Broker- Dealer Law Corner

Broker- Dealer Law Corner

WannaCry Virus Triggers SEC Security Alert To BDs And Investment Management Firms

Posted in Cybersecurity, FINRA, Investment Management firm

Readers of this blog know that sales practice issues represent my sweet-spot.  Today, in what is probably a welcome departure from my rants, my partner (and co-chair of Ulmer’s Financial Services & Securities Litigation Group) Fran Goins, who knows all things about data privacy and cybersecurity, offers some helpful advice on dealing with the WannaCry virus, as it relates to the financial services world. – Alan

We are now one week into the worldwide cyberattack known as the WannaCry virus, which targets computers running Microsoft Windows operating systems, encrypts their data, and demands ransom payments in Bitcoin currency.  Many of the attacks were perpetrated through phishing emails and malicious websites.  In response, the SEC Office of Compliance Inspections and Examinations issued an alert on May 15 to broker-dealers and investment management firms, admonishing them to update their security protocols and assessments, and to conduct regular penetration testing and system maintenance.

The alert notes that the SEC’s recent examinations of 75 registered BDs and investment firms revealed a number of issues.  More than a quarter of advisers and funds fail to conduct periodic risk assessments; over half of such firms do not conduct penetration testing or vulnerability scans; and some firms failed to implement critical security patches on a regular basis.  BDs scored significantly better.  The SEC staff noted that correcting such failures would be particularly relevant to smaller registrants in connection with the recent attacks, as would enhanced employee training on spotting phishing emails and malicious websites.  The alert also referred registrants to FINRA’s webpage created before these attacks, with links to cybersecurity resources including a checklist for smaller firms

Many of the entities affected by the attacks had not implemented a Microsoft security update issued two months ago on March 14, 2017.  In response to WannaCry virus, Microsoft took the unusual step of releasing patches for other operating systems on May 13, including some they no longer support.  Reportedly, ransom payments have been largely ineffective to restore the encrypted data, although a 22-year old web security researcher discovered an effective kill switch for the virus shortly after the attacks began.  Today, a group of French researchers reported that they had found a way to save at least some encrypted Windows files, and published a blog with technical details of the fix titled “wanakiwi.”

Globally, the WannaCry virus is believed to have infected more than 300,000 computers in 150 nations, with the vast majority in China and Russia.  Reportedly, only 7% of the infections occurred within the United States.  Nonetheless, the attacks disrupted major businesses, including FedEx and Hitachi, as well as UK hospitals.  Although the disruptions associated with this particular virus appear to have passed,  the attacks should be a wake-up call for US financial firms and businesses to make cybersecurity a critical component of their enterprise risk management.


FINRA’s AML Fines: Murky (And Expensive) Waters

Posted in AML, Disciplinary Process, Enforcement, FINRA, Rule 3011, Rule 3310, Sanctions, Supervision

In this post, Michael Gross complains — and rightly so — about the lack of any definitive guidance from FINRA regarding the appropriate range of fines to be imposed for AML violations.  The bigger issue, however, at least in my view, is not necessarily the lack of guidance, but the fact that the fines FINRA metes out in AML cases are, simply, ridiculously high, as Michael notes.  In my recent experience, it seems that the absolute minimum that FINRA will even consider discussing is $100,000.  Why?  Because in FINRA’s eyes, every AML case is “serious.”  Even in the absence, of course, of any actual money laundering or any actual terrorist financing.  This one-size-fits-all approach to AML cases is maddeningly oversimplistic, and fails to take into consideration that, at the heart of the AML rule, is a “reasonableness” standard, same as in supervision cases.  – Alan 

While at FINRA, I litigated and settled multiple anti-money laundering (AML) cases. I now find myself defending them. Despite my familiarity in these waters, I find the guidance provided on fines for AML violations to be unnecessarily murky.

The Commonplace Nature of AML Violations

Over 15 years ago, FINRA issued the first version of its AML rule: NASD Rule 3011 (n/k/a FINRA Rule 3310). Since that time, FINRA has:

  • Created a “Topic Page” on its website dedicated to AML matters;
  • Issued 13 notices regarding AML matters;
  • Issued 25 AML-related press releases;
  • Created a dedicated AML Investigative Unit (which has grown in number); and
  • Brought countless disciplinary actions for AML violations, including two AWCs in 2016 where the fines exceeded $16 million.

One commentator estimated that FINRA doled out over $43 million in fines in 29 AML cases in 2016. These fines account for nearly a third of the $137 million in fines that FINRA levied in 2016.

No Sanction Guidelines for AML Violations

FINRA publishes Sanction Guidelines (Guidelines) in order to “provide direction for Adjudicators in imposing sanctions consistently and fairly.” The Guidelines “address some typical securities-industry violations,” such as unsuitable recommendations, selling away, and supervision violations. The Guidelines identify principal considerations in determining sanctions for these typical violations, and they also set forth a recommended range of sanctions for the violations. For example, the Guidelines recommend a range of fines for firms for various supervision violations: “Systemic Supervisory Failures” ($10,000 to $292,000), “Failure to Supervise” ($5,000 to $73,000), and “Deficient Written Supervisory Procedures” ($1,000 to $37,000.”[1] The Guidelines provide a level of clarity to firms, registered reps, and their attorneys in determining whether to settle or litigate alleged violations.

Since the 2002 enactment of its AML rule, FINRA has revamped its Guidelines on multiple occasions. In May 2015, FINRA made wholesale revisions to the Guidelines. In April 2017, FINRA again made multiple revisions to the Guidelines, including the addition of three new guidelines for systemic supervisory failures, short interest reporting, and borrowing from/lending to customers. Despite the commonplace nature of actions for AML violations, FINRA did not add a specific guideline to address such violations. This is peculiar. FINRA is well aware that AML violations have been “typical securities-industry violations” for quite some time now.

It is no secret that AWCs for AML violations have resulted in higher fines than fines for most other violations, and it likewise is no secret that FINRA has been imposing increasing fines for AML violations. Given the significant amount of revenue that FINRA has generated from fines for settling AML cases, it seems that FINRA has chosen not to publish a guideline that puts a range (and constraint of sorts) on fines for AML violations.

