Broker- Dealer Law Corner

Broker- Dealer Law Corner

The Folly Of ADV Disclosures: What The Robare Decision Teaches About Trying To Do It Right

Posted in Form ADV, RIA, SEC

Most of the time, the cases I write about were some other lawyer’s. In some respects, it’s easier to offer comments when it isn’t my case. I can, hopefully, be more objective, less pissed off (when the result is one I disagree with, of course), and content merely to mine the case for interesting lessons applicable to all my readers. This post, however, is entirely personal. It concerns a case that my colleague and partner, Heidi VonderHeide, and I have been working on for years for two guys – Mark Robare and Jack Jones, who own and run The Robare Group, an RIA in Texas. These are two people that anyone would be proud to represent, and who epitomize the kind of advisors that you would be comfortable recommending to your own mother to handle her nest egg. You probably think I’m biased – and perhaps I am – but even the judge who oversaw the trial stated, in his opinion, that he found Mark and Jack to be “honest and committed to meeting their disclosure requirements” and that it was “difficult to imagine them trying to defraud anyone, let alone their investment clients.”

Finally, Mark and Jack are nearing the end of what turned into a long, difficult road to clear their name. Yesterday, the D.C. Circuit Court of Appeals handed down its decision in what’s become known in legal/IA circles as the “Robare case.”

I have to concede at the outset that while the sanctions the SEC imposed against Mark and Jack were vacated, which is worth celebrating, we didn’t come away with a clean victory, as the court upheld one of the two violations that the SEC found, and remanded the case back to the SEC to determine what the appropriate sanctions – if any – ought to be now, in light of the court’s ruling.

Nevertheless, despite the finding, I can’t help but feel that Mark and Jack won. And I challenge anyone who takes the time to read the decision (and its genesis, especially the ALJ’s Initial Decision, which dismissed ALL of the SEC’s charges) to reach a contrary conclusion. The fact is, while the court partially agreed with the SEC (which had been forced to argue on appeal against the findings of its own ALJ, who had decided to dismiss all charges), the specific findings that were made by all three factfinders amply demonstrate that all my clients are “guilty” of is trying their absolute best to “meet their disclosure requirements.” The fact that THAT failure can nevertheless constitute the basis for a finding that they violated the Investment Advisors Act is, simply, silly.

And, if you work in compliance, what happened to Mark and Jack should keep you up at night.

The pertinent facts of the case aren’t too difficult to understand. Mark and Jack create model portfolios for their advisory clients comprised of no-transaction-fee mutual funds. They pick their funds from a wide variety of fund families available to them on Fidelity’s platform, based strictly on whether the funds are good performers. At one point in time, the BD with which they were – and still are – associated informed them that Fidelity offered a program that would pay them a small fee if they happened to select “eligible,” non-Fidelity NTF funds for their customers. Considering it, their sole question for Fidelity was, if they elected to participate in the program, would they be forced to select funds they otherwise would avoid, or avoid funds they would otherwise choose. They were told, no, they could continue to choose their mutual funds based on their existing, objective criteria. If one of the funds they chose happened to be “eligible” they would receive a fraction of the fund fee paid to Fidelity.

Based on that representation, they entered into a written, tri-party agreement among themselves, Fidelity and their BD. Fidelity never told them which mutual funds were “eligible” for the fee sharing, but Mark and Jack didn’t care, since they weren’t making their investment decisions based on whether the particular mutual funds they chose for their model portfolios resulted in them getting the fee. Whatever fee payments were generated were paid quarterly by Fidelity through their BD as a commission. The BD took its normal, small percentage (in accordance with the existing commission agreement between them) and the remainder was paid to The Robare Group.

Mark and Jack may be experts at making investment decisions for their advisory clients, but they are admittedly not experts at understanding what language should be used in crafting Form ADV conflict disclosures. That is hardly a knock on Mark and Jack. As our witnesses – both fact and expert – testified at the trial, the SEC’s standard for proper disclosure of conflicts of interest was a “moving target.” The scant guidance offered by the SEC was broad and general, and not of much help. Accordingly, every single time Mark and Jack filed their Form ADV, they first obtained qualified assistance. Over the years, they engaged three different compliance consultants for help with their ADV, and they never submitted a Form ADV without the help of a consultant. In addition, they paid their BD a fee in exchange for supervisory/compliance review, including review of the Form ADV disclosures.

Having surrounded themselves with experts and advisors, they firmly believed that any conflict of interest, whether actual or potential, that was created by the deal with Fidelity was adequately disclosed to the world on their Form ADV. They testified – and it was not rebutted any witness the SEC called – that anytime anyone told them to make a change to their ADV, they said, “no problem,” and promptly made the amendment.  In fact, in the middle of the time period at issue here, The Robare Group was audited by the SEC and that audit included a review of the Form ADV. In the end, the SEC examiners expressed no problems whatsoever with the Firm’s disclosures.

Despite all that, many years later, the SEC concluded that Mark and Jack’s ADV failed to disclose the conflict the Fidelity program created. The SEC offered them the chance to settle, and even though it was a “neither admit nor deny” deal, it still included a finding that they had violated an anti-fraud provision of the Advisors Act. While that would have been the easy – and certainly cheaper – way out, Mark and Jack couldn’t do it. They did not believe they committed fraud, and would not sign a settlement agreement that made such a finding. So, off we went to trial with the SEC’s Division of Enforcement.

