‘Tis the Season for Regulatory Enforcement
OCIE Risk Alert
On Nov. 19, 2020, the SEC’s Office of Compliance Inspections and Examinations (OCIE) issued a new Risk Alert addressing the most common issues identified in recent examinations. The Risk Alert focuses on deficiencies related to the Investment Advisers Act of 1940 Rule 206(4)-7 (“Compliance Rule”). OCIE noted that it has regularly cited Compliance Rule deficiencies in its risk alerts. The Risk Alert also identifies six areas in which these deficiencies are most common.
The Compliance Rule requires an investment advisory firm to adopt and implement written compliance policies and procedures, perform an annual review, and designate a Chief Compliance Officer (CCO).
Compliance Rule Deficiencies and Weaknesses
Inadequate compliance resources
OCIE staff observed advisers that did not devote adequate resources such as information technology, staff and training to their compliance programs. This included CCOs who had numerous other professional responsibilities, either elsewhere with the adviser or with outside firms, and who did not appear to devote sufficient time to fulfilling their responsibilities as CCO.
Insufficient authority of CCOs
OCIE staff observed CCOs who lacked sufficient authority within the adviser to develop and enforce appropriate policies and procedures for the adviser. This included instances where CCOs were not consulted by senior management and employees of the adviser regarding matters that had potential compliance implications.
Annual review deficiencies
OCIE staff observed advisers that were unable to demonstrate that they performed an annual review or whose annual reviews failed to identify significant existing compliance or regulatory problems.
Implementing actions required by written policies and procedures
OCIE staff observed advisers that did not implement or perform actions required by their written policies and procedures such as training employees; implementing compliance procedures regarding trade errors, advertising, best execution, conflicts, disclosure and other requirements; reviewing advertising materials; following compliance checklists and other processes; and reviewing client accounts.
Maintaining accurate and complete information in policies and procedures
The staff observed advisers’ policies and procedures that contained outdated or inaccurate information about the adviser, including off-the-shelf policies that contained unrelated or incomplete information.
Maintaining or establishing reasonably designed written policies and procedures
OCIE staff observed advisers that did not maintain written policies and procedures or failed to establish, implement or appropriately tailor written policies and procedures that were reasonably designed to prevent violations of the Advisers Act. For example, staff observed advisers that claimed to rely on cursory or informal processes instead of maintaining written policies and procedures.
In addition, staff observed advisers that utilized policies of an affiliated entity, such as a broker-dealer, that were not tailored to the business of the advisers. Where firms did maintain written policies and procedures, OCIE observed deficiencies or weaknesses in establishing, implementing, or appropriately tailoring written policies and procedures in the areas of portfolio management; marketing; trading practices; disclosures; advisory fees and valuation; safeguards for client privacy; required books and records; safeguarding client assets and custody; and business continuity plans.
The OCIE encourages advisers to review their written policies and procedures, including implementation of those policies and procedures, to ensure that they are tailored to the advisers’ business and adequately reviewed.
FINRA Enforcement Actions
FINRA fined a firm that was censured and ordered to pay $53,174.51 in restitution to customers. Due to the firm’s financial status, no fine or pre-judgment interest on the restitution amount was imposed.
The firm failed to establish and maintain a supervisory system and failed to establish, maintain and enforce WSPs that were reasonably designed to achieve compliance with FINRA's suitability rules.
The findings stated that the firm used a third-party automated trade surveillance application to supervise and review registered representative trading recommendations and strategies, yet did not re-configure, modify or alter that surveillance tool to monitor unique trading strategies like that of one representative at the firm. Although the firm's supervisory system required a quarterly review of discretionary accounts to specifically focus on detecting and preventing excessive trading, it failed to provide any guidance to supervisory staff regarding how to conduct such a review. Moreover, the firm's system did not provide any supervisory tools designed to alert for excessive trading, commissions or cost over any period beyond a single day on a per-trade basis. There was no reasonable method for firm supervisors to aggregate commissions and costs over time.
With respect to the representative, the firm bifurcated responsibility for supervising his equity and options recommendations by product, even where those recommendations impacted the same customer account as part of a singular, active trading strategy. As a result, individual supervisors were unable to identify patterns and evaluate the trading strategy employed by the representative, who effected quantitatively unsuitable transactions in customer accounts over which he had discretionary trading authority.
The findings also included that the firm failed to preserve and maintain the second representative's business-related electronic communications conducted through his personal email address.