FINRA Tribunals’ Decisions to Use the Supervision Guidelines for AML Violations

Although the Guidelines do not contain a specific section addressing AML violations, the Guidelines do provide that: “For violations that are not addressed specifically, Adjudicators are encouraged to look to the guidelines for analogous violations.”[2] Until recently, FINRA tribunals have considered supervision violations to be analogous to AML violations, and thus looked to the specific guidelines for supervision violations in assessing sanctions for AML violations. For example, in Lek Securities, an OHO Panel concluded that:

There are no specific Sanction Guidelines applicable to the violation here, the failure to establish and implement an adequate AML program. The National Adjudicatory Council (“NAC”) has treated deficient written supervisory procedures as an analogous violation and applied the Sanction Guidelines for that type of violation to a case of deficient AML procedures. Other Hearing Panels have done likewise. The Hearing Panel in this case also looks to the Sanction Guidelines for deficient written supervisory procedures as an analogous violation.[3]

This makes sense. AML compliance, like supervision, requires establishing and implementing written procedures, monitoring transactions for suspicious activity, and taking appropriate action, when necessary.

In a July 2016 Decision, the NAC affirmed the use of the supervision guidelines in assessing AML sanctions. In North Woodward, the NAC batched supervision and AML violations (i.e., imposed a unitary sanction for both sets of violations), and looked to the supervision guidelines to assess sanctions, citing multiple decisions in which other FINRA tribunals had done the same.

These holdings are good for firms. They provide guidance on AML sanctions, and they place a reasonable range on AML sanctions.

The NAC’s Decision Not to Use the Supervision Guidelines for AML Violations

Unfortunately, in October 2016 – less than three months after the NAC issued the North Woodward Decision that affirmed the use of the supervision guidelines for AML violations – the NAC did a complete about-face. In the appeal of the aforementioned Lek Securities case, the NAC rejected the notion of using the supervision guidelines for AML violations:

That guideline, however, was not crafted to address the violations here, a deficient AML program, including deficient policies and procedures. In fact, deficiencies in AML policies and procedures are far more serious than most deficiencies in written supervisory procedures.

This holding, in essence, means that there is no supervision or other section in the Guidelines that address violations analogous to AML violations, and consequently, no recommended range of fines for AML violations.

An OHO Panel’s Subsequent Decision to Use the Supervision Guidelines for AML Violations

Despite the NAC’s holding in Lek Securities, an OHO Panel recently aggregated fines for a firm’s AML and supervision violations in its March 2017 Decision in Spencer Edwards.[4] In assessing the fine, the Panel used the guidelines for supervision violations because the supervision and AML violations “stemmed from a common problem at the firm.”  That failure was assembling a checklist of materials to be reviewed that no one at the firm critically reviewed. More specifically, the Panel found that the firm failed to implement its supervision procedures on Section 5 and its related AML procedures.

It is time for FINRA to issue a sanction guideline on AML violations.

[1] The odd top-end sanction ranges (i.e., $73,000, instead of $75,000) are the product of the Guidelines being adjusted in accordance with the Consumer Price Index. Regulatory Notice 15-15.

[2] The Office of Hearing Officers (OHO) is, in effect, FINRA’s trial court, and the National Adjudicatory Council (NAC) is, in effect, its appellate court.

[3] Lek Securities is on appeal to the SEC.

[4] Spencer Edwards is on appeal to the NAC.

FINRA’s Board Continues To Bend In the Wind Of Criticisim

Posted in Arbitration, Board of Governors, Enforcement, FINRA, PIABA, Registered Representative, Rogue rep, Rule 2010, Sanctions

On Wednesday, the FINRA Board met and discussed two topics that I recently blogged about: recidivist brokers and unpaid arbitration awards.  In predictable fashion, FINRA withered in the face of criticism that its existing rules and policies are somehow not tough enough on its member firms, and embarked on a proposed series of steps that, if ultimately approved, will further establish FINRA’s continuing refusal to stand behind its member firms.

Recidivist Brokers

The Board authorized several steps to address what it called “high-risk” brokers. It is notable at the outset, however, that, in addition, the Board also seeks to address “the firms that employ them,” thereby making this a firm issue, not just an individual issue. The specific proposals include:

  1. amendments to the Sanction Guidelines. According to the separate press release that FINRA issued, these amendments will make sanctions harsher “when an individual’s disciplinary history includes additional types of past misconduct.” This is hardly newsworthy, as the existing Sanction Guidelines already expressly encourage harsher sanctions when a respondent has a disciplinary history, so it is unclear exactly how this proposal means anything (apart from FINRA’s continuing trend of ratcheting up the sanctions, something it routinely does anyway from time-to-time, and as recently as earlier this year);
  2. amendments to the Rules governing FINRA Enforcement cases, to permit the activities of recidivist brokers to be restricted while an appeal is pending in “appropriate” – but undefined – “circumstances”;
  3. amendments to the “summary revocation” Rules, although no details were provided here;
  4. publication of a Regulatory Notice “rearticulating heightened supervision obligations under FINRA Rule 3110.” This is a particularly interesting proposal, given that under Rule 3110, there presently exist no obligations, ever, under any circumstances, to impose heightened supervision on a broker. Accordingly, this proposal, which “would specifically require firms to adopt heightened supervisory procedures for brokers while a statutory disqualification request is under FINRA’s review, or the broker is appealing a hearing panel decision,” represents a significant departure from existing rules;
  5. amendments to Schedule A of the FINRA By-Laws that will jack up the already sizable fees FINRA imposes for statutory disqualification eligibility applications;
  6. amendments to FINRA Rule 8312 that would require it to be disclosed on BrokerCheck when a firm is a “taping firm” under FINRA Rule 3170. No big deal, as FINRA already publishes on its website the up-to-date list of such firms.
  7. clarifications to FINRA’s examination waiver guidelines. Specifically, “the proposals would revise the guidelines for reviewing requests for a waiver from FINRA exam requirements to more broadly consider the past misconduct of an individual, including arbitration awards and settlements.” Given that FINRA supposedly already takes these things into consideration when it receives exam waiver requests – see this Guidelines to Exam Waivers that exist on FINRA’s website – this proposal is also just noise.