You have undoubtedly read all the literature out there taking issue with the SEC’s increased use of administrative proceedings in recent years, rather than litigating in court. For years, the SEC ferociously defended its right and ability to bring cases before its own ALJs. The Supreme Court, of course, recently reached the opposite conclusion, finding that the SEC’s ALJs had been unconstitutionally appointed. That aside, however, from a statistical point of view, you can’t argue with the SEC’s choice of forum: rightly or wrongly, the SEC won almost every case it filed before an ALJ.

But not this case. Mark and Jack beat the odds and won their case. ALJ Grimes, after hearing the evidence, dismissed all charges against Mark and Jack. In my favorite line from his Initial Decision, worth quoting again, he said this: “[I]n listening to Mr. Robare and Mr. Jones testify and observing their demeanor under cross-examination, it is difficult to imagine them trying to defraud anyone, let alone their investment clients.”

The Division of Enforcement appealed the dismissal to the Commission. It’s worth pausing briefly here to remember that the Commission is the very entity that authorized the filing of the case in the first place. Then, on appeal, it sits as the appellate body where, because it’s a de novo review, it is empowered to agree with, disagree with, or modify the factual or legal findings of the ALJ however it likes.

Not surprisingly, when presented with this rare instance where an ALJ bucked the statistics and dismissed the case, finding it devoid of the required evidence, the Commission reversed, although not entirely. The Commission agreed with the ALJ that there was simply no evidence of intentional conduct. It found instead that my clients acted negligently, and that they “willfully” violated Section 207 in submitting the Forms ADV. The SEC is empowered to assess first, second, or third tier monetary sanctions where someone willfully violates the Act. Here, the Commission imposed second tier sanctions (i.e., aggravated sanctions), notwithstanding the ALJ’s findings. Notably, though, the imposition of sanctions was a split decision, with one Commissioner determining no sanctions were warranted.

We then appealed to the DC Circuit, our first foray into “neutral territory.” Well, as noted above, the court didn’t entirely buy our arguments. In the most perplexing finding I can imagine, the court concluded that although Mark and Jack subjectively believed that their Form ADV was complete and accurate, based on their decision to let experts handle that difficult task, they were still “negligent.” Negligent, it seems, because even though they realized they didn’t know enough about the standards governing the disclosures in Form ADV to be able to draft them themselves, according to the court, they somehow should nevertheless have known that the disclosures drafted by their paid experts were “plainly inadequate.”

So, Mark and Jack hired experts to draft their ADV disclosures because they were NOT expert at that. Yet, they were supposed to have realized that the language their experts drafted, language that was reviewed and approved by their BD, language that was reviewed by SEC examiners, and language that the ALJ found to be just fine, wasn’t just inadequate but “plainly inadequate.” That, my friends, is a standard that exists only in the minds of jurists, but not in the real world. There is no one who could successfully thread that needle.

And that is why you can see how I am able with a very straight face to say that Mark and Jack won. Everyone agrees that they had no scienter. Heck, they didn’t even act willfully (which is why the Section 207 claim was dismissed, something for another blog post, another day). They tried their level best to meet a standard of disclosure that, apparently, even industry experts could not successfully figure out. If that makes them guilty of committing fraud, then there is a real problem with the very law they supposedly violated. That mere negligence, indeed, negligence accompanied by a good faith intent to do the right thing, can still be deemed fraudulent, is utterly nonsensical and absurd.

We are not going to ask the Supreme Court to consider this case, but I wonder…..




FINRA AWC Includes Waiver Of A Fine: Is This A Sign Of Good Things To Come?

Posted in Disciplinary Process, Enforcement, FINRA, Sanctions

Way back in 2006, NASD issued Notice to Members 06-55, which tweaked the Sanction Guidelines to allow not just the size of the firm to be taken into consideration when determining the appropriate sanctions to be meted out, but, more importantly, how well, or how poorly, the firm is doing on its income statement. Specifically, the NTM resulted in a change to the Guidelines that explicitly permitted the consideration of “the amount of the firm’s revenues” and its “financial resources.” In addition, for “violations that are neither egregious nor involve fraud of the firm,” NASD gave the greenlight to adjudicators not just to “impos[e] a sanction that is proportionately scaled to the firm’s size,” but to “reduce the level of the sanction below the minimum level otherwise recommended in the Guidelines.”

That was over a decade ago. In my experience, unfortunately, it never amounted to much in real terms. FINRA Enforcement lawyers have never paid much attention to pleas for reduced fines based on a respondent firm’s financial condition. Rather, the typical response is that the sanctions sought in a given case must be viewed relative to other cases involving similar misconduct, which means that the sanctions can’t deviate much from whatever norm already exists for that misconduct as established by prior settled or litigated cases.

Well, this week, FINRA released an AWC in which it allowed the BD respondent to avoid paying any fine whatsoever, citing NTM 06-55. This was so crazy, so out of character for FINRA, that it had to take the relatively unusual step of issuing a Press Release for an otherwise unremarkable case, I guess in anticipation of all the head-scratching that the fine waiver would undoubtedly trigger.

The case itself, as I suggested, is pretty vanilla. It concerned the failure by the firm and one of its owner/principals to exercise reasonable supervision over a couple of registered reps who reported to him. The two reps both were guilty of making unsuitable recommendations, specifically, quantitatively unsuitable recommendations. (FYI, FINRA barred both of them. Shocking.) Turns out that both of the reps were trading some of their customer accounts excessively, and one of the reps also made recommendations that resulted in accounts that were over-concentrated in certain positions. The AWC includes findings that the firm’s WSPs were deficient, and also that the firm and the supervising principal failed to detect the trading issues, or, when detected, to take any appropriate responsive action.

