Thanks to Blaine for not only attending this panel session, but for summarizing it for us! – Alan 

Recently, the Roaring Kitty (aka Keith Gill) and his brethren made headlines with their trading (most notably in GameStop) and the impact it had on certain hedge funds and banks.  The interest on this saga seems to be universal with folks wanting to know whether or not these trader/customers were doing anything wrong and if there were any possible ramifications.  Thus, it seemed particularly timely when the Chicago Bar Association announced that it would be hosting a panel made up of SEC and FINRA personnel to discuss the topic of market manipulation (which was one of the theoretical transgressions of the traders that has been bandied about).  Before you get too excited, however, the regulators prefaced their comments by indicating they would not be discussing any current trading activity or active investigations, which would almost certainly cover GameStop, etc.  Still, as always, it is nice to learn what regulators are thinking before you end up sitting across the table from them trying to explain away your own actions.  With that in mind, here are the highlights of the discussion.

The regulators generally described manipulation as an action taken to interfere with the market in its natural state, which frequently means an act that artificially changes the price of a security or product.  Sounds amorphous, right?  Luckily, one of the regulators from the SEC outlined some of the things he looks for:

1) The trading makes no sense – e.g. orders on both sides of the market or other circumstances where even the traders themselves have no bona fide explanation for the purchases and sales.

2) Notice of illegality or rules violations – this does not necessarily mean that the SEC or FINRA are knocking on your door, it could be the BD telling the trader to stop a certain type of trade, shutting down accounts because of the trading activity or, simply, questioning the trading.  In other words, if the trader’s broker-dealer has been sniffing around, regulators are probably going to assume the trader was on notice that something might be afoot and will not look kindly upon an ignorance plea.  In theory, this should help weed out any type of mistaken or innocent acts.

3)  Hiding actions – this one seems obvious and includes opening up accounts in the names of friends, family and other entities to disperse trades and other furtive activity that indicate the trader knew or at least had reason to believe his or her actions might be wrong.

So how do these bad acts manifest themselves in the everyday market? The regulators mentioned a host of illicit activities including but not limited to spoofing, wash trades, banging the close and a healthy discussion of “pump and dumps.” A pump and dump classically occurs when a person or group of persons obtains control over a company that has a low value (sometimes known as a penny stock company).  That person might hide their control by putting their shares in the name of family members and or other entities (which would hit on Regulator’s #3, above).  After that they promote the company, either doing it themselves or by paying others to do so in chat rooms or other mediums, using false information about the future prospects of the company.  After innocent investors purchase the stock, and drive its price up, the owner dumps his or her shares and the innocent investors are left holding the bag.

These types of schemes were of particular concern last year when different companies marketed potential “miracle” cures for COVID that unsuspecting investors might have tried to jump on to make a quick dollar.  These schemes are often found in companies doing business in whatever is the fad of the day (COVID, Marijuana, etc.).  As the moderator pointed out, this fact pattern is basically the plot to the industry favorite film Boiler Room, which is worth a watch for industry wonks.

As mentioned above, the regulators promised to avoid current events (read GameStop) in favor of resolved matters. Still, it creeped into the conversation, at least tangentially.  The moderator, while not mentioning Game Stop, asked why the public should care if investors are doing something (whether manipulation or not) that ends up harming a Wall Street bank.  Notably, the question is not if there is some type of violation, but, instead, why people should care.  The answer was that it does not only impact those banks or hedge funds but interferes with market liquidity and, potentially, the average investor (especially older ones) if one of the securities at issue happens to be in average Joe’s 401K or his personal trading account.  Theoretically, that makes perfect sense, but if the average investor saw his stock in GameStop temporarily rise and then fall back down, he might not have suffered too much harm.  The real damages was done to those shorting stocks, but it is, of course, not clear how many 401Ks or elderly investors are shorting companies on a regular basis.  It will be interesting to see where the regulators, ultimately, shake out on the issue.

Again, while not mentioning GameStop, there was talk about how broker-dealers can protect themselves if, by chance, their customers are engaged in some type of market manipulation.  According to the FINRA representative, foreign nationals going through broker-dealers (especially those who offer direct to market access) have been an ongoing problem.  While FINRA, at least, would not be able to touch those unregistered foreign individuals (true of unregistered domestic individuals, as well),[1] the broker-dealer could find itself with a failure to supervise case pending against it.  The lesson is that broker-dealers need to be vigilant in ensuring (or at least taking reasonable steps to try to ensure) that its customers are not manipulating the market and to make sure they are keeping accurate tabs on who exactly is opening accounts with the firm.  In other words, and as always, vigilance is the key to avoiding entanglements with regulators whether pertaining to manipulation or any other issues that broker-dealer personnel face.

 

[1] The Roaring Kitty, of course, presents a different circumstance since he is currently registered.

I get the fact that anyone silly enough to work for a broker-dealer knowingly chooses to live in a fishbowl.  Thanks to BrokerCheck, you can very easily learn more about a registered representative than you can about, say, a doctor, a teacher, a lawyer, you name it, all through a couple of mouse clicks.  But, this is no secret, as I said.  It is the price one pays to work in the securities industry, and I suppose that if one feels strongly enough about not having to disclose a baseless, frivolous complaint from a customer, or an unpaid tax lien, or a personal criminal history, then, arguably, one should find a different profession, where such things do not have to be shared with the public at large.

My problem is not, therefore, with BrokerCheck per se (although I remain convinced that FINRA’s ongoing and vigorous – but largely vain – efforts every year to increase the public’s awareness of BrokerCheck just go to show that no one actually cares very much about it).  Rather, my problem is the use that claimant’s counsel make of the information available in BrokerCheck, particularly reported arbitrations, disciplinary actions taken by regulators, and even customer complaints that remain pending, or were even dismissed.  In short, they take that information – which, in theory, is designed to enable investors to check out prospective brokers, to decide whether to trust them with their investments – and turn it into advertisements, soliciting customers to engage them to file arbitrations in an effort to recover alleged losses.

Just in case you don’t know what I’m referring to, let me walk you through how it works.  And believe me, there are probably hundreds, or even thousands, of examples.

The lawyers start by taking advantage of the search algorithms buried beneath the surface of Google, acquiring and utilizing website domains designed to pop up in response to searches for lawyers who handle customer cases.  Sort of like www.sueyourbroker.com (which, remarkably, seems to be available).  When you click on that link, you are directed to the law firm’s actual website.  There are likely dozens of these domain names.  Some are specific to particular products, so if a customer invested in a certain investment that has not performed to expectations, the thought is that they will be directed to these websites.

Once you get to the actual website of the law firm, there, you will be presented with page after page of things that read like press releases, with headlines announcing that the law firm is “investigating” – that is the verb most often used, for some reason, even though, in fact, there is no such investigation – some person or some firm that was obligated to disclose in his or her Form U-4 (or Form BD, in the case of a BD) a complaint, an arbitration settlement or award, or a regulatory matter.  The body of these “press releases” then simply parrot the language found in BrokerCheck, leading to the big finish, which is a blunt, no-nonsense solicitation: If You, Too, Have Done Business With This Guy (or This Firm), Hire US So We Can Go After Him And Accuse Him Of The Same Thing.

These are, of course, advertisements, and the lawyers who publish them are typically very careful not to say anything that is false (since to do could be defamatory).  Thus, for instance, if they run one of the press-release-sounding ads to take advantage of the disclosure of the filing of a regulatory complaint – which, of course, contains nothing but unproven allegations – they will be sure to bury the word “alleged” in there, somewhere, so they cannot be accused of actually stating that someone committed securities fraud.

Because these ads do no more than repeat (albeit in fancy, formal sounding language) information that is otherwise available to the public via BrokerCheck, there is basically nothing that you can do to stop it.  Assuming that the lawyer has not said anything actually false, requests or demands to take these “press releases” down from the website are met with laughter, or worse.  (What could be worse?  I have had claimants’ lawyers retaliate against clients who insisted that I at least try to get their names removed from these websites by actually increasing their efforts to solicit business against such clients.)

It is very frustrating, and sad, for me to have, basically, the same conversation, over and over again, with different clients.  Yes, it sucks that when you Google your name, the first three pages of results are simply lawyers hoping to sue you.  Yes, it is frustrating that there is nothing to do about that.  Yes, it would be nice if FINRA cared even in the slightest about this issue.  Sorry.  Sorry.  Sorry.