As you can see, many of these proposals simply restate existing positions that FINRA already takes, and, moreover, none reflects any inclination by FINRA to align itself with its members, most of whom would argue that nothing in particular needs to be done about recidivist brokers beyond the current Enforcement program. Even more disturbing, and as I noted in my recent blog, whatever one thinks about recidivist brokers, the proposals continue to reflect FINRA’s odd slant on the facts that it was surprised and dismayed to learn of the existence of recidivists in the industry, as if FINRA – the owner and operator of CRD and BrokerCheck – was somehow unaware of RRs’ disciplinary histories.

Unpaid Arbitration Awards

The Board also addressed PIABA’s sad complaint that too many arbitration awards go unpaid. To address this supposed problem – a problem that exactly zero members are complaining about – the Board is going to consider several proposals:

  1. “expand a customer’s option to withdraw an arbitration claim and file in court, even if a mandatory arbitration agreement applies to the claim,” when a member firm or an RR “becomes inactive” during a pending arbitration, or where an RR becomes inactive before a claim is filed. This is a fascinating proposal, given FINRA’s acknowledgement that firms and RRs arbitrate customer complaints not only because FINRA rules require them to do so, but also as a matter of contract. If a customer signs an agreement compelling him to arbitrate his disputes with FINRA, I can only wonder how FINRA proposed to trump that binding contractual obligation;
  2. allow customers to amend pleadings, postpone hearings, request default proceedings and receive a refund of filing fees under such situations when a firm or an RR becomes inactive. Like most, if not all, respondents’ counsel, I already am firmly of the view that the Code of Arbitration Procedure exists to benefit customers, at the expense of my clients. This proposal would simply continue the trend of providing customers protections unavailable to firms and RRs; and
  3. amend Form U-4 to “elicit information from registered representatives that do not pay arbitration awards, settlements and judgments in full in accordance with their terms.” Look: failure to pay an arbitration award, or honor a settlement agreement, absent a recognized reason,[1] can already result in summary revocation under 9554. Failure to honor an arbitration award or a settlement agreement is already deemed in IM-12000 to be a violation of Rule 2010. I simply do not believe that adding the requirement to disclose on Form U-4 an unpaid arbitration award or settlement to the existing list of horrible consequences really provides any additional incentive for a respondent to pay an adverse arbitration award or a settlement. Thus, this is really just more smoke than fire.

These proposals, plus, likely, whatever new ones the Board conjures up (as FINRA expressly said that the Board discussed “additional steps” that it will consider at subsequent meetings), typify FINRA’s keen interest in taking prompt action to address any suggestion in the media that it is failing at its job. Ironically, it seems that groups like PIABA has a much more direct pipeline to the FINRA Board than its own member firms do, given the speed and public showiness with which FINRA responds to PIABA’s complaints.  I can attest firsthand that this is galling to most broker-dealers, who are still waiting, perhaps with less and less patience, for some sign that FINRA head guy Robert Cook harbors any real desire to mend the relationship with the firms he regulates.


[1] According to Reg Notice 10-31, there are only four recognized defenses.  (There used to be a fifth – the inability to pay – but FINRA eliminated it.)  They are (1) paying the award in full or fully complying with the settlement agreement; (2) the claimant agreed to accept installment or otherwise agrees to settle the matter; (3) the respondent filed a timely motion to modify or vacate the arbitration award, and the motion has not been denied; and (4) the respondent filed for bankruptcy, and the bankruptcy petition is still pending or the bankruptcy court has discharged the award or the settlement payment obligation.


Sticks And Stones May Break Your Bones, But Words Will Get You Barred

Posted in Enforcement, FINRA, Registered Representative, Rule 2010, Sanctions

I have been meaning to write something about this recent NAC decision for a while now, but I am still not really sure what to make of it.  I suppose it stands for two propositions.  First, there is almost nothing that a registered rep can do without FINRA sticking its nose in, regardless of whether it is securities related. Second, FINRA is willing to bring its hammer down – in the form of a permanent bar – simply for boorish behavior, something that is, sadly, hardly unusual in the broker-dealer world.

Ahmed Gadelkareem is a former registered rep. According to the decision, he worked for 19 firms over a 19-year period.  For less than a year, he was registered with Blackbook Capital, LLC.  Unfortunately, it appears that Ahmed didn’t necessarily work and play well with others, so Blackbook terminated him.  His U-5 reads that he “was terminated for repeatedly engaging in unprofessional conduct in the workplace, including without limitation, threatening and abusive interaction with female employees.” But, that is not what got him into trouble with FINRA.

After he was let go, Ahmed “embarked on a campaign of abusive, harassing, and threatening communications directed to Blackbook employees,” including “numerous telephone calls, emails, and texts, many of which contained vulgar language and threats.” More specifically,

  • Ahmed left a voicemail message “in which he made a number of vulgar remarks” about the recipient’s mother.
  • He left three more voicemail messages for the same person mentioning the recipient’s mother in a suggestive manner and taunting him.
  • He sent “numerous emails” to an owner of Blackbook, accusing the owner of “unauthorized trading, drug use, and fraternizing with a female employee.”
  • He accused a Blackbook registered rep of “stealing” another registered representative’s paycheck.
  • He sent a bogus letter from a fictitious FINRA examiner to Blackbook identifying supposed conduct issues.
  • He filed police reports and a number of lawsuits against Blackbook, and a bar complaint against Blackbook’s lawyer.

So, FINRA brought an Enforcement case against Ahmed “for sending multiple abusive, harassing, and threatening communications to persons associated with his former member firm, . . . in retaliation for his termination by Blackbook and to force Blackbook to settle his claims with respect to commissions the firm withheld.”

Ahmed lost. It seems that he did nothing to help himself at the hearing, as the decision recites that his “harassing conduct continued during the proceedings below,” including making “a throat cutting motion” to one witness as he sat down to testify at the hearing, filing “numerous unfounded complaints against Enforcement” and serving “fabricated subpoenas on witnesses after being instructed repeatedly by Enforcement and the Hearing Officer that such subpoenas were not permitted in FINRA proceedings.”

I am hardly condoning Ahmed’s behavior. He was rude to people, especially women, and there is no room for that in the workplace, or any place, for that matter.  He was mean; he threatened people and tried to intimidate them.  He was deceptive, and lied repeatedly.  But…it just seems odd that FINRA decided to bring an Enforcement case against Ahmed for being, essentially, a douchebag.  The securities industry is full of them.  (So is the legal industry.)  I can’t figure out what this case has to do with “investor protection, market integrity,” FINRA’s corporate tagline and its supposed principal motivators.