As a sanction, the firm was required to pay restitution to the affected customers of just over $200,000, but – here’s the punchline – there was no fine. (The individual respondent was suspended as a principal for three months, fined $20,000, and required to take some continuing education.) In a footnote, the AWC recites that no fine was imposed on the firm due to its “revenues and financial resources, as well as its agreement to pay full restitution.”

Wow! As I said, it is super common to ask FINRA to consider waiving a fine, but rare that such a request gains any traction. So rare that Susan Schroeder, the head of FINRA’s Enforcement Department, felt it necessary to offer a public comment on the case. Bear in mind that FINRA doesn’t issue that many press releases in the course of a year regarding its Enforcement actions, and, when it does, it typically reserves its comments for really big cases, involving lots of firms and big dollar sanctions. This AWC is small potatoes, sanctions-wise, yet it merited a press release. That fact alone requires that we pay close attention to this case.

So, what did Susan say about the fine waiver? Here is her quote:

In this matter, FINRA has prioritized ensuring that affected customers receive full restitution, the firm fixes its supervisory flaws, and the responsible supervisor is held accountable and receives additional training. Due to the firm’s financial condition, FINRA did not impose a fine in addition to these other sanctions – the firm’s limited resources are better spent on remedial measures designed to prevent similar misconduct in the future.

This is, um, reasonable. Not sure what else to call it. FINRA holds itself out to the world as an entity interested in “investor protection,” but too often, it seems way more interested in using its member firms as punching bags. As a guy who exclusively represents respondents in FINRA Enforcement actions, it is really, really welcome news that, perhaps at last, FINRA is paying attention to its corporate mandate.

The notion that FINRA may actually take me seriously the next time I have a small BD client with limited financial resources that doesn’t deserve to be pushed to the financial brink as the result of an Enforcement action leaves me hopeful for the future. As long, that is, as FINRA is consistent with its approach, and doesn’t treat this AWC as an aberration, a one-off case that is never to be replicated. As with many things FINRA does, I suppose only time will tell if this represents a true change in its historic approach, or whether it’s more lip service.

The SEC Released A Risk Alert On Reg S-P, a/k/a How To Avoid A $1 Million Penalty

Posted in Examination, Privacy, Reg S-P, SEC

I am hardly saying that SEC Regulation S-P is the sexiest of regulations. I mean, has any customer is history actually read one of those exciting statement stuffers that discloses in some dense font a BD’s privacy policy? Likely not, but, nevertheless, it remains that in this day and age, with hacking and phishing and cybersecurity a part of the everyday vernacular, Reg S-P is something that BDs cannot afford to be even slightly unfamiliar with.

Helpfully, last week the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) released a Risk Alert “providing a list of compliance issues related to Regulation S-P,” which it described as “the primary SEC rule regarding privacy notices and safeguard policies of investment advisers and broker-dealers.” It is short, a mere four pages, and it is easy to read and digest, so I heartily recommend it to everyone. But, since it is my job to make your lives easier, let me provide a thumbnail of its contents.

What OCIE did was review the results of exams that it conducted of BDs and IAs to identify the typical Reg S-P related deficiencies its staff uncovered. And before you say who cares, consider that both the SEC and FINRA have brought a bunch of Enforcement actions based on Reg S-P violations. That includes a settlement with Voya Financial Advisors in September last year that resulted in a $1 million civil penalty, and another $1 million civil penalty in a 2016 settlement with Morgan Stanley. And if that’s not scary enough, then think about the fact that the SEC has demonstrated a willingness to name individuals for Reg S-P violations when appropriate. See this and this, for example.

Anyway, the exam deficiencies fall into a couple of broad categories. The first involves the obligations to provide Privacy and Opt-Out Notices. As I assume you know, Reg S-P requires that BDs provide an “Initial Privacy Notice” at the outset of a customer relationship that describes, clearly and conspicuously, the firm’s privacy policies and practices, plus an “Annual Privacy Notice,” which repeats what was said in the Initial Notice, plus an “Opt-Out Notice,” which provides customers the right “to opt out of some disclosures of non-public personal information about the customer to nonaffiliated third parties.” According to OCIE, the problems observed include some that are really basic and obvious, including not providing the Initial Privacy Notices, Annual Privacy Notices and Opt-Out Notices to customers, or providing notices that “did not accurately reflect firms’ policies and procedures.”

The next category involves the failure to maintain appropriate or reasonable policies and procedures to ensure compliance with Reg S-P. The biggest problem that the OCIE staff observed concerned policies that were not reasonably designed to safeguard customer records and information. This is the kind of thing you read about all the time, and likely get emails from your IT Department reminding you of your obligations to keep customer information confidential.

With regard to this last point, OCIE provided some specific and helpful observations about common deficiencies in policies and procedures regarding the confidentiality of customer personally identifiable information (“PII”):

  • failure to safeguard customer information on personal devices, such as where employees regularly stored and maintained PII on their personal laptops;
  • failure to address the inclusion of customer PII in electronic communications, such as employees who send unencrypted emails to customers containing PII;
  • Policies and procedures that appropriately required customer information to be encrypted, password-protected, and transmitted using only registrant-approved methods, but which, in practice, were ineffective because employees were not provided adequate training;
  • Failure to prohibit employees from sending customer PII to unsecure locations outside of the firm’s networks;
  • Failure to require outside vendors to contractually agree to keep customers’ PII confidential, even though such agreements were mandated by policies and procedures;
  • Failure to identify all systems on which customer PII was maintained (which can cause a firm to be unaware of the categories of customer PII being maintained);
  • Inadequate written incident response plans that did not address who was responsible for implementing the plan, the actions required to address a cybersecurity incident, and assessments of system vulnerabilities;
  • Unsecure physical locations for the storage of customer PII, such as unlocked file cabinets in open offices;
  • The dissemination of customer login credentials to more employees than permitted under firms’ policies and procedures; and
  • Allowing former employees to retain access rights after their departure, thereby potentially providing continuing access to restricted customer information.