What made me think about this issue today is what happened recently regarding GPB.  GPB is an investment that hasn’t done too well.  In the least shocking development ever, that has resulted in a TON of arbitrations against BDs and registered reps, all alleging that they failed to figure out that GPB was operating some sort of fraud.  Every claimant’s counsel in the world probably has some “investigation” regarding the sale of GPB on their website.  Yet, these arbitrations came in the absence of any actions being taken by regulators, in the absence of any findings that GPB was, in fact, a fraud.  Well, that has changed.  Two weeks ago, the SEC, along with seven states, filed civil actions against GPB, and the DOJ filed a criminal case against three individuals associated with GPB, alleging – ALLEGING, not actually FINDING – that GPB was operating a “Ponzi-like scheme.”

And you know what this will mean: the websites of every claimant’s counsel will be updated immediately to disclose this development, and encourage investors to hire them…not to sue GPB, but, rather, to sue the poor BDs and RRs who sold them GPB.  I have looked, and, not surprisingly, the updates have already been made by most.

But what is very interesting is that the claimant’s lawyers point to the SEC, state and DOJ complaints as evidence of wrongdoing that investors should take into consideration, but they do not bother to state that according to the allegations in these complaints, the BDs who sold GPB were ALSO VICTIMS OF GPB’S ALLEGED FRAUD!  That is, the U.S. Government has taken the position in the formal pleadings that it has filed that GPB defrauded not just the investors, but the BDs, as well, by providing them with due diligence materials that contained false information.  The complaints do not state, or even suggest, that the BDs should have been able to figure out that the information GPB supplied was false.

Yet…the claimant’s lawyers ignore this allegation completely, talk simply about the fraud, the fraud, THE FRAUD.

So, to conclude my little rant, here is my wish list – and I call them wishes because I am well aware that none of these things will ever happen:

  • FINRA does something to prevent lawyers from using information in BrokerCheck simply to advertise for new clients
  • State Bar Associations do something to prevent lawyers from using the same information in advertisements to solicit new clients
  • FINRA tweaks BrokerCheck so that mere complaints, i.e., complaints that have not resulted in anything being done, are not disclosed
  • Complaints that are dismissed, or withdrawn, should be automatically expunged from an RR’s CRD record
  • In the same sense that communications by BDs with the public must be “fair and balanced,” ads placed by lawyers should tell the whole story. So, for instance, ads referencing the GPB complaints should have to explicitly disclose that there is nothing in those complaints that could serve as evidence of wrongdoing by a BD.

I truly feel badly for those among my clients who find themselves the victims of these advertising campaigns.  This is not why BrokerCheck was created, not at all.  Yet, FINRA sits back and lets this happen.  So, I guess you guys get a two-fer here: a reason to dislike both FINRA and lawyers.

 

I just read this article – admittedly authored by lawyers, Ethan Brecher and Ana Montoya, whose website provides that one of their three principal areas of practice is representing investors “who have been defrauded by their securities brokers”[1] – that advocates for a new FINRA rule designed “to limit wasteful post-arbitration appeals by brokerage firms.”  And I just had to respond.  Because I am soooo tired of claimant’s counsel complaining about the supposed advantages held by broker-dealers in arbitrations that result in the so-called “unlevel playing field.”

According to Mr. Brecher and Ms. Montoya,

Brokerage firms, with vast financial resources and the home court advantage at FINRA, have little to complain about when they lose an arbitration.  Generally, arbitrators reach fair and equitable results and give all parties a full opportunity to be heard.  Many brokerage firms, however, pursue sour grapes appeals when they lose against less financially resourced employees and customers, resulting in a man-bites-dog situation.

Based on their observations, they advocate for a new rule “that broker-dealers be required to pay liquidated damages equal to double the damages awarded in arbitration to the prevailing employee or customer if the firm loses an appeal from an adverse arbitration award.”

Where should I start?

How about the brokerage firms’ “vast financial resources.”  I wonder who they had in mind when they wrote that?  Granted, there are, of course, lots of big broker-dealers with lots of money.  But, they are hardly the only firms that get named as respondents in customer (or industry) arbitrations.  Indeed, most cases are filed against small firms, whose financial resources are anything but “vast.”  And many of those firms rely on insurance coverage to pay the cost of defense, coverage that has finite limits (not to mention deductibles – sometimes very high deductibles – that alone can bankrupt a firm).  Moreover, this ignores the fact that customers don’t always just sue their BD; often, they name their advisor, too.  And rare is the registered rep who has “vast financial resources.”  (Even when an RR is not named, if he works for an independent contractor model firm, the likelihood is that he has signed an indemnification agreement, obligating him to reimburse the BD for its “losses,” which include the firm’s self-insured retention.  That can be considerable, to say the least.  I have one client now whose deductible is $150,000.  PER CASE!)

Ok, moving on to BDs’ supposed “home court advantage at FINRA.”  Frankly, I have no idea what they are referring to, although this phrase has been used forever (but, sadly, successfully, by claimants’ counsel, who have managed over the years to gaslight FINRA into believing it).  Anyone who deals with FINRA customer arbitrations knows well that as a result of changes that have been implemented over the years – at the behest of PIABA and claimant’s counsel – FINRA has bent over backwards to avoid any argument that somehow its forum favors firms over customers.  Just consider, most notably, the drastic limitations imposed on pre-hearing, dispositive Motions to Dismiss, and the elimination – at the claimant’s option! – of the Industry member of the hearing panel.  To suggest that there is a home court advantage for respondents is to ignore this reality.

Mr. Brecher attempts to support his argument by citing FINRA Dispute Resolution statistics that show that in cases that actually go to hearing, the hearing panel only occasionally awards the claimant money.[2]  Which must mean that there is a problem with the system itself, right, that it is skewed in favor of respondents?  Well, no.  As I have stated time and time again, it is no surprise that respondents win the vast majority of cases that go to hearing, and that’s for the simple reason that we settle cases that we reasonably think we have some chance of losing.  According to FINRA statistics, in 2020, only 13% of all cases that were closed came after a hearing (or a decision on the papers).  Respondents’ counsel are clever enough not to risk taking a case with bad (or arguably bad) facts to hearing.  Thus, it makes perfect sense that claimants don’t usually receive money at a hearing.  This does not mean the playing field is not level.

There are other problems with the proposal.  To begin, the law already provides a remedy if a lawyer files a frivolous appeal.  According to Rule 38 of the Federal Rules of Appellate Procedure, “[i]f a court of appeals determines that an appeal is frivolous, it may, after a separately filed motion or notice from the court and reasonable opportunity to respond, award just damages and single or double costs to the appellee.”  That is already a big enough club for any ethical lawyer to deal with.  Besides, note that Mr. Brecher’s proposal doesn’t make any distinction between a “frivolous” appeal and an appeal that is merely unsuccessful.  According to his article, any time an appeal fails, the respondent would owe the claimant not just “costs,” as per the Federal Rule, but double the “damages,” with no consideration of whether the appeal was frivolous.  Such a powerful, preemptive procedural maneuver exists nowhere else, to my knowledge.

Also, it is sort of predictable that Mr. Brecher’s proposal is strictly a one-way street.  That is, there is no reciprocal treatment suggested for when a claimant who loses at hearing files an appeal and loses there, too.  Apparently, that either never happens, or, when it does, it is somehow ok, and respondents should just suck it up.  I can tell you from personal experience that it does, in fact, happen.  Claimants who receive a 0 from an arbitration panel sometimes decide to file a motion to vacate, and my clients are stuck defending them, no matter how spurious the arguments they contain.  At a minimum, putting aside all the other issues I have with Mr. Brecher’s proposal, shouldn’t it cut both ways?  Maybe have a rule that says if a losing claimant files a motion to vacate that is denied, then the claimant must pay the respondent’s legal fees, at least the fees incurred in connection with the defense of the appeal (but maybe, too, the fees incurred defending the hearing)?  Fair is fair, after all.

Look, I don’t know Mr. Brecher and have never litigated with him, and I have no issue with him personally.  All I am saying is that it gets old hearing complaints about how FINRA arbitration is supposedly unfair to claimants[3] when, in my experience, it is respondents who can make the much better argument.  Most of the time – the vast majority of the time – FINRA arbitrations do work.  Or, to the extent there is some unfairness, it impacts both sides equally.  But, in short, there is absolutely no evidence that I have ever seen, statistical or anecdotal, that would lead me to conclude that the playing field tilts in respondents’ favor.