What is also noteworthy is that FINRA only cared because Ahmed’s terrible behavior was directed at his former BD. If he had done the same things to, say, his landlord, or the cable company, or his next door neighbor, FINRA wouldn’t have bothered to do anything.  The decision includes this display of logic: “FINRA Rule 2010 encompasses all unethical, business-related conduct, even if that conduct is not in connection with a securities transaction. . . .  Misconduct in connection with an associated person’s relationship with his employer constitutes business-related conduct to which the rule applies.”  You can see the issue, one I have written about before:  if you elect to work in this regulated industry, you must do so with the keen awareness that Big Brother, in the form of FINRA, is watching everything you do and say, as long as it is even only arguably job related.  Even after you’re fired, apparently.

This sort of arrangement exists nowhere else, except, perhaps, the military. Teachers who bad-mouth the principal don’t get permanently barred.  Ballplayers who talk back to the coach can still find work on other teams.  Temperamental actors who abuse their directors continue to command enormous paychecks.  But, registered reps who act badly – even absent any demonstration of customer harm – can find themselves not only out of a job, but out of the industry.  The lesson this case provides is clear:  As a registered rep, treat your co-workers and your boss with respect, even after you are fired.  If you don’t, you run the risk that the price you pay will be more than acquiring a reputation for being “that guy” at the office who everyone hates; indeed, you run the risk that every crappy and petty thing you ever said will come back to haunt you.  Crime may sometimes pay, but being douchy does not.


The Nuts And Bolts Of FINRA’s New Financial Exploitation Rule

Posted in Compliance, FINRA, Rule 2165, Senior Investors

A few weeks ago, I posted a blog about FINRA’s new rule concerning senior investors.  My take was largely that the rule made sense, but only to the extent that it provides protections for BDs that encounter the need to share otherwise confidential information about a customer due to concerns about the customer’s health, particularly mental health.  Here, Michael covers the basics of the rule.  – Alan

Over the past few years, FINRA has obsessively marketed its efforts to protect senior investors. This obsession recently culminated in the SEC’s approval of FINRA Rule 2165 (Financial Exploitation of Specified Adults), effective February 5, 2018. In sum, the Rule allows, but does not require, a firm to place a temporary hold on a disbursement of funds or securities from the account of a “Specified Adult” if the firm reasonably believes that financial exploitation has occurred, is occurring, has been attempted, or will be attempted. There are a number of steps that a firm must take to comply with the Rule.


A temporary hold on the disbursement of funds or securities may be placed only in the account of a “Specified Adult,” which is defined as: (1) a person age 65 and older; or (2) a person age 18 and older who the firm “reasonably believes has a mental or physical impairment that renders the individual unable to protect his or her own interests.”

The temporary hold applies only to disbursements of funds or securities. The Rule does not permit a firm to place a hold on securities trades, or to not execute a trade.

A temporary hold may be placed in the account of a Specified Adult if the firm “reasonably believes that financial exploitation of the Specified Adult has occurred, is occurring, has been attempted, or will be attempted.” The Rule broadly defines financial exploitation to include the wrongful or unauthorized use of funds or securities, and any act or omission to wrongfully obtain control over assets or to convert assets.


Within two business days of placing the temporary hold, the firm must provide notification of the hold to all persons authorized to transact business in the account and the trusted contact person identified under FINRA Rule 4512, unless such persons are believed to be engaged in the financial exploitation.[1]

Internal Review

After placing the temporary hold, the firm must immediately initiate an internal review of the facts and circumstances that caused it to believe that financial exploitation has occurred, is occurring, has been attempted, or will be attempted.

Length of Temporary Hold

The temporary hold may expire no later than 15 business days after being placed. The temporary hold may be extended for no longer than an additional 10 business days, if the firm’s internal review supports a reasonable belief of financial exploitation. A temporary hold may be terminated or extended by a state regulator, agency of competent jurisdiction, or court of competent jurisdiction. A temporary hold also may be terminated by the firm. In Regulatory Notice 17-11, FINRA advised that: “While not dispositive, members should weigh a customer’s or trusted contact person’s objection against other information in determining whether a hold should be placed or lifted.”

Supervision and Training

A firm that implements a temporary hold must have WSPs reasonably designed to achieve compliance with the Rule, including procedures related to the identification, escalation, and reporting of matters related to the financial exploitation of Specified Adults. The WSPs also must identify the title of each person authorized to place, terminate, or extend a temporary hold. The Rule also requires that such persons be associated persons of the firm who serves in a supervisory, compliance, or legal capacity. A firm that uses the Rule also must develop and document training policies or programs reasonably designed to ensure compliance with the Rule.


A firm is required to retain records related to its compliance with the Rule. These records must include: (1) the subject disbursement requests; (2) the finding of a reasonable belief of financial exploitation underlying the decision to place the temporary hold; (3) the name and title of the person who authorized the hold; (4) evidence of notification of the hold to the requisite persons; and (5) the aforementioned internal review. These records must be readily available to FINRA, so it is advisable that the records be maintained at a central location.

Safe Harbor?

The Rule provides a safe harbor from certain FINRA Rules when a firm and its associated persons exercise discretion in placing temporary holds consistent with the Rule’s requirements. The Rule explicitly notes that it “does not require members to place temporary holds on disbursements of funds or securities from the Accounts of Specified Adults.”

For those who may believe that an all-encompassing safe harbor actually exists, or that placing a temporary hold is really optional, I remind you that there is no safe harbor from customers’ lawyers asserting claims that you failed to place a temporary hold, as you were permitted to do and should have done. There likewise is no safe harbor from customers’ lawyers asserting claims that you wrongfully placed a temporary hold.

[1] The trusted contact person component of Rule 4512 likewise becomes effective on February 5, 2018.