According to the SEC, the “key takeaway” from the Risk Alert is this: “Through sharing some of the Regulation S-P compliance issues it observed, OCIE encourages registrants to review their written policies and procedures, including implementation of those policies and procedures, to ensure compliance with the relevant regulatory requirements.” I couldn’t have said it better. This is a wake-up call. Hit snooze at your own peril.

Is FINRA’s New Regulatory Notice On Departing Reps A Unicorn?

Posted in Disclosure, FINRA, Registered Representative

FINRA came out with a slightly weird Regulatory Notice last week. In a succinct document, barely over two pages, FINRA addressed something that may, or may not, actually be of concern to anyone. In short, Regulatory Notice 19-10 states FINRA’s position on what a broker-dealer is supposed to tell the customers of a registered representative who “departs” the firm…at least those customers who bother to ask. According to FINRA, the reason it has chosen to supply this guidance is “to ensure that customers can make a timely and informed choice about where to maintain their assets when their registered representative” leaves (for whatever reason). But, as I suggested at the outset, I am not entirely certain what prompted the Notice. Is it that BDs aren’t telling customers that their assigned rep have left (so they can try to keep the customer)? That they aren’t telling the truth about why they left (to avoid a possible defamation suit)? That they are taking steps to prevent customers from communicating with their “departed” former reps (again, for competitive reasons, presumably)?

Regardless, it is now clear what is supposed to happen when a rep leaves. And it boils down to just a few things.

First, firms need to have “policies and procedures reasonably designed to assure that the customers serviced by that registered representative are aware of how the customers’ account will be serviced at the member firm.” That means that when a rep leaves, the firm “should promptly and clearly communicate to affected customers how their accounts will continue to be serviced.” According to FINRA, this means explaining to customers “how and to whom” they “may direct questions and trade instructions following the representative’s departure.” It also means informing customers to whom their accounts are being assigned. That seems pretty self-evident, but, apparently, this has been an issue for some customers.

Second, and perhaps more significant, firms “should communicate clearly, and without obfuscation, when asked questions by customers about the departing registered representative.” Let’s unpack this.

My initial thought is, how interesting that, based on how this was phrased, FINRA only requires this sort of candid conversation in response to questions posed by customers. In other words, it appears that firms need not volunteer the reasons why a rep has left; but, if a customer is curious enough to ask, the firm then has to provide the sordid details, “[c]onsistent with privacy and other legal requirements,” of course. Like when selling a house. The seller doesn’t have to volunteer most hidden defects, but, if the prospective buyer asks, then the seller has the legal obligation to provide an honest and complete answer. I suppose this means that in cases of terminations for cause, mere disclosure on Form U-5 won’t suffice. I cannot imagine that firms are thrilled at the prospect of having conversations like this, given the willingness of many terminated reps to raise the prospect of an arbitration seeking damages for defamation. While truth is most assuredly a defense, we all know that in the funky world of arbitration, legally recognized defenses are often disregarded.

The next requirement outlined in this Notice is “clarifying that the customer has the choice to retain his or her assets at the current firm and be serviced by the newly assigned registered representative or a different registered representative or transfer the assets to another firm.” I can’t argue with this. Too many times, a rep’s departure is immediately followed by a fight over the customers left behind, who are subject to pressured calls from the jilted BD, encouraging them to stay or, worse, not even suggesting that the customers have the right to move, too. Better to make it clear that the BD advise the customer of his or her options.

FINRA gets this. And we know it does by virtue of the final admonition in the Notice, which is that – again, when asked by a customer – BDs must provide the customers the departed RR’s “reasonable contact information,” such as the phone number, email address or mailing address, so the customers may then contact the RR, and decide whether they want to move their accounts or stay with the old BD (albeit with a new RR). So, no more stonewalling by the BD by claiming ignorance of the RR’s new whereabouts in order to buy time to continue to pound on the customer to try to keep the account where it is.

On balance, I like the tenor of this Notice. It seems to be fair to the BD, to the departed RR, and, most importantly, to the customers impacted by the departure. As I said, I am just unsure what prompted it. Is it an effort to protect the RRs who leave, and encounter trouble from their former BDs when trying to get their customers to follow them? Is it, instead, designed to help the BDs, which may now provide all the nasty details surrounding an RR’s termination knowing that they can defend themselves by arguing that “FINRA made me do it?” Is it intended to help the poor, forgotten customers? Or is it a true unicorn, the rarest of beasts, an initiative that works in everyone’s best interest? I don’t suppose I can answer that last one, since, really, I can’t recall if I’ve ever spotted one of those!

