Broker- Dealer Law Corner

Broker- Dealer Law Corner

I Want HIS Lawyer!

Posted in Defenses, Disciplinary Process, Enforcement, SEC, Settlements

A little over a year ago, the SEC announced a stunning settlement with Merrill Lynch regarding its violation of SEC Rule 15c3-3, commonly known as the “Customer Protection Rule.”  This is an important rule whose name gives away its purpose:  it is designed to ensure that if a broker-dealer ever fails, customer assets can be quickly returned to the customers and not swallowed up by the BD or its creditors.  In violating the rule, the SEC concluded that Merrill “plac[ed] billions of dollars of . . . customers’ money at risk.”  Why was the settlement stunning?  First, and most notably, because it cost Merrill $415 million, the biggest penalty the SEC had ever exacted for such a rule violation.  Second, because unlike most settlements, in which the respondent neither admits nor denies the findings, Merrill admitted the facts, and that the violation was “willful.”

Right before the long Labor Day weekend, the SEC announced the bookend to that matter, a settlement with William Tirrell, Merrill’s former FINOP and Head of the Regulatory Reporting Department, i.e., the man who ran the department that was responsible for Merrill’s compliance with Rule 15c3-3.  Given the magnitude of Merrill’s violation, the important nature of the violation from a customer perspective, Merrill’s admission of guilt, and the finding that the violation was willful, one would expect that Mr. Tirrell would get seriously whacked by the SEC, right?  Nope.  To the contrary, amazingly enough.  Unlike Merrill, Mr. Tirrell was found not to have acted willfully; rather, the SEC found that he “negligently caused” Merrill’s $415 million 15c3-3 violations.

Moreover, and even more astounding, Mr. Tirrell’s settlement has him paying nothing. Not a cent.  Moreover, he was not barred.  Nor was he suspended, not for a single day.  Indeed, the only sanction imposed on Mr. Tirrell was an order that he “cease and desist from committing or causing violations of and any future violations of Section 15(c)(3) of the Exchange Act and Rule 15c3-3 thereunder.”

So, let’s get this straight: Merrill acted willfully in committing these rule violations, but Mr. Tirrell only acted negligently in causing these violations?  Merrill pays $415 million, but Mr. Tirrell pays nothing?  Even after the following findings against Mr. Tirrell?

  • Mr. Tirrell and his subordinates calculated Merrill’s customer reserve requirement each week;
  • Mr. Tirrell caused Merrill to reduce the amount of money it should have reserved for the protection of its customers by billions of dollars through the use of certain trades that “improperly used . . . customer assets to finance [Merrill’s] own activities”; and
  • Mr. Tirrell failed to respond to questions from FINRA for information about those trades, which “prevented regulators from receiving information that could have prompted them to prohibit ML from moving forward.”

Commentators, myself among them, have been complaining forever that there is a clear disparity between the treatment that management of small firms receives at the hands of regulators versus the treatment that big firm management receives. The regulators routinely deny this, of course, but, a situation like Mr. Tirrell’s amply demonstrates that this denial is bogus.  While this is nothing but rank speculation, I find it difficult to believe that a FINOP at a small firm would have managed to walk away from a series of rule violations like this with a finding that his or her conduct was merely “negligent,” without paying a penny in civil penalties, and without being barred or suspended.

Perhaps there is something more to this story than meets the eye, something that explains the ridiculous difference between what Merrill had to pay and what the man who was responsible for Merrill’s rule violations had to pay.  But, perhaps not.  Perhaps this is simply another, but shining, example of the point I made in May last year, when MetLife paid a measly $25 million to settle an annuity switching case with no individual being named as a respondent and no finding of willfulness:  when it comes to dealing with regulators and settlements, money talks.

OMB Approves Additional Delay For Further Study Of The DOL Fiduciary Rule

Posted in Fiduciary Rule

The Office of Management and Budget’s Office of Information and Regulatory Affairs (OIRA) announced this week that it was effectively approving a delay in full implementation of the Department of Labor (DOL) Fiduciary Rule. After several years of study and comment, the final version of the Rule was originally slated to take effect earlier this year, but was delayed consistent with President Trump’s order to the DOL to further review the Rule’s impact on the cost to the investment industry vs. its efficacy in protecting investors (despite the DOL’s several prior years of study of that precise issue).  Pursuant to this action, the Rule is not likely to be fully implemented until at least July 1, 2019, and may be changed or scrapped in the interim.

Some provisions of the Rule – notably the definition of “fiduciary” and the “impartial conduct” standards that require advisors to retirement plans and investors to act in investors’ best interests when recommending products – became effective on June 9, 2017. During the “Transition Period” after June 9 and before the Rule is fully implemented (now July 2019), however, the DOL indicated it will not enforce the Rule for advisors who are attempting to comply in good faith.  Of course, the DOL’s position will not stop investors from alleging the impartial conduct standards are now the applicable standards of care for financial advisors in the retirement industry in litigation.

The DOL indicated yesterday that it may delay implementation of the Rule even further. It has received over 60,000 comments already on the impact of delay, and has set a deadline of September 15, 2017 for further comments.

The OIRA approved the additional delay “consistent with change,” which means it has suggested some undisclosed changes to the Rule. The next step is for the DOL and OIRA to conduct closed-door deliberations of proposed changes and reach agreement, a process that carries no deadline and could delay the Rule even further.  Meantime, several studies have suggested the cost of delay far outweighs the cost of compliance with the Rule as it now stands, so it is unclear whether even the retirement industry will actually benefit from the additional process.


