Happy New Year!  I hope you had an enjoyable holiday season.  At least happier than that of JP Morgan Securities, which, right before Christmas, got to write checks to the SEC and the CFTC totaling $200 million.  That’s a lot, even for JPMS.  How did this happen?

Well, the story starts with a very old, and very broad, SEC rule, specifically, SEC Rule 17a-4(b)(4), which, since 1939 (as best I can determine) has required that broker-dealers preserve in an easily accessible place originals of all communications sent and received relating to the firm’s “business as such.”  It was probably never easy to divine with much precision exactly what “business as such” means, but, clearly, this somewhat odd phrase was deliberately employed to capture an extremely wide swath of documents.  So, for convenience sake, let’s say that it covers pretty much everything that anyone at a BD – but particularly the management of a BD – sends or receives that’s got anything whatsoever to do with the firm’s business.  Unsolicited emails to buy generic Viagra?  Feel free to delete those, but be careful with everything else.

Regardless, when all of a firm’s records were in paper form, it was a relatively easy proposition to keep track of and preserve the documents covered by the rule just by putting them in manila folders in a filing cabinet in the corner of the office.  But, the world moved on from paper.  Recognizing that, in 1970, the SEC permitted BDs to keep their records on microfilm. In 1993, through a no-action letter, the SEC recognized the optical disk as an acceptable means of storing communications.  Then, in 1997, the codified and expanded this concept, approving any electronic storage medium to be utilized.

While the SEC should be commended for its attempt to keep up with the times, the times always manage to stay out ahead.  Which is what caused the problem for JPMS.  Specifically, the problem is that today, people communicate – A LOT – through personal devices, using specialized apps that no one could have contemplated when the rule was promulgated decades ago.  But the SEC rule doesn’t care about that; the rule requires that ANY communication relating to the firm’s business must be captured, reviewed and preserved.  Doesn’t matter how the communication was sent, whether it was paper or electronic or carrier pigeon or semaphore.

Most firms address this problem – the difficulty of simply being aware of communications being sent from personal devices – by flat-out forbidding their registered people from conducting firm business on their personal phones, laptops and tablets.  Indeed, that’s what JPMS did.  It’s just very, very hard to enforce such a policy because it runs completely contrary to how people act in 2022.

You want proof?  Last year, in what now looks like the tip of the iceberg, the SEC settled a case with JonesTrading Institutional Services, a California BD, and tagged it with a $100,000 civil penalty because it “failed to preserve business-related text messages sent or received by several of its registered representatives on their personal devices when communicating with each other, with firm customers, and with other third parties.”   Notably, the SEC found that “JonesTrading’s senior management were among those sending and receiving business-related text messages that were not retained by the firm.”  Ouch.

It seems that the SEC must have figured, gee, if JonesTrading does this, what about everyone else?  In October 2021, Gurbir Grewal, the Director of the SEC’s Division of Enforcement, citing the JonesTrading case, gave a speech in which he issued this not-so-cryptic warning:

Recordkeeping violations may not grab the headlines, but the underlying obligations are essential to market integrity and enforcement. . . .  We continue to see in multiple investigations instances where one party or firm that used off-channel communications has preserved and produced them, while the other has not. Not only do these failures delay and obstruct investigations, they raise broader accountability, integrity and spoliation issues.

Shortly after that, the news broke that the SEC was conducting a “sweep,” looking for the same issues it had spotted at JonesTrading.  And poor JPMS got caught in the SEC’s net.  I venture to say it won’t be the last, because I believe that most firms, maybe even the vast majority of firms, are guilty of doing the same things as JonesTrading and JPMS.

This raises the question whether the problem is the way broker-dealers conduct their business, or whether the rule needs updating to reflect the reality that the ability to capture and preserve all communications that relate to a firm’s business as such is highly dubious given the ubiquity of personal communication devices.  Candidly, I am not sure how the rule ought to read; I just know that it seems a bit unfair to tag a firm for $200 million in fines for doing what everyone else is also doing.

With that said, I suppose there are some lessons to glean from JPMS’s SEC settlement.

First, it should be noted, again, that JPMS did have a policy providing that “the use of unapproved electronic communications methods, including on their personal devices, was not permitted, and they should not use personal email, chats or text applications for business purposes, or forward work-related communications to their personal devices.”  If you don’t already have such a policy, you need one.  That’s the easy part, and there’s no excuse for failing to do even that.

Second, JPMS also “had procedures for all employees, including supervisors, requiring annual self-attestation of compliance” with its prohibition on the use of personal devices for business communications.  So, again, points to JPMS, and another good practice to adopt.