Wedbush Learns That It’s Not Enough Just To Spot Red Flags

Posted in SEC, Supervision

I have been busy the last month getting ready for a big arbitration, and attending the first week of what looks like is going to be a four- or five-week slog when all is said and done. So, I am just catching up on some recent developments, and mulling over what might be of interest to readers of this blog. I debated discussing the arbitration itself, and some of its more surreal moments, but I will wait for it to conclude before doing that. Ultimately, I came across an SEC settlement that was the subject of a nice article by an old friend, Jeff Ziesman, another former FINRA Enforcement lawyer who’s also on the defense side of the table, and shared his view that the case contains some really helpful guidance on what it actually means to respond to “red flags.”

The case was against Wedbush Securities, and resulted in a $250,000 civil penalty against the firm. According to the SEC, while Wedbush “was aware of certain aspects of” the suspicious activities of one its RRs as far back as 2012 and 2013 – in other words, although Wedbush managed to spot the red flags – “its supervisory policies and implementation systems failed reasonably to guide staff on how to investigate” them. And here is where the case provides its utility in describing what NOT to do when confronted with red flags.

But, first, let’s talk about the RR. Not a good employee. For six years, from in or around 2008 to 2014, the RR “was involved in a manipulative trading scheme” along with someone not associated with Wedbush. (That guy, you will be pleased to learn, is currently serving a 151-month sentence after pleading guilty to securities fraud, among other things). The scheme involved penny stocks controlled by the guy now in prison. The RR would buy those “stocks in her customers’ accounts, or encouraged her customers to buy the stocks, in exchange for undisclosed compensation in the form of shares and cash.” In addition, she “engaged in manipulative trading designed to create a false appearance of volume and increase or stabilize the price of securities.”

Ok, so what did Wedbush know, and when? A lot, it seems, and pretty early on, too. The first red flag was an email that revealed the RR’s role in the scheme. It was discovered by the RR’s supervisor, who actually seems pretty on-the-ball. Consider that the SEC found that when he became the RR’s supervisor in April 2009, he “conducted a review of the trading and customer portfolios of each representative he supervised,” including the “bad” RR. “Based on his experience in the industry, he had general concerns about the quantity of penny stocks in [the RR’s] customers’ accounts.” So far, so good, right? He even “took measures to restrict [the RR’s] trading activity by limiting her trading in the last hour of the day and restricting all customer trading in certain penny stock securities.” More good stuff. But, because the RR “had been at the firm for 30 years and her business partner was a partial owner of the firm,” the supervisor “felt he had to ‘be gentle’ in terms of restricting [the RR’s] activities and could not take more ‘draconian action’” (even though, personally, he called the email “the smoking gun . . . whatever suspicions or worries I had, this confirmed a lot of the worst of them.”).

Well, it seems he (or Wedbush, more accurately) was too gentle. In late 2012, the supervisor reviewed the email in question, which was from the RR to one of her customers “who was substantively involved” in the penny stock scheme. It outlined the customer’s “efforts to assist in inflating the price of penny stocks, many of which were held in Wedbush accounts by [the RR] and her customers.” Moreover, the email “noted that one of the deals had to be handled through a different broker-dealer because [the RR] was restricted from any purchases through Wedbush during the last hour of trading,” i.e., the very restrictions the supervisor had placed on the RR.

Faced with this pretty glaring evidence, the supervisor “escalated” the matter up to Wedbush’s president, who “reviewed and initialed the email,” but that’s about it. In addition, the SEC determined that “[l]egal and compliance personnel also were aware of the email,” but did nothing.

Next red flag – or flags – were two FINRA arbitrations against Wedbush filed by customers of the RR around the same time as the customer email. As with the email, the president, legal and compliance were all aware of these filings. The customers in the first case alleged that the RR (1) solicited their investments in certain penny stock issuers, (2) guaranteed no losses, and (3) was involved in manipulating the securities in their accounts in order to guarantee them profits. The second arbitration contained allegations describing “similar transactions involving [the RR] in similar securities.” Both cases settled, and because Wedbush determined that the RR was “culpable,” she paid half.

Finally, besides the email and the two arbitrations, Wedbush also learned of two FINRA inquiries regarding the RR, one into her personal trading in one of the penny stock issuers, and the other into the allegations underlying the customer arbitrations. The SEC was troubled by the fact that Wedbush let the RR draft her own responses to FINRA’s requests for information, and even though she sent them to compliance for review, compliance “did not take any steps to investigate or confirm the veracity of [her] responses,” or follow-up at all when certain responses the RR gave to FINRA at an interview “were inconsistent and contradicted what the firm had already learned from” the customer email and the two arbitrations.

It’s not like Wedbush did nothing. Both legal and compliance conducted investigations into the RR, but, as the SEC put it mildly, both were “flawed,” for a variety of reasons:

  • Wedbush did not document or otherwise clarify the scope of each investigation;
  • There was no process as to how the results of the investigations were to be documented or reported;
  • The lack of documentation or other reporting mechanism resulted in no coherent response to the red flags. Indeed, it was “unclear what, if anything, was reported from legal or compliance to Wedbush’s management”;
  • Although Wedbush placed the RR on heightened supervision for a year, this was done “to resolve the ongoing FINRA matter, rather than in response to any misconduct by [the RR] related to the red flags”;
  • Despite the fact the FBI interviewed the RR about her role in the penny stock scheme, and she reported this promptly to her supervisor, who, in turn, brought it to the attention of legal and compliance, no one in compliance interviewed the RR about the FBI interview, no internal investigation was done in response to the FBI’s interview or the topics that RR discussed, and no old investigations were reopened or revisited.

