In 2018, FINRA focused on firms’ noncompliance with recordkeeping and supervision obligations. FINRA penalized firms for communications sent over channels which firms cannot or are not archiving. Also last year, FINRA held individuals responsible for text message–related violations.
FINRA fined a firm $700,000, and the chief executive officer (CEO) was fined $100,000 and barred from FINRA association. The CEO failed to reasonably supervise the preparation of the firm’s books and records. Consequently, the firm did not supervise the review of electronic correspondence. The firm’s written supervisory procedures (WSPs) failed to address how supervisors were to review electronic correspondence. In addition, the firm failed to document any reviews. Finally, the firm’s WSPs didn’t address how supervisors were to select electronic correspondence for review, how they were to review it, how often they needed to review it, or how they were to document their reviews.
Similarly, both a firm and an associated individual were fined for failure to conduct supervisory reviews. The firm was fined $70,000, and the general securities principal was fined $5,000 and suspended from FINRA association for 30 days. The firm’s WSPs stated the principal was responsible for conducting a supervisory review of representatives’ electronic correspondence. However, the principal did not conduct the reviews. The firm’s WSPs also provided that the principal was responsible for overseeing branch office activities, including branch inspections, but the firm and the principal did not conduct a branch inspection of the firm’s sole office from 2011 through 2014.
The firm’s 2015 inspection didn’t address the office’s policies and procedures regarding the supervision of supervisory personnel or the maintenance of books and records. Further, an associated person assigned to the office of supervisory jurisdiction (OSJ) conducted the inspection of that OSJ, and the inspection report did not, as required, document why that arrangement was necessary, and why the inspection satisfied the standards for branch inspections. Also, occurring between 2011 and 2014, the firm and their principal didn’t prepare the annual report on the firm’s supervisory control system or complete the annual certification of compliance and supervisory processes. The supervising principal was responsible for ensuring that these documents were prepared. In 2013, the firm and the principal did not conduct independent testing of the firm’s anti-money laundering (AML) compliance program despite the firm’s WSPs granting supervisory responsibility for the AML program to the principal.
FINRA fined another firm $500,000 for supervisory deficiencies, including deficient training and supervision, because the firm failed to review emails and had deficient WSPs. The firm failed to adequately supervise a representative’s efforts to increase the reported price and trading volume of the common stock of a financially distressed company that traded on the OTC bulletin board. In addition, the firm’s supervision of the representative’s activities was deficient in that the firm did not adequately review emails sent to and received by the branch office. The firm did not adequately review the representative’s trading and did not adequately review third-party research reports and other public communications disseminated by the representative. As a result of these deficiencies, the firm did not adequately supervise the representative to prevent his willful violations of Section 10(b) of the Exchange Act. FINRA found that the firm did not adequately train this representative for his supervisory responsibilities. The firm failed to take basic steps to ensure that he was adequately supervising the branch office. FINRA determined that in light of the representative’s violations of Section 10(b) of the Exchange Act and Rule 10b-5, the firm failed to reasonably supervise the representative in order to prevent violations of the Exchange Act and Exchange Act rules. In addition, FINRA determined that the firm failed to establish and implement adequate AML policies and procedures for monitoring accounts for suspicious activity.
Another firm was fined $100,000 by FINRA for failure to preserve business-related emails in “write once, read many” (WORM) format. As a result, millions of business-related emails sent and received by the firm and its personnel, including emails with firm customers, were not preserved in a manner compliant with SEC and FINRA requirements. After discovering this deficiency and self-reporting the matter to FINRA in 2016, the firm has since transitioned its email storage to a cloud-based system that it represents to be WORM-compliant. The findings also stated that until February 2012, the firm did not establish or maintain any WSPs designed to ensure that its method of electronically preserving business-related emails complied with applicable securities laws and regulations and applicable FINRA rules. In February 2012, the firm adopted WSPs that required the firm to perform tests to ensure that its email retention system was WORM-compliant. The firm, however, failed to enforce these new WSPs until August 2015.