Dawn Bennett Redefines “Spirited Defense” In Her SEC Case

Posted in Administrative Proceedings, Defenses, Disciplinary Process, SEC

This one belongs in the “truth is stranger than fiction” category. By now, you are probably familiar with the exploits of Dawn Bennett, former hostess of her radio show, “Financial Myth Busting.” She was the one who the SEC permanently barred last year after she elected not to appear at her administrative hearing (after her efforts to get the matter heard in federal court, rather than before an SEC ALJ, proved unsuccessful).  Well, earlier this week, the SEC brought a new case against her, and this time, she got her wish, as it was, in fact, filed in federal court in Maryland.

That case is not particularly remarkable. It contains the usual collection of allegations one sees in Ponzi scheme cases, i.e., money collected from naïve, often elderly investors who were promised outrageous returns, which was then diverted to support an extravagant lifestyle, including $1.45 million to the Dallas Cowboys for back-rent on a luxury suite, and at least $500,000 on “high-end, luxury clothing, jewelry, and other personal items.”  Lots and lots of shoes, apparently.  What is remarkable, however, is the companion criminal case filed against her by the United States alleging wire fraud, bank fraud and making false statements related to a loan and credit application.  Why is it remarkable?  Consider the affidavit of an FBI agent filed in support of the complaint to demonstrate Ms. Bennett’s “consciousness of guilt.”

According to that FBI agent, an August 2 search of Ms. Bennett’s penthouse in Maryland revealed, according to the New York Times’s description of the event, “two freezers containing sealed Mason jars bearing the initials of U.S. Securities and Exchange Commission lawyers, on whom Bennett may have hoped to cast a ‘hoodoo spell.’” In addition, agents found instructions for a “Beef Tongue Shut Up Hoodoo Spell,” which, according to the affidavit, “suggest[ed] that Bennett had many times cast a ‘hoodoo spell’ in hopes of paranormally silencing the SEC attorneys investigating Bennett.”

I have been representing respondents and defendants in securities cases for a long time, and, candidly, I am forced to admit that this defense never occurred to me. There are often occasions during hearings when I might wish that the particular Enforcement attorney prosecuting my client would simply sit down and shut up, but, beyond wishing for that, I have never taken matters into my own hands in an attempt actually to make it happen.  Live and learn!

Are there any lessons to be gleaned from Ms. Bennett’s circumstances, beyond the obvious – which is don’t lie to customers and don’t lie to regulators? Perhaps this:  no matter how much you may disagree with the case that the regulators have brought, it is necessary at all times to maintain some sense of decorum, and treat the other side, both examiners and attorneys, as well as the factfinder, of course, with respect.  It can be easy to forget that these people are human beings, and, as such, tend to react to certain things in predictable ways, even if that reaction is sub- or unconscious.  Judges and juries, for example, theoretically work hard to decide cases based solely on the relevant facts and the pertinent law; at least they try to do so.  But, it is humanly impossible to ignore certain dramatic facts that create strong impressions, regardless of whether those facts are relevant, and develop a visceral response to them.  That is why the rules of evidence allow even relevant facts that are “unduly prejudicial” to be excluded, because they might overshadow everything else in the case, and result in decisions based on emotion, not logic.

It seems clear here, at least based on what I have read, that the SEC simply has it out for Ms. Bennett. She has already been barred, yet, here we go again.  Arguably, that is a function, or perhaps partially a function, of the fact that Ms. Bennett has seemingly taken every opportunity possible to poke the SEC in the eye.  And, on some level, the SEC simply doesn’t like that.  At all.  And it has reacted in a predictable, human way.  So, if presented with the chance to bring yet another Enforcement action, it will.

In short, it is one thing to put on a spirited defense; indeed, the Canons of Ethics governing the conduct of lawyers demand the “zealous” representation of clients. But, it is quite another actually to summon the spirits themselves.

Has FINRA Completed Its Inquiry?

Posted in Arbitration, Disciplinary Process, FINRA

Here is a very interesting post from Michael Gross about what happens at the end of a FINRA exam.  One point that he omitted, but worth mentioning, is that in the event FINRA does issue a close-out letter stating that its exam is done and no disciplinary action will be taken, that letter cannot be used by the respondent in a parallel customer arbitration touching upon the same subject as the FINRA exam as evidence that no wrongdoing has taken place.  At least, not without potentially becoming the subject of a new disciplinary action.  See my blog post on this from a couple of years ago. – Alan 

Has FINRA completed its inquiry?[1] I have fielded this question from multiple registered reps. It is a fair question to ask. It is quite understandable that a rep who is the subject (but feels like the target) of an inquiry wants to know if he can sleep easier at night. Knowing that the results of an inquiry, over which a rep has no control, may adversely impact his professional reputation, current employment situation, and livelihood is undeniably a stressful event – even for the rep who has done nothing wrong. Not surprisingly, reps want to know when the inquiry is over.

Sometimes, but not always, FINRA issues a close-out letter to advise a rep that it has completed its inquiry, and that it will not be pursuing formal disciplinary action. As far as I can tell, there is no rhyme or reason why the letters are issued in some inquiries, but not in others. A recent close-out letter that I received on behalf of a rep advises that: “Based on our inquiry, we have determined to close our file pertaining to this matter.” Not surprisingly, the letter contains reservation of rights language: “This determination is based on the facts known to us at this time. In this regard, new or additional facts could lead to a new inquiry.” FINRA, of course, is not going to (nor should it) absolve a rep of liability if FINRA later learns of new facts that prove that the rep engaged in wrongdoing. Nonetheless, a close-out letter is a welcome and comforting communication for a rep who is the subject of an inquiry to receive.

