Regulatory Updates: Firm fined $1.3 million for supervision failures

The SEC and FINRA recently fined a brokerage firm $1.3 million for failing to supervise suspicious penny stock transactions.

Last month, FINRA fined a firm $550,000 for “failing to have adequate supervisory and anti-money laundering (AML) programs tailored to detect ‘red flags’ or suspicious activity connected to its sale of low-priced securities”. Further, the SEC penalized the firm $750,000 for willfully violating the SEC financial recordkeeping and reporting rule. The owner and CEO of the firm was also fined $40,000 by the SEC in a separate action. In addition, the SEC fined one former firm AML officer $20,000 and another AML compliance officer will have a public hearing before an administrative law judge.

Both the SEC and FINRA found the firm’s surveillance technology did not analyze the questionable transactions. The firm failed to adequately monitor or investigate the trading in seven  delivery versus payment (DVP) customer accounts that liquidated billions of shares of low-priced securities, generating millions of dollars in proceeds for its customers. Several of these customers were foreign financial institutions that effected transactions on behalf of their underlying customers. The firm did not identify these trades as suspicious even after its clearing firm alerted the firm to AML red flags and specific suspicious low-priced securities transactions. These violations were accompanied by a failure to implement an adequate AML program tailored to detect red flags associated with these sales.

The regulators found the firm did not effectively train its employees concerning low-priced securities transactions. While the firm did have written supervisory procedures concerning AML compliance, the firm’s employees and reviewers never received any training on examples of the red flags associated with low-priced securities transactions.

FINRA fined another firm $500,000 for supervisory deficiencies, including deficient training and supervision, because the firm failed to review emails, and had deficient WSPs. The firm failed to adequately supervise a representative’s efforts to increase the reported price and trading volume of the common stock of a financially distressed company that traded on the OTC bulletin board. In addition, the firm’s supervision of the representative’s activities was deficient in that the firm did not adequately review emails sent to and received by the branch office. The firm did not adequately review the representative’s trading and did not adequately review third-party research reports and other public communications disseminated by the representative. As a result of these deficiencies, the firm did not adequately supervise the representative to prevent his willful violations of Section 10(b) of the Exchange Act. FINRA found that the firm did not adequately train this representative for his supervisory responsibilities. The firm failed to take basic steps to ensure that he was adequately supervising the branch office. FINRA determined that in light of the representative’s violations of Section 10(b) of the Exchange Act and Rule 10b-5, the firm failed to reasonably supervise the representative in order to prevent violations of the Exchange Act and Exchange Act rules. In addition, FINRA determined that the firm failed to establish and implement adequate AML policies and procedures for monitoring accounts for suspicious activity.

Another firm was fined $100,000 by FINRA for failure to preserve business-related emails in “write once, read many” (WORM) format. As a result, millions of business-related emails sent and received by the firm and its personnel, including emails with firm customers, were not preserved in a manner compliant with SEC and FINRA requirements. After discovering this deficiency and self-reporting the matter to FINRA in 2016, the firm has since transitioned its email storage to a cloud-based system that it represents to be WORM-compliant. The findings also stated that until February 2012, the firm did not establish or maintain any WSPs designed to ensure that its method of electronically preserving business-related emails complied with applicable securities laws and regulations and applicable FINRA rules. In February 2012, the firm adopted WSPs that required the firm to perform tests to ensure that its email retention system was WORM-compliant. The firm, however, failed to enforce these new WSPs until August 2015.

Individuals

A broker was fined $7,500 and suspended from association with any FINRA member firm in all capacities for five months. The broker sent approximately 20 text messages about securities to a customer, which constituted a means of communication that her firm prohibited and could not monitor. Some of the messages addressed specific transactions, such as orders to sell certain option contracts; investment strategies, such as whether the customer should sell a certain issuer’s securities; the performance of the customer’s accounts; and referred to a complaint that the customer had about the broker’s trading practices. The broker did not provide her text messages with the customer to her firm so that it could retain the communications.

Another broker was fined $5,000 and suspended from association with any FINRA member  in all capacities for 10 business days. The broker used unapproved personal email accounts and text messages to communicate with an unregistered administrative assistant about member firm customers. The broker’s  personal email addresses and his personal smartphone were not to the firm’s retention system for electronic communications. The emails exchanged by the broker and his assistant were about 20 customers and included information regarding the customers’ assets, securities holdings and financial goals. The broker’s text messages to his assistant concerned trades in the broker’s personal brokerage account, and a customer order. The firm’s WSPs required associated persons to only use firm-sponsored or approved systems for business-related communications. Neither the broker’s personal email addresses nor his text messages were approved by the firm for conducting firm business. By using his personal email account and text messages to conduct firm business, the broker caused the firm to fail to maintain records of his communications.

Takeaway: Firms need to capture, archive and supervise all electronic and written business communications.

These  fines reinforce the importance of effective recordkeeping and supervision. Failure to comply with regulations includes hefty fines against firms, brokers, and even compliance staff.

Firms need to capture, archive and supervise all electronic and written business communications. It is critical to establish firm policies and procedures to capture, retain and supervise all emails, text messages, social media posts, and instant messages – as well as address communications on emerging platforms that have not been approved for business use, such as encrypted text messaging and chat applications. This also includes popular sites such as Facebook, LinkedIn, Twitter, Bloomberg, and Slack. Because firms can’t rely on social networks for recordkeeping, firms need to work with third party vendors to ensure they are capturing communications made over these channels.
Examiners will focus on supervision of the branch offices – no exceptions. Firms must make sure branch offices are in compliance. The same rules apply for branch offices – capture, archive, and supervise all written business communications. As part of the standard branch office inspection program, firms should be reviewing incoming and outgoing electronic communications.

This is a good time to review your WSPs, especially social media and mobile policies. Firms must also have supervisory processes that include compliance with AML responsibilities. The good news is there are surveillance tools available to help firms enhance their supervisory systems. You can set up an archiving platform to detect risk with lexicons focused on AML, fraud, unapproved communication channels or unethical practices, and get instant notifications when a user is non-compliant.  AML lexicon examples include: “an offshore account,” “a tax haven,” and “money was illegal.” Lexicon policies greatly enhance your supervisory controls and help meet regulatory requirements.

In its 2018 Regulatory and Examination Priorities Letter, FINRA highlighted AML as an area of concern and noted it will assess the adequacy of firms’ AML programs and their policies and procedures to detect and report suspicious transactions. Firms can also review FINRA’s Examination Findings Report to understand FINRA’s areas of concern and observations on effective practices related to AML.

Furthermore, firms must take steps to ensure the employees follow all applicable securities rules and regulations. Training and ongoing education are critical for effective supervision. Provide focused training on specific topics to inform employees of prohibited practices. Your reviewers should know how to detect and report on specific violations. Specify the difference between personal communications and business communications, and provide specific examples. For example, informing advisors that communication with an assistant regarding firm customers is strictly considered business communication and therefore must be retained.

Lastly, make sure to test the firm’s electronic communication channels; this is important to ensure that all content is being captured in supervisory systems and is in compliance with recordkeeping rules.

Test, remediate, and enhance any suspected deficiencies related to recordkeeping and supervision. Take all actions necessary before becoming the subject of a regulatory examination.

Share this post!

Marianna Shafir Esq.

Get a Quote

Tell us about yourself, and we’ll be in touch right away.

Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.

Contact Us

Tell us about yourself, and we’ll be in touch right away.