Good Gravy: Firms and Brokers Lose Their Place at the Table for Noncompliance
Firms fined for deficient supervisory systems
A firm was fined $250,000 and required to retain an independent consultant to conduct a comprehensive review of its compliance with FINRA’s suitability rules and the SEC’s possession-or-control requirements. The firm failed to establish and maintain a supervisory system reasonably designed to supervise securities transactions and achieve compliance with FINRA’s suitability rule.
The findings stated that the firm did not conduct any principal review of solicited transactions. The firm had no surveillance system or exception reports to review solicited transactions and the automated surveillance system, when implemented, was not reasonably designed to detect excessive trading and other violative activity.
As a result of the firm’s deficient supervisory system, it failed to reasonably supervise a broker who engaged in unsuitable and excessive equity and options trading and used margin in senior customers’ accounts. FINRA found that due to an error that occurred when the firm switched internet domain providers, it failed to archive outgoing email communications sent to non-firm email addresses. The emails in question were not stored in an easily accessible place. As a result, the firm violated Section 17a of the Exchange Act and Rule 17a-4(b)(4) thereunder.
A firm was fined $15,000, violating its WSPs for failing to supervise and record on its books and records approximately $1.5 million in private securities transactions by one of its registered representatives. The findings stated that the representative disclosed to the firm that he would be forming a special purpose vehicle for the purpose of making an investment.
The firm followed up with the representative to get more information about the investment and learned that the special purpose vehicle would be used to pool investments for other individuals as well, whom the representative characterized as friends and family. The firm did not request any documents concerning the investment and approved the activity. The firm did not supervise the investment or activity and did not update the representative's Form U4.
Thereafter, the representative formed a limited liability company and sold interest in the company to investors, including himself, in the amount of $1,495,438. The firm did not inquire further about the representative’s special purpose vehicle and erroneously concluded that the activity did not constitute a private securities transaction. As a result of this erroneous conclusion, the firm did not supervise the private securities transactions or record the transactions on its books and records. As such, the firm failed to reasonably enforce its own WSPs.
Broker barred for recordkeeping violation
An SEC decision became final in which a broker was barred from FINRA with a right to reapply in two years. The sanction was based on findings that the broker tried to obtain falsified compliance records from associated persons and provided them to FINRA. The findings also stated that the broker caused his member firm to maintain inaccurate books and records when he evaded its email retention system by soliciting backdated compliance forms using his personal email account.
The broker’s requests for backdated compliance forms, and the responses he elicited, were business-related communications that his firm was required to preserve. The broker also specifically requested that recipients provide their responses to him at his personal address or an unlogged fax number that the firm shared with other businesses that a firm principal operated. While the SEC agreed with FINRA’s finding that aggravating factors predominated in the broker’s misconduct, the SEC found that it was mitigating that the broker was inexperienced at the time of his misconduct.
Broker permanently barred for OBA violation
A broker was barred from FINRA because he made improper use of his member firm’s funds by submitting altered invoices and fabricated emails to the firm. He caused his firm to pay expenses in excess of $19,000 to vendors, on behalf of two of its advisory clients that were not entitled to have those expenses paid.
The findings stated that the altered invoices and fabricated emails were submitted in order to cause the firm to pay vendors for purported consulting services provided to an advisory client when, in fact, no such services had been provided to that client. The broker wanted the firm to pay the vendors for services it had provided to the two advisory clients that did not have expense agreements with the firm.
Findings also stated that the broker engaged in an undisclosed OBA wherein he was a principal of a holding company that he used to rent his family’s vacation property. The broker later began using the company to provide consulting services to investment advisors, including clients of his firm. The broker solicited a firm advisory client to enter a contract with the company. One part of the services the company agreed to provide was obtaining the best custodian for the client, which represented a conflict of interest. The broker’s job at the firm entailed, in part, attracting advisory clients to the firm’s custodial services.
Similarly, the broker solicited another firm client to contract with the company. The proposed agreement, that was never executed, contained a confidentiality provision prohibiting it from being disclosed to the firm and conditioned favorable firm pricing if the client were to become a client of the company. The broker was compensated for his work for the company, including receiving more than $40,000.
The broker failed to provide written notice to the firm of the company at any time, including when it began providing consulting services. In addition, the broker falsely answered “no” when asked on multiple annual firm compliance questionnaires if he had a disclosable OBA, including whether he had received compensation or had a reasonable expectation of compensation through a business activity outside of the firm.