 

[1] With that said, I looked at every arbitration award in a case that Mr. Brecher has handled – at least those that appear on FINRA’s website – and in not one did he represent an investor.  Rather, every case was on behalf of someone who worked for a BD and was either going after his/her firm for damages, or was the subject of a claim by the BD for damages.  The point is: Mr. Brecher likely knows a lot about industry cases, but, perhaps, not as much about customer cases.

[2] Mr. Brecher says 40% of the time a customer gets an awrrd, but the statistics I looked at – the ones to which the hyperlink here will send you – show that in 2020, claimants only got some money in 34% of cases that went to hearing.

[3] This is what I said on this issue back in 2017, which I think sums it up pretty well: “PIABA doesn’t care about the law; it cares about the ability of its members to make panelists feel badly for claimants.  That’s why most arbitrations end up being fights about ‘fairness,’ not about the application of actual statutes or regulations; in PIABA’s world, it is always unfair that a customer incurs a loss, no matter that investments inherently have risks, no matter how robust the risk disclosures may be, no matter the documents that claimant may have signed.”

I have always found it enlightening – and a bit scary – to talk to my clients about FINRA Rule 2210, the advertising (or “communications with the public”) rule, to see what they know about it.  It’s a long, dense rule, so I’m not talking about knowledge of its more esoteric components; I’m talking about something way more basic, namely, what communications does it apply to.  All too often, my clients are surprised to learn that by the very definitions in the rule itself, 2210 is NOT restricted to communications relating to securities.  Just a week or so ago, in an AWC, FINRA made this abundantly clear.

Let’s back up and review some basics.  According to 2210(a), there are three types of communications: correspondence, retail communications and institutional communications. All are defined.  Notably, none of the definitions makes any mention of the need to pertain to a security.  “Correspondence” is “any written (including electronic) communication that is distributed or made available to 25 or fewer retail investors within any 30 calendar-day period.”  “Retail communications” are simply correspondence sent to more than 25 retail investors in a 30-day period.  And “institutional communications” “means any written (including electronic) communication that is distributed or made available only to institutional investors.”  Lest you think that FINRA tried to sneak in a requirement that securities be involved through its definitions of the terms “retail investor” and “institutional investor,” you would be wrong.  A retail investor is simply “any person other than an institutional investor, regardless of whether the person has an account with a member.”  That definition has nothing to do with securities.  The same is true of how FINRA defines an institutional investor.

Similarly, in 2210(d), the portion of the rule that governs the content of communications with the public, there is also no requirement that the communications be about securities.  In short, the content standards merely require that communications

  • “must be fair and balanced”
  • may not “omit any material fact or qualification if the omission, in light of the context of the material presented, would cause the communications to be misleading
  • cannot be “false, exaggerated, unwarranted, promissory or misleading”
  • cannot contain “any untrue statement of a material fact or is otherwise false or misleading.”[1]

Because of this, I have always told my registered rep clients that, strictly speaking, the advertising rule applies if they were to place an ad in the newspaper to sell their car.  I am not saying that FINRA would bring a case if it concluded that the ad was not “fair and balanced,” but it remains that it could.[2]

Which brings us to the AWC.  In July 2017, Michael Pellegrino mailed an ad “promoting [a] short-term, high yield contract to approximately 80 retail investors.”  Notably, the ad itself “stated that the product was not a security.”  Even more notable, the AWC never finds that it was, in fact, a security.  But, that’s because of what I have just been saying: it doesn’t matter, it’s still a violation if it doesn’t meet the content standards.

But here’s the real lesson of this settlement:  there are communications that don’t involve securities that FINRA could care less about, and there are communications that don’t involve securities that FINRA will care a great deal about.  Mr. Pellegrino’s mailing fell squarely into the latter category because while the product he was pushing may or may not have been a security as a matter of law, it sure as heck looked like one as a matter of fact.  That’s why FINRA takes pains in the AWC to point out the characteristics of the product and the mailing, to make it clear that whatever Mr. Pellegrino was selling, it walked and quacked like a security:

  • The mailing referenced Mr. Pellegrino’s BD, and noted that it was a member of FINRA.
  • In order to invest in the contract, investors had to sign a “Memorandum of Indebtedness” (MOI), whereby they agreed to provide funds for distribution at the issuer’s discretion.
  • Investors also had to sign a Statement of Understanding relating to the MOIs that referenced Mr. Pellegrino’s BD.
  • The issuer pooled investor monies and lent it as a “Merchant Cash Advance” to small businesses unable to borrow money through traditional avenues.
  • The investors entered into the MOIs with the expectation of investment returns based on a percentage of the merchants’ future revenues.

While this is not quite a full-blown Howey analysis, i.e., the test that a court historically would apply to a product to determine whether it is a security or not, it certainly borrows enough from the Howey test that it’s obvious that FINRA cared that, at a minimum, Mr. Pellegrino’s mailing sure resembled a security.  And that, in my view, is why FINRA brought the case.

So I wouldn’t worry too much about the ad you’re about to place on Craig’s List to sell your old couch, or the email you sent to everyone in your contact list sharing your opinion of Lupin, that new Netflix show, or the flyer you created to support your nomination for Condo Board.  Despite the fact that they are all theoretically subject to the content standards of the advertising rule, FINRA will not be troubled if, say, you under-disclosed the size and source of the stain on the couch cushion.  On the other hand, if you communicate in writing with people about something that involves an investment, you may not take much comfort from the fact that you could plausibly argue it is not a security.

 

[1] I should note that the word “security” does appear in the rule.  In 2210(d)(1)(A), it says that “[a]ll member communications must . . . provide a sound basis for evaluating the facts in regard to any particular security or type of security, industry, or service.”  But, as you can see, this by no means restricts the rule ONLY to securities.

[2] I learned this lesson, like, two decades ago as a lawyer with NASD’s Department of Enforcement.  I brought an advertising case involving a viatical settlement, which, at the time, was or wasn’t a security, depending on who you asked.  That is, the SEC said it was, but the DC Circuit Court of Appeals held to the contrary.  Acknowledging that split in authority, the NAC, in affirming the finding by the hearing panel that the respondent did, in fact, violate the rule, essentially said it didn’t care one way or the other because the rule covered the ad either way: “we find that the advertisement at issue is subject to the requirements of Conduct Rule 2210, which addresses, among other things, standards applicable to all member communications with the public.”

Thanks to Blaine for tackling FINRA’s annual list of things it is paying particular attention to in 2021. – Alan

 

The world has changed a lot in the last 12 months, but those in the securities industry can always rely on their trusty regulator, FINRA, to put out its annual priorities list to provide some semblance of consistency in the world.  In a break from the past, however, this year FINRA has combined two annual reports – the Report on Examination Findings and Observations, and the aforementioned Risk Monitoring and Examination Program Priorities Letter – into one new document (the “Report”).  The 46-page Report addresses 18 regulatory areas and organizes them into four categories (sadly, there is no mention of the ultra-recent GameStop saga).

Readers familiar with past priorities letters will recognize many of the issues raised in the current incarnation, and FINRA concedes that “many of the areas addressed in the publication represent ongoing core compliance responsibilities.”[1]  In other words, AML has always been a priority and continues to be a priority so nothing to see here.

Unfortunately, the subject that is likely to be of most interest, given the current state of affairs in the world, i.e., “Firms’ Practices During COVID-19,” is set off in blue because the “Report does not address exam findings, observations or effective practices specifically relating to how firms adjusted their operations during the pandemic.”[2]  Fortunately, FINRA promises, “those reviews are underway now and will be addressed in a future publication.”[3] If we are lucky, said results will issued before the entire country is vaccinated while the results are still relevant.[4]  Stay tuned to the BD Law Corner blog for timely updates in relation to COVID guidance.  With all of the above in mind, here are selected highlights from the new combined Report:[5]

Regulation Best Interest (“BI”)

Regulation BI replaces[6] the well-known and weathered suitability standard with one that requires broker-dealers and associated persons to make recommendations on transactions or investment strategies based on the best interests of their retail customers.  While the standard sounds simple, its implementation has caused heartburn in CCOs across the country as they struggled to understand how FINRA will interpret BI differently than suitability.  Unfortunately, CCOs will have to continue purchasing their extra-strength Tums.  Because, while the Report lists some rather obvious guidance, such as, “Has your firm provided adequate Reg BI training to its sales and supervisory staff,” it punts on the all-important question of what firms are being disciplined for and, more importantly, what FINRA will look at in the upcoming year.