A brokerage firm was fined $95,000 for failing to establish a reasonably designed supervisory system to ensure that business-related emails were being reviewed and retained by the firm. The firm is required to submit to FINRA a written plan of how it will undertake a comprehensive review of the adequacy of relevant policies, procedures, and supervisory systems. At the conclusion of the firm’s comprehensive review, it shall certify in writing to FINRA that it has adopted and implemented policies, procedures, and systems reasonably designed to ensure compliance with federal securities laws and FINRA rules.
Individuals Increasingly Held Responsible for Text Message–Related Sanctions
Last year, FINRA fined two brokers for texting business-related matters in violation of their firm’s prohibition policy. One was fined $10,000 and suspended from association with any FINRA member in all capacities for five months, then ordered to pay $11,754, plus interest, in deferred restitution to customers. The broker had sent more than one hundred text messages about his securities business to a disqualified representative, in violation of firm policy. Essentially, the broker prevented the firm from supervising those communications, creating a risk of harm to customers. Another broker was fined for communicating via text message without the firm’s authorization and suspended for texting prospective clients from his personal cell phone. The broker also sent an email from his personal email account to a prospective customer, violating his member firm’s procedures requiring business-related emails to be sent through firm-approved systems or devices. The broker’s business-related communications, sent from his personal email account and personal cell phone, were not retained by the firm, resulting in failure to comply with its recordkeeping obligations.
Another broker was fined $5,000 and suspended from association with any FINRA member in all capacities for 10 business days. The broker used unapproved personal email accounts and text messages to communicate with an unregistered administrative assistant about member firm customers. The broker’s personal email addresses and personal smartphone were not networked to the firm’s retention system for electronic communications. The emails exchanged by the broker and his assistant included information regarding approximately 20 customers’ assets, securities holdings, and financial goals. The broker’s text messages to his assistant concerned trades in the broker’s personal brokerage account and a customer order. The firm’s WSPs required associated persons to use only firm-sponsored or approved systems for business-related communications. Neither the broker’s personal email addresses nor his text messages were approved by the firm for conducting firm business. By using his personal email account and text messages to conduct firm business, the broker caused the firm to fail to maintain records of his communications.
These fines reinforce the importance of effective recordkeeping and supervision. Failure to comply with regulations includes hefty fines against firms, brokers, and even compliance staff.
Firms need to capture, archive, and supervise all electronic and written business communications. It is critical to establish firm policies and procedures to capture, retain, and supervise all emails, text messages, social media posts, and instant messages – as well as address communications on emerging platforms that have not been approved for business use, such as encrypted text messaging and chat applications. This also includes popular sites such as Facebook, LinkedIn, Twitter, Bloomberg, and Slack. Because firms can’t rely on social networks for recordkeeping, they need to work with third-party vendors to ensure they are capturing communications made over these channels.
Examiners will focus on supervision of the branch offices – no exceptions. Firms must make sure branch offices are in compliance. The same rules apply for branch offices – capture, archive, and supervise all written business communications. As part of the standard branch office inspection program, firms should be reviewing incoming and outgoing electronic communications.
Furthermore, firms must take steps to ensure the employees follow all applicable securities rules and regulations. Training and ongoing education are critical for effective supervision. Provide focused training on specific topics to inform employees of prohibited practices. Your reviewers should know how to detect and report on specific violations. Specify the difference between personal communications and business communications and provide specific examples. For example, inform brokers that communication with an assistant regarding firm customers is strictly considered business communication and therefore must be retained.
Test, remediate, and enhance any suspected deficiencies related to recordkeeping and supervision. Take all actions necessary before becoming the subject of a regulatory examination.
Related Reading: Regulatory Updates – ROUNDUP OF 10 RECENT FINRA AND SEC VIOLATIONS AND PENALTIES
In this roundup, we’ve selected 10 of the most notable violations from our monthly Regulatory Update blog posts. We summarize how they occurred, in addition to the impacts firms are facing due to enhanced SEC and FINRA scrutiny. From a $10.5 million dollar fine for supervision violations, to $6.1 million dollars in fines for anti-money laundering and recordkeeping failures, to a $1.25 million dollar fine for deletion of audio files and inadequate books and records. This roundup brings attention to numerous areas firms must address to reduce risk by building proper supervision programs for compliance obligations.