As Berthel Fisher Just Learned, Those Who Don’t Know FINRA’s History Of Disciplinary Actions Are Doomed To Repeat It

Posted in Disciplinary Process, Enforcement, FINRA, Supervision

I have often used these posts to lament the fact that FINRA consistently acts as an enforcement driven group of crazed examiners, hell-bent on writing firms up for technical violations, at best, uncaring about the dramatic ramifications of their seemingly ceaseless attack on well-meaning broker-dealers and their owners. While I still harbor those feelings, occasionally a case comes out that makes me say, oh, maybe they got that one right.  I read last week about a new disciplinary complaint that FINRA issued against Berthel Fisher regarding sales of UITs, and when I went back and read the complaint itself – even acknowledging that these are nothing but unproven allegations, that the firm is presumed innocent, and that FINRA owns the burden of proof – I could not help but think, this one is bad.  Allegedly.  But, like a lot of cases involving bad facts, there are lessons that good firms can glean from the allegations in how to avoid ending up in the same situation.

The problems with Berthel are manifold. First, beyond the particular facts of this case, it has a bit of a history of supervisory issues.  FINRA has a loooong memory when it comes to things like this.  It does not easily forget prior supervisory failures, and these memories color how the examiners approach any subsequent exams they conduct.  Knowing that Berthel had previously been found to have supervisory shortcomings would have been regulatory catnip to the examiners that did the UIT exam.

Second, Berthel basically handed FINRA the complaint on a silver platter. The alleged problems with the firm’s supervisory procedures were so patent it is difficult to imagine even the most incompetent of examiners missing them.  Moreover, the specific issue at hand – the firm’s failure to have taken the necessary steps to ensure that customers received the appropriate breakpoints and sales discounts relating to their purchases of UITs – is something that has been the subject of a considerable amount of prior attention ( in both mutual fund and UIT cases).  Thus, the examiners already knew what to look for, what questions to ask, what documents to request.  For an entity like FINRA that thoroughly enjoys stumbling across a “low hanging fruit” case, Berthel presented very easy pickings here.

So, what did Berthel allegedly do wrong? It basically failed to have any procedure that ensured that customers got their breakpoints.  Consistent with that, it also failed to designate any supervisor who was responsible for reviewing UIT sales for breakpoints.  In other words, this was a case of omission – Berthel simply not doing something it was reasonably supposed to have done.  Such cases are way easier for FINRA to prove than other supervisory cases where the issue is whether the firm did enough.  In these latter cases, as defense counsel, I am nearly always able to argue that while what my client did may not have been perfect, and that there were things that it certainly could have also done, it remains that my client acted “reasonably,” which is all that the law requires.  But, that argument quickly becomes untenable if, in fact, there was no procedure and nothing was done.

Lesson one, therefore, is always to be sure that there is no disconnect between, on the one hand, the products that the firm sells to earn its revenues, and, on the other hand, the firm’s supervisory procedures, as there was here. In its defense, a Berthel spokesperson pointed out to Investment News that its sales of UITs only comprised 1% of its business.  That is no excuse, unfortunately.  There is no such thing in FINRA’s eyes as a de minimus amount of revenue, for anything.  If you are selling UITs, then you must make sure that your procedures specifically address UITs, even if your sales of UITs don’t amount to much.

Second, Berthel failed to appoint anyone – either an individual or a department – to be responsible to review its UIT sales for proper application of breakpoints and sales discounts. As a result of this failure, because no one was specifically looking for it, the problem was not caught for over four years.  And, the longer a problem continues, the easier it is for FINRA to decide that the only appropriately remedial measure to take is the filing of a formal disciplinary action.

Lesson two, therefore, is not only make sure that there is a pertinent procedure for every product you sell, but also that there is a supervisor who has been delegated the responsibility to review the sales of each product. And, it goes without saying that this supervisor should have the requisite degree of training on the product, so the review is meaningful; otherwise, the delegation is a bit of a charade.

Third, FINRA alleged that even if someone had been delegated the responsibility to supervise the UIT sales, the firm provided no guidance or direction that was reasonably designed to determine whether UIT sales were eligible for discounts, whether discount were actually applied on eligible trades, and whether transactions were structured in a way to avoid the application of an appropriate discount. In short, Berthel principally relied on the sales reps themselves to identify when discounts should be applied; but, that is akin to supervising yourself, a regulatory no-no since the dawn of time.  And, as a result of this, Mr. Dragon, one of Berthel’s reps – also named as a respondent in the complaint – allegedly took advantage of this situation by focusing his sales efforts on UITs and robbing his customers of over $650,000 in discounts to which they were entitled, yielding more than $421,000 in improper sales concessions to the rep and Berthel.

Lesson three: follow the money.  If you have a rep who is making his money by selling something that is outside the firm’s norm, pay particular attention to that rep.  According to the complaint, in a two-year period, Mr. Dragon executed over 600 UIT trades.  If, as the Berthel rep maintained, the sale of UITs represented only a tiny fraction of the firm’s overall business, Mr. Dragon’s apparent focus on that product was atypical.  That alone should have garnered attention to what he was doing.


When It Comes To Testifying To The SEC, Providing Alternative Facts Can Be A Bad Idea

Posted in Disciplinary Process, Enforcement, Examination, FINRA, SEC

At the beginning of most FINRA OTRs, the examiner reads from a script of sorts, outlining some of the basic rules governing the proceeding. One of the things the script calls for is an express acknowledgement by the witness that he or she is testifying pursuant to Rule 8210, and that, as a result, a failure to respond truthfully could result in a disciplinary action being brought for violating 8210, with sanctions that could include a permanent bar.  The script then immediately follows with a request for a second acknowledgment that because the witness is under oath, a failure to testify truthfully could result in the matter being referred to criminal authorities for perjury.

While this second statement is as true as the first, I have often wondered whether it is purely an empty threat, or whether it has real teeth to it. When I counsel clients about testifying at OTRs, I am always careful to tell them about the possibility of a criminal referral when I outline the worst case scenario (something clients invariably want to hear about, for some reason).  But, does it every really happen?  Or are the regulators content merely to bar someone permanently?

In a recent SEC decision, the SEC provided its answer to these questions.  In January this year, the Commission barred John Rafal, an investment advisor, for, among other things, paying an undisclosed and illegal fee to a lawyer for referring to him an elderly but very wealthy client.  The decision also reflects that in addition to that misdeed, Mr. Rafal  misled the Commission Staff during the investigation by testifying falsely that the referral fee he paid to the lawyer had been returned.  As noted, Mr. Rafal was barred by the SEC, and ordered to pay $275,000 in civil penalties plus another $275,000 in disgorgement.  Ouch.