Given all this, it is easy to see why the SEC concluded that

Wedbush’s policies and supervisory systems lacked any reasonable coherent structure to provide guidance to supervisors and other staff for investigating possible facilitation of market manipulation by registered representatives. . . . There was substantial confusion as to whose responsibility it is to conduct investigations related to red flags of potential market manipulation by [the RR].

In short, “Wedbush had no clear process for how to handle red flags of potential market manipulation.” The real lesson of the case can be found in the sanctions that the SEC meted out. In addition to the hefty civil penalty I mentioned earlier, Wedbush had to update “its policies and procedures relating to internal investigations to address the allegations in the Division’s OIP,” adding the following specific provisions in order to document:

  • when internal investigations will occur,
  • who shall conduct the investigations,
  • how the results should be escalated, and
  • how the investigation should be documented and, as appropriate, reported to regulatory or other authorities.

It really comes down to this: it is clearly not enough simply to spot red flags; when spotted, they must be investigated in a clear, logical manner, with the results shared among appropriate decision-makers, and, of course, well documented. There is no such thing as getting partial credit; I mean, sure Wedbush found that customer email, which must mean its email surveillance system worked. But, armed with that knowledge, it then proceeded to whiff when given the chance to do something about it before customers were harmed. The only happy story here belongs to the RR’s supervisor, who appears to have done as much has he could reasonably be expected under the circumstances. He saw the red flags. He reported them promptly. He took action by restricting the RR. Do what he did, and you’ll be sitting pretty even when the SEC goes after your firm, and its legal and compliance personnel.

FINRA Says, Proof? We Don’t Need Your Stinkin’ Proof

Posted in Disciplinary Process, FINRA, High-Risk firms

If you are a regular reader of this blog, then you know that over my last few posts, I have been talking about an increasingly visible effort by FINRA to turn its regulatory eye from rogue brokers – who have been an irritant to FINRA and NASD for decades – to rogue firms (my term, not FINRA’s).  It started off with a the casual dropping of an odd phrase – “high-risk firms” – in an email, and quickly moved on to an agenda item at a FINRA Board meeting, where the determination was made to go forward and propose a rule.  Well, those Board meetings happen behind closed doors, so it is difficult to get a detailed understanding of FINRA’s intent beyond the few tidbits that are supplied after the fact.

This week, however, Robert Colby, FINRA’s Chief Legal Officer appeared on a regulatory panel at the SIFMA-CL conference in Arizona, and spoke – albeit briefly – on the subject.  SIFMA was kind enough to post the video of that panel discussion for the world to enjoy, so you can listen here to Bob’s own words about the upcoming proposal.  (The conversation starts at about 1:20:30, way towards the end of the panel.)  More importantly, you can hear for yourself the dangerous new territory into which FINRA is boldly moving.

Essentially, FINRA has concluded that it doesn’t like the fact that to get rid of firms that it deems to bad, it must first go through that troublesome Enforcement process.  Mr. Colby makes two particular complaints about that process.  The first perhaps, is not so troubling, and that is that it takes time, sometimes a long time, to get results.  He suggests that bad firms sometimes continue to do bad things even while they are the subject of an Enforcement action, thus creating even more customer harm even while FINRA is doing what it can to deal with them.

That may be true in some instances.  Of course, Mr. Colby seems to be unaware of the fact that FINRA already possesses the power under the Rule 9800 series in the Code of Procedure to institute an action to obtain a Temporary Cease and Desist Order, or TCDO, for certain serious rule violations.  This is a very powerful weapon, which allows FINRA to get the equivalent of an injunction to stop certain behaviors in their tracks while it seeks a final disposition.  It is not clear why this avenue of relief isn’t good enough for FINRA.  What I can tell you is that FINRA almost never uses it, for whatever reason.

Mr. Colby’s second complaint about the Enforcement process, the one that I think is incredibly scary, just sort of slipped out.  As he begins to describe the problems the Enforcement process presents to speedy action, he says (at 1:21:30), “As you know, Enforcement actions require proof . . . .”  As if the need for FINRA actually to demonstrate “proof” of wrongdoing is a bad thing for FINRA.  A thing that is, apparently, stymieing FINRA from promptly booting all those pesky “high-risk firms” from the membership roll.

So, what FINRA is looking to propose is, to use Bob’s words, a way for it to “lower the boom” on the firms that it considers to be bad (pursuant to a definition of bad that does not yet exist) without the need for it to put on the proof that may otherwise be required in an Enforcement action.  I don’t know about you, but that freaks me out.  It is no wonder that the moderator of the panel, Merri Jo Gillette, current Deputy GC at Edward Jones and former Director of the SEC’s Chicago Regional Office, expressed her interest in seeing how FINRA will manage to address the due process issues FINRA’s desired boom-lowering process triggers.  Add me to that list.  As things presently stand, there isn’t much of a system of checks and balances to keep FINRA in line.  To give FINRA even more power, the power to jettison firms that it identifies as “high-risk,” without having to meet the burden of proof it now must meet when it files an Enforcement complaint, runs contrary to the concept of fundamental fairness, no matter how you define that.  I hope the industry presses back hard on this onel


FINRA Is Going After “High-Risk” Firms, But First Has To Invent The Definition Of High-Risk

Posted in FINRA, heightened supervision, High-Risk firms, Rogue rep

I told you two weeks ago in my blog post that this would happen. I told you that when Robert Cook announced the topics to be taken up at the February/March FINRA Board meeting in Boca Raton, he slipped and used the new phrase “high-risk firms.” Well, in yesterday’s announcement about what actually took place at that meeting, all mystery has been removed about FINRA’s intent. Indeed, it is now undisputable that FINRA is expanding its historic interest in rogue reps now to include rogue firms. Or, as Susan Wolburgh Jenah, a member of the Regulatory Policy Committee, put it in her video recap of the meeting (she shows up right after Robert Cook’s introduction), firms with a “disproportionately higher number of risk events and disciplinary events on their record.”