FINRA’s posture is likely due to the fact that Reg BI is relatively new, in conjunction with the difficulties of regulating during a world-wide pandemic.  Notably, the Report does refer readers to a Roundtable that the SEC held on Reg BI that my colleague Heidi VonderHeide reviewed in another blog post.  Speaking of which, Ms. VonderHeide will be discussing the ins and outs of Reg BI in a webcast later this month that interested readers can register for here.

As was the case with its COVID guidance, FINRA promises to update the industry as information is gathered and priorities determined.  While we all hope COVID will soon be a distant memory, Reg BI is here to stay, so FINRA’s updates warrant further watching.

Cybersecurity

Another issue that is here to stay and promises, in fact, to increase in importance over the coming years is cybersecurity.  The Report notes increased occurrences of cybersecurity related issues, including system wide outages; email and account takeovers; fraudulent wire requests; imposter websites; and ransomware.  In addition, the Report indicated that data breaches remain an issue.   The pandemic has brought this already important issue to the forefront as brokerage personnel increasingly work remotely, increasing the importance of home internet security for each and every employee touching private company data.

The limitation on personal interactions between brokerage employees and their customers has only exacerbated the problem and ensured that most, if not all, exchange of customer paperwork takes place over the internet.  With such exchanges becoming the rule instead of the exception, FINRA has, not surprisingly, noted during its exams that firms have failed to encrypt customer personal information (which can be as simple as failing to encrypt and redact new account forms).  Firms also failed to limit access to customer information (along with other sensitive data) and failed to train personnel and maintain adequate branch policies, amongst others.  During compliance reviews, firms, naturally, tend to look within to figure out how they can improve internally.  While it is not necessarily intuitive, FINRA notes that firms must institute proper policies to ensure that their vendors are taking all steps that the firm, itself, is taking to ensure data safety.  This might be especially important for smaller firms that outsource their technological needs to vendors.  During past roundtables with Regulators at the Chicago Bar Association, those Regulators have indicated that a firm blaming its vendor is not a valid excuse if a data breach occurs and the Report seems to confirm as much.  The basic takeaway seems to be that internet technology is changing all of the time and the onus is on firms to keep pace in terms of protecting itself and its customers.

Communications with Public

As technology changes, the way that firms communicate with their customers has also changed.  Late last year, the SEC revolutionized its marketing rules for RIAs bringing them out of the 1960s and into the digital age (my colleague, Denise Fesdjian wrote about it here.) While FINRA did not do anything near as exciting as the SEC, it is worth noting the issues it uncovered as well as what infractions might focus on in the future.

Some findings have been virtually unchanged over the years, with the exception that they are now more likely to be found on the internet instead of in print, e.g. failing to balance promotional statements with prominent risk disclosures, while others deal with newer technology, i.e., the failure to retain email and other digital communication.  Once such technology that the Report sets off in blue (which apparently indicates that FINRA wants people to read it and, thus, will likely focus on it) is the emergence of new digital platforms with “Game-Like” features.”  FINRA cautions that these platforms, which are reaching a new segment of retail investors and, thus, providing important access to the marketplace, can also represent danger.  The message seems to be that firms can splash up their websites in order to appeal to new consumers but, in doing so, they are not relieved of any of their regulatory responsibilities.  Substance over form when it comes to the rules, in other words.

Above is just a smattering of what is available in the Report and I encourage anyone with an interest to review it in detail to learn about all of the topics not discussed here.

[1] https://www.finra.org/media-center/newsreleases/2021/finra-publishes-2021-report-finras-examination-and-risk-monitoring

[2] https://www.finra.org/rules-guidance/guidance/reports/2021-finras-examination-and-risk-monitoring-program#top

[3] Id. 

[4] See FINRA Regulatory Notice 20-16 for guidance on operating during the pandemic.

[5] For those wishing to read the report in its entirety, it is available at https://www.finra.org/rules-guidance/guidance/reports/2021-finras-examination-and-risk-monitoring-program#top

[6] Technically, Regulation BI supplements the suitability standard but according to Regulatory Notice 20-18, “Reg  BI’s Care Obligation addresses the same conduct with respect to retail customers that is addressed by Rule 2111, but employs a best interest, rather than a suitability, standard, in addition to other key enhancements. Absent action by FINRA, a broker-dealer would be required to comply with both Reg BI and Rule 2111 regarding recommendations to retail customers. In such circumstances, compliance with Reg BI would result in compliance with Rule 2111 because a broker-dealer that meets the best interest standard would necessarily meet the suitability standard.”

In other words, you have to follow Reg BI and if you follow Reg BI, you are meeting suitability so Reg BI is the determinative consideration.

Almost three years ago, in Reg Notice 18-08, FINRA wisely (but, nevertheless, still a bit late to the party) proposed to revise its own prior guidance regarding the troublesome intersection between outside business activities and investment advisor business, guidance that FINRA itself acknowledged had “caused significant confusion and practical challenges.”  Specifically, in crusty old Notices to Members 94-44 and 96-33, issued over two decades ago, FINRA saddled the industry with nearly inscrutable attempts to delineate the scope of a BD’s supervisory obligations over the investment advisory activities conducted by its dually registered RRs away from their BD.  Although it took FINRA about 25 years to finally attempt to clean up the muddy playing field it had created, finally, it seemed, clarity was on the way.  Astutely noting one of those rare instances in which FINRA actually seemed to be acting in its members’ best interests, I blogged about that proposal and dutifully congratulated FINRA for “provid[ing] meaningful relief to firms who are now nearly crippled by the sheer amount of their compliance obligations.”

Boy, did I speak too soon.

Three years after it was issued, the proposal has never been approved.  Indeed, who knows where it is today.  In a July 2020 release, the SEC observed that FINRA’s review of the proposed rule change was still pending, but, since then, I have seen nothing.  Making matters much, much worse, FINRA continues to enforce 94-44 and 96-33, despite FINRA’s explicit acknowledgement of the terrible job those notices have done in establishing a clear standard of conduct.  Just ask Cetera.  Right before the new year, FINRA issued an AWC from Cetera with a $1 million fine for doing something that, had FINRA followed through on the proposal in Reg Notice 18-08, would have been ok.

Before I get on my soap box, let me break down the AWC.

First you need to understand the underlying dynamic.  Cetera – like hundreds of other firms – has RRs who are simultaneously registered with an outside RIA, where the RRs serve as IARRs.  These folks are referred to as “dually registered representatives” or DRRs.  Because what the DRRs do at the RIA constitutes a securities business, from the perspective of the BD, it is a private securities transaction, thereby triggering Rule 3280.  The issue this tees up is what role, if any, Cetera has to supervise the IA work that its dually registered RR/IARRs are conducting at the RIA (where, of course, they are already subject to the RIA’s supervision).

The NASD tried in 94-44 and 96-33 to account for that fact, i.e., that DRRs are already being supervised by their RIAs, by attempting to delineate a more narrow scope of the DRRs’ RIA activities that the BDs also have to supervise.  The problem is, this was very difficult to articulate.  So difficult that the securities industry has struggled with this problem for the past 25 years.

Consider this:

  • As the AWC notes, according to Rule 3280, when a BD approves a PST, the BD must “supervise the person’s participation in those transactions as if the transactions were executed on behalf of the firm.”
  • Consistent with that, 94-44 states that “these requirements apply ‘to all investment advisory activities conducted by [DRRs] that result in the purchase or sale of securities by the associated person’s advisory clients”
  • But, curiously, 94-44 also states that Rule 3280 is focused “primarily upon the RR/RIA’s participation in the execution of the transaction – meaning participation that goes beyond a mere recommendation. Article III, Section 40 [the precursor to Rule 3280], therefore, applies to any transaction in which the dually registered person participated in the execution of the trade.”
  • 96-33 similarly states: “Most notably, Notice to Members 94-44, clarifies” – sorry, I have to pause here to insert the laughter that the use of “clarifies” will undoubtedly trigger – “the analysis that members must follow to determine whether the activity of an RR/IA falls within the parameters of Section 40. Fundamental to this analysis is whether the RR/IA participates in the execution of a securities transaction such that his or her actions go beyond a mere recommendation, thereby triggering the recordkeeping and supervision requirements of Section 40.”