But, that wasn’t enough for the SEC.  Beyond merely exacting its own pound of flesh, it referred Mr. Rafal to the Department of Justice, stemming from the less-than-truthful manner in which Mr. Rafal had answered questions posed to him during the investigation.  Two days ago, adding considerable insult to an already serious injury, Mr. Rafal was sentenced in federal district court for obstructing the SEC’s investigation.  Mr. Rafal received a year’s probation, with four months to be served in in-home detention, and a $4,000 fine.

That may not sound like much of a punishment, at least relative to the magnitude of the SEC penalties, but, the point is that here, the SEC was not reticent about making the criminal referral that is routinely threatened by regulators in most investigations. I am not exactly sure what made the facts of this case so special, as I can assure you that I have seen witnesses lie – under oath – about things much more serious, and more central to an investigation, than Mr. Rafal’s lie here without getting referred to the DOJ.  Regardless, there is an important lesson: sometimes, the regulators mean what they say when they suggest there are consequences beyond the typical range of regulatory fines, suspensions and bars, that it really can be a crime to lie to the examining staff.  As with many things in life, Mr. Rafal learned the hard way that it is often the case that the botched cover up gets you into more trouble than whatever it was you were trying to cover up in the first place.

FINRA Tweaks The Sanction Guidelines Again And – Guess What? – It Wasn’t To Make Them Gentler

Posted in Defenses, Disciplinary Process, Enforcement, FINRA, Sanctions, Supervision

Remember a few weeks ago? Remember I blogged about Robert Cook, FINRA’s new CEO?  And how he was saying all the right things about FINRA perhaps being juuuuust a bit too Enforcement oriented?  I expressed hope – sincere but wary hope – that given his remarks, it was possible that the pendulum might actually start swinging back in a more reasonable direction.  Well, I just saw FINRA’s changes to the Sanction Guidelines, and suffice it to say that my wariness was justified, by and large.

By way of background first, these modifications to the Sanction Guidelines are part of an on-going process to keep them updated. As FINRA put it in the Regulatory Notice announcing these new tweaks,

FINRA initiates periodic reviews of the Sanction Guidelines through the NAC to ensure that the Sanction Guidelines reflect recent developments in the disciplinary process, comport with changes in FINRA’s rules and accurately reflect the levels of sanctions imposed in FINRA disciplinary proceedings. The revisions discussed in this Notice are the result of FINRA’s most recent review of the Sanction Guidelines. Further review is underway of changes to make the Sanction Guidelines more effective.

Two things in there jump out at me. The first is the notion that these revisions were made, in part, to “accurately reflect the levels of sanctions imposed in FINRA disciplinary proceedings.”  That seems backwards, doesn’t it?  Shouldn’t the sanctions imposed in disciplinary proceedings comport with the Sanction Guidelines, and not the other way around?  Based on this logic, hearing panels can impose whatever sanctions they want, even if not supported by the Sanction Guidelines, safe in the knowledge that it doesn’t matter because the Guidelines will subsequently be revised to accommodate the award.  It reminds me of the old joke:  what’s the secret to being successful at golf?  Not announcing your intended target until after you hit the ball, so you can see where it’s headed.  Hey, I meant to hit the drink cart!

Second, it is sobering to understand that even “further review” is underway, to make the Guidelines “more effective.” What does that mean?  What would make the Sanction Guidelines effective is if FINRA Enforcement lawyers and hearing panels actually paid some attention to them.  In reality, that is not necessarily the case.  Because the Guidelines serve merely as the starting point to the determination of the appropriate sanction, followed by the consideration of any aggravating or mitigating evidence, the actual sanctions imposed in cases are too often way, way beyond the ranges stated in the Guidelines.  In other words, the Guidelines often provide fairly little practical guidance in terms of what to expect for sanctions.  That makes them ineffective.  Tweaking the Guidelines won’t change that.  Now, actually following the Guidelines, that would make them effective.

Ok, what changes did FINRA make?

  1. They added a new principal consideration that makes it clear that exerting “undue influence” over a customer, particularly a senior or “vulnerable” investor, will be viewed as a nasty aggravating circumstance.
  2. There is a new sanction guideline for “violations related to systemic supervisory failures and firm wide supervisory problems.” According to the Reg Notice, “the current Sanction Guidelines related to supervision violations focus on limited supervisory failures, such as those involving an individual or a small number of associated persons” so a new guideline was needed. Note: the stated range for fines under the new guideline goes up to $292,000, while the upper end of the range for an “ordinary” violation for inadequate written supervisory procedures is only $37,000. Clearly, based on the size of some of the fines that FINRA has meted out recently in supervisory cases, it must have deemed them to be systemic failures.
  3. There is also a new guideline for improper borrowing from or lending to customers, which I suppose makes sense, as (1) there was no such guideline and (2) FINRA loves to bring these cases. The recommended fine ranges as high as $73,000, and, naturally, a bar is also possible when the circumstances are aggravating enough, as is the case for nearly every rule violation. There are a couple of curious things in the principal considerations for this guideline: the “purpose” of the loan, and whether the “terms” of the loan are reasonable. I am really not sure why these facts would be even slightly important to FINRA’s determination of the appropriate sanction. I mean, loans are impermissible, period. Thus, should it matter if the registered rep borrows money to go gambling in Vegas, versus paying his mortgage? Or if interest is charged or not? FINRA’s willingness to stick its nose into the tiniest of crevices never ceases to amaze.
  4. The most interesting of the changes is a new principal consideration that requires that hearing panels and Enforcement take into consideration “the potential mitigative effect of regulator or firm-imposed sanctions and corrective action.” In other words, “[a] final action by another regulator against an individual respondent for the same conduct is a potentially mitigating circumstance.” But, it is not a simple analysis. To get credit for a prior regulatory action, a respondent must show that (1) the conduct at issue before the other regulator was essentially identical, and (2) any fine has already been fully paid, any suspension has been fully served, and any other sanction has been satisfactorily completed.