The firm was aware that the second representative was using a personal email account for business-related communications even after he was provided with a firm email account, as he forwarded certain messages from his personal email account to firm principals.
An Offer of Settlement was issued in which the firm was censured. No monetary sanction was imposed after considering that the firm had filed a bankruptcy petition. The firm and its chief executive officer (CEO) recommended and sold participation interests in private placements (the offerings) to their customers, without having a reasonable basis to believe that their recommendations were suitable for at least some investors.
The findings stated that the firm and its CEO did not have a reasonable basis to recommend these investments because they failed to conduct reasonable diligence on the offering or the issuers of these investments, both of which purported to be in the business of purchasing and re-selling tickets to live concerts and theater events, and two principals who formed and managed the issuers. The firm and its CEO also failed to reasonably investigate and follow-up on red flags that called into question the viability of the issuers’ business prospects and the principals’ ability to operate and manage a profitable ticketing resale business.
The firm raised approximately $16.2 million from investors through the offerings, and it earned $487,650 in fees from these solicited transactions. The firm’s customers ultimately lost millions of dollars from investing in these offerings when it was later discovered that the principals used the issuers to conduct a Ponzi scheme.
The findings also stated that the firm and its CEO failed to reasonably supervise the offerings to ensure compliance with FINRA Rule 2111. The firm and CEO’s supervision of these offerings was not reasonable because they failed to enforce the firm’s WSPs with respect to private placement due diligence, and they failed to investigate and follow-up on red flags that could have alerted them to the potential misconduct.
Neither the CEO nor anyone else at the firm reasonably investigated the offerings before they recommended them to potential investors, including firm customers. The firm and the CEO did not, among other things, request financial records from the issuers or principals, request financial models or projections to determine how the issuers and investors would profit from these investments, or make reasonable inquiries about the ticketing re-selling business to understand the issuers’ business prospects.
The red flags included one of the principal’s prior failed concert series, liens, and refusal to provide the CEO with information about the ticket brokers supposedly re-selling the tickets for the issuers.
A broker was fined $5,000 for engaging in unauthorized trading by purchasing brokered certificates of deposit in a senior customer’s brokerage account totaling $314,000 without first obtaining the customer’s authorization. The findings stated that shortly thereafter, the customer complained by email and the broker forwarded the communication to managers. The broker’s member firm reversed the trades, reimbursed the $135 trading loss, and terminated the broker.
A broker was suspended from association with any FINRA member in all capacities for 19 months. Due to the broker’s financial status, no monetary sanction was imposed. The broker caused the member firm to violate Regulation S-P by providing documents containing firm customers' non-public personal information to non-affiliated third-party business centers to provide printing and scanning services. The findings stated that the firm had not entered into a contractual agreement with either business center, prohibiting the business centers from disclosing or using the information except to carry out the purposes for which the broker disclosed it.
The findings stated that the broker transmitted communications relating to the firm's securities business via a personal email account that was not subject to the firm's archiving system.
The findings also stated that the broker intentionally provided false and misleading information to FINRA to conceal use of a personal email account to transmit firm customer account documents to a personal email account belonging to the broker’s supervisor, at the supervisor’s direction. The broker testified that a prior written response was false during subsequent on-the-record testimony.
A broker was assessed a deferred fine of $5,000 for improperly removing non-public personal customer information from the broker’s member firm, without the firm or the customers' knowledge or consent. Findings stated that, in anticipation of joining another FINRA member firm, the broker sent unencrypted emails from a firm email account to a personal email account containing the broker’s customers' non-public personal information received from the firm as part of employment as a registered representative. The broker retained this information after the termination of association with the firm, during which time the broker was not entitled to possess the information. As a result of this conduct, the broker caused the firm to violate Regulation S-P.
A broker was assessed a deferred fine of $5,000 for circumventing the member firm’s policies and procedures by transferring files containing confidential information, as defined by the firm, to a personal cloud storage site or personal email account. The findings stated that a significant majority of these files contained non-public information from the firm’s corporate customers.
Almost all of the file transfers occurred shortly before the broker resigned to assume a position elsewhere. In addition, in connection with pending departure, the broker falsely certified to the firm that he had complied with obligations under firm policies on confidential information and was not taking any confidential information. The firm identified the file transfers and required the broker to delete the files before departure.
A broker was assessed a deferred fine of $20,000 for offering and selling promissory notes issued by the member firm’s parent company to customers without a reasonable basis to recommend the notes. The findings stated that the broker raised a total of $2,713,200 and obtained commissions of $183,000.
