed rule is consistent with the advice I have been giving clients over the years as senior issues became more and more prevalent. So what does the potential formalized rule mean for the business?Conference Room

It should come as a relief to firms to have this type of safeguard. It is a difficult situation to say the least when a firm is uneasy with what a family member may be doing with a senior client of the firm. This rule change will give you somewhat of an out.

The key for having this proposal work is for the right selection of the trusted contact person. Assuming such a person can be identified, I think that it is a good idea for that person to be designated as a fiduciary to the client on the account applications and the account coded so that this trusted person receives regular account statements regarding the senior account.

By doing this, you as a firm have a separate set of eyes on the account activity by someone who may know the family/personal dynamics better that you. Having that person designated as a fiduciary on the account documents also should lend you some protection in the event that the trusted person is not so trustworthy.

Either way, this new rule should be embraced a positive step to protect both firm and clients.

Consistent with the ongoing guidance/requirements from the SEC and FINRA, all firms must have and enforce data security policies and procedures.  Even the best policies and procedures may, however, not protect the firm in every instance.  So what do you do if there is a breach?19196909_s

One of the most important things to determine is what law governs.  In other words, if you have clients in all 50 states, it is possible that there are 50 different data breach laws that may be implicated.  Fox Rothschild LLP has a free app, Data Breach 411, which provides an overview of state data breach laws.

Knowing what you need to know is imperative when assessing a data breach.

 

 

In the hectic world of financial services, registered representatives and investment adviser representatives are always looking to increase their assets under management. At what cost? Are there situations where you would be better off just saying no to accepting that one additional client?

In my many years of defending representatives and advisers from customer complaints, the unqualified answer is yes; there are situations when you are better off just saying no. Any good risk avoidance program will provide for the proper screening/selection of prospective clients. I have addressed this very issue in a risk avoidance handbook.whistle

The key to this screening process is being able to sniff out the types of clients that you do not want to accept. For example, are you the fourth adviser that this client has come to in the last four years? Does the client profile not fit your personal/company investment philosophy? Does the client have unrealistic expectations on what she is expecting you to deliver?

If the answer to any of these questions is in the affirmative, there should be a huge stoplight in front of you flashing red. Any client who fits any of these descriptions is also the client most likely to bring a claim against an adviser.

So before you take on any client with a little money, be cautious. Are there red flags coming into the relationship? If so, just say no.

Over the years that I have defended broker-dealers and investment advisors on customer-initiated claims, I have seen many things that would make any compliance officer cringe. One spine tingling (not in the good way) type of conduct is when an advisor engages his/her client when the client makes an informal complaint, instead of routing the complaint to compliance/supervision.whistle

So why is engagement against the rules of engagement? The most important reason is that engagement (aka arguing) may only make a simple customer service issues into a formal complaint. Rather than engage, my experience suggests that it is better to get the complaint (assuming it is in writing) to the proper person in compliance/supervision.

Dealing with an oral complaint is a little trickier because you are put on the spot. Nevertheless, the best course, as hard as it may be, is to try to defuse the situation by expressing that you understand the issue that is being raised, you will look into the issue and, finally, will respond further as soon as possible.

By defusing instead of engaging, you give all sides the opportunity to let cooler heads prevail. Many times a customer service issue can be easily addressed by taking a little time to consider the issues and formulate a response/course of action instead of blurting out the first thing that comes to mind; that is invariably the worst thing to say.

If you get a complaint; don’t jump to respond. Use your resources and formulate a well-reasoned response. Sometimes the client is wrong, but arguing with the client gets you nowhere except guaranteeing litigation.

The SEC recently created a new position associated with cybersecurity; senior adviser to the chair for cybersecurity (Christopher R. Hetner). Mr. Hetner has an extensive background in information technology and, in particular, cybersecurity.

19196909_sAccording to the SEC, Mr. Hetner will be responsible for (i) coordinating cybersecurity efforts across the SEC; (ii) engaging with external stakeholders; and (iii) enhancing SEC mechanisms for assessing broad-based market risk. This appointment could have a wide-ranging on the industry.

As we know, the SEC has made cybersecurity an exam priority over the last few years. The SEC is also actively conducting cybersecurity investigations and undertaking enforcement actions where appropriate. According to Chairperson White, the SEC is looking to bolster its risk-based approach. So what does this mean on a day-to-day basis?

Understand that the SEC has just upped the stakes. By retaining an industry expert who is solely focused on data-security related issues, the industry must be prepared for the SEC and FINRA to come after firms regardless if the firm sustains a breach or clients suffer harm as a result. Firms with weak or no data-security programs will surely be targeted.

Are you prepared to handle this even more focused mission of the SEC? If not, you need to more fully review you systems and procedures, both internally and externally facing. Are you testing your systems and procedures on a regular basis? If not, you better start.

The SEC is prepared; are you?