Unfortunately, FINRA does not issue close-out letters in all inquiries that it is has decided to close, officially or unofficially. While an inquiry may be officially, or unofficially and effectively, closed in the eyes of FINRA, the inquiry is not closed in the eyes of the unknowing rep. Unlike in civil cases and certain SEC actions, there is no statute of limitations to which a rep can look to find peace of mind. Concrete statutes of limitations do not apply to FINRA regulatory inquiries and disciplinary actions, which can linger for years. Under the Hayden line of cases, FINRA disciplinary actions can be dismissed if after a certain, undefined period of time, it is unfair to require a rep to attempt to piece together a defense to old claims. However, the number of cases dismissed on Hayden grounds can be counted on one hand. One of the principal purposes of statutes of limitations is that litigation of a long-dormant matter may result in more cruelty than justice. A close-out letter serves a similar purpose.

A rep who has not heard from FINRA about an inquiry in three, six, or even 12 months may be tempted to ask FINRA whether or not it has concluded its inquiry. Unless the inquiry is impacting a rep’s health, he should not give into temptation. First, it is not unusual for an inquiry to sit dormant for months at a time, and then pick up again. Second, don’t poke the bear. A call asking about the status of an inquiry may just serve as a reminder to pick up the dusty file. The longer an inquiry lasts, the more likely it is to be closed for one reason or another.

In sum, it should be standard operating procedure for FINRA to issue close-out letters to reps and firms in all inquiries where FINRA has decided to close its inquiry, and not pursue formal action, especially in light of the reservation of rights language in its standard close-out letter. Simply put, this common courtesy should be extended to all of those who work under the umbrella of the membership organization.

[1] FINRA starts its examination process by conducting an “inquiry,” which is not a reportable event on a rep’s Form U4. If Enforcement issues a Wells notice in connection with an “inquiry,” then the “inquiry” becomes an “investigation,” which is a reportable event on Form U4.


Ransomware In 2017: Not A Pretty Picture

Posted in Cybersecurity, FINRA, SEC

I am happy to share this post from my colleague, Greg Stein, about ransomware.  While ransomware is not something unique to the financial services industry, because, as criminal Willie Sutton famously answered when asked why he robbed banks, our industry is “where the money is,” BDs, IAs and banks do seem to attract more than their fair share of ransonware attention.  I do not profess to be an expert in this area, but, happily, Greg is just a phone call away.  – Alan

Ransomware is hot.  And unlike some trends, it is unlikely to be a short-term trend.  Criminals have been able to easily deploy ransomware attacks, which encrypt a users’ data and hold it hostage until the victim pays a ransom, and unlike stealing personal information, there is direct payment to the criminals and no need to sell anything on the dark web.  Those characteristics have made ransomware increasingly attractive to criminals.  It is unsurprising, then, that ransomware attacks were up 50% in the first half of 2017, according to a July 2017 breach insight report prepared by insurer Beazely.  The Beazely Report merely confirms what has become obvious to all businesses: ransomware is one of the most significant cyberthreats to every business and it is critical to develop plans to prevent ransomware attacks and to respond if an organization gets hit with a ransomware attack.

Unfortunately, 2017 has been the year of the ransomware threat, with the WannaCry and Petya outbreaks, widespread ransomware attacks that infected computers throughout the world.  Recognizing the threat that WannaCry posed to broker-dealers, investment advisers, and investment companies, the SEC issued a Cybersecurity: Ransomware Alert on May 17, 2017 describing the threat and steps Firms should be taking to prevent the attack.

The SEC Alert explained that the WannaCry hack was exploiting vulnerabilities through Microsoft’s Remote Desktop Protocol and a critical Windows Server Message Block version 1 vulnerability.  To prevent the threat, it recommended that Firms (1) review the alert published by the United States Department of Homeland Security’s Computer Emergency Readiness Team; and (2) determine whether they had properly and timely installed Microsoft patches for Window XP, Windows 8, and Windows Server 2003.

Further, the SEC Alert identified important practices that would help protect against ransomware threats generally:

  • Cyber-risk assessments – Performing periodic risk assessments of critical systems to identify cybersecurity threats, vulnerabilities, and the potential business consequences.
  • Penetration Tests – Performing penetration tests and vulnerability scans of critical systems.
  • System Maintenance – Implementing a program to timely apply software patches as part of system maintenance.

Like WannaCry, Petya is a strain of ransomware that impacted systems throughout the world. One notable victim was TNT Express B.V., a transportation company acquired by FedEx Corp. in May 2016.  In FedEx’s 10-K, it explained that TNT was a victim of the Petya attack, that it cannot yet determine the financial impact of the crime other than it will likely be “material,” and  FedEx did not have cyber or other insurance that would mitigate the costs of the attack.

Ransomware poses a significant threats to broker-dealers and their customers and implicate many different legal issues.  FINRA reviews firms’ ability to protect the confidentiality, integrity, and availability of sensitive customer information. The legal authority for that review includes Regulation S-P, Regulation S-ID, and the Securities Exchange Act of 1934.  In other words, ransomware is not an information technology issue.  It is a critical business issue with significant legal implications.

Best practices for firms include performing cyber-risk assessments, penetration testing, and system maintenance and having the work performed by a party engaged by an attorney. By having an attorney hire the party perform these tasks, there is an argument that the results of such assessments and testing are protected under attorney-client privilege.  Without an attorney’s involvement in such projects, the results undoubtedly will be discoverable in civil litigation and regulatory investigations.

Further, as illustrated by FedEx, it is important to review whether an entity has cyberliability insurance in place that protects against ransomware attacks.  Not all cyberliability policies are the same, so it is important to closely analyze whether your policy will cover restoring impacted systems and lost revenue in the event operations are disrupted by a ransomware attack.

