Brokers Face Personal Liability
FINRA is increasing disciplinary actions against individuals for failing to comply with recordkeeping and supervision rules. Recently, FINRA fined brokers for using unauthorized, personal email accounts.
Let's review the recent FINRA enforcement actions.
A broker was fined $5,000 and suspended from association with any FINRA member in all capacities for 10 business days. The broker consented to the sanctions and to the entry of findings that he emailed unencrypted spreadsheets containing the confidential personal financial information of retirement plan participants to the email account of his outside business without the authority of the participants, his member firm or the firm's affiliate that provided administrative and recordkeeping services. The findings stated that the broker emailed the spreadsheets so that he could contact a subset of the plan participants on the spreadsheets for the purpose of selling them retirement-planning services through his outside business. The broker never used the information for any purpose.
A broker was fined $5,000 and suspended from association with any FINRA member in all capacities for seven months. The broker consented to the sanctions and to the entry of findings that he forged the signature of his member firm's chief executive officer (CEO) on a document that purported to be a private placement engagement agreement involving the firm and an issuer. The findings also stated that White used an unauthorized outside email address to communicate with the issuer about the agreement. White typically deleted emails on his personal accounts on a weekly basis and as a result, he prevented his firm from maintaining all business-related communications as required.
A broker was fined $25,000 and suspended from association with any FINRA member in all capacities for five months. The broker consented to the sanctions and to the entry of findings that he used an email account associated with his outside business activities for communications related to his securities business. The findings stated that these communications were not inputted, maintained, or preserved by the broker's member firm, and his use of the outside email account caused the firm to violate its recordkeeping obligations. The findings also stated that the broker had communications with the public, made through a website he maintained, a press release he issued and confidential information memoranda that he distributed, that were not fair and balanced and did not provide a sound basis for evaluating the investments referenced in them.
A broker was fined $5,000 and suspended from association with any FINRA member in all capacities for 30 days. The broker consented to the sanctions and to the entry of findings that while assigned responsibility for his member firm’s review and retention of email, he failed to ensure that it captured, retained and reviewed emails related to firm business. The findings stated that a registered representative at a firm branch office was engaged in undisclosed outside business activity at the time, whereby he also attempted to solicit investments. Reasonable review of the representative’s email may have allowed the firm, through the broker its chief compliance officer (CCO), to discover these issues. The findings also stated that the broker frequently—if not almost exclusively— used a third-party email account instead of his firm account to conduct firm business. Based on FINRA’s investigation, only three communications—calendar invites—over the relevant period were directed to or from the broker’s firm email address. The broker was unable to produce for FINRA all of his business-related, third-party emails. Consequently, the broker failed to properly retain his own email, thereby causing the firm to act in contravention of Section 17(a) of the Securities Exchange Act of 1934 and Rule 17a-4 promulgated thereunder.
Broker-dealers are obligated to retain records of electronic communications that relate to their “business as such” as required by Rule 17a-4(b). A safe approach to compliance for electronic recordkeeping rules is to implement an “archive everything” strategy. Firms need to be aware of the electronic communications environment and ensure they archive all business communications sent to, and received by, their brokers, whether those brokers communicate via email, social media, text messaging, instant messages, or other forms of electronic communication.
Supervision is critical for retention and oversight of electronic communications. The Professional Archive from Smarsh can automatically flag emails that contain certain words or phrases likely to warrant review. These keywords or key phrases can be customized which allows the firm to control which words or phrases are flagged and to adjust them as the business changes or new risks emerge. You can create keywords and key-phrases to flag the risk of advisors using unauthorized communication channels. Examples include: “send to my Gmail”, “respond to my personal email”, “text me”, “let’s take this offline.” These common phrases are indicative of the risk of using unauthorized communication channels.
Firms must take steps to ensure the employees follow all applicable securities rules and regulations. Training and ongoing education are critical for effective supervision. Provide focused training on specific topics to inform employees of prohibited practices. Your reviewers should know how to detect and report on specific violations. Specify the difference between personal communications and business communications and provide specific examples. For example, inform brokers that using an email account associated with outside business activities for communications related to their securities business is prohibited. Firms cannot assume advisors aren’t using their personal emails to communicate with clients.
Share this post!
Archiving and Compliance Blog
Our Blog explores the news, trends and best practices in electronic recordkeeping. It’s about managing and getting value from your electronic communications data. It’s about satisfying legal and regulatory obligations. It’s all about turning compliance liability into business insight.