It is also possible now, theoretically, to get credit for some firm-imposed sanctions, particularly fines and suspensions. The problem is that the guidance is super vague.  You tell me what this means:  “Adjudicators should consider according some mitigative weight where these firm-imposed sanctions have already been fully satisfied by a respondent.”  “Some mitigative weight??”  I have no idea what that is intended to convey, and I am sure that what FINRA Enforcement will deem to be the proper mitigative weight will be very different than me.

Finally, the new Sanction Guidelines suggest that an individual respondent may be able to avoid a harsh sanction if he was aleady fired by his BD for his misconduct. But, again, the guidance is slippery, at best:  “With regard to a firm’s prior termination of the respondent’s employment based on the same conduct at issue in a subsequent FINRA disciplinary proceeding, Adjudicators should consider whether a respondent has demonstrated that the termination qualifies for any mitigative value, keeping in mind the goals of investor protection and maintaining high standards of business conduct.”  I suppose that this would allow a respondent to demonstrate that he’s “already learned his lesson,” so further sanctions are unnecessary.  I just cannot imagine a case where this argument would get any traction.  Especially in light of the admonition in the new principal consideration that “Adjudicators may find—even considering a firm’s prior termination of the respondent’s employment for the same misconduct at issue—that there is no guarantee of changed behavior and therefore may impose the sanction of a bar.”  That just opens the door, and opens it wide, for FINRA to make the facile argument that there’s never a guarantee, in any case, that there won’t be repeat misconduct.

To end this post on low note, here’s another example of FINRA’s utter disregard for the impact its disciplinary cases have on people (a topic I covered earlier in a post about FINRA’s disregard for the consequences when it deems a failure to update a Form U-4 in a timely manner to be willful). The last sentence of the new principal consideration reads: “FINRA has determined that how long a respondent takes to regain employment, loss of salary, and other impacts of an employment termination are merely collateral consequences of being terminated and should not be considered as mitigating by Adjudicators.”  “Collateral consequences.”  Such language.  Did United hire FINRA to write its initial public response to the doctor being dragged off the plane?  Does FINRA serve as a consultant to famous wordsmith Sean Spicer?

Some Amusing OHO Decisions

Posted in Disciplinary Process, Enforcement, FINRA, Sanctions

As a former member of FINRA Enforcement’s Litigation Department and a current practitioner in FINRA regulatory matters, I have read my fair share of decisions from the Office of Hearing Officers (OHO). I recently read the Southeast Investments/Black decision, which was issued in March. There is some good stuff in there – from an entertainment perspective. The most entertaining cases are often those that should not have gone to hearing. Below are some of my favorites.

The Jenny Craig Dieter

The principal issue in the Springsteen-Abbott case was whether Springsteen-Abbott misused investor funds by improperly allocating expenses to investment funds. One of those expenses was a $104.23 dinner at Cody’s Roadhouse. Springsteen-Abbott initially claimed the meal was for business purposes. The receipt for the dinner, however, reflects charges for “kid’s mac & cheese” and milk. When confronted with the receipt, Springsteen-Abbott “explained that she was on a Jenny Craig diet and she was eating appetizers and drinking 2% milk.” The Panel did not buy her story:

Springsteen-Abbott’s assertion that she ate the “kid’s mac & cheese” meal as part of a Jenny Craig diet plan also was not credible.

The email that Springsteen-Abbott wrote to her sister about the family dinner at Cody’s Roadhouse also adversely impacted her credibility. The Panel found other misuses of investor funds, and it barred Springsteen-Abbott.[1]

The Auto Enthusiast

One of the issues in the Southeast Investments/Black case was whether Black conducted onsite branch audits at multiple locations across the country. FINRA presented evidence that he did not do them. One of FINRA’s most compelling pieces of evidence (aside from the reps who testified that Black did not conduct the audits) was the distance between the branches and the timing of the alleged audits. For instance, Black claimed to have: (1) driven 500 miles from his home in North Carolina to Ohio to conduct an audit on October 1; (2) driven back to North Carolina to conduct another audit on October 3; and (3) driven back to Ohio for another audit on October 4. Black testified that his back-and-forth trips to Ohio made perfect sense to him:

I love to drive cars . . . . I’ve been in a car for 22 straight hours without stopping. My day will start at 2:00 in the morning and I will drive until I can’t drive anymore, pull over, and get up and drive a little more.

It presumably did not help Black’s cause that in an unrelated proceeding, the IRS likewise took issue with his stated passion for driving:

Black claimed he drove 156,669 miles in 1991 and 181,692 miles in 1992, which averages 429 and 498 miles per day, respectively. At these rates, driving 60 miles an hour, Black would have had to drive between seven and eight hours per day, seven days a week, not including time spent stopping for gas meals, or meeting clients, the IRS reasoned.

Black, however, did concede the limits to his driving abilities. He acknowledged that he did not inspect a branch in Ohio on December 9 and another one in Texas on December 10, as his records reflect. He inspected the Ohio branch on December 19, not December 9; he said his records contain a typo. Black was barred for, among other things, providing false testimony to FINRA about his supposed branch audits, so he should have plenty of time to pursue his passion. Hopefully, he has a hybrid. [2]

The Beer Thrower

It is challenging to defeat a finding of “willfulness” in the Form U4 context, as the standard is not the dictionary definition of the word. Instead, “willfulness” means intentionally committing an act, irrespective of knowing whether or not the act violates any rules or laws. In the Harris case, Harris failed to disclose on his Form U4 felony and misdemeanor charges involving allegations of stealing a parking meter, throwing beer at a police officer, possessing someone else’s driver’s license, and stealing cough medicine at a homecoming party during his college days. The Panel found that his failure to disclose the charges on his Form U4 was not “willful” because:

The [Form U4] questions required that Harris remember details of allegations made nearly six years ago. The parking meter, beer-throwing, and driver’s license incidents would not, at first blush, appear so serious as to constitute felonies. Indeed, each ended up as a misdemeanor, and none ever went to trial. He misread the misdemeanor question’s reference to “investment-related” misconduct. Finally, the Panel credits Harris’ testimony that it would have made “no sense” for him to conceal the arrests because he knew that Dean Witter had his fingerprints and assumed that the firm would likely discover his arrest record in any event.