The threat from ransomware is rising, a trend that appears to continue into the future.  Planning to prevent and, if necessary, recover from a ransomware attack should be a legal issue that is treated as a priority for broker-dealers.


The Head-In-The-Sand Approach To Supervision: A Primer

Posted in CCO, Defenses, Disciplinary Process, Enforcement, FINRA, Supervision

There’s a claimant’s lawyer I’ve litigated against several times who is very good at his job, and who I personally like very much. Part of the reason for his success is that he is very engaging, so even when he utterly lacks any decent facts on which to base his claim – which is often the case – he still makes it a big show, with posters and charts and such.  My favorite prop that he uses is a well-worn photo of an ostrich with its head shoved in the sand.  As you could guess, this is the demonstrative he brandishes to support his inevitable argument that the firm failed to be diligent in its look-out for red flags.  This week, FINRA issued a decision in a churning/excessive trading case that – without using an ostrich picture – included a nice analysis of whether, and when, the head of a broker-dealer can successfully avoid liability for a supervisory failure by arguing that it was someone else’s job.  In other words, this decision makes for very instructive reading for anyone hoping to delegate away not just supervisory responsibility, but potential liability.

The law is clear, and FINRA readily acknowledges, that while a BD’s president is responsible for supervision at the firm, those supervisory responsibilities may be delegated away: “[A] brokerage’s president is ultimately responsible for supervision, unless he or she has delegated that responsibility to someone else at the firm and does not know or have reason to know that the responsibility is not being properly exercised.” The problem for supervisors who do this, but still find themselves involved in disciplinary actions, is the end of the quote, i.e., the part about neither knowing nor having reason to know that the individual to whom the supervisory responsibilities have been delegated is not doing the job.  As FINRA put it, “[e]ven if the president delegates particular functions to another person, once on notice of the firm’s continuing failure to satisfy regulatory requirements, the president is ‘obligated to respond with utmost vigilance and take remedial action.’”  Unfortunately for the respondents in the case at issue, Mr. Taddonio and Mr. Porges, while they had the delegation part covered, their defense fell short when they made the ostrich-with-its-head-in-the-sand argument.

Mr. Taddonio was the firm’s President and CEO. Mr. Porges was the COO and also a sales manager.  Mr. Taddonio testified that he delegated all his supervisory responsibilities to the CCOs.[1]  He argued that the very reason he hired CCOs was because he “was not experienced in supervision and compliance issues.”  Moreover, he stated that he did not supervise the CCOs.  The CCOs, however, saw it differently.  They testified that:

  • They reported to both Mr. Taddonio and Mr. Porges;
  • Their employment contracts gave them no responsibility for supervising the firm’s reps;
  • Mr. Taddonio and Mr. Porges were responsible for managing and instructing the firm’s sales force;
  • Their roles were limited to compliance, administration, and operations;
  • Mr. Taddonio “could and did review the RRs’ trading electronically.”

In addition, the firm’s WSPs didn’t help the defense that it was the CCOs who were supervising the RRs. The principal problem is that the WSPs were ambiguous.  Some portions did suggest that Mr. Taddonio had delegated his responsibilities.  But, others read differently.  And, worse, others were simply nonsensical.  For instance, supervisory responsibilities were supposedly reflected on an “ORG Chart,” but there was no such chart in the WSPs.  As a result of these ambiguities, FINRA concluded that there was no proper delegation of supervisory responsibilities in the WSPs:  “[T]he ambiguities in the WSPs meant that no one [to whom Mr. Taddonio had supposedly delegated supervision] had clear responsibility for evaluating the suitability of individual trades or the quantity of trading in customers’ accounts.”

There was also “considerable evidence” that Mr. Taddonio, despite his titles, was functioning as the firm’s sales manager “and kept close track of the RRs’ sales activities.” He sent emails to the reps with specific trading ideas.  He also “encouraged and rewarded the RRs” with sales awards.

Given all this, the hearing panel held that Mr. Taddonio did not delegate away his supervisory responsibilities. But, that’s not all.  In addition, it held that even if he had delegated them properly, he was nevertheless aware of “red flags” indicating not just excessive trading by the RRs, but also “inadequate supervisory responses to those red flags, and was thus on notice of the firm’s continuing failure to satisfy regulatory requirements.”  He failed, however, “to respond with utmost vigilance and take remedial action.”  Even though the CCOs were concerned about excessive trading, and took certain steps to address the problem, “it should have been obvious to Taddonio” – who was aware of those concerns and the attempts at remediation – “that those steps were inadequate to ensure that his firm was meeting its supervisory responsibilities and protecting its customers from improper sales practices by its RRs.”

As for Mr. Porges, the COO, he claimed his role was primarily to deal with the firm’s finances, and was never assigned responsibility to supervise the RRs. To the extent he became aware of red flags, he insisted that “it was not appropriate for him to second guess the much more experienced CCOs of the firm.”

The hearing panel did not buy his arguments. Remember, the CCOs testified that they reported to Mr. Porges.  He was actively involved in hiring the CCOs.  He was involved in creating activity letters sent to customers, and became responsible for actually signing them.  Mr. Porges received exception reports relating to account activity.  In an 8210 response, Mr. Porges stated that he oversaw RRs’ “production, monitoring monthly commissions and compensation.”  Along with Mr. Taddonio, he was responsible for issuing the awards for sales.  Based on this evidence, the hearing panel concluded that Mr. Porges “had ample indications that [the RRs] were, or might be, excessively trading customer accounts,” and therefore “should have realized that the steps being implemented by the CCOs were insufficient to fully address the issue.”  In conclusion, the hearing panel quoted the SEC:  “When indications of impropriety reach the attention of those in authority, they must act decisively to detect and prevent violations of the securities laws.”

