Regulatory Update

Brokers Face Personal Liability

August 15, 2019by Marianna Shafir Esq.

Subscribe

Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.

FINRA is increasing disciplinary actions against individuals for failing to comply with recordkeeping and supervision rules. Recently, FINRA fined brokers for using unauthorized, personal email accounts.

Let's review the recent FINRA enforcement actions.

A broker was fined $5,000 and suspended from association with any FINRA member in all capacities for 10 business days. The broker consented to the sanctions and to the entry of findings that he emailed unencrypted spreadsheets containing the confidential personal financial information of retirement plan participants to the email account of his outside business without the authority of the participants, his member firm or the firm's affiliate that provided administrative and recordkeeping services. The findings stated that the broker emailed the spreadsheets so that he could contact a subset of the plan participants on the spreadsheets for the purpose of selling them retirement-planning services through his outside business. The broker never used the information for any purpose.

A broker was fined $5,000 and suspended from association with any FINRA member in all capacities for seven months. The broker consented to the sanctions and to the entry of findings that he forged the signature of his member firm's chief executive officer (CEO) on a document that purported to be a private placement engagement agreement involving the firm and an issuer. The findings also stated that White used an unauthorized outside email address to communicate with the issuer about the agreement. White typically deleted emails on his personal accounts on a weekly basis and as a result, he prevented his firm from maintaining all business-related communications as required.

A broker was fined $25,000 and suspended from association with any FINRA member in all capacities for five months. The broker consented to the sanctions and to the entry of findings that he used an email account associated with his outside business activities for communications related to his securities business. The findings stated that these communications were not inputted, maintained, or preserved by the broker's member firm, and his use of the outside email account caused the firm to violate its recordkeeping obligations. The findings also stated that the broker had communications with the public, made through a website he maintained, a press release he issued and confidential information memoranda that he distributed, that were not fair and balanced and did not provide a sound basis for evaluating the investments referenced in them.

A broker was fined $5,000 and suspended from association with any FINRA member in all capacities for 30 days. The broker consented to the sanctions and to the entry of findings that while assigned responsibility for his member firm’s review and retention of email, he failed to ensure that it captured, retained and reviewed emails related to firm business. The findings stated that a registered representative at a firm branch office was engaged in undisclosed outside business activity at the time, whereby he also attempted to solicit investments. Reasonable review of the representative’s email may have allowed the firm, through the broker its chief compliance officer (CCO), to discover these issues. The findings also stated that the broker frequently—if not almost exclusively— used a third-party email account instead of his firm account to conduct firm business. Based on FINRA’s investigation, only three communications—calendar invites—over the relevant period were directed to or from the broker’s firm email address. The broker was unable to produce for FINRA all of his business-related, third-party emails. Consequently, the broker failed to properly retain his own email, thereby causing the firm to act in contravention of Section 17(a) of the Securities Exchange Act of 1934 and Rule 17a-4 promulgated thereunder.

TAKEAWAY:

Broker-dealers are obligated to retain records of electronic communications that relate to their “business as such” as required by Rule 17a-4(b). A safe approach to compliance for electronic recordkeeping rules is to implement an “archive everything” strategy. Firms need to be aware of the electronic communications environment and ensure they archive all business communications sent to, and received by, their brokers, whether those brokers communicate via email, social media, text messaging, instant messages, or other forms of electronic communication.

Supervision is critical for retention and oversight of electronic communications. The Professional Archive from Smarsh can automatically flag emails that contain certain words or phrases likely to warrant review. These keywords or key phrases can be customized which allows the firm to control which words or phrases are flagged and to adjust them as the business changes or new risks emerge. You can create keywords and key-phrases to flag the risk of advisors using unauthorized communication channels. Examples include: “send to my Gmail”, “respond to my personal email”, “text me”, “let’s take this offline.” These common phrases are indicative of the risk of using unauthorized communication channels.

Firms must take steps to ensure the employees follow all applicable securities rules and regulations. Training and ongoing education are critical for effective supervision. Provide focused training on specific topics to inform employees of prohibited practices. Your reviewers should know how to detect and report on specific violations. Specify the difference between personal communications and business communications and provide specific examples. For example, inform brokers that using an email account associated with outside business activities for communications related to their securities business is prohibited. Firms cannot assume advisors aren’t using their personal emails to communicate with clients.

Share this post!

Marianna Shafir Esq.

Marianna Shafir Esq.

Corporate Counsel, Regulatory Advisor at Smarsh
Marianna Shafir is Corporate Counsel and Regulatory Advisor at Smarsh, where she’s responsible for legal and regulatory affairs worldwide. With her expertise in financial services industry, compliance and eDiscovery, Marianna counsels Smarsh clients on meeting regulatory obligations, leveraging technology and guidance on best practices related to electronic communications supervision. Prior to joining Smarsh, Marianna worked for BNY Mellon and Invesco where she was an instrumental member on compliance teams.Marianna has also served as an adjunct professor at New York Career Institute where she taught Law Office Management and Real Estate Law. She earned her Juris Doctorate from Nova Southeastern University. She is a frequent speaker at industry conferences and a contributor to various online publications.
Marianna Shafir Esq.
Archiving and Compliance Blog

Our Blog explores the news, trends and best practices in electronic recordkeeping. It’s about managing and getting value from your electronic communications data. It’s about satisfying legal and regulatory obligations. It’s all about turning compliance liability into business insight.

Recent Posts

connected network blue-purple gradient overlay
Discovering the gaps surrounding collaboration, mobility and AI
Read more
resource placeholder
Is Slack a Compliance Nightmare? A Podcast Recap
Read more
IM collaboration
Smarsh & Hootsuite Video Campaign: Compliance in the Social Media Age
Read more

Get a Quote

Tell us about yourself, and we’ll be in touch right away.

Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.

Contact Us

Tell us about yourself, and we’ll be in touch right away.

Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.