So…we’ve got this hard-and-fast standard in the rule – “all” PSTs must be supervised by the BD.  But, we’ve also got this squishy interpretation that says it is NOT all PSTs, only those where the DRR “participates in the execution.”  THIS is the gray area that NASD created, which it never remedied, but teasingly proposed to fix in Reg Notice 18-08, in which poor Cetera found itself.

What, exactly, did Cetera do?  According to the AWC, “[f]rom January 2011 through December 2018, [Cetera] failed to establish, maintain and enforce a supervisory system and written supervisory procedures reasonably designed to supervise certain private securities transactions conducted by their dually-registered representatives (DRRs) at unaffiliated or ‘outside’ registered investments advisors (RIAs).”  Why did Cetera get picked on FINRA?  That’s easy: the AWC provides that Cetera underwent three SEC exams between 2013 and 2017 in which findings were made about this issue, but the firm failed to take adequate remedial measures.  FINRA had no choice, it seems, but to reluctantly step in and enforce its own fuzzy standard, just to be able to look the SEC in the eye.  In other words, Cetera paid the price for FINRA waiting 25 years to try to fix a problem that it created…and then quietly pretending that it hadn’t.  And speaking of price…how the heck did this possibly become a $1 million problem?  For a firm that has NO relevant disciplinary history?  Seems to me like FINRA trying to show the SEC something.

Ok, back to my soap box.

So, why has FINRA failed to act on the 18-08 proposal?  Let’s say I have my theory.  To start, let’s take notice of the fact that the rule proposal garnered 51 comments.  That may not be the indoor record, but it’s a lot.  I have gone through them, so you can spare yourself that exercise.  Nearly without exception (for some reason, Raymond James didn’t seem to like the rule), the industry was strongly in favor of it.  Just as a for instance, Fortune Financial Services wrote that NTM 94-44 and 96-33 were “both confusing and difficult to implement without providing any meaningful investor protection.”  Foreside noted that implementation of the proposal “will dramatically save costs and reduce a firm’s administrative and regulatory burden.”  I could go on, but you get the point.

The rule proposal – from the perspective of FINRA’s members – was a fantastic idea.  And for good reason: it saves BDs from having to try and supervise activities which they have limited, if any, access to or ability to control,[1] yet without adding any regulatory risk – given that the activities of the IARRs away from the BDs are already subject to the supervision of the particular RIA with which they are associated, under the watchful regulatory eyes of either the states or the SEC (depending on the size of the RIA).  I mean, who needs FINRA to butt into the existing supervisory scheme of an RIA that seems to be working ok on its own?

Well, guess who didn’t like the rule proposal?  Yes, that’s right, PIABA condemned it, dramatically claiming that FINRA was “contemplating the evisceration of crucial protections that have been in place for decades to safeguard investors against investment schemes!”  Ironically, and in apparent total disregard for the mess that 94-44 and 96-33 actually created, PIABA insisted that adoption of the proposed new rule “would create mass confusion for brokerage firms and registered representatives.”  That’s funny stuff.

So, there you go.  On one side, you have the industry almost entirely lined up in support of the proposed rule. On the other side, you have PIABA arguing that the rule would be bad.  Given that dynamic, who do you think FINRA is going to listen to?  You don’t have to guess, of course.  FINRA’s three-year-and-counting failure to follow through on its eminently reasonable rule proposal tells you all you need to know.  And, as I stated earlier, it’s not just FINRA’s failure to follow through on the rule proposal that is so aggravating, it’s the fact that FINRA has the temerity to nick Cetera for $1 million for failing to meet the needless and fuzzy standards that FINRA attempted to articulate in 94-44 and 96-33.

 

 

[1] As an example of this, the AWC points out that for years, Cetera did not receive “transaction data for its DRRs’ outside securities . . . and, thus, did not have the information necessary to reasonably supervise its outside RIA transactions. And even after [Cetera] began receiving transaction data, it did not receive the customer-specific account information to satisfy its supervisory obligations including, but not limited to, a suitability review.”

FYI, in February, Ulmer & Berne will be hosting a series of webinars on the following: FINRA Expungement: Rule Changes and Updates on Tuesday, February 9 2:00 PM EST; SEC Update: Reg BI, Enforcement Activity, and the Willfulness Standard on Thursday, February 11, 2021 at 2:00 PM EST; Data Protection & Cybersecurity Challenges for Financial Institutions in 2021 on Wednesday, February 17, 2021 at 2:00 PM EST; and FINRA 2021: What to Expect on Wednesday, February 24, 2021 at 2:00 PM EST.  (I will be co-presenting this last one, fair warning.)  If you are interested in attending any or all of them, here is the unique registration link you can use:   

https://event.on24.com/wcc/r/2961937/69BFE2596E50DB183919821DB15AF4AA/1819854

A long time ago, long before there existed any whistleblower statutes, I had a client – a CCO of a broker-dealer – who discovered some pretty funky trading at his firm.  As he tells the story, when he went to see his boss (who was the owner of the firm) to report his troubling discovery, the owner sidled out from behind his desk, and casually unbuttoned his suitcoat, deliberately revealing the handgun he had strapped to his belt, and told my guy, basically, that he must be mistaken about those trades.  My client took the not-so-subtle hint and bid a hasty adieu and said not another word.  But, from that day forward until the day he was able to find a new job, he carefully documented every trade that made him queasy.  When he finally left, he took with him all that trade data and presented it, wrapped in a bow, to the SEC.  Fast forward: the SEC, as well as the DOJ, brought actions against the owner, and my client was the hero (and star witness).

Cool, true story.  But the same underlying issue for CCOs (and all supervisors, I suppose) still exists today:  what do you do when you come across a situation that raises serious compliance concerns, but which firm management appears to condone?

The answer, according to an SEC settlement from a week ago, is SPEAK UP.  Here are the pertinent facts,[1] as I have pieced them together:

  • Michael Sztrom has been in the securities industry since 1998.
  • In 2015, he tried to associate with Advanced Practice Advisors (“APA”), an RIA.
  • Unfortunately, he couldn’t, due to an open FINRA investigation into his activities at his prior firm, which caused Schwab, APA’s clearing firm, to bar Michael from its platform.
  • Unable to service his clients, Michael had his son, David – a newly minted IARR whose “only prior advisory experience was assisting Michael for five months at [Michael’s prior firm] by performing administrative tasks, such as processing forms and taking notes at meetings – join APA.
  • Michael told APA that he “would serve in the limited role of financial planner to the clients who moved to APA,” but would not serve as their investment advisor.

Well, as you may have guessed, Michael didn’t honor that promise.  Rather, “he continued to provide investment advice to the clients who had followed him from his prior firm to APA and who were supposed to be advised by his son.”  Indeed, there was no formal agreement for Michael to serve as a financial planner to his former advisory clients, he never charged any client to prepare a financial plan, and never actually prepared any such plan.  (Easy to see why the SEC called this supposed financial planner role a “sham.”)

But this isn’t about Michael and David (although you ought to take note that the SEC has filed a complaint against the son and his undisclosed-advisor father); this is about the CCO – the hero of this story but whose name, sadly, is never revealed – and his boss, Paul Spitzer.

Turns out, rather unsurprisingly, if you ask me, that Mr. Spitzer either knew or should have known what Michael was up to.  As the SEC points out, Mr. Spitzer knew

that the father and son shared office space and telephone lines, that all of the APA clients the son worked with had come from his father, and that the son lacked any significant experience and was just learning the business. In addition, Spitzer would often correspond directly with the father, rather than with the Adviser Representative, about things such as advisory fees.

Despite this, Mr. Spitzer did not require that David “maintain separate office space from his father or take other precautionary measures, such as implementing an ethical screen to prevent the Adviser Representative from sharing confidential client information with his father.”

Six months after David joined APA, enter our hero, the new CCO.  He saw that Michael, who was not formally associated with APA, worked in the same office with David, allowing him to access APA client information and advise APA clients.  Moreover, the new CCO was concerned that APA clients might not know that Michael was not formally associated with APA, was not permitted access to APA information and systems, and could not advise clients under APA’s aegis.  He apparently told his boss, Mr. Spitzer, but none of this managed to sway Mr. Spitzer.

And then it got worse.  Schwab called Mr. Spitzer to report that Michael had called and “impersonated his son on at least 38 occasions.”[2]  In recorded calls, some of which David participated in (albeit silently), Michael

identified himself by his son’s name and as a representative of APA, and discussed block trading, warrants trade allocation, and rebalancing APA client accounts. He also asked APA’s clearing broker how to execute a trade for a client and repeatedly provided the clearing broker with the master account number for APA.