And therein lies the rub: the head of a firm must respond quickly and appropriately to red flags, i.e., “indications of impropriety,” but, at the same time, the head of the firm may not attempt to avoid learning of such red flags – and, therefore, supervisory liability – by burying his head in the sand and then claiming ignorance. Mr. Taddonio and Mr. Porges learned the hard way that for a firm president, or COO, to avoid supervisory liability, they must do several things correctly.  First, they must properly delegate their responsibilities, and do so in clear, cogent, consistent, up-to-date documents.  Ambiguous WSPs won’t cut it.  Second, even if they do that, they must be able to demonstrate – through documents – the efforts they took to monitor the success of the supervisory activities of those people to whom they delegated their supervisory responsibilities.  If they can make that showing, that they were watching carefully for red flags but never saw any, then, and only then, can they sit back while their delegates twist in the wind.

[1] There were two CCOs, apparently, during the pertinent time period.

FINRA’s Board Acts To Fix The Problem…That FINRA Created

Posted in Arbitration, Board of Governors, Enforcement, FINRA

So, as you undoubtedly recall, in its typical reactive approach to regulation, FINRA has expressed concern – after having concerns expressed to it by others (none of whom are actually from the securities industry, of course) – about (1) the high number of registered reps working in the industry with spotty disciplinary records, and (2) the number of arbitration awards against BDs that go unpaid. Well, FINRA is now preparing to address these pressing issues.

At its most recent Board meeting, FINRA agreed to publish a Regulatory Notice soliciting comments on proposed rules designed to address both of these “problems.”  On the “rogue rep” issue, FINRA will be soliciting comments on proposed amendments to FINRA’s Membership Application Program (“MAP”) rules that would require a member firm to seek a materiality consultation, or MatCon as we like to call it, in two different circumstances.  The first is when “a broker with certain specified risk events seeks to become an owner, control person or principal of the member,” and the second is when “the member seeks to add a broker with certain specified risk events to the firm.” This raises a few of issues.

First, what, exactly, are “certain specified risk events?” Are these determined qualitatively, by the nature of the individual’s disciplinary disclosures?  Or, are they determined quantitatively, by the number of disclosures?  Or, perhaps, some combination of the two?  I guess we need to wait for the Reg Notices themselves to learn.  Clearly, this is where the rubber will meet the road on these proposals.  If the threshold is set too low, then too many prospective owners will be swept into this process, rendering the filter useless.  But, if it is set too high, then those darned “high-risk” brokers will running things at BDs all over the place.

Second, I seriously question how much protection such amendments would actually provide. I can assure you that today, under the existing MAP rules, if someone with a disciplinary history files an application under Rule 1017 to become the owner, or even an owner, of a BD, that application would first be fly-specked to death, and then, eventually, denied.  The existing MAP process is tough.  MAP examiners, while lovely individuals and generally easy to work with, are pleased as punch to hold against an applicant the smallest of infractions, or perceived infractions.  Indeed, a prospective new owner need not even have a formal disciplinary history to raise MAP’s eyebrows.  I know of applicants that were merely the subject of pending exams – exams that had not yet even made it to the findings stage – who were told that mere “examiner concerns” were enough to cause MAP to look negatively on a 1017.  I suppose that if the MatCon was required no matter how small of an ownership interest the applicant was seeking to acquire, it might add something to the existing process,[1] but that would be an incremental change, at best.

Third, existing rules also allow FINRA today to prevent an individual RR from moving from one firm to another. Anytime a rep changes BDs, the old BD files a Form U-5 and the new firm files a Form U-4.  FINRA must approve the U-4, of course.  Given that, in theory, FINRA already possesses the power to serve as gatekeeper, by not approving Forms U-4 for reps with troublesome records.  But, FINRA generally does not do that.

Which is the principal reason why FINRA’s professed concern about high-risk brokers is so odd to me. As I have blogged about before, there is simply no way for any of this to be a surprise to FINRA.  It controls every aspect of the process that exists to become and remain a member firm, or an individual to become and remain associated with a member firm, i.e., the membership/registration piece, the examination piece, and the enforcement piece.  Thus, to the extent that there are reps still working out there with lots of disciplinary events on their records, i.e., the reps about FINRA is so worked up, it is 100% because (1) FINRA approved their registrations, and (2) when it disciplined them – after all, their disciplinary histories derive from enforcement actions that FINRA brought – it determined that whatever they did wrong was not bad enough to require them to be tossed out of the industry.

Thus, whatever problem supposedly exists now regarding high-risk brokers, it has arguably been caused by FINRA itself. And now, it proposes to ride in to the rescue from its self-created problem, after the media had the bad taste to shed some light on this situation.  It would be funny if it wasn’t true.

Regarding the unpaid arbitration awards, FINRA is also proposing to use its MAP rules to address the perceived problem. What FINRA has suggested is an amendment that will allow it “to presumptively deny a new membership application if the applicant or its associated persons are subject to pending arbitration claims.”  In addition, in the context of a CMA, or change in ownership of an existing member, the proposed amendments would require a MatCon when “the member is seeking to effect a business expansion or asset transfer and the member or an associated person has a substantial level of pending arbitration claims, an unpaid arbitration award or an unpaid settlement related to an arbitration.”

