Regulatory Update

CCO Faces Personal Liability for Supervisory Failures

April 01, 2021by Marianna Shafir Esq.

Subscribe to the Smarsh Blog Digest

Subscribe to receive a monthly digest of articles exploring regulatory updates, news, trends and best practices in electronic communications capture and archiving.

Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.

Failure to review Bloomberg messages and chats

A CCO was fined $40,000 and suspended by FINRA for “failing to establish a reasonable supervisory system for the review of electronic correspondence and to reasonably review that correspondence.” The findings stated that while at his member firm, the CCO failed to amend the firm’s WSPs and to establish reasonable procedures, causing the WSPs to fail to specify basic parameters for reviewing electronic communications.

The firm’s WSPs identified a system to be used in reviewing electronic communications but provided no guidance as to how the system should be used to conduct those reviews. The CCO never reviewed the system containing the firm’s Bloomberg messages or chats.

Failure to reasonably supervise electronic communications

FINRA fined a firm $40,000, of which $10,000 is joint and several with the supervising broker and required the firm to certify that it has adopted and implemented policies, procedures and systems that are reasonably designed with respect to the review of electronic correspondence and outside business activities (OBAs).

FINRA required the firm to complete a risk-based retrospective review of electronic communications sent or received by its associated personnel reasonably designed to achieve compliance with FINRA Rule 3110(b)(4) and to comply with all reporting obligations under FINRA Rule 4530, Uniform Application for Securities Industry Registration or Transfer (Form U4), and Uniform Termination Notice for Securities Industry Registration (Form U5) as a result of its findings from that review.

The findings stated that the firm and the broker failed to reasonably supervise electronic communications that its registered representatives sent and received. As a result of his unreasonably limited review, the broker did not act upon more than 800 company-related emails that the representative sent and received. In addition, the broker reviewed the content of 97 of the representative’s company-related emails that reasonably should have alerted him to the fact that sales of company notes were private securities transactions, and that the representative was selling securities away from the firm.

Fraudulently altering email

A broker was assessed a deferred fine of $5,000 and suspended by FINRA for six months and required to satisfactorily complete 20 hours of continuing education regarding compliance, ethics and recordkeeping within 180 days of his reassociation with a FINRA member firm.

The broker altered a mutual fund switch disclosure form after it had been signed by a customer at his member firm and fabricated an email from the customer in an attempt to conceal his falsification of the form. The findings stated that the broker altered the form by adding the potential disadvantages associated with a completed mutual fund switch transaction and then writing the customer’s initials next to the changes.

When the broker’s supervisor requested confirmation that the customer had reviewed and initialed the form, the broker contacted the customer and asked him to send an email confirming the changes. The broker then altered the email that he received from the customer so that it appeared to have been sent before he falsified the form and submitted it to the firm for processing. The firm identified the broker’s falsifications when the customer called and complained later the same day.

Falsified documents and email

A broker was fined $15,000 and suspended by FINRA for 20 months. The broker borrowed $75,000 from one of his customers without providing notice to, or obtaining approval from, his member firm. In addition, the broker completed firm compliance questionnaires in which he falsely represented that he had not borrowed money or securities from or lent money or securities to a client.

The findings also stated that the broker circumvented the firm’s policies, provided false information to an insurance customer’s representative and misled the firm during an internal investigation in connection with his borrowing $200,000 from the insurance customer without disclosing to or obtaining approval from the firm.

The insurance customer, through her accountant, asked the broker to provide documents showing that the loan was properly collateralized. In an email response, the broker sent an altered document that listed the insurance customer as a beneficiary on his personal life insurance policy. However, that policy had lapsed, and the insurance customer had never been listed as a beneficiary. After the insurance customer complained to the firm, it began an internal review.

In addition, in response to the firm’s request for documents and communications, the broker forwarded the firm emails between him and the accountant but failed to provide the previously mentioned email response to the accountant and the accompanying falsified documents. The broker further stated, inaccurately, that no other responsive documents existed. Ultimately, the broker repaid the insurance customer $70,277 and the firm entered into a settlement agreement for the outstanding loan balance plus interest and attorney’s fees.

CCOs must take supervisory requirements seriously

Chief compliance officers increasingly face personal liability for wrongdoing and regulatory violations as a change of guidelines and a string of enforcement actions have transformed the landscape. Regulators’ approach to CCO liability for compliance failures is transforming.

Last year, FINRA fined a firm $300,000, suspended its chief compliance officer and levied a $10,000 fine against the CCO. The firm and the CCO failed to properly supervise an ex-broker, with clients losing money via unsuitable recommendations. In this instance, both the firm and its CCO at the individual level were ordered to pay restitution.

This type of regulatory enforcement is likely to become more common, with fines increasing for CCOs at the individual level. Many compliance officers are unprepared for the personal liability risks that they face. CCOs must understand how to enhance compliance and reduce their risk of personal liability. Guidance from financial regulators regarding the circumstances under which enforcement actions occur would help CCOs internally and improve compliance results.

"Many compliance officers are unprepared for the personal liability risks that they face. CCOs must understand how to enhance compliance and reduce their risk of personal liability."

--

The need for modern communications compliance solutions

The rapid migration to electronic technologies driven by the pandemic brings greater risk for firms. Many firms adopted digital communication and collaboration platforms without implementing the necessary policies and procedures to ensure compliance. Regulators are aware of this and will scrutinize firms and their compliance officers in efforts to get the financial services industry to take these issues more seriously.

CCOs who want to avoid fines and suspensions should focus on making critical changes. It’s important to review the adequacy of the firm’s electronic communications policy and supervisory systems, especially as new rules and areas of priority are published. Electronic communications must be easily accessible, indexed and stored on non-erasable and non-rewriteable media as required by SEC Rule 17a-4(f).

Engage an archiving vendor that is compliant with the regulatory rules and has the technical ability to capture instant messaging conversations including Bloomberg, Facebook and Slack, as well as text messages. Firms must be able to capture conversations the instant they happen, so information can’t be deleted. Also, make sure the archiving vendor has supervision capabilities to meet requirements in FINRA 3110 and elsewhere.

The policies and procedures must provide for adequate electronic communication reviews, the methods of review, the frequency, escalation process, and documentation procedures. Your reviewers should know how to detect and report potential violations. There is no prescribed formula for determining how many messages to review. However, enough messages should be reviewed for a firm to be able to defend it as a reasonable review sample. Most importantly, enforce the policies and document the reviews — simply having a set of policies is not enough.

FINRA will continue to hold firms and CCOs personally accountable for non-compliance with regulatory obligations. Firms must comply with recordkeeping and supervision requirements to avoid penalties and keep pace with the evolution of new communications tools.

Share this post!

Marianna Shafir Esq.
Smarsh Blog

Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.

Ready to enable compliant productivity?

Join the 6,500+ customers using Smarsh to drive their business forward.

Get a Quote

Tell us about yourself, and we’ll be in touch right away.

Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.

Contact Us

Tell us about yourself, and we’ll be in touch right away.

Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.