On June 5, the SEC approved a package of rules requiring brokerage firms to disclose potential conflicts in the fees investors pay and the commissions brokers earn when giving financial advice. These new Regulation Best Interest rules also require brokers to raise the standard for giving advice to meet a client’s best interest when recommending stocks, mutual funds, and other financial products. Regulation Best Interest imposes a new standard of conduct specifically for broker-dealers that substantially enhances the broker-dealer standard of conduct beyond existing “suitability” obligations. The standard of conduct draws from key fiduciary principles and cannot be satisfied through disclosure alone.

“Compliance with the rule will not be easy for the industry. Firms will need to make substantial changes. The costs to implement will no doubt be significant, but … worthwhile to uniformly enhance investor protection,” said Kenneth E. Bentsen, Jr., who leads the Securities Industry and Financial Markets Association.

Walmart to pay more than $282 million for violating recordkeeping and internal accounting rules

The SEC charged Walmart with violating the Foreign Corrupt Practices Act (FCPA), and the retail giant has agreed to pay about $282 million to settle bribery charges. Walmart consented to the SEC’s order finding that it violated the books and records and internal accounting controls provisions of the Securities Exchange Act of 1934. According to the SEC’s order, Walmart failed to sufficiently investigate or mitigate certain anti-corruption risks and allowed subsidiaries in Brazil, China, India, and Mexico to employ third-party intermediaries who made payments to foreign government officials without reasonable assurances that they complied with the FCPA. The SEC’s order details several instances when Walmart planned to implement proper compliance and training only to put those plans on hold or otherwise allow deficient internal accounting controls to persist even in the face of red flags and corruption allegations. “Walmart valued international growth and cost-cutting over compliance,” said Charles Cain, chief of the SEC Enforcement Division’s FCPA Unit. “The company could have avoided many of these problems, but instead Walmart repeatedly failed to take red flags seriously and delayed the implementation of appropriate internal accounting controls.”

FINRA Disciplinary Actions

FINRA fined a brokerage firm $50,000 jointly and severally with the CEO and independently fined an additional $15,000. The CEO was suspended from association with any FINRA member in any principal or supervisory capacity for two months. The broker was fined $40,000, suspended from association with any FINRA member in all capacities for 21 months, and ordered to pay $84,425, plus prejudgment interest, in restitution to customers. The sanctions were based on findings that the broker made misleading misrepresentations of fact in three widely distributed emails to current and former customers. The findings stated that the broker sent investment summaries and emails to his customers and former customers that contained inaccurate information and failed to provide a sound basis for evaluating facts. The broker sent the emails without obtaining approval by an appropriately qualified registered principal of the firm. The findings also stated that the firm and the CEO failed to establish, maintain, and enforce adequate supervisory systems for the capture, review, and retention of the firm’s securities-related emails; failed to enforce the firm’s WSPs prohibiting the use of personal email accounts for securities-related correspondence; and failed to preserve emails relating to its securities business. The findings also included that the broker used unauthorized personal email accounts to conduct securities business with customers of the firm.

A broker was fined $20,000, suspended from association with any FINRA member in all capacities for five months, and required to disgorge a portion of the commissions he received, $10,350.71, plus interest. The broker consented to the sanctions and to the entry of findings that he used unapproved communications methods to conduct securities business. The findings stated that after learning that the broker had been using instant messaging to communicate with a customer, the broker’s supervisor verbally informed him that his member firm’s procedures strictly prohibited its registered representatives from using instant messaging to conduct securities business. That same day, the broker confirmed in writing to his supervisor that he would no longer use instant messaging. Despite the firm’s admonition and his own explicit agreement to cease using instant messaging to communicate with customers, the broker continued to use instant messaging in conducting securities business. In addition, the broker regularly corresponded with firm customers via text messaging regarding securities activity in their accounts. The broker did not inform the firm that he used text messaging or instant messaging to conduct securities business, nor did he provide copies of these communications to the firm. In doing so, the broker prevented the firm from reviewing and retaining correspondence with the public and making and preserving books and records. The findings also stated that the broker exercised discretion over customer accounts without written authorization. The findings also included that the broker made false statements to the firm regarding his use of instant messaging and provided false answers to FINRA regarding his use of instant and text messaging and use of discretion.

A broker was barred from association with any FINRA member in all capacities. The findings stated that FINRA was investigating allegations of excessive trading and unsuitable recommendations involving the use of margin, whether the broker attempted to settle a customer’s complaint away from his firm, and whether he used an undisclosed personal email account and text messages to conduct securities business, among other allegations.

Another broker was barred from association with any FINRA member in all capacities. The broker consented to the sanction and to the entry of findings that he participated in private securities transactions without providing prior written or any other notification to his member firm. The findings also stated that the broker used personal email addresses to correspond with customers about their firm accounts and communicated via text message with a firm customer about her account. The broker did not provide these communications to the firm. Therefore, the firm failed to review or retain this securities-related correspondence as books and records, as required.

TAKEAWAY

The regulators continue to penalize firms and individuals for failing to comply with supervisory and retention obligations. Failure to meet FINRA and SEC retention requirements results in serious consequences for firms and their employees, including fines and other disciplinary actions. The regulators are focusing on advisors using personal email accounts to send business-related communication to customers and penalized firms for recordkeeping violations.

Firms need to capture, archive, and supervise all written business communications. This includes retention of electronic communications such as email, text messages, instant messages, social media, and more. This is a good time to review your written supervisory procedures (WSPs) to ensure policies properly address how employees conduct your firm’s business activities and comply with the provisions of the recordkeeping rule.

Because firms can’t rely on social networks for recordkeeping, they need to work with third-party vendors. For example, the Enterprise Archive from Smarsh has the ability to automatically flag emails that contain certain words or phrases likely to warrant review. Lexicons containing these keywords or key phrases can be customized, which allows the firm to control which words or phrases will be flagged and to adjust them as the business changes or new risks emerge. You can create keywords and key phrases to flag the risk of advisors using unauthorized communication channels. Examples include: “send to my personal email,” “respond to my gmail account,” “text me,” “let’s take this offline.” These common phrases are indicative of the risk of using unauthorized communication channels. Firms cannot assume advisors aren’t using their personal emails to communicate with clients. Employee training should also be ongoing to keep pace with the latest technology.

It is critical to supervise your employees and respond to red flags. As you can see in the above enforcement cases, having a set of WSPs is not enough. It’s important to establish a reasonable supervisory system that flags, escalates, and enables actions to address potential fraud and violations. Not following your firm’s policies and procedures is just as bad as not having any to begin with.

One of the most frequently cited violations is failure to follow written supervisory procedures. Monitoring electronic communications can be an incredibly effective way to find potential violations beyond advisors using their personal email to communicate with clients, such as FCPA violations, fraud, client complaints, or failure to follow privacy policies. There is no prescribed formula for determining how many emails to review, but enough should be reviewed for an advisor to be able to defend it as reasonable.

The takeaway is that firms must develop and maintain policies and procedures reasonably designed to prevent and detect securities law violations by associated persons working for them. Firms must also have systems to implement their supervisory procedures that would reasonably be expected to prevent and detect violations by persons subject to their supervision. Firms must implement significant technology solutions to keep pace with the evolving industry changes.

Visit Smarsh Central to read intuitive, comprehensive articles that are frequently updated with the unrivaled regulatory knowledge and experience of our experts. There you’ll also find a running list of keywords, phrases, and exclusions used by actual Smarsh customers to identify and filter messages containing potential risks.