It is really interesting that somehow FINRA’s concern about unpaid arbitration awards has morphed here into concern about “pending arbitration claims.” Aren’t the two very different?  When there’s an unpaid award, it necessarily means that the firm has already lost the arbitration, and has been ordered to pay some money to the claimant because the hearing panel concluded the firm did something wrong.  But, in a pending arbitration, one in which the award has not yet been rendered, the respondent firm is presumed to be innocent until proven otherwise, as the claimant has the burden of proof.  It seems a bit incongruous, and certainly unfair, for FINRA to be permitted to hold mere allegations, not findings, against a prospective owner.  (But, as I said above, MAP already does this today, rightly or wrongly.)

Also, as I have mentioned before, in its existing arsenal of procedural weapons, under Rule 9554, FINRA already has the right to seek summary expulsion of a firm if it fails to pay an arbitration award in a timely manner or to follow through on a settlement agreement. If it is FINRA’s goal to weed out from its ranks those firms that don’t pay arbitration awards, it has the power to accomplish that now.  Moreover, if the goal is also to prevent Firm A from simply not paying an arbitration award and going down the street and opening Firm B, or just joining Firm B, this proposal would not prevent that.  The proposal, at least as described by FINRA in the brief summary, is really tied to awards against individuals, either the individual owners of a firm or its associated persons.  When individuals have unpaid arbitration awards, FINRA can stop them from either owning a BD or from joining one.  On the other hand, when the awards are not against individuals, but, rather, against the firm for which they used to work, the individuals are free to move.  And neither the existing rule nor the proposal would stop that.

One final observation. It is remarkable how quickly FINRA seems to act when it receives a complaint from Congress, or, worse, from the media, about how it does business; yet, when its own members complain about something, it falls on deaf ears.  This certainly suggests that FINRA has its priorities backwards.

[1] Under the existing rules, neither a MatCon nor a full-blown 1017 is required unless the transaction would result in someone becoming at least a 25% owner of the firm.  So, if a “bad actor” wanted to acquire, say, only 10% of a BD, that can be accomplished simply through the filing of an amendment to Form BD, without the need to obtain FINRA approval.

Let The Sun Shine On FINRA’s Office Of Disciplinary Affairs

Posted in Disciplinary Process, FINRA, ODA

Back in the old days, back when it was still NASD and it bore some reasonable semblance of a true self-regulatory organization, the important decisions relating to the Enforcement process – the decision to issue a complaint, the decision to settle a case, and the decision in litigated matters that actually went to hearing – all resided with the District Business Conduct Committee, or DBCC (n/k/a the District Committee) and, for, trading cases, the Market Surveillance Committee (n/k/a the Market Regulation Committee). The DBCC and MSC were comprised exclusively of industry members who were voted into their roles by their peers.  That’s where the “self” in self-regulation came from, since it was actually brokers making decisions about other brokers.

That changed, of course, in 1996, when NASD got sanctioned by the SEC in the infamous 21(a) Report that disclosed that the relationship between NASD staff in the New York District and the members of the DBCC, as well as the relationship between the Market Surveillance staff and members of the MSC, was a bit too cozy, resulting in those committee members sometimes using the NASD to bring Enforcement actions (relating to market making activities) against their business competitors.  As a result of that Report, NASD dramatically altered it processes, carving out the DBCC and MSC from any decisions relating to filing or settling complaints, and vesting those decisions with NASD Enforcement staff.  Thus, many argue, began the elimination of “self” from self-regulation.

To prevent Enforcement from running amok, NASD also created the Office of Disciplinary Affairs, or ODA. ODA is a completely separate group, not associated with Enforcement, designed as a check to ensure that Enforcement’s decisions were reasonable.  Specifically, before Enforcement could file a complaint, it first had to apply for and obtain approval from ODA.  Additionally, ODA needed to approve all settlements, even though the actual settlement negotiations were conducted with Enforcement staff.  Clearly, in light of these critical activities, ODA was established to play a very, very powerful role in the Enforcement process.  And today, nothing has changed.

But, here’s the thing, and the point of this post: Who, exactly, is ODA?  Who is actually making its decisions?  On what basis does it makes its decisions?  And why is it that only Enforcement gets to communicate with ODA?

Look at the FINRA website, and I challenge you to figure out what exactly the ODA is, what it does, of whom it is comprised, how it functions, etc. I mean, you can easily see the old Notice to Members from 1999 that announced the formation of the ODA, and you can see the rules – 9211, 9216, and 9270 – that state that the ODA must authorize complaints and approve settlements.  There is also Reg Notice 09-17, which did not create anything new, but merely reiterates the current Enforcement process.  It provides the following completely unhelpful, unenlightening explanation about ODA:

FINRA’s Office of Disciplinary Affairs (ODA) is independent of Enforcement and is not involved in the investigation or litigation of cases. ODA is charged with reviewing each proposed settlement or complaint, including any Wells Submissions, to provide an independent review of the legal and evidentiary sufficiency of the charges proposed by the staff. ODA also reviews settlements for consistency with the Sanction Guidelines as well as applicable precedent. ODA approval is required before the issuance of a settlement or complaint.

Let’s take this incrementally. Let’s say Enforcement wants to file a complaint, and, in anticipation of that, it invites my client to submit a Wells letter.  I prepare the response and send it to Enforcement which, apparently, then sends it to ODA.  But, what else does Enforcement do?  Does it also submit a rebuttal to the Wells?  Does it get to converse with ODA?  Does it get to answer questions that ODA may have?  The answer to these is yes, of course.  All of those communications between Enforcement and ODA happen, yet I never get to see them, or respond, or comment, or participate.  ODA is “independent of Enforcement,” purportedly, yet it is entirely dependent on Enforcement for the information it needs to do its assigned job.  Why can’t a prospective respondent communicate directly with ODA?  Why does everything I submit have to get filtered by Enforcement first?  Why can’t I even know the name of the individual(s) who is (are) serving as the final arbiter of whether a complaint is mandated?  Indeed, I have no idea if ODA is one person, or a group (as it used to be), or if it is a group, who runs the place.  And if it is, truly, independent of Enforcement, to whom does ODA report?