FINRA has apparently been planning this for some time, which is apparent from the fact that it is already at the point of proposing some new rule. According to yesterday’s announcement, “The Board approved moving forward with proposing new rules related to firms that have a disproportionately high number of regulatory disclosure events by the firm and/or its registered representatives.” The big development is the first part of that sentence, the focus on “firms.” As I have discussed previously, FINRA has always professed to have an interest in registered reps – yes, the rogue reps – who are working in the industry notwithstanding their checkered pasts. And, FINRA has been interested in firms that hire such reps. (See my discussion of the Taping Rule in my previous post.) But, now FINRA is, apparently, independently interested in what I am calling rogue firms, i.e., BDs that are in business notwithstanding have a disciplinary history that FINRA feels is somehow an issue.

There are all sorts of problems with this, or, frankly, any attempt to establish some quantitative standard. And note that I am saying it will be a quantitative standard based on FINRA’s use of the phrase “disproportionately higher number of risk events,” which can only be reasonably interpreted one way: that FINRA intends to characterize firms as “high risk” based on some numerical comparison of their disclosure events with other firms. So, what are the problems?

First, what is going to be the dividing line between an ok number of disclosures and too many? I, for one, would have absolutely no idea where to draw that line. I totally get that FINRA thinks it knows more than anyone, but even FINRA could do no more than spitball this concept.

For instance, what do you do about big firms, especially big firms that have been around for a long time? They have tons of disclosures. In a blog post I wrote in November, I pointed out that LPL’s BrokerCheck report reflects 123 final “Regulatory Events” encompassing an astounding 255 pages. Yikes. But, really, that’s nothing. Look at Merrill Lynch. Its BrokerCheck report shows that it has managed to garner 1,434 disclosures, 559 of which are “Regulatory Events,” five “Civil Events” and 870 arbitrations. UBS? Well, it’s only been around since 1978 (according to BrokerCheck), so it only has 265 “Regulatory Events.” I could go on, but you get the point: a lot of firms will have scary-sounding numbers. Does that mean they should, by definition, be deemed to be high-risk?

Second, and more basic, is whether a quantitative approach makes any sense at all. The idea that simply looking at the number of “risk events” – whatever Ms. Wolburgh Jenah meant by that – or “disciplinary events” as an indicator of a firm’s supposed propensity for future regulatory issues strikes me as overly simplistic and, therefore, pointless. Look, FINRA has previously considered imposing some sort of objective criteria before to distinguish between good and bad reps, but those efforts never got very far, and for good reason.

Remember back in 2003, when NASD floated a rule that would require firms to impose heightened supervision on certain reps based on an objective, numerical standard? Specifically, NASD proposed that BDs be required “to adopt heightened supervision plans for registered brokers who, within the last five years, have had three or more customer complaints and arbitrations, three or more regulatory actions or investigations, or two or more terminations or internal firm reviews involving wrongdoing.” Well, that got nowhere – and rightly so – and that was because NASD management realized (or was forced to realize) that while the imposition of such a standard was facially attractive (for its ease of definition), ultimately there was no logical correlation between the sheer number of customer complaints, or arbitrations, or regulatory actions, and a rep’s likelihood of committing a sales practice violation. Well, here we are, 16 years later, and FINRA is now back at it.

We are just in the first step of this process. FINRA is going to draft a new rule (or rules – note the use of plural in the announcement yesterday) on this topic, and send it out for comment. If you care about this sort of thing, don’t sit on the sidelines and wait for others to speak up. Exercise your rights as a member firm to tell FINRA what you think.

Hope Springs Eternal

Posted in Administrative Proceedings, NCLA, SEC

My partner, Ken Berg, writes about his recent meeting with the NCLA, a group that anyone who has an administrative practice should be familiar with.  –  Alan

I had the privilege of being invited to attend in Washington, D.C., on February 28, 2019, the inaugural panel discussion hosted by a relatively new nonprofit civil rights organization, the New Civil Liberties Alliance (“NCLA”). What distinguishes NCLA from most civil rights organizations is that it represents business enterprises and their principals who are impacted negatively by federal financial regulatory agencies that “systematically threaten[] the people’s constitutional freedoms.” It calls the SEC, CFTC and other federal agencies the “administrative state within the Constitution’s United States,” “allowing unelected bureaucrats to exercise all aspects of government power with little accountability to the people and their elected representatives ….” NCLA’s motto nicely sums it up: “Let legislators legislate. Let judges judge. Don’t let bureaucrats do either one.” (Check out

NCLA’s President, Professor Philip Hamburger, a constitutional scholar who teaches at Columbia Law School, writes:

Administrative tribunals sometimes apply inquisitorial methods, but even where their proceedings are adversarial, they do not live up to the Constitution’s procedural guarantees. The SEC, for example, can bring civil insider-trading cases in federal courts, or it can refer insider-trading cases to the Justice Department for it to prosecute criminally in such courts, and either way defendants get judges and juries and the full range of the Constitution’s applicable procedural rights. But the SEC can also pursue insider-trading cases before administrative law judges, who work for the commission, are not really judges, do not offer juries, and do not even allow equal discovery.