When the CCO learned about this, he went to his boss – again – and recommended that Mr. Spitzer fire David.  Mr. Spitzer refused.  Instead, he simply imposed a heightened supervision plan on David, and even though Michael didn’t work for APA, he made Michael sign it, too.  Even then, however, the SEC found that APA and Mr. Spitzer “failed to enforce several of the requirements set forth in that agreement.”

When the dust settled, the SEC brought actions against Mr. Spitzer, APA, Michael and David, but, more to the point of this blog post, NOT against the CCO.  Why not?  Because he (or she?) appears to have brought his concerns about Michael to his boss immediately – i.e., he spotted the red flag – and made recommendations for action to be taken.  (Given that the CCO only made a recommendation to fire David, we can safely presume that he lacked the authority actually to take that action.)  Even though Mr. Spitzer shot down that idea, it gave the CCO the protection he needed when the regulators subsequently came knocking.

Only one thing to add: the importance of documentation.  To become the hero of the story, the CCO here, like my client many years ago, had to have the documents to back up what he told the SEC happened.  When he discovered the odd situation with David and Michael, I am willing to bet he memorialized his findings.  When he recommended that the firm let David go, I bet there’s an email, at a minimum, that corroborates this.  The lesson is clear: no matter that it’s obviously a CYA moment, it is critical to take the steps necessary to protect yourself, and this typically means creating a document.  An email is good, especially because they are automatically preserved.  A memo to the file.  An entry on a calendar.  Frankly, anything is better than nothing.  Remember: no matter how credible you think you are, no matter how clean your record, no matter how long you’ve been in the industry, in the eyes of a regulator, you didn’t do anything unless there’s a document that proves you did.

[1] The facts that I lifted from the settlement can safely be called facts; those that come from the SEC complaint should be understood to be mere allegations, for now.

[2] To Schwab’s credit, when it “discovered Michael’s deception, it immediately terminated David’s access to its platform and gave all of the APA clients 90 days to either find an investment adviser other than APA or move their brokerage accounts to another brokerage firm.”

Historically, one of the surest ways to get yourself permanently barred from the industry is to forge a customer’s signature on something.  According to the pertinent Sanction Guideline, at a minimum, a forgery, that is, a true forgery – a signature that is neither authorized nor subsequently ratified by the customer – should result in suspension of two months to two years, but, where the forgery is “in furtherance of another violation, result[s] in customer harm or [is] accompanied by significant aggravating factors,” “a bar is standard.”  And that doesn’t count the fine of $5K – $155K.

FINRA recently issued an AWC that involved what I just called “true” forgery, however, that suggests, at least under certain circumstances, that unhappy outcome might be avoidable.

The facts of this case are pretty concise:

  • Timothy Joseph has been in the securities industry as a Series 6 for almost 20 years, with one firm – First Command Brokerage Services, Inc. – and with no disciplinary history.
  • In August 2019, Mr. Joseph met with a customer regarding opening two accounts with the firm’s investment advisor affiliate.
  • After meeting with the customer again in September 2019, Mr. Joseph electronically affixed her signature to the account opening documents, causing assets to be transferred from her firm account to the new advisory accounts.
  • When the customer learned that the advisory accounts were opened, she immediately complained that she had not signed anything to open those accounts, digitally or otherwise, and instructed Mr. Joseph to reverse the transactions.
  • Joseph reported his customer’s complaint to First Command (resulting in a disclosure on his Form U-4), which reversed the transactions.
  • In that same month, Mr. Joseph also electronically affixed the signatures of:
    • two other customers to advisory account opening documents,
    • one customer to four IRA distribution forms, and
    • five other customers to ACH authorization agreements.
  • Although none of these other customers initially authorized Mr. Joseph to electronically affix their signatures, they all subsequently approved the transactions.
  • When First Command learned of Mr. Joseph’s conduct, the Firm disciplined him by, “among other things”:
    • fining him $10,000
    • assigning him additional (but undescribed) training.
  • FINRA fined Mr. Joseph nothing, but merely suspended him for 45 business days.
  • FINRA learned about this when First Command reported the incident in a Rule 4530 filing.

Let’s, as they say, unpack this.

First, as I said, at least with regard to the first customer, the one who complained, this was a true forgery.  Not an “accommodation forgery,” which was highlighted in FINRA’s 2019 Exam Findings Report and defined as “where registered representatives and associated persons asked customers to sign blank, partial or incomplete documents.”  Also not a “falsification of records,” which is what FINRA sometimes charges in cases of accommodation forgery.  No, this was true forgery.

Moreover, in light of the fact that the customer not only complained of the forgery but instructed that the transactions at issue – the establishment of advisory accounts and the transfer of assets to those accounts from her brokerage account – be reversed, it seems pretty logical to conclude that the transactions were not authorized.  In other words, Mr. Joseph’s forgeries were “in furtherance of another violation,” i.e., the unauthorized trades.

Based on the Sanction Guideline, therefore, as well as about a million prior FINRA settlements for forgery (and unauthorized trading), Mr. Joseph ought to have been barred.  Yet, he wasn’t; he only got suspended for about two months.  On top of that, he was not made to pay a fine in addition to the $10K he paid his BD.  All in all, this was a pretty tepid response by FINRA.  Why?

I can mostly speculate, of course, since there’s not much to work from in the AWC itself, except when it comes to the fine.  In the AWC, FINRA states that it “considered that First Command fined Joseph $10,000,” so we know that this is why Mr. Joseph didn’t have to pay anything additional.  The odd part is how infrequently this happens.  The General Principles Applicable to All Sanction Determinations that serve as a preface to all the specific Sanction Guidelines include this admonition:  “Where appropriate, Adjudicators should consider . . . previous corrective action imposed by a firm on an individual respondent based on the same conduct.”  It goes on to provide that a “firm-imposed fine or suspension is most comparable to FINRA-imposed sanctions when FINRA’s sanctions would have also included a fine or suspension, and Adjudicators should consider according some mitigative weight where these firm-imposed sanctions have already been fully satisfied by a respondent.”

Note the many waffle words and phrases FINRA tosses about here.  “Should consider,” not “shall consider” or “must consider” or some other mandatory, not precatory, language. “Where appropriate,” without bothering to tell us when it would, and wouldn’t, be appropriate.  “Some mitigative weight.”  Does that mean a dollar-for-dollar reduction?  A 50-cents-on-the-dollar reduction?  No reduction?  I get that the Sanction Guidelines are just that, guidelines that can be followed or ignored, but it is troubling that the deliberate flexibility that the Sanction Guidelines provide to FINRA make it extremely difficult to be able to predict how a case will be charged and how it will be resolved.  There is no reason that internal sanctions meted out by BDs should ever be disregarded by FINRA, but often they are.  And while I am happy that Mr. Joseph avoided paying two fines, I am just not sure why he got so lucky.

But that’s small potatoes to the big issue here: why was he not barred?  The facts here – one instance of true forgery coupled with eight more instances of accommodation forgery – strongly suggest that this was egregious misconduct, mandating a bar.  Or, if not a bar, something more than the short suspension he received.  It is frustrating that more facts are not supplied, because I guarantee you that the first time I attempt to use this AWC as persuasive precedent that some client of mine ought not to be barred for forging a customer’s name, FINRA will tell me that, oh, there were “unique circumstances” in Mr. Joseph’s case, so we should just ignore it.

The other thing worth discussing is the fact that in addition to reporting the customer complaint on Mr. Joseph’s Form U-4, First Command also filed a 4530 report about this.  That rule requires a BD to report within 30 days when “an associated person of the member . . . is the subject of any written customer complaint involving allegations of . . . forgery,” and also when “an associated person of the member is the subject of any disciplinary action taken by the member involving . . . the imposition of fines in excess of $2,500,” both of which appear to have happened here.[1]  So, First Command had no choice but to make its 4530 report.

But it did, it appears to have done so in a timely manner, and (whether or not you agree it was adequate) it took prompt action to address Mr. Joseph’s misconduct.  I am hardly saying that this was anywhere near the sort of above-and-beyond self-reporting behavior that garners credit from FINRA, but you can’t argue with the outcome.  No supervisory nick against the firm or Mr. Joseph’s direct supervisor, and Mr. Joseph escaped with not much more than a wrist slap for behavior that has cost countless others their careers.  Yes, two and two doesn’t always equal four, but I think here the results had to have been dictated, at least in part, by the fact that First Command took quick, demonstrable steps in response to a pretty big red flag and presented FINRA with a done-deal.  Something everyone should think about doing when presented with similar circumstances.

