FINRA Targets CCO and Firm for Undisclosed Outside Business Activities
FINRA fined a firm $50,000, of which $10,000 is joint and several with the firm’s Chief Compliance Officer. The CCO was also the firm’s president, CEO and only supervisor. The CCO was suspended from FINRA for two months.
The firm and the CCO failed to establish and maintain a supervisory system, including written supervisory procedures (WSPs), designed to achieve compliance with FINRA’s outside business activities (OBA) rules. The findings stated that the CCO was responsible for the firm’s WSPs and for supervising the firm’s registered representatives, including reviewing, approving and documenting their OBAs. The firm’s WSPs did not require representatives to provide written notice of their OBAs to the firm. They also failed to address the requirements that the firm review OBAs to determine whether the activity is a private securities transaction and keep records reflecting the review of OBAs.
The firm and the CCO failed to review and evidence the review of OBAs and timely amend representatives’ Forms U4 to disclose OBAs. The CCO’s analysis failed to provide what factors he considered in reviewing the OBAs to determine if it was appropriate for the representatives to engage in them, whether specific conditions or limitations should be imposed on the OBAs, and any factors he considered to ensure the activities were properly characterized as OBAs and not private securities transactions.
In addition, the CCO and the firm failed to timely update the Forms U4 for representatives to reflect their involvement with OBAs. These delays ranged from two months to more than one year.
The firm and the CCO failed to establish and maintain a supervisory system, including WSPs, reasonably designed to achieve compliance with due diligence and filing obligations for private placements. The firm’s WSPs did not address FINRA Rule 5123’s filing requirements. Although the WSPs outlined categories of information that the firm should typically collect with respect to private placements due diligence, they did not state how the firm’s review of those materials should be conducted. The firm and the CCO violated FINRA Rules 3110, 3270, 5123, 2010 and Article V, Section 2(c) of FINRA's By-Laws.
Unethical conduct over mobile text violates firm’s policies
FINRA fined a broker $5,000 and suspended from association with any FINRA member in all capacities for 12 months. The broker posed as a customer of his member firm to conceal his access to, and trading in, the customer’s self-directed account.
The findings stated that the broker agreed to help the customer generate a quick return by executing an options trading strategy in the customer’s self-directed firm account. Because the broker was prohibited from accessing or placing trades in customer accounts, the customer provided the broker with his account login credentials. The broker used his personal cell phone and the customer’s login credentials to access the account and execute trades.
The broker concealed his trading from the firm by posing as the customer and coordinating the trades by text messages from his personal cell phone. The findings stated that the broker caused the firm to maintain incomplete business-related communications by not informing it or providing it copies of the text messages.
The broker also falsely certified in his annual compliance questionnaire that he had not placed trades in any unauthorized accounts and that he had complied with the firm’s text message policy. A registered representative who causes the member firm to fail to comply with these recordkeeping obligations violates FINRA rules 4511 and 2010.
Supervision is critical for oversight of remote employees
Your firm’s WSPs must be tailored to the unique risks of the firm and reflect all of the activity in which your firm engages. At a minimum, the firm’s WSPs should identify the designated responsible supervisor, describe the process the supervisor will follow to conduct each review, how frequently such actions will be taken, and how the supervisor will document that the required supervisory steps were taken.
WSPs should be updated to reflect changes to regulations, and when changes are made to the supervisory process. The firm must ensure the policies are properly enforced and followed by the designated reviewers.
FINRA’s 2021 Priorities report highlighted OBA as a top concern this year, and at the recent SIFMA C&L forum, an uptick in unreported OBAs was a hot topic. During the “Key Legal and Regulatory Issues” session, a panelist recommended email reviews to find undisclosed/unreported OBAs. Email surveillance, when performed with modern supervisory technology, is a reliable way to find unreported OBAs. This should also apply to text messaging, IM & collaboration platforms, social media and other tools workers are using to stay connected.
As companies adopt a hybrid work model, supervision is critical for oversight of employees' electronic communications. The new dynamic has increased supervisory obligations. FINRA expects member firms to establish and maintain reasonable supervisory systems designed to supervise the activities of each broker while working from an alternative or remote location during the pandemic. Firms must have robust policies and procedures, train employees, engage business leaders and implement a technology solution that includes critical supervision capabilities, such as flagging keyword lexicons, random sampling, and robust reporting options.
Given the number of employees working remotely, I expect the regulators will take a hard look at firms and individuals who ignore their supervision obligations. Firms can’t think of rules and regulations as second-tier.
Share this post!
Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.