Same thing with settlements. While it certainly helps to have the Enforcement lawyer agree that my offer is reasonable (because the Enforcement lawyer, in turn, will then try to sell it to ODA), ultimately it is only ODA’s opinion that matters.  The Enforcement lawyer is largely relegated to the role of ferrying offers and demands back and forth between ODA and me.  It would be way easier, and more sensible, if I could just talk directly to ODA, rather than having Enforcement serve as the conduit.

The point is, ODA is incredibly powerful in the FINRA Enforcement process, arguably more powerful than the Department of Enforcement itself, given that Enforcement can’t issue a complaint or settle a case unless ODA says so. Yet, ODA is nameless, faceless, accountable to no one, working entirely behind the scenes, away from public scrutiny, unavailable for a dialogue, able to issue decrees that both Enforcement and respondents must follow.  This sounds like the antithesis of what due process should be, but it is the norm for FINRA.  Members should demand that, as the SEC did when it issued the 21(a) Report against NASD, more sunshine be provided to remove the mysterious procedures that now shroud Enforcement actions.  Make ODA show itself, let respondents be able to communicate directly with ODA, require it to be accountable for its decisions.

FINRA’s Annual Report: I Wish It Was Fake News

Posted in Annual Report, FINRA

This past week, FINRA very, very quietly released its Annual Report for 2016.  Too quietly, as they say in the movies.  No press release.  No press conference.  No media attention at all, hardly.  As President Trump just asked about State Election Commissioners who refused to respond to a request from his Election Fraud taskforce for a vast array of personal information about voters, “what is it hiding?”  Well, seems to me there are a couple of things in the Report that, frankly, FINRA would prefer not become the topic of too many conversations.

First, of course, is the embarrassing annual parade of FINRA millionaire employees. At first glance, you may be buoyed by the fact that only three of the top ten earners are slated actually to make $1 million or more in 2017, down from six in 2016.  But, that is deceiving, as the 2017 figures revealed in the Report do not include deferred comp, which isn’t determined until the end of year.  Once that is tallied up, undoubtedly, the number will climb.  Plus, even absent a consideration of deferred comp, no one on the list is struggling to make ends meet.  The lowest comp number is still a whopping $728,000.  And, one of the poor guys who doesn’t make $1 million (absent deferred comp) is Tom Gira, who made a cool $2.6 million last year (due to a one-time pension thing), more than anyone else at FINRA.  Tom is nice guy, and I personally like him, but there is simply no way that he brought $2.6 million of value to the table.

FINRA may be a not-for-profit company, but its management compensation sure looks a lot more like a Silicon Valley tech success than a stuffy old regulator. These insane comp numbers make Robert Cook’s boast that he is addressing FINRA’s expected “operating revenue challenges” this year by “freezing officer salaries” sound more than a bit ridiculous.  What?  You’re going to freeze my salary at a paltry $1 million??”

The second thing of note about the Report is that it makes abundantly clear just what FINRA views its job to be, and what, presumably, it feels the public deems important. And believe me, it is not to make the lives of broker-dealers easier. To the contrary, what FINRA leads its Report off with is a self-congratulatory recitation of its Enforcement work, extolling $173.8 million in fines, $27.9 million in restitution to harmed investors, 24 firms expelled, 727 brokers suspended, 517 brokers barred, 1,434 disciplinary actions, 785 cases referred for prosecution to the SEC and other federal or state law enforcement agencies, 439 potential market manipulation cases referred to the SEC, and 97 potential Reg M violations detected by cross-market patterns referred to the SEC.

In fact, FINRA notes in the Report that it collected so much money in fines last year that this single part of its revenue stream was alone more than enough to address the loss that FINRA suffered in 2015. The Report states: “We reported net income of $57.7 million in 2016 versus a loss of $39.5 million in 2015.  The change is primarily related to two areas: fines and portfolio returns.  An increase in fines revenue more than offset the decrease in operating revenues for the year….”  I suppose the good news, therefore, if you were a respondent in a FINRA Enforcement action last year and paid a fine, is that you can rest easier at night knowing that you helped FINRA turn around its financial problem.[1]

Perhaps it wouldn’t be so difficult to stomach FINRA’s Report if it was clear that it was doing a good job and that it was spending its money wisely. But, anecdotally, anyway, based on comments from the very members who pay those salaries through assessments, fees and fines, FINRA is failing to meet its statutory mandate.  It still spends way too much time and money going after firms and individuals who don’t represent a true threat to the integrity of the markets.  It refuses to settle cases for a reasonable sanction, even though such sanctions are not supposed to be punitive.  It sends out examiners who lack sufficient knowledge and understanding of how firms run their businesses, leading to miscommunications and time wasted, at a minimum.  It is way too focused on headlines, especially negative ones, that is, on the appearance of accomplishing something, than actually accomplishing it.  It is very fast to jump on problems that others have discovered, rather than proactively identifying such problems itself and nipping them in the bud.

Ultimately, it boils down to whether member firms feel like they are getting what they’re paying for with FINRA, and, at least as I see it, the consensus is a resounding “no.”


[1] To be fair, FINRA “do[es] not view fines as part of [its] operating revenues.  The use of fine monies is limited to capital expenditures and regulatory projects, such as [its] efforts to leverage technology innovations and the Cloud initiative, and other projects as appropriate, which are reported to and approved by [its Finance, Operations and Technology Committee and Board.”