Unfortunately, JPMS “failed to implement a system of follow-up and review to determine that supervisors’ responsibility to supervise was being reasonably exercised so that the supervisors could prevent and detect employees’ violations of the books and records requirements.”  The firm also “failed to implement sufficient monitoring to assure that its recordkeeping and communications policies were being followed.”  What does that mean in real terms?  It means that “[e]ven after the firm became aware of significant violations, the widespread recordkeeping failures and supervisory lapses continued with a significant number of JPMorgan employees failing to follow basic recordkeeping requirements.”

Looking at this quantitatively, you can perhaps see why the fine was so big:

  • An executive director and co-supervisor of the high grade credit trading desk launched a WhatsApp group chat entitled “Portfolio Trading/auto ex” on April 24, 2019, and invited the other 19 members of the trading desk to join. From April 24 through December 16, 2019, at least 1,100 messages were sent among the chat group, nearly all of which concerned the firm’s securities business;
  • From at least November 2019 through November 2020, an executive director who worked on the capital markets desk texted with more than a 100 colleagues, including the investment bank, and with dozens of managing directors and heads of several business lines;
  • The same executive director also texted with dozens of firm clients, third-party advisers, and market participants;
  • In all, this executive director texted more than 2,400 times in the one-year period, discussing various aspects of the high yield and leveraged loan capital markets business;
  • Between at least January 2018 and November 2019, firm employees, including desk heads, managing directors, and other senior executives sent and received more than 21,000 securities business-related text and email messages using unapproved communications methods on their personal devices.

This probably all sounds worse than it should simply by virtue of the fact that JPMC is a big firm, with lots of clients and lots of employees, so necessarily the numbers are high.  I am thoroughly convinced, however, that the phenomenon cited in the settlement – that even the respondent’s senior executives use personal devices for firm business, thereby preventing those communications from being preserved – is commonplace in the industry.

Which brings me back to the rule itself: if there exists a rule that is, basically, impossible to comply with, but which carries a crazy expensive price tag for compliance failures, then there is a problem with the rule and not with the firms that are found to have violated it.  I am sure that additional settlements will be forthcoming, and the facts will sound much like those in the JPMC settlement.  All the more reason to consider how this cranky old rule can be dragged into the 21st century.

My job frequently requires that I explain to someone – whether my client, an ALJ, an arbitration panel, even a regulator – the fundamental difference between a broker-dealer and an investment advisor.  An IA operates pursuant to a fiduciary duty; a BD, on the other hand, even with the advent of Regulation BI, largely has transactional duties.  That is, a BD’s duty to its customers largely manifests itself if and when it deigns to make a recommendation.  It could be a recommendation to buy or sell (or hold) a security, but it could also be a recommendation regarding the nature of the relationship the customer undertakes with the BD, i.e., a commission account vs. a fee-based account.  In the absence of a recommendation, however, it is difficult to pin responsibilities on a BD.

Not true for IAs.  As fiduciaries, IAs are legally compelled to do things that BDs aren’t.  For instance, ongoing monitoring of accounts.  Once a BD makes a recommendation to a customer, in a commission-based account, the BD is pretty much off the hook for any subsequent developments that may impact the success or failure of that trade.  (There are certain notorious exceptions, like after a BD makes a recommendation to a customer to invest in a private offering of securities; there, BDs are required to conduct ongoing diligence to ensure that the issuer actually uses the proceeds in a manner that’s consistent with representations made in the offering materials.)  Not so for IAs.  IAs, in theory, have to constantly monitor the position, the account overall, the markets, to ensure that no further changes need to be made (or at least recommended to the customer).

Recently, Michigan-based IA Regal Investment Advisors LLC learned the hard way that an IA does not fulfill its fiduciary obligation by putting advisory accounts on cruise control, paying them no attention while the financial world continues to turn.  And what’s worse than ignoring advisory accounts?  Charging such accounts an advisory fee for the privilege of being ignored!

Well, that’s exactly what happened to Regal, according to this settlement with the SEC.  The case involved so-called “orphan accounts,” i.e., advisory accounts left behind when the IARR who had been responsible for the accounts leaves the firm.

For reasons that remain unexplained, until November 2019, Regal had no written policy or procedure that addressed what happened when an IARR left Regal, but his/her client accounts remained at Regal.  Instead, Regal relied on “an informal procedure” that designated those orphan accounts as “house accounts” and assigned them to the firm’s three owners, two of whom “would share responsibility for managing these accounts” and split the IARRs’ share of the advisory fees paid by the customers.

