Summertime Regulatory Climate Heats Up
A brokerage firm was fined $175,000 for failing to reasonably supervise digital communications and take reasonable steps to investigate red flags, according to FINRA’s June 2022 disciplinary report. The firm failed to identify or investigate red flags contained in emails sent to and from the broker’s firm email address, some of which concerned his participation in an investment club.
The findings stated:
- The broker controlled and operated an investment club limited liability company (LLC)
- The firm failed to establish, maintain, and enforce a reasonable supervisory system, including written supervisory procedures (WSPs), with respect to the review of digital communications
Contrary to its WSPs, the firm reviewed only 3% of emails that contained a search term requiring review, such as those suggesting outside business activities (OBAs). Further, the firm’s review of that 3% was generally limited to the subject line of the email — not the body or content of the email.
Failure to establish, maintain and enforce policies and written procedures violates FINRA Rule 3110(b)(4). Also, the firm failed to investigate red flags in the broker’s outside brokerage account activity.
When the broker ultimately disclosed the account to the firm, the firm did not question when the account was opened or why he had failed to disclose the account in a timely manner
Individuals disciplined
Avoiding testimony
A broker was barred from association with any FINRA member in all capacities. The broker refused to appear for on-the-record testimony requested by FINRA in connection with an investigation into the circumstances giving rise to his termination from his member firm.
The findings stated that the firm filed a Form U5, disclosing that the broker was terminated because he transmitted unprofessional images from his personal email account to his firm email account in violation of the firm’s standards of conduct.
False and misleading statements
Another broker was barred from association with any FINRA member in all capacities for making false and misleading statements to her employer — a compliance vendor for her member firm — regarding a FINRA Securities Industry Essentials (SIE) exam score report.
The findings stated that after the broker had taken and failed the SIE exam for a second time, she falsely reported to the firm that she passed the SIE exam and provided it with a falsified exam score report. The firm filed a Form U4 for the broker based on the falsified score.
The firm later learned that the broker had in fact failed the SIE exam. Accordingly, the firm requested that its compliance vendor obtain a copy of the original exam report from the broker. In email responses to the firm’s compliance vendor, the broker falsely stated that she was handed the falsified exam score report at the time she left the exam site. The findings also stated that in an email to FINRA, the broker lied about altering the SIE exam score report.
Using personal communication accounts for business
A broker was assessed a deferred fine of $10,000 because he caused the firm to preserve inaccurate and incomplete books and records by using his personal email address to communicate with firm customers about securities transactions in their firm accounts.
The broker:
- Did not disclose his use of his personal email to the firm
- Did not provide his firm with copies of his digital correspondence with the customers via his personal email
- Lied on the firm’s annual compliance questionnaires that he didn’t use a personal email address for business-related communications
- Deleted all records of his business-related correspondence from his personal email account during the firm’s investigation
- Exercised discretionary trading authority in customer accounts without first obtaining written authorization from the customers or his member firm
Another broker was fined $20,000 for causing his firm to maintain incomplete books and records. He was found to be communicating with his customers about securities-related business with:
- His personal email account
- Text messages from his personal mobile device
- Instant messages from his personal app account
The broker’s communications with the customers via these unapproved channels were not captured and preserved by the firm.
The findings also include that he shared in his customers’ losses by making payments to customers totaling $71,581 to compensate them for losses associated with investments that he had recommended. The findings also stated that the broker engaged in private securities transactions without providing prior written notice to or receiving approval from the firm.
Key takeaway
It’s summertime and the regulatory climate is heating up. Regulators have been taking a tougher stance on areas of longstanding interest like recordkeeping and supervision, with a focus on digital communications.
Here are a few best practices to stay compliant:
Firms must establish a reasonable supervisory system for the review of digital correspondence and to reasonably follow through with reviews. Your firm’s WSPs must be tailored to the risks of the firm and reflect all the activity in which your firm engages.
At a minimum, the firm’s WSPs should:
- Identify the designated responsible supervisor
- Describe the process the supervisor will follow to conduct each review, when (i.e., how frequently) such actions will be taken, and how the supervisor will document that the required supervisory steps were taken
- Be updated to reflect changes to regulations
- Be updated when changes are made to the supervisory process
The firm must ensure the policies are properly enforced and followed by the designated reviewers. Supervision is critical for retention and oversight of digital communications. Firms need to demonstrate to regulators that they are supervising the activities of their associated persons.
The firm’s WSPs must specify basic parameters for reviewing digital communications. There is no prescribed formula for determining how many communications to review, but enough should be reviewed for a firm to be able to defend it as reasonable. If the policies call for a review of 4% of all communications each month, reviewing only 3% is missing the mark. Also, the review must include the entire communication — the subject and body of the message.
Firms must develop and maintain policies and procedures reasonably designed to prevent and detect violations of employees working for them. Failure to meet regulatory retention and supervision requirements results in serious consequences for firms and their brokers, including fines and other disciplinary actions.
Share this post!
Marianna Shafir Esq.
Latest posts by Marianna Shafir Esq. (see all)
- 2022 Regulatory Roundup: Record-Breaking Penalties Provide a Glimpse Into 2023 - December 28, 2022
- Smarsh Advance Recap: Voice – The Newest Frontier in Supervision - December 15, 2022
- CFTC’s 2022 Enforcement Results Highlight Recordkeeping and Supervision - October 27, 2022
Smarsh Blog
Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.
FEATURED CONTENT
Ready to enable compliant productivity?
Join the 6,500+ customers using Smarsh to drive their business forward.
Watch it Work
Contact Us
Chat
Subscribe to the Smarsh Blog Digest
Subscribe to receive a monthly digest of articles exploring regulatory updates, news, trends and best practices in electronic communications capture and archiving.
Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.
FOLLOW US