NCLA is off to a good start in advancing its mission. It appeared in the recent Supreme Court case, Lucia v. SEC, which declared SEC ALJs unconstitutional resulting in new trials for scores of respondents and is partly responsible for a recent change in the SEC Rules of Practice allowing depositions in administrative actions. NCLA filed a petition with the SEC to eliminate its practice of including a “gag order” in settlement agreements that prohibits a respondent from ever discussing his or her case or criticizing the agency’s handling of it—even if the respondent did not admit or deny the allegations in the complaint.

The panel discussion at the NCLA brought together prominent members of the defense bar to propose radical changes that would level the playing field for those subject to the regulatory reach of financial agencies. Emboldened by the Lucia victory, the group proposed challenging several long-standing administrative practices that the defense bar has all but given up objecting to; such as:

  • the low burden of proof (preponderance of the evidence),
  • the admission of hearsay,
  • the absence of a right to jury,
  • the Chevron deference on appeal given by courts to agency factual findings and legal interpretations, and
  • creating a respondent’s right to remove to court a proceeding initiated by the SEC administratively.

These ideas represent a re-thinking of the basic way the financial industry is governed. “The big ideas that will revolutionize the way we live will not emerge from our nation’s capital. They will be dreamt up, as they always have been, by enterprising Americans who hope to create positive value for others.” (Carl W. Scarbrough)

For now, however, the consensus of the defense bar in attendance was that the best defense starts with a firm’s initial contact with the regulator: the audit.

  • Be prepared.
  • Be responsive.
  • Provide documents and information.
  • Don’t be adversarial.
  • Engage legal counsel early to resolve issues quickly.

Regulators are most flexible and most reasonable during the audit and investigatory stages. At the “Wells” stage or when charges are filed, egos take-over and the litigator’s “win-at-all cost” mentality sets in. “[W]hen disputes reach the litigious stage, usually some malice is present on both sides.” Berlin v. Nathan, 381 N.E.2d 1367 (Ill. App. 1978).

Ulmer has been and continues to be on the forefront of these issues and a leading defender of those caught in the cross-hairs of financial regulators, including not only federal agencies like the SEC and CFTC but also the self-regulatory organizations like FINRA, NFA, and the exchanges. Please call us—early and often.


FINRA Coins A Scary New Term: “High-Risk Firms”

Posted in FINRA, Rogue rep, Rule 3170, Taping Rule

Yesterday, FINRA sent a seemingly innocuous memo to member firms giving a brief outline of the subjects that its Board will take up at its meeting this week in sunny Boca Raton, Florida. (Wait, the Board isn’t meeting in Washington, as it normally does, but, rather, in south Florida? Oh, right, it’s February. Much better chance of securing full attendance.) Buried in the brief message from President and CEO Robert Cook was this sentence: “The Regulatory Policy Committee will review several rulemaking proposals, including proposed rule changes relating to high-risk firms.” High-risk firms? I have no recollection of ever seeing FINRA utilize that phrase. Sure, FINRA talks all the time about “high-risk brokers.” There was an entire Regulatory Notice devoted to that very subject last year. And while in that Notice FINRA made a reference to “high-risk brokers and the firms that employ them,” it never once used the phrase “high-risk firms.”

I think that Mr. Cook has, perhaps, inadvertently tipped his hand. To me, his memo means that FINRA is not so subtly shifting its focus from what it deems to be bad brokers to bad firms. Why? Bottom line is that there really is only so much that FINRA can do about bad brokers. It is really expensive and time-consuming for FINRA to bring disciplinary actions against individual brokers, one at a time, and even though FINRA routinely bars a few hundred RRs each year (492 in 2017, according to the most recent FINRA Annual Report), that is a drop in the bucket. As the data show, there are tons and tons of folks currently registered and working in the industry with lots of dings on their U-4s, and FINRA has taken a beating in the media for allowing this to happen.

So, putting aside the fact that it sure seems (to me, at least) that FINRA is itself responsible for all these “high-risk” brokers still working (because FINRA failed to impose sanctions that would preclude them from remaining registered), how can FINRA somehow repair its image as a sloppy gatekeeper? Simply, by addressing firms, not individuals. If FINRA can manage to put a firm out of business for a sales practice related reason, it becomes a “Taping Rule” firm, a stigma that follows all of the people who used to work for that firm. Under Rule 3170, if enough of the reps from the expelled firm are hired at another BD, the new BD must tape record all the conversations between its reps and their customers and prospective customers. And believe me, no firm wants to have to do that. Which means that it can become difficult for reps of an expelled firm to find a home somewhere else. Which means that FINRA can effectively get a lot more people out of the industry in one fell swoop than having to prosecute a bunch of individual Enforcement actions.

I will wait to see what comes of the Board meeting before I reach any final judgment. But, I fear that FINRA has stepped on to a very slippery slope, one that ends with it conjuring up a mechanism for segregating firms into broad and dangerous categories like high-risk and low-risk. I mean, what reasonable investor would want to do business with a firm that the regulator brands as being high-risk? FINRA had best tread very carefully as it saunters into this uncharted new territory.

INSIGHT: Protecting Broker Dealers From Cyber Threats

Posted in Cybersecurity, FINRA

Yesterday, two of my colleagues here at Ulmer, Fran Goins and Michael Hoenig, published an article in @BLaw Insight in response to a recent report by FINRA outlining the best practices for BDs to deal with cyber threats.  Since this is undoubtedly a subject of considerable interest to many of you, I wanted to share it right away.  Click here to link to their excellent article.  – Alan