The Unassailable FINRA Rule 8210

Posted in Disciplinary Process, Enforcement, FINRA, Rule 8210

My dissatisfaction with FINRA’s Rule 8210 and, more specifically, the aggressive manner with which FINRA wields that rule, has been the subject of several prior blogs.  I happy to report that my partner, Michael Gross, has drunk the Kool-Aid, and joined me in tilting at this windmill.  – Alan

The first paragraph of a paper calling for reform at FINRA notes that:

FINRA is a regulator of central importance to the functioning of U.S. capital markets. It is neither a true self-regulatory organization nor a government agency. It is largely unaccountable to the industry or to the public. Due process, transparency, and regulatory-review protections normally associated with regulators are not present . . . .[1]

One of FINRA greatest powers – FINRA Rule 8210 – epitomizes its lack of accountability and meaningful due process protections.

The Power of Rule 8210

FINRA Rule 8210 requires members and their associated persons to provide documents, information, and testimony “with respect to any matter involved in the investigation, complaint, examination, or proceeding.” Because of the exceedingly broad scope of FINRA Rule 2010 (which requires firms and individuals, “in the conduct of [their] business, [to] observe high standards of commercial honor and just and equitable principles of trade”), the subject matter of an investigation can encompass anything business-related. Moreover, FINRA alone determines what is relevant to its investigations.

Rule 8210 is a tremendous power. If a registered rep does not comply with a request for documents, information, or testimony, FINRA can have the rep barred from the securities industry.[2] Once barred, an individual becomes subject to statutory disqualification, which has implications beyond the ability to function as a registered rep. Simply put, FINRA’s power through Rule 8210 extends beyond the securities industry it governs.

The Potential for Abuse

With this much power, Rule 8210 has the potential for abuse. FINRA can seek to expel those whom it deems to be undesirable by making compliance with the nature, volume, or scope of Rule 8210 requests so undesirable or burdensome that providing the requested documents or information is not a real option.

There is no limit on the number of document and information requests that FINRA can issue. It is not uncommon for FINRA to issue pages upon pages of document and information requests, and to follow up one set of overly broad and unduly burdensome set of requests with another set of the same. There likewise is no limit on the number of hours or days for which FINRA can take a rep’s testimony.[3] Multiple-day on-the-record interviews are not uncommon. Under Rule 8210, FINRA can even compel a rep, who lives within walking distance of its New York office, to travel across the country at his own expense to provide testimony in its Los Angeles office.

In addition, there generally is no limit on the scope of document and information requests that FINRA can issue.[4] For example, a rep may possess confidential medical records regarding a client to whom he sold an annuity (which is not a security). FINRA can demand those records, even if the rep did not conduct any securities business with the client. By further example, it may be a violation of state, federal, or international law or a breach of contract to provide certain confidential documents that a rep possesses by virtue of his non-securities-related business, but FINRA still can requests that those documents be produced.

Further, there is no time limitation on the length of a FINRA inquiry.[5] It is not uncommon for FINRA to investigate matters long after the fact, or to conduct inquiries that can be measured in years, not months. It likewise is not uncommon from FINRA to receive a response to a Rule 8210 request, not communicate with the rep for months or longer, and then continue to pursue the inquiry. Lengthy inquiries can be quite stressful to those under scrutiny, as well as their families.

The potential for abuse is there. And there are plenty of firms and reps that will testify that they have been harassed by FINRA through its seemingly limitless Rule 8210 power.

The Unassailability of Rule 8210

If a rep believes that FINRA is abusing its Rule 8210 powers, he has limited options –none of which provide appropriate due process.

The first option is to complain to FINRA. This can be done through complaints at the district and national levels or to its Office of the Ombudsman. This route leaves a rep at the mercy of FINRA – the very same people who issued the requests (and who feel compelled to defend the actions of their organization). This is not due process.

The second option is to not provide the requested documents and information. This is a very risky route. It requires a rep to put his license on the line to assert that FINRA has overstepped the bounds of Rule 8210. If FINRA determines that it is entitled to the requested documents and information (which presumably will be the case), then it likely will initiate a disciplinary proceeding in its forum, the Office of Hearing Officers (OHO), which can be appealed to another one of its forums, the National Adjudicatory Council (NAC). If those tribunals, and any tribunals to which subsequent appeals are lodged, determine that any of the requested materials should have been provided, the likely result is a bar from the securities industry. Needless to say, this method of “due process” discourages challenges to Rule 8210 requests, gives FINRA a tremendous amount of leverage in any attempt to negotiate a limit to the scope of Rule 8210 requests, and emboldens FINRA to push the boundaries of the Rule.

There is no body, independent or otherwise, from which a rep can seek interlocutory relief from overly broad, unduly burdensome, harassing, or otherwise abusive Rule 8210 requests, without running the risk of being barred from the securities industry. Given the power that FINRA wields through Rule 8210, there should be.

[1] A copy of the paper, entitled “Reforming FINRA,” by David R. Burton, is available here.

[2] I used the term “request” throughout this post, because that is the term that FINRA uses. As one of my colleagues has observed, “demand” is probably the more appropriate nomenclature given the consequence of non-compliance.

[3] The Federal Rules of Civil Procedure limit the number of interrogatories to 25 and the length of a deposition to one day of seven hours, without leave of the court. The Federal Rules of Civil Procedure limit the number and scope of document requests, as well as discovery in general, through relevancy, proportionality, and other requirements.

[4] FINRA usually recognizes common law and statutory privileges, such as the attorney-client privilege.

[5] The period for discovery in a civil proceeding is typically limited by court order. SEC enforcement actions seeking civil penalties are subject to a five-year statute of limitations.