It is bad enough that firms and publicly traded companies have to make sure that their respective IT architecture is safe and secure, but recent developments demonstrate that you have to be weary regarding the media outlet with who you share material, non-public information.19196909_s

The SEC and the DOJ in a joint effort have brought civil and criminal proceedings against individuals part of an international scheme who hacked the systems of certain media outlets to steal and then trade on material non-public information.

Unfortunately, these events only further demonstrate that, no matter how good your security system may be, you are ultimately at risk of a cyber-attack that may be perpetrated on one of your vendors, or a media outlet. As to the latter, it would seem as though the only foolproof protection is not to provide media outlets with this information.

I doubt that any media outlet would give you any sort of assurances going forward that their systems are not exposed to such a strike. Nevertheless, if you are sharing this information before a public announcement, do your homework.

Ask about the media outlet’s data security program. Explore whether and how frequently the outlet tests its systems against unwanted intrusions. Ask whether they have ever been subject to an attack.

Only after you have reasonable comfort should you share such information. Otherwise, just save it for your public announcement or submission with the SEC.

Suspicious Activity Reports (SARs) have been a useful tool for financial institutions to report financial fraud while, at the same time, prohibiting the reporting institution from disclosing the existence of a SARs in response to a third-party request.  In 2010, the Financial Crimes Enforcement Network (FinCEN), amended this regulation to extend the prohibition against disclosure to futures commission merchants (FCMs) and introducing brokers (IBs).  The amendments permitted FCMs and IBs to make a SAR and related information available to any SRO that examines the FCM or IB. 

The CFTC has recently tweaked the playing field.  FCMs and IBs that are subject to examination by the National Futures Association are now requested to make all SARs, information revealing the existence of a SAR, and supporting documentation available to the NFA upon request.robber.jpg 

Just as important, the CFTC cautioned the NFA and its officers, directors employees and agents that they are prohibited from revealing the existence of a SAR, except as required to fulfill its self-regulatory duties upon the request of the CFTC.  If the NFA wants to disclose the existence of a SAR or related information to a third party, it must first seek the authorization of the CFTC. 

If you are an FCM or IB and you make a SAR, you are still obligated to keep the existence of the SAR a secret.  When faced with a request for a SAR (or even the existence of one) make sure you know who is requesting it.  Always look before you leap when it comes to protecting the secrecy of a SAR.

* Photo from

fraud.jpgThe outside business activities of registered persons have the potential for causing your firm significant liability, especially where those activities are unknown to the firm, involve firm customers and constitute a fraud.  FINRA 3270 only requires the registered person to provide notice to the firm before engaging in the activity, but should the firm do more.

The short answer is, absolutely.  First, the firm should either approve or disapprove of the proposed activity.  Standing silent is no longer an option.

Second, if approved, review that activity with the registered representative as part of the normal compliance review, as well as suprise reviews.  Part of this review process should also include an objective review of the registered person’s lifestyle; if they are living beyond their means, there may be a problem.

Third, monitor all correspondence (including electronic), as well as Internet use (including social media).  Many times bad brokers are sloppy covering their tracks.

Finally, do not be afraid to say no to a proposed activity.  Remember, your obligation is to the firm and its customers.  They should never be sacrificed to an outside business activity.

In its continuing enforcement onslaught on firms emanating from China, the SEC filed another action in the United States District Court for the Western District of Louisiana against a Chinese company. 

The SEC alleged that the company mislead investors regarding its value in a variety of press releases.  Further, the SEC claims that a number of the company’s executives had confessed to skimming money from the company’s bank account. 

This is yet another case in a long line of cases against these types of companies that were formed in China and used in the United States to raise money.  The SEC believes that it has uncovered numerous instances of fraud, and this matter will ultimately be prosecuted.

The SEC is making a statement with this type of case.  It is suggesting that, if these companies wish to continue to operate in the United States, they will be subject to strict regulation by the SEC.  However, it is unclear as to how these companies will respond.

The SEC and CFTC launched a working group to discuss and identify money laundering vulnerabilities. 

These issues have lingered for awhile.  Both agencies believe that there is an opportunity to clarify their positions relating to money laundering and if their programs could potentially uncover such events.  This group will also include representatives from the Treasury Department, the Financial Crimes Enforcement Network, as well as a variety of self regulatory organizations and agencies.

This announcement demonstrates that the SEC and CFTC are very much interested in the effects of money laundering in their respective markets.  Time will tell if this will impact examinations and enforcement actions, but the SEC and CFTC will, likely, concentrate on some of these issues in their future programs.