But, between July 2015 and April 2021, while Regal classified approximately 250 such accounts as house accounts, which paid both advisory fees – i.e., a fee for “account management services” – and portfolio management fees – i.e., for “selection of securities in the account,” about 81 of those accounts received no advisory services.  That is, they “continued to receive portfolio management services, but failed to receive regular account monitoring by [the two owners] to determine whether the selected portfolio remained consistent with clients’ investment objectives and goals.”  Consistent with that, Regal didn’t even bother, in many instances, to inform the customers that their IARR had left, or that someone else had been assigned to their account.  As an example, the SEC cites one customer in particular whose IARR left Regal in 2014 to work with a different firm, resulting in his account being classified as a house account.  Despite the customer paying over $7,600 in advisory fees to Regal from then until 2017 when he closed his account, “[n]o one at Regal provided [him] with advisory services during this period[,] . . . no one from Regal ever contacted [him] after the departure of [his] IAR, and there is no indication anyone at Regal monitored or conducted periodic reviews of [his] account.”

Everyone knows that BDs, too, can get in trouble for seemingly doing nothing.  There are any number of “reverse churning” cases, where a BD puts a customer in a fee-based account – an account that can be cheaper for clients who trade a lot – yet the customer doesn’t make many (or any) trades (meaning that the customer would have paid less if the account had been set up as a commission account).  Indeed, I have blogged about such cases before here and here.  But, it is a bit misleading to suggest that it was the absence of trades that triggered these cases.  In fact, these cases did not arise as a result of the fact that a BD failed to make enough trades in a fee-based account to justify charging a fee; rather, they stemmed from the BD’s threshold recommendation – the unsuitable recommendation – to the customer to open a fee-based account.  In other words, the BD did not, in fact, get in regulatory hot water for doing nothing, but, rather, for doing something – making a recommendation – wrong.

Putting aside this reverse-churning issue, I stick with what I said earlier: generally speaking, a BD doesn’t really have to do anything with an existing customer account if it doesn’t want to.  (Granted, it might not make any money – buy and hold strategies don’t generate new commissions, after all – so it’s not necessarily a great business model.)  But IAs don’t have that luxury.  Frankly, it is the constant monitoring, and the potential adjustments that monitoring mandates, that justifies the advisory fee in the first place.  Absent that monitoring, I’m not really sure what advisory clients are buying.

This case also serves as a good reminder that orphan accounts are still accounts.  A house account doesn’t mean they get moved to the attic, or the basement, or the garage.  These customers are entitled to the same attention, the same energies, as any other account.  It is not their fault their IARR left them behind.

Look, most cases don’t present the layup that Regal handed to the SEC here.  Most cases in this area don’t provide the SEC with such an easy means to establish liability, given that Regal literally had nothing to show the SEC.  But, just because an IA does something more than “nothing,” it still doesn’t necessarily mean that it is meeting its fiduciary responsibility to its customers, or that it will be enough to avoid an awkward moment with a regulator.  That’s why here, my advice to my clients sounds the same as it does in many other circumstances:  when you do something, document it!  If you do an account review, put it writing, for heaven’s sake.  If you call an advisory client to discuss his/her account, create a memo of the call.  Create a document trail.  Always act as if two years from now, you may be called upon to prove to some stranger exactly what you did and said and when you did it, and, in many instances, to do so without any assistance from your customer, who despite having sat next to you during that account review, manages not to recall that it happened.  This is true for BDs, for IAs, for RRs, and IARRs.  I hate to sound so cynical, but, after all, history teaches.

I continue to wade my way through a few months’ worth of cases, press releases, etc., looking for things that manage to catch my attention.  I found this SEC settlement from the end of July involving Integral Financial, a BD out of California, and its founder, majority owner, President, and Chairman of the Board of Directors, Weiming “Frank” Ho.  In and of itself, the case isn’t exactly ground-breaking.  It involved four RRs who spent two years making unsuitable recommendations to ten customers, and their supervisor, Mr. Ho, who failed to monitor the reps’ trading and their compliance with the firm’s WSPs.  What makes it interesting is not the trading itself; rather, it was the failed defensive strategy that Mr. Ho employed, which I will get to momentarily.

First, some background, starting with the product at issue:  variable interest rate structured products (“VRSPs”).  According to the SEC, VSRPs are “complex, illiquid, structured securities” with long maturity dates.  Traditional bonds provide periodic fixed-interest payments and are directly linked to a bond issuer’s ability to make those payments and repay principal at maturity.  By comparison, the VRSPs at issue only paid fixed amounts for an introductory or “teaser” period of one to five years. After that, the interest payments are not guaranteed, nor are they solely linked to the issuer’s ability to meet its payment obligations.  In fact, investors in VRSPs can lose some or all of their invested principal at maturity if the products’ derivative components fail to perform within certain pre-determined ranges.  Given that, the SEC concluded that “the VRSPs present higher risks than traditional municipal or corporate bonds.”

Next, let’s look at the ten investors.  According to the SEC, they “had reached or were approaching retirement age and relied on their investments for income; had conservative or moderate risk tolerances; investment objectives such as capital preservation, growth and/or income; limited investment experience; investment time horizons of less than fifteen years; higher liquidity needs; in most cases, a net worth of less than $500,000; and were unwilling to risk losing their invested principal.”

