A few months ago, I blogged about how FINRA rarely holds itself to the same standards of conduct that it expects from member firms, and I gave some examples. The other day, a good friend of mine brought to my attention yet another example, this one so blatant it can only make you laugh.
As you know if you read my posts, you are well aware that the SEC recently announced its intention to amend the Rules of Practice governing its administrative proceedings, a move that was largely heralded (well, by me, anyway) as “a good start.” Among the changes the SEC suggested was the requirement that all documents and other items be submitted electronically, and that all “sensitive personal information” be excluded or redacted from such filings.
That seems pretty reasonable, doesn’t it? I mean, if you are a broker-dealer, you are already used to taking what seem like extraordinary steps to ensure the confidentiality of customer information. Indeed, in every setting, FINRA requires that firms go to great (read “expensive”) lengths to ensure that confidential customer information is protected.
For example, responses to 8210 requests that are provided electronically must, pursuant to Rule 8210(g) and Regulatory Notice 10-59, be encrypted, with the password sent separately to “help ensure that personal information is protected from improper use by unauthorized third parties.”
Regulatory Notice 14-27 requires that any document that a party files with FINRA in connection with an arbitration that contains an individual’s Social Security number, taxpayer identification number or financial account number must be redacted to include only the last four digits of any of these numbers.
In FINRA Enforcement matters, parties are routinely made subject to what has become a standard pre-hearing order (an example can be found here) strictly limiting the use of documents containing “PCI,” personal confidential information, including social security numbers, taxpayer ID numbers, driver’s license numbers, and financial account numbers (including checking and savings accounts, and credit card numbers).
And, of course, there are tons of Enforcement cases that FINRA has brought over the years against firms for not taking sufficient steps to protect confidential customer information, meting out huge fines.
Amazingly, however, in response to the SEC’s proposed rule change, FINRA submitted a comment letter in which it sought permission from the SEC to be exempted from the requirement to redact confidential information from the documents it has to send to the SEC in connection with administrative proceedings. It’s not that FINRA doesn’t think maintaining the confidentiality of customer information is important; indeed, the comment letter starts by “applaud[ing] the Commission’s efforts.” Apparently, the problem for FINRA is that it would just be too much work! As FINRA put it, the requested exemption is necessary “[b]ecause making redactions will be an extremely time- and labor-intensive process,” or, stated somewhat differently, because “redaction will be a highly costly endeavor that intensively consumes time and labor.” Finally, “FINRA believes that the burdens of redaction receive scant recognition from the Commission’s proposed amendments and far outweigh any assumed potential benefits of public access to every page of the record in FINRA proceedings.”
Oh my. How horrible. Complying with a rule takes time, effort and money. Stop the presses. Alert the media. Poor FINRA.
Perhaps even more galling, FINRA also requested a year within which to comply not with the redaction requirement, but, rather, the simple requirement of filing documents electronically! According to the comment letter, “[a]bsent a reasonable implementation period, the proposed electronic filing requirement will impose substantial costs on FlNRA in the short term.”
I must admit, I have no idea what the SEC will do with FINRA’s requests for relief. I can, however, clearly anticipate what FINRA would do were I to make a similar argument to, say, a Member Reg examiner, or an Enforcement attorney, that my client should be exempt from some obviously burdensome rule because to comply would take a lot of effort and cost a lot of money. It will undoubtedly be very handy to have a copy of the FINRA comment letter available. Just be sure you don’t send it electronically, as it may take FINRA a year to figure out how to read it.