Regulatory Updates: Looking Back at Noteworthy Enforcement Actions of 2017

Following a year wherein we saw FINRA fines hit record highs, several trends in disciplinary actions surfaced in 2017 that we can expect to see again in the coming year.

Regulators May Not Expect Perfection, but They Do Expect a Compliance Strategy and Execution

This past year, email and electronic communications were firmly in the spotlight. FINRA continued to penalize both firms and individuals for failure to comply with recordkeeping and supervision obligations, making it clear that they view compliance as a holistic pursuit.  One of the most frequently cited violations was failure to follow the firm’s Written Supervisory Procedures (“WSPs”) or having deficient WSPs. In keeping with recent trends, they also imposed individual responsibility for non-compliance with the regulatory requirements.

One firm was censured and fined $1,500,000 for failure to maintain electronic brokerage records in WORM format. The firm failed to maintain some 9.5 million documents and messages related to its brokerage business, including order tickets, trade confirmations, statements, and other transaction-related records from March 2014 to the present. The company also experienced, “audit deficiencies affecting its ability to adequately retain and preserve electronic records,” in violation of the Securities Act. Although the firm’s Written Supervisory Procedures (WSPs) contained provisions for storing electronic records in WORM format, it failed to adequately enforce these procedures to ensure that all such records were maintained correctly.

Another firm was censured and fined $175,000 for failure to establish, maintain and enforce Written Supervisory Procedures reasonably designed to achieve compliance with the record retention requirements under Exchange Act Rule 17a-4.  The firm failed to maintain electronic brokerage records related to approximately 46 million market-making transactions in write one, read many (WORM) format. The findings stated that the firm did not have an audit system for those records it failed to maintain in WORM format.

Compliance officers were also in FINRA’s crosshairs in 2017.  A CCO was fined in June for failure to comply with FINRA Supervision Rules 3110 and 3130. The CCO failed to have an effective supervisory system in place to retain and review electronic communications. The CCO was fined $40,000 and suspended from association with any principal and supervisory capacity for 30 business days, followed by a two-month suspension from association with any FINRA member in any principal and supervisory capacity. The sanctions were based on findings that the CCO willfully violated Municipal Securities Rulemaking Board 24 Disciplinary and Other FINRA Actions June 2017 (MSRB) Rule G-27 by failing to establish, maintain, and enforce a reasonable supervisory system regarding review of electronic correspondence and failing to adequately review electronic correspondence.

FINRA fined and suspended an individual owner of a firm $20,000 for failing to establish and maintain a system reasonably designed to comply with its email review and retention obligations. The findings stated that this individual also served as the firm’s vice president, chief compliance officer (CCO), financial and operations principal (FINOP), and was the sole registered principal responsible for all areas of the firm’s supervision, including its WSPs and maintenance of the firm’s books and records. The firm’s procedures prohibited registered representatives from using personal email for business-related communications. Despite that prohibition, the owner used and allowed registered representatives to use personal email accounts to conduct firm business. The owner failed to review or retain all business-related emails sent from or received by the registered representatives’ personal email accounts, failed to supervise the use of these accounts, and failed to enforce the firm’s prohibition policy of  using personal email to conduct firm business.

Regulators Have Text Messaging on Their Mind

It became clear heading into 2017 that texting is a top priority for FINRA. Firms and advisors are at risk of being fined and suspended when they fail to retain text messages, as FINRA censured and fined a Georgia firm $1.5 million, in part, for failure to retain approximately one million text messages sent using firm-issued devices despite the firm having a prohibition policy.

FINRA fined and suspended a Texas broker from association with any FINRA member in any capacity for one month, after FINRA determined the broker engaged in unapproved securities-related communications with two customers via text message, violating their firm’s WSP. The firm did not capture, review or retain the broker’s text message communications.

Another broker was fined $5,000 and suspended from association with any FINRA member in any capacity for one month. The broker sent 58 text messages relating to his securities business, including messages about investment strategies and specific securities to 16 customers over the course of a year. The findings stated that by doing so, the broker prevented his member firm from supervising those communications, violated the firm’s policy about business correspondence, and contradicted his attestation that he would use his firm’s email system for all business.

The Takeaway for 2018

With 77% of Americans owning a smartphone, and the millennial demographic becoming the fastest growing advisor client demographic, texting will be a growing focal point for regulators in 2018 as clients and advisors increasingly expect to communicate via text message.

Despite the proliferation of text messaging as the communication vehicle of choice, many member firms have not updated their WSPs to include text messaging. Additionally, firms may be surprised to find out that a text messaging prohibition policy is not enough to avoid disciplinary actions if they are unable to prevent their advisors from texting. If advisors are texting with clients, a firm must archive and supervise it.

We recommend that a firm’s compliance team keep close tabs on how their advisors are communicating with clients. Are advisors advertising or posting information about their business on social media? Clients may reach out through those platforms. Do advisors list their cell phone number on their website or on social media? If so, it’s likely clients will contact the advisor via text message.

Next, determine what procedures are in place to capture conversations and other content that your advisors utilize. Lexicon-based reviews and random sampling can be used to automatically search for specific policy violations, like scenarios where an advisor offers a prospect or client their personal email address, phone number, or social media account to communicate. Lexicons may include phrases such as ‘text me’, ‘send info to my personal email’ or ‘direct message me on Facebook.’

Once your firm has conducted an audit of the communication channels your advisors use, it’s time to revisit your WSP. Does the WSP include a policy for all the communication channels your advisors are using? Do you capture those communications? Are those communications being archived and reviewed?

With the financial industry undergoing changes in the ways it communicates and how it is regulated, it’s important for firms to make sure their electronic communications policy and supervision systems are effective for 2018. The bottom line is that your firm should capture all electronic communications in order to reveal the risk early and respond immediately.

Share this post!

Marianna Shafir Esq.

Get a Quote

Tell us about yourself, and we’ll be in touch right away.

Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.

Contact Us

Tell us about yourself, and we’ll be in touch right away.