Well, it’s that time of year again. Time to wrap up that series of Wakesurfing lessons. Time to get little Johnny dressed and ready for his first day of mathematical physics. Time to get back to work and catch up on a different set of painful lessons - those encountered by firms who have found themselves ensnarled in FINRA or SEC cross hairs. Turns out that there has been no shortages of mishaps while you were out on holiday, including the following:
- August 20: A Connecticut-based broker was fined $5.5M by FINRA for short sales (Regulation SHO) violations and supervisory failures
- August 20: A broker was fined $8.9M by the SEC for failing to disclose a conflict of interest on products managed by an outside advisory firm
- August 16: A financial services company levied $4.5M fine by SEC for numerous fraudulent acts and failure to supervise 5 troublesome representatives
- August 16: A broker-dealer was fined $10.5M by SEC for insider trading by 3 rogue brokers and failure to supervise
The violations represent a broad spectrum of infractions – from the elementary to post-graduate variety. They highlight the diverse curriculum of transgressions that firms need to be equipped to diagnose and eradicate. The first case we mentioned called out the lack of basic supervisory controls covering short sales that existed for nearly 3 years, as well as the ignoring of red flags and previous FINRA exam findings. The second case listed above highlighted conflict of interest arising for the management of third party products that could have been addressed with automated policy controls including ethical wall governance over communications. The two remaining cases both showcase the more complex challenge of uncovering and tracking financial crimes while attempting to keep up with the volume and variety of today’s communications with supervisory tools that were designed with yesterday’s technology.
These challenges also provide a meaningful random sample of the topics we discussed with many of you who were not able to escape to Maui or the Caymans over the summer. Firms continue to rely on technologies that were designed for email, and struggle to follow conversations that are now happening on Slack, Microsoft Teams, Symphony – or jump across channels. Firms that have made significant investments to tune CA Data Protection (formerly Orchestria) are now faced with a shortage of expertise to translate policies that were written in an ancient, hieroglyphic format. And many organizations inside and outside of financial services are exploring machine learning and surveillance technologies in order to identify high risk activities that may be evading their existing compliance and security controls.
So, what are the key lesson lessons learned from the summer? Here’s a few items for your cheat sheets (or, perhaps, cheat prevention sheets):
- Don’t forget the basics: What many SEC and FINRA fines have called out is the basic lack of supervisory controls, meaning, the existence of supervisory policies that are published and enforced. Simple enough, but language that surprisingly continues to appear in SEC and FINRA press releases when firms have not have not kept controls current or failed to take steps to ensure that the dogs are not altering or eating the homework. “Remember your books and records," as more than one person from the SEC and FINRA have uttered.
- Expand the circle: Like your kids, your clients are on social media, IM, and most likely many other communications tools that you have not heard of. It is time for your policies to go where your clients are - and it's time for supervisory tools that can understand and cope with dynamic, multi-party conversations where reps can alter posts, encode malicious acts with emojis, share inappropriate content, or make those conversations disappear altogether. Lesson learned from my kids: Those with intent to evade detection are most likely to go somewhere they think you aren’t.
- Balance the art and science: All regulated organizations have learned the art of expressing risk in the form of expressions or lexicons (some with more artistic ability than others). Others have begun the exploration of the science(s) behind machine learning and AI in order to improve the effectiveness in spotting potentially damaging activities, which is becoming a highly specialized, full course load on its own. However, neither can be successful by itself. The science of uncovering the most carefully disguised fraudulent activity does not work if it does not also cover the basics. And the most solid, foundational platform with carefully tuned lexicons cannot address the spectrum of risks that are not known well enough to express in policies. Hence, the power of Superveillance to leverage to power of both. As Earl Edward George Bulwer-Lytton once stated, “Art and science have their meeting point in method."
As the Summer of 2018 has shown, it’s time to find a better method.
Robert Cruz
Latest posts by Robert Cruz (see all)
- The Big Question at SIFMA C&L Orlando: “Can We Just Be Done with Off-Channel Enforcement Now?” - March 25, 2024
- Off-Channel Enforcement Update: The Value of Self-Reporting Becomes Clearer - February 15, 2024
- FINRA 2024 Annual Regulatory Oversight Report: Impact on Digital Communications Practices - January 11, 2024
Watch it Work
Contact Us
Chat