FINRA uses emails as evidence of broker’s misconduct
A broker was barred from association with any FINRA member in all capacities after the broker engaged in falsification of variable and fixed annuity applications involving two customers of her member firm and falsifying the variable annuity applications, causing her member firm’s books and records to be inaccurate.
In addition, the broker completed and submitted the fixed annuity applications on behalf of the same customers in which she falsely attested to meeting with them, witnessing their signatures, and reviewing their original driver’s licenses.
The findings also stated that the broker engaged in forgery of customer signatures and impersonation of customers. The broker created fake email addresses for the customers, which she used to electronically forge the customers’ signatures on the variable annuity applications and submitted them to the firm without customers’ authorization or consent.
When the firm became suspicious as to why the applications remained unfunded, the broker used the fake email addresses to impersonate the customers in correspondence with the firm, purportedly requesting to cancel the applications.
Findings also included that the broker provided false and misleading testimony to FINRA. During the broker’s on-the-record interview, she initially denied creating the fake email addresses and using those email accounts to forge the customers’ signatures. Only after FINRA presented the broker with evidence that an email sent from the fake customer email addresses shared the same IP address as her personal email address did she admit in testimony to creating both fake email addresses.
The broker then admitted to electronically forging one of the customer’s signatures on a variable annuity application but denied forging the other customer’s signature on the other variable annuity application. However, audit trail data provided by the firm after the broker’s interview reflected that the other variable annuity application was also accessed and signed using a fake email address the broker created.
Monitoring electronic communications for compliance
These recent enforcement cases are telling examples of how the power of supervision can prevent regulatory infractions. The timely review of electronic communications is a first-line defense for firms against improper conduct by employees. It is important to establish a reasonable supervisory system that flags, escalates and enables actions to address potential fraud and violations.
Regulated financial firms must have robust policies and procedures in place for an effective compliance program. Policies and procedures should be documented to ensure continuing compliance and to serve as a training and reference tool for all employees.
This includes a reasonable system for monitoring electronic communication policies. There is no prescribed rule for when to review the messages, but it must be timely in order to find and escalate red flags. A well-planned, implemented, and maintained compliance program will prevent or reduce regulatory violations, provide cost efficiencies, making it a sound business step.
Make sure to document the review process. Engage an archiving provider that enables compliance with the regulatory rules and has the technical ability to electronically document reviews and create an audit trail. If the message is spam, note the message as “not material,” or “junk message.” Documentation of procedures can be a powerful tool to evidence your supervision process. Also, make sure to select a vendor solution with supervision capabilities such as flagging keyword lexicons, escalation, and reporting options.
The goal of reviewing electronic communications is to ensure employees and executives are not committing any wrongdoing. Examples of employee wrongdoing include unauthorized outside business activities, private security transactions, use of prohibited communication channels, and sharing non-public information. What happens if you find a potential regulatory violation? At a minimum, firms’ procedures should clearly identify the person(s) responsible for determining whether a violation has occurred. and whether it requires reporting under regulatory rules.
Procedures should document the seniority level of the person(s) (e.g., General Counsel, Chief Compliance Officer or a senior staff committee) responsible for determining if violations occurred. Also, provide a protocol for escalating violations, and potential violations, to such person(s); and provide a protocol regarding the reporting of internal conclusions of the violations. Minor violations can be resolved in-house while significant violations must be reported to FINRA and other authorities.
The cost of non-compliance for financial institutions has increased significantly. Firms must respond with innovative solutions for archiving all business communication channels.
Share this post!
Marianna Shafir Esq.
Latest posts by Marianna Shafir Esq. (see all)
- 2022 Regulatory Roundup: Record-Breaking Penalties Provide a Glimpse Into 2023 - December 28, 2022
- Smarsh Advance Recap: Voice – The Newest Frontier in Supervision - December 15, 2022
- CFTC’s 2022 Enforcement Results Highlight Recordkeeping and Supervision - October 27, 2022
Smarsh Blog
Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.
Watch it Work
Contact Us
Chat
Subscribe to the Smarsh Blog Digest
Subscribe to receive a monthly digest of articles exploring regulatory updates, news, trends and best practices in electronic communications capture and archiving.
Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.
FOLLOW US