The Well-Dressed Man

In the Casas case, the Panel found that Casas used investor funds for personal and other improper uses. Those expenses ran the gamut from groceries to dog grooming services to client entertainment in the form of a massage at 2:00 a.m. Casas, presumably, with a straight face, attempted to justify all of the expenditures, including a $364.38 purchase of a new water heater for his home. Casas explained that the water heater was a legitimate business expense because he needed it to maintain clean clothes and good hygiene:

[I]f I wasn’t able to show up to a meeting in proper attire, in proper hygiene, MCB Capital would not have been able to move that transaction forward. So the nexus, as was common knowledge is, any out-of-pocket expense that I needed in order to meet the obligations.

Not surprisingly, the Panel did not buy Casas’ rather creative explanation, and it barred him. [3]

[1] The National Adjudicatory Council (NAC) affirmed the bar. The case is on appeal to the SEC.

[2] The deadlines for the parties to appeal the Decision and the NAC to call the case for review have yet to expire.

[3] The NAC affirmed the bar. The case does not appear to have been appealed to the SEC.

When FINRA Can’t Discipline The Firm, Individuals Pay The Price

Posted in CCO liability, Disciplinary Process, Enforcement, FINRA, Rule 3010

There has been a lot of discussion over the past few years, including in this blog, about the growing – and troubling – trend for Chief Compliance Officers to be named as respondents in disciplinary actions.  While regulators regularly deny that they truly have it out for CCOs, as is often the case, their actions speak louder than their words.  Today, the threat of a CCO becoming a respondent is real and undeniable.  I thought I would use a recent FINRA Enforcement action to make this point clear.

In September 2011, Southridge Investment Group, LLC, a broker-dealer, withdrew its membership from FINRA. For a two-year period leading up to that withdrawal, Thaddeus North was the firm’s CCO.  Generally speaking, when a BD files a BDW, FINRA calls off its dogs…at least as far as the firm itself is concerned.  For the defunct firm’s principals, however, it is quite another story, as FINRA will absolutely, positively continue to pursue those individuals, whether they move to another firm or whether they leave the securities industry altogether.  Mr. North learned that lesson firsthand and the hard way.

While FINRA took no action against Southridge, FINRA did file an Enforcement action against Mr. North alleging a bunch of rule violations, including a couple that, in my view, would have been more appropriately targeted against Southridge, except for the unfortunate fact that the firm was not still in business. Specifically, FINRA alleged that Mr. North – as CCO, remember, not as CEO, not as owner[1] – failed to establish a reasonable supervisory system for the review of electronic correspondence, and failed to report that one of the firm’s registered representatives had a relationship with an individual who was statutorily disqualified.  The hearing panel found Mr. North personally liable for both of these violations – shocking, yes, I know – and, on appeal, the NAC concurred.[2]

Let’s start with the supervisory violation. Generally speaking, there are two broad categories of supervisory cases:  either the procedures themselves are inadequate, or there is a failure actually to supervise.  (Sometimes, a case can involve both.)  The case against Mr. North involved the former.  We all acknowledge that under NASD Rule 3010(a), every broker-dealer must “establish and maintain” a supervisory system that is reasonably designed to achieve compliance with applicable securities laws and FINRA rules, and, under NASD Rule 3010(d), firms must also establish written supervisory procedures to effectuate the supervisory system.  Clearly, these are both responsibilities of the firm.

Given that, it is typically the broker-dealer that gets named when the problem is with the supervisory procedures. Now, I am not saying there aren’t exceptions to this, as there are such cases with individual respondents.  (Indeed, as I’ve blogged about before, FINRA does routinely threaten to name individuals as respondents as part of its efforts to exact settlements from firms, and sometimes it follows through on those threats.)  But, from a strictly logical standpoint, the broker-dealer is the appropriate respondent: it is a firm responsibility to come up with a reasonable system and set of procedures.  Here, however, the hearing panel and the NAC both hung their respective hats on the fact that in Southridge’s 2008 written supervisory procedures, the firm’s “compliance officer” was designated as the person responsible for maintaining the procedures, “and the 2010 written supervisory procedures designated Mr. North, by title and name, as the person responsible for reviewing and maintaining the procedures.  The 2010 procedures also provided that the CCO was responsible for ensuring that Southridge had appropriate policies and procedures concerning electronic communication.”

My problem is that every firm’s WSPs designate someone as the person responsible for the “maintenance” of the WSPs, whatever “maintenance” means, but most of the time, FINRA is content only to go after the firm for inadequate procedures.  Here, it seems that the driving force behind FINRA’s decision to pursue Mr. North individually was simply the fact that Southridge was dead, and safe from Enforcement action.  I simply hate it when FINRA, or any regulator, acts inconsistently (and, therefore, unpredictably).  Two sets of identical facts should yield the same result.  But, that is clearly not the case when dealing with FINRA, which is wildly inconsistent and wildly unpredictable.  And that, to put it directly, is just not fair.

Regarding the latter violation, NASD Rule 3070(a)(9), effective through June 30, 2011, required a member firm to report to FINRA whenever it, or one of its associated persons, was “associated in any business or financial activity with any person who is subject to a ‘statutory disqualification’ … and the member knows or should have known of the association.” In the pertinent written supervisory procedures, Mr. North was delegated the responsibility for Southridge’s compliance with its Rule 3070 reporting requirements.  Accordingly, FINRA concluded that Mr. North was personally responsible for the firm’s failure to have made a timely report of its registered representative’s association with an SD’d individual.  But, again, in many, if not most, instances, violations of this sort are deemed to be firm violations, not individual violations.  Here, because Southridge had already withdrawn, FINRA had no firm on which to focus its Enforcement wrath, leaving only poor Mr. North.

The lesson here is not just for CCOs, but any principal at a firm that no longer exists: you need to understand that it’s not just possible that you will be named individually, but it’s much more likely than if the firm was still around and available as a respondent.  Not saying this is right or fair; it’s just an acknowledgement of the fact that FINRA wants its pound of flesh, and if the firm cannot supply it, then it will look to individuals who can.


[1] In the interest of full disclosure, it appears that Mr. North was registered as a principal and sales supervisor.  But, it is noteworthy that it is his role as CCO that is highlighted by FINRA in the decision to find him personally liable.


[2] It is also worth noting that FINRA brought an action against the firm’s CEO, too.  He submitted an Offer of Settlement, which FINRA accepted.