 

 

 

[1] Pursuant to 4530(e), a 4530 report is not required in addition to a U-4 amendment disclosing a customer complaint, but it is required to disclose the internal discipline that a firm takes.

LPL may be the biggest BD in the country, with 21,500 reps operating out of almost 13,000 branch offices.  Heaven knows how much money it brings in every year, but, goodness, it must be a lot.  And good thing, too, given how much the firm keeps paying to FINRA in fines for its serial, repeated, and egregious supervisory failures.

A week or so week ago, LPL kept its string of massive supervisory fines intact with a $6.5 million AWC.  I will get to the details, of course, but, for starters, let’s take note of the following:

  • In the “Relevant Disciplinary History” section of the AWC, FINRA identified three prior AWCs, dating back only five years, with fines totaling almost $12 million
  • For some reason, however, FINRA left out of that section another supervisory AWC, from 2013, in which LPL paid a $7.5 million fine for its failure to retain (and review) emails…which sort of sounds like the very problem that is the subject of the latest AWC
  • According to the firm’s BrokerCheck report, and as I pointed out in a blog post from a year ago, LPL “has 253 total disclosures, of which 175 are regulatory events, perhaps 20 or more of which involved a supervisory violation”
  • No individuals were named in this AWC, or in any of the three prior AWCs that FINRA mentions in the new AWC, or in the 2013 AWC that FINRA omitted (and without going through all of the 20 or so other supervisory cases, I would venture to speculate that no individual was named in them, either, although I am happy to be proven wrong by anyone with the inclination to review all those cases).

I am guessing that given these initial observations (well, and, perhaps, the title of this piece), you can deduce what I am thinking:  if you happen to be a firm that is big enough, with enough money, to pay FINRA millions and millions of dollars, year after year, for repeated supervisory violations, a firm whose CEO maybe sat on the FINRA Board of Governors not too long ago, you can happily remain in business no matter how pervasive the problems seem to be, and no one in management will be held personally accountable.  This is not conjecture.  This is fact.  All you have to do is read LPL’s BrokerCheck report, read the AWCs, and you will see for yourself the kinds of violations the firm has committed, the amount of fines it has paid, and who has NOT been named as respondents.

Can it be any wonder that small firms see this AWC and gnash their collective teeth in anger over the disparate treatment they receive?  Just look at my most recent blog post, about a FINRA AWC for Worden Capital Management for supervisory failures.  Guess who was also named as a respondent, as a result of the conclusion that he was personally responsible for the unreasonable WSPs?  That’s right, Jaime Worden, the firm’s owner and CEO.  Neither Mr. Worden or his firm had any relevant disciplinary history leading up to that AWC, quite unlike LPL, yet FINRA was comfortable naming him along with the BD.  And that is just one example.  The list goes on, and on, and on.[1]

Well, with that off my chest, let’s talk a look at LPL’s latest supervisory cluster.  There are actually three components to the firm’s failure to meet its regulatory obligations: record retention, fingerprinting and screening of associated persons, and supervision of consolidated reports.  I will take them one at a time.

Regarding record retention, for over five years – a time period that, incidentally, overlaps with prior AWCs – from January 2014 to September 2019, LPL failed “to retain electronic records in the required format, preserve certain electronic records, and notify FINRA prior to employing electronic storage media.”  That failure “affected at least 87 million records and led to the permanent deletion of over 1.5 million customer communications maintained by a third-party data vendor,” including “mutual fund switch letters, 36-Month Letters, and wire transfer confirmations.”  This bit about the third-party vendor is my favorite part of the AWC:

In August 2017, after FINRA requested certain customer letters that LPL could not locate, LPL contacted Vendor A in an attempt to locate them. Vendor A informed LPL that about 500,000 customer communications, including the letters, had been deleted because Vendor A placed them in a temporary storage location from which records were automatically deleted after one year. Subsequently, LPL did not take reasonable steps to verify that Vendor A migrated the other documents remaining in the temporary storage location to an appropriate location. Therefore, on October 26, 2018, Vendor A discovered that the migration did not occur and that approximately one million additional LPL customer communications had been deleted.

Whoops.  In addition, LPL also “failed to send account notices that are required to be sent to customers at 36-month intervals for each account in which a suitability determination had been made.”  This one impacted over one million customers.

Regarding the fingerprint problem, from January 2014 through the present, LPL failed to obtain fingerprints for more than 7,000 non-registered associated persons.  Because these associated persons were not fingerprinted, LPL did not screen them to determine whether any individual was subject to a statutory disqualification.  As part of the remediation efforts that the firm commenced, it determined that approximately 5,000 of the individuals were no longer associated with LPL, so it could not obtain their fingerprints or determine if they were subject to statutory disqualification.  5,000!

Of course, the AWC also provides that LPL actually did get the fingerprints for one guy, properly sent them to FINRA for review, and received a notice back that he was SD’d, which should have resulted in either (1) him being terminated, (2) the firm filing a BDW, or (3) the firm filing an MC-400.  LPL, however, boldly chose a fourth option: do nothing, and let the guy continue to work there for 2 ½ years.  I wish my small firm clients got that choice!

The final aspect of LPL’s supervisory failures relates to consolidated reports, “a document that combines information about most or all of a customer’s financial holdings, including assets held away from the firm.”  FINRA has previously expressed its concerns about the use of consolidated reports in Reg Notice 10-19.  I don’t want to get into the weeds here, but the concern was, basically, that consolidated reports create “the potential for communicating inaccurate, confusing, or misleading information to customers” because a BD may not “test or otherwise validate data” for assets that appear on such reports that are held away from the BD.

LPL got in trouble with FINRA in 2015 for not reasonably supervising consolidated reports, and so it told its RRs who wanted to use such reports that they could use only “LPL proprietary systems or specific, approved third-party vendors.”  Good move…but not good enough.  For five years, LPL still messed up in a number of ways:

  • While a copy of a finalized consolidated report was sent automatically to LPL to review and validate the information, RRs could also generate draft reports, which were not sent to LPL or reviewed by the firm. LPL does not know how many draft consolidated reports – including drafts containing manually-added values – its RRs sent to customers.
  • Although LPL’s WSPs required the firm to “review and validate” all manually entered valuations for “securities-related assets,” including retirement or brokerage accounts held away from LPL, private placements, or variable annuities, in practice, LPL only reviewed manually-entered assets if the RRs specifically characterized the assets as “securities-related.” If the RR said the manually-added assets was not a security, LPL didn’t review it.
  • Two of LPL’s vendors gave customers direct access to their consolidated reports without LPL’s knowledge or review. Although LPL could not quantify the problem, the AWC states that “at least 9,000 customers accessed one of the third-party vendors’ portals in one year alone.”
  • Three of LPL’s approved third-party vendors provided RRs the option of receiving consolidated reports directly, which the firm failed to supervise entirely.
  • Two of the approved vendors allowed RRs to export consolidated reports to Microsoft Excel files, after which the RRs could manually alter the reports. LPL was unaware of this, and therefore did not receive, much less review, those reports or any exported Excel files.
  • Finally, one approved third-party vendor enabled RRs to direct that emails be sent to customers that contained hyperlinks to consolidated reports. LPL was unaware that the vendor provided this service and therefore did not review any consolidated reports that its representatives disseminated in this manner.

I don’t mean to single LPL out here, but when confronted with this AWC, the big firm vs. small firm problem was too much to ignore.  LPL’s supervisory issues are serious.  Despite repeated representations to FINRA that the firm was prepared to do whatever it takes to remedy the problem and avoid a recurrence, that seems simply not to be true.  Either LPL is, in fact, not taking its supervisory obligations seriously (because it knows it can afford to write the next multi-million-dollar check to FINRA), or it is simply too big, with too many RRs, to reasonably supervise them all despite its best efforts.  Either way, one needs to ask whether this should be permitted to continue as it has for all these years.

Update:  Just to show that LPL is not the exception, a couple of days ago, FINRA released another AWC, this one from Goldman Sachs, with similar violations and a $1.25 million fine, and, of course, no individuals being named.  Specifically, FINRA found that “[b]etween January 2015 and November 2019, . . . Goldman failed to timely fingerprint at least 1,061 non-registered associated individuals. The Firm was unable to determine whether it timely fingerprinted an additional 4,089 non-registered associated persons because it failed to locate any documentation reflecting that the Firm fingerprinted these individuals. In addition, the Firm failed to maintain fingerprint records for an additional 466 non-registered associated persons whom the Firm did fingerprint. Separately, between April 2018 and November 2019, Goldman permitted two nonregistered associated persons, who were subject to statutory disqualification, to associate with the Firm.”