The broker did not perform a reasonable review of the offering documents received from the firm's CEO, including the subscription agreement and financial statements that contained red flags about the parent company's ability to repay the notes. Furthermore, to solicit investments, the broker emailed customers a false historical analysis obtained from the firm and parent company’s CEO and negligently misrepresented that it showed investors what they could expect as a return on the notes, without disclosing that the information it contained was hypothetical, rather than historical.
A broker was barred from association with any FINRA member in all capacities. The broker consented to the sanction and to the entry of findings that the broker refused to appear for on-the-record testimony requested by FINRA in connection with its investigation involving supervision of a registered representative’s potentially unsuitable trading recommendations.
Another broker was barred for participation in undisclosed and unapproved private securities transactions through which individuals, most of whom were customers of the broker’s member firm, invested at least $2.6 million in real estate businesses. The findings stated that the owner of the real-estate businesses had previously worked with the broker at the firm. The securities transactions were not recorded on the firm’s books and records and the broker acted outside the regular course and scope of employment with the firm when participating in the securities transactions.
Subsequently, the owner pled guilty to wire fraud, admitting that he had engaged in a real-estate Ponzi scheme that caused approximately $12 million in investor losses.
The individuals in whose investments the broker participated lost at least $1.3 million. One of these individuals was an elderly woman who lost over half of her life savings. The owner paid the broker substantial sums, including at least $125,000 while he facilitated securities transactions between the owner and these individuals. In addition, in response to a specific inquiry by the firm, the broker falsely represented that he had not participated in a customer’s private securities transactions totaling $500,000.
The findings also stated that the broker refused substantially to comply with FINRA’s request to provide on-the-record testimony, documents and information. FINRA had opened an investigation of the broker’s involvement in the owner’s scheme. While the broker initially appeared for testimony, he ultimately refused to answer FINRA’s questions, left the testimony and did not reappear to finish answering the questions. Moreover, FINRA requested that the broker produce emails from an account that he had used to facilitate private securities transactions with the owner. The broker initially granted FINRA access to the account to obtain the requested emails, but then terminated its access to the account and deleted emails before FINRA had obtained the requested emails.
Policies and practices should regularly evolve over time to cover new methods of client communication
The end of the year is a good time for firms to reflect on regulatory actions from the past year to prioritize compliance. The Risk Alert is a valuable roadmap for potential future enforcement activities. The SEC has brought cases related to all of the deficiencies identified in the Alert. I expect more to follow in the upcoming year, particularly after the OCIE has issued more than one alert related to these topics.
Firms must be able to show that they have an effective compliance program and culture of compliance to comply with regulatory obligations. To have an effective compliance program, firms must establish clear policies and procedures regarding the use and monitoring of electronic communications. Firms must have robust policies, reflect current activities and ensure performance is accurate.
Policies and practices should regularly evolve over time to cover new methods of client communication. Firms should have a reasonable system to monitor for compliance with their electronic communication policies. Firms must preserve and maintain all business-related electronic communications conducted through personal email addresses. In the above FINRA case, the firm failed to preserve and maintain a representative's emails conducted through a personal email address. The firm was aware that the representative was using a personal email account because the representative forwarded certain messages from the personal email account to firm principals.
Make sure to test whether advisors are using unapproved communication channels. A great way is to set up automated keyword searches. Keywords and key phrases can be created to flag advisors who are potentially using unauthorized communication channels.
- “Send to my personal email”
- “Respond to my Gmail account”
- “Let’s take this offline”
These common phrases can indicate the risk of using unauthorized communication channels.
Technology plays a central role in automating policy enforcement, which improves review efficiency. This is true not only in managing lexicons and policies but also in applying the latest technological advances to machine-assist the identification of red flags. In fact, the SEC and FINRA are employing advanced analytical tools to detect violations and trends over time. It is likely we will continue to see an acceleration in regulators using data analytics on the enforcement side.
I strongly encourage firms to review these common mistakes to ensure that none are present in their organizations. Firms may face reputational challenges as investors increasingly evaluate the effectiveness of compliance functions or turn to other firms with more robust compliance programs.
Expect regulators to continue monitoring compliance violations closely in 2021. Amid a global pandemic, the SEC obtained remedies of more than $4 billion in FY 2020; an increase from the previous year. The regulatory landscape will continue to expand next year.
Wishing you all a safe and happy holiday season!
Share this post!
Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.