FYI, in February, Ulmer & Berne will be hosting a series of webinars on the following: FINRA Expungement: Rule Changes and Updates on Tuesday, February 9 2:00 PM EST; SEC Update: Reg BI, Enforcement Activity, and the Willfulness Standard on Thursday, February 11, 2021 at 2:00 PM EST; Data Protection & Cybersecurity Challenges for Financial Institutions in 2021 on Wednesday, February 17, 2021 at 2:00 PM EST; and FINRA 2021: What to Expect on Wednesday, February 24, 2021 at 2:00 PM EST.  (I will be co-presenting this last one, fair warning.)  If you are interested in attending any or all of them, here is the unique registration link you can use:   

https://event.on24.com/wcc/r/2961937/69BFE2596E50DB183919821DB15AF4AA/1819854

A long time ago, long before there existed any whistleblower statutes, I had a client – a CCO of a broker-dealer – who discovered some pretty funky trading at his firm.  As he tells the story, when he went to see his boss (who was the owner of the firm) to report his troubling discovery, the owner sidled out from behind his desk, and casually unbuttoned his suitcoat, deliberately revealing the handgun he had strapped to his belt, and told my guy, basically, that he must be mistaken about those trades.  My client took the not-so-subtle hint and bid a hasty adieu and said not another word.  But, from that day forward until the day he was able to find a new job, he carefully documented every trade that made him queasy.  When he finally left, he took with him all that trade data and presented it, wrapped in a bow, to the SEC.  Fast forward: the SEC, as well as the DOJ, brought actions against the owner, and my client was the hero (and star witness).

Cool, true story.  But the same underlying issue for CCOs (and all supervisors, I suppose) still exists today:  what do you do when you come across a situation that raises serious compliance concerns, but which firm management appears to condone?

The answer, according to an SEC settlement from a week ago, is SPEAK UP.  Here are the pertinent facts,[1] as I have pieced them together:

  • Michael Sztrom has been in the securities industry since 1998.
  • In 2015, he tried to associate with Advanced Practice Advisors (“APA”), an RIA.
  • Unfortunately, he couldn’t, due to an open FINRA investigation into his activities at his prior firm, which caused Schwab, APA’s clearing firm, to bar Michael from its platform.
  • Unable to service his clients, Michael had his son, David – a newly minted IARR whose “only prior advisory experience was assisting Michael for five months at [Michael’s prior firm] by performing administrative tasks, such as processing forms and taking notes at meetings – join APA.
  • Michael told APA that he “would serve in the limited role of financial planner to the clients who moved to APA,” but would not serve as their investment advisor.

Well, as you may have guessed, Michael didn’t honor that promise.  Rather, “he continued to provide investment advice to the clients who had followed him from his prior firm to APA and who were supposed to be advised by his son.”  Indeed, there was no formal agreement for Michael to serve as a financial planner to his former advisory clients, he never charged any client to prepare a financial plan, and never actually prepared any such plan.  (Easy to see why the SEC called this supposed financial planner role a “sham.”)

But this isn’t about Michael and David (although you ought to take note that the SEC has filed a complaint against the son and his undisclosed-advisor father); this is about the CCO – the hero of this story but whose name, sadly, is never revealed – and his boss, Paul Spitzer.

Turns out, rather unsurprisingly, if you ask me, that Mr. Spitzer either knew or should have known what Michael was up to.  As the SEC points out, Mr. Spitzer knew

that the father and son shared office space and telephone lines, that all of the APA clients the son worked with had come from his father, and that the son lacked any significant experience and was just learning the business. In addition, Spitzer would often correspond directly with the father, rather than with the Adviser Representative, about things such as advisory fees.

Despite this, Mr. Spitzer did not require that David “maintain separate office space from his father or take other precautionary measures, such as implementing an ethical screen to prevent the Adviser Representative from sharing confidential client information with his father.”

Six months after David joined APA, enter our hero, the new CCO.  He saw that Michael, who was not formally associated with APA, worked in the same office with David, allowing him to access APA client information and advise APA clients.  Moreover, the new CCO was concerned that APA clients might not know that Michael was not formally associated with APA, was not permitted access to APA information and systems, and could not advise clients under APA’s aegis.  He apparently told his boss, Mr. Spitzer, but none of this managed to sway Mr. Spitzer.

And then it got worse.  Schwab called Mr. Spitzer to report that Michael had called and “impersonated his son on at least 38 occasions.”[2]  In recorded calls, some of which David participated in (albeit silently), Michael

identified himself by his son’s name and as a representative of APA, and discussed block trading, warrants trade allocation, and rebalancing APA client accounts. He also asked APA’s clearing broker how to execute a trade for a client and repeatedly provided the clearing broker with the master account number for APA.

When the CCO learned about this, he went to his boss – again – and recommended that Mr. Spitzer fire David.  Mr. Spitzer refused.  Instead, he simply imposed a heightened supervision plan on David, and even though Michael didn’t work for APA, he made Michael sign it, too.  Even then, however, the SEC found that APA and Mr. Spitzer “failed to enforce several of the requirements set forth in that agreement.”

When the dust settled, the SEC brought actions against Mr. Spitzer, APA, Michael and David, but, more to the point of this blog post, NOT against the CCO.  Why not?  Because he (or she?) appears to have brought his concerns about Michael to his boss immediately – i.e., he spotted the red flag – and made recommendations for action to be taken.  (Given that the CCO only made a recommendation to fire David, we can safely presume that he lacked the authority actually to take that action.)  Even though Mr. Spitzer shot down that idea, it gave the CCO the protection he needed when the regulators subsequently came knocking.

Only one thing to add: the importance of documentation.  To become the hero of the story, the CCO here, like my client many years ago, had to have the documents to back up what he told the SEC happened.  When he discovered the odd situation with David and Michael, I am willing to bet he memorialized his findings.  When he recommended that the firm let David go, I bet there’s an email, at a minimum, that corroborates this.  The lesson is clear: no matter that it’s obviously a CYA moment, it is critical to take the steps necessary to protect yourself, and this typically means creating a document.  An email is good, especially because they are automatically preserved.  A memo to the file.  An entry on a calendar.  Frankly, anything is better than nothing.  Remember: no matter how credible you think you are, no matter how clean your record, no matter how long you’ve been in the industry, in the eyes of a regulator, you didn’t do anything unless there’s a document that proves you did.

[1] The facts that I lifted from the settlement can safely be called facts; those that come from the SEC complaint should be understood to be mere allegations, for now.

[2] To Schwab’s credit, when it “discovered Michael’s deception, it immediately terminated David’s access to its platform and gave all of the APA clients 90 days to either find an investment adviser other than APA or move their brokerage accounts to another brokerage firm.”