Double Bonus Update:  Today, FINRA announced another AWC, this time from HSBC.  Same issue, basically.  Over a period of 8+ years, HSBC failed to fingerprint and screen for possible disqualification 2,191 non-registered persons.  HSBC was only made to pay $650,000, however, a mere pittance, because FINRA gave the firm credit for self-reporting and remediating the problem on its own.  Man, is this a money-maker for FINRA or what??

[1] It is worth contrasting this, at least in a footnote, to other regulators.  I read just last week that the OCC, the Office of the Comptroller of the Currency, fined the former GC of Wells Fargo $3.5 million “for his role in Wells Fargo Bank, N.A.’s systemic sales practices misconduct.”  Mr. Strother was the SIXTH individual manager named by the OCC for some responsibility for the scandal involving the creation of millions of fake bank accounts.

I apologize for taking so long between posts, but, to be fair, there’s been a lot going on in the past week or so that has captured my attention!  I wish everyone a happy and SAFE new year! – Alan

While undoubtedly FINRA will be issuing its annual “examination priorities” letter any day now, that is hardly the best way to figure out exactly what FINRA is paying attention to now (as that letter kind of reads the same, year after year).  Rather, it is much more effective to read the results of the latest Enforcement actions.  That will really tell you the kinds of cases that FINRA is bringing, the kinds of respondents it is naming, and the sort of sanctions it is meting out.

There have a bunch of interesting cases of late, and I intend to get to them all eventually, but I thought I would start with this AWC from New Year’s Eve, a churning mess involving Worden Capital Management and its owner, Jamie Worden.  I realize that I just posted a piece about churning in November, but this case merits its own attention.

According to the summary, for about a 4-and-1/2-year period, the firm and Mr. Worden

failed to establish, maintain, and enforce a supervisory system, including written supervisory procedures (WSPs), reasonably designed to achieve compliance with FINRA’s suitability rule as it pertains to excessive trading.  As a result, WCM registered representatives made unsuitable recommendations and excessively traded customer accounts, causing customers to incur more than $1.2 million in commissions.

Let’s explore what happened.

First of all, you should know that the bulk of the firm’s business consisted of “registered representatives recommending active short-term trading to retail customers with speculative investment objectives.”  Given that, and given the fact that Rule 3110 mandates that a firm’s WSPs must be specifically tailored to the kinds of business that it actually conducts, it seems pretty dang clear that the suitability section of WCM’s WSPs should have contained a pretty hefty portion devoted to the supervision of churning, a/k/a quantitative unsuitability.

Well, not so much.  Turns out that the WSPs were, in fact, pretty skimpy where it mattered.

First, while the WSPs appropriately noted “that factors such as the turnover rate, the cost-to-equity ratio, and in-and-out trading might be indicative of a suitability violation,” they “did not define those terms.”  Second, and worse, the WSPs “also failed to explain what actions to take when supervisors and principals observed such activity.”  Finally, “although branch managers were responsible for supervising trading activity at their assigned branches, the WSPs were silent on how they should perform that supervision.”

In other words, the WSPs not only failed to describe what supervisors should have been looking for, they also failed to detail how the supervisors should have been conducting such reviews, or what to do if they actually found a problem.  0 for 3.

The AWC goes on to describe the ways that WCM did attempt to keep any eye out for churning, but, as you will see, they were so patently insufficient that FINRA found that they “were individually and collectively unreasonable.”

The principal unreasonable thing that the firm did was not provide its supervisors with the proper tools they needed to perform their job.  WCM supplied its branch managers daily trade blotters.  But, because the blotters “were not designed to flag excessive activity,” they didn’t contain the typical data one needs to spot churning.  Some branch managers were alert enough to independently calculate the cost-to-equity ratios – which, according to the AWC, “revealed high levels of trading activity in customer accounts” – but they failed to take reasonable steps to address what they discovered.

Apparently, WCM also used a Monthly Active Account Report, which “flagged customer accounts meeting certain thresholds such as high commission-to-equity ratios, high volume of trades, and losses greater than 20% of an account’s equity during the month.”  Wow, sounds great, right?  Indeed, the report “routinely flagged dozens of customer accounts each month.”  Even better, the report is doing what it was designed to do!

Sadly, even a good report is useless if you ignore it, or don’t understand it.

Here, Mr. Worden delegated a guy to review the report, but, alas, Mr. Worden failed to train him how to read it.  As a result, the poor delegate “could not define or calculate a cost-to-equity ratio or turnover rate.”  Thus, even though the report generated “high cost-to-equity ratios and turnover rates to identify potentially violative conduct,” that data was meaningless to the supervisor, who “wrongly assumed all active trading was suitable for customers with a speculative investment objective.”

Take, for example, the March 2017 Monthly Report.  It flagged 91 accounts, approximately 10% of all firm accounts that traded during that month.  Those accounts – which appeared on the report multiple times – “should have attracted scrutiny because the accounts had (1) annualized cost-to-equity ratios and turnover rates well above the traditional guideposts of 20% and 6, respectively, (2) large numbers of transactions and high commissions, and (3) substantial losses.”  Unfortunately, there was no such scrutiny.

Finally, it is particularly instructive to note that the AWC takes the delegate to task for the activity letter (or happiness, or comfort letter, as some refer to it) that he sent to flagged customers.  Rather than telling them in clear terms that their accounts were potentially being churned, his letter “merely stated that the firm ‘trust[ed]’ customers were receiving ‘trade confirmations and monthly statements on a timely basis and are reviewing them for accuracy.’”  This comports with the advice that I have been giving for decades, that it is actually worse to send a BS activity letter than not to send anything.  If you are going to notify a customer that his or her account has exceeded one or more objective criteria consistent with excessive trading, you need actually to spell out the numbers.  While such a letter is, obviously, more likely to induce the recipient to conclude his account has been mishandled,[1] at least you will get some credit with the regulator (and, perhaps, an arbitration panel) when it comes to the supervisory aspect of the case.

Compounding his problem, Mr. Worden also failed to ensure that his delegate was actually conducting the review.  And, in a triumvirate of supervisory failures, “although Worden had access to the Monthly Reports and occasionally reviewed the reports [himself], he never acted on the dozens of accounts that routinely were flagged because he believed active trading was suitable for speculative customers.”  Indeed, to the contrary, Mr. Worden “rejected the CCO’s recommendation that at least four representatives be disciplined for unsuitable recommendations.”

As for sanctions, as ugly as these supervisory problems appear to have been, and despite the fact the AWC also includes violations of two other rules, one relating to a plan by Mr. Worden and the firm to interfere with 288 customers’ efforts to transfer their accounts from WCM to another BD, and another involving the firm’s failure to timely disclose customer arbitrations on Forms U-4 and U-5, they don’t appear to be too bad.  Sure, there’s the hefty restitution piece – to the tune of $1.2 million – that we have come to expect to see under Jessica Hopper’s reign as head of Enforcement – but Mr. Worden got slapped with a mere $15,000 fine, a measly three-week suspension in all capacities, and a three-month supervisory suspension.  The firm got a $350,000 fine.  Not cheap, but not horrible, under the circumstances.

What are the lessons we can glean from this New Year’s Eve settlement?

  • Make sure your WSPs are specific to your business.
  • Make sure the principals to whom you delegate supervisory responsibilities are properly qualified, by training and/or pertinent experience, to do the job.
  • After you delegate supervisory responsibilities, take steps – demonstrable, provable steps – to follow up and ensure that they are, in fact, doing what they are supposed to be doing.
  • Provide your delegates with the tools to do their job. Spring for the exception reports that your clearing firm offers.
  • Don’t play games with your customers. If you are going to go to the trouble of sending them a letter about their account activity, make it meaningful.
  • If you do something wrong, and it costs your clients money, pay it back to them. Do it before FINRA makes you.

[1] As proof of this point, the AWC recites that “WCM briefly implemented a more detailed active account letter that reflected, among other things, the amount of commissions paid by the customer and the number of transactions,” but “the firm ceased using this letter after one month because it caused customers to express concerns about their accounts.”  Ha!