Putting the product and the investors together: the SEC concluded that the recommendations by the reps to purchase the VRSPs were not suitable for the customers.  This was only exacerbated by the fact that the reps sold too much of that product, managing to exceed the firm’s internal concentration limit on structured products.  Perhaps not surprisingly, none of the reps in question had reviewed the firm’s WSPs in the last five years, and one had never reviewed them.

But, on to Mr. Ho, the supervisor.  He, of course, was supposed to review the trades, to ensure that they were, in fact, appropriate for the customers based on their respective investment objective, risk tolerance, financial wherewithal, etc.  Unfortunately, he didn’t exactly do that.  Instead, he “directed the Integral RRs to have the Customers sign the firm’s standard risk disclosure form to confirm that a trade was suitable.”  And this is the point of today’s post, as I hear this all the time from reps involved in an arbitration or a regulatory inquiry revolving around suitability:  the customer wanted the product.  The problem is: this is not, as Mr. Ho learned, a defense (at least not a valid defense) to a suitability case.  As the SEC put it in the Integral settlement, “[o]btaining a customer’s written consent for a trade does not relieve a broker-dealer or its registered representative from the obligation to conduct a proper suitability determination based on all of the relevant circumstances relating to the customer.”

I know that this may seem like Suitability 101, but given how frequently I find myself instructing my clients on this issue, it seems that a reminder is appropriate.  The simple fact is, the duty to make a suitable recommendation exists, period.  It does not matter what a customer wants.  It does not matter whether a customer personally deems the product to be suitable, and is willing to sign an attestation or certification or whatever to that effect.  The duty is the BD’s.  As FINRA put it succinctly in item .02 in the Supplementary Material to Rule 2111, “[a] member or associated person cannot disclaim any responsibilities under the suitability rule.”  In other words, you can’t slough that responsibility off on to the customer.

Not to get too legal on you, but there is more than ample case law supporting this straightforward proposition.  For instance, recommendations are “not suitable merely because the customer acquiesces in [them].” Dane S. Faber, Securities Exchange Act Release No. 49216, 2004 SEC LEXIS 277, at *23–24 (February 10, 2004).  Or, “a broker’s recommendations must serve his client’s best interests and the test for whether a broker’s recommendations are suitable is not whether the client acquiesced in them, but whether the broker’s recommendations were consistent with the client’s financial situation and needs.”  Dep’t of Enforcement v. Bendetsen, No. C01020025, 2004 NASD Discip. LEXIS 13, at *12 (NAC August 9, 2004).  I could go on, but you get the point.  As I put this a few years ago in a post with a similar subject matter, “[a] customer cannot conclusively agree that a recommendation was suitable, as that is not something a customer is deemed capable of knowing.”

So, given this, what’s the purpose in getting a customer to sign a piece of paper that not only provides no legal defense, but could actually get you in hot water with FINRA (or, as was the case with Mr. Ho, the SEC)?  The answer, of course, is that there is no point in doing this.  If you are looking for a document that will actually help you defend a suitability case, it is, simply enough, an accurate and up-to-date new account form, one that captures a client’s true investment objective, etc.  Armed with THAT, there’s a LOT that I can do to defend a suitability claim.  Armed with that, it is relatively easy to defend the invariable insistence by the complaining customer that he/she was a conservative investor, someone unwilling to expose themselves to the slightest degree of risk of loss of principal.  While a good NAF is hardly a silver bullet – given customers’ predictable willingness to swear that it was signed in blank, or that the signature was forged, or that the NAF was altered after it was signed, etc., etc. – it is as good and effective a piece of documentary evidence that you will encounter.

The lesson, then?  Don’t waste your time getting your customers to confirm that they view your recommendations to be suitable.  Spend your time, instead, insuring that you can prove, if need be, at some possibly distant point in the future, that at the moment you made a recommendation, you were working with solid information about your customer.  And the best way to accomplish that is a good new account form.

I am still catching up on things that happened over the last couple of months, as I dig myself out of the hole created by (finally) completing a 39-day FINRA arbitration (SOC filed in 2014, hearing started in 2019). Truthfully, it seems there’s been a lot of the usual.  You know, FINRA taking formal disciplinary action against some poor unregistered back-office guy for not disclosing an outside brokerage account, or against some rep who had the temerity to get named as a beneficiary under the will of a longstanding client.  You get the drift.  Big, important stuff.

But, in addition to reviewing the various Enforcement actions that FINRA has taken, I have also gone back to see what FINRA has published on its website, as there are often gems buried there.  Well, I was not disappointed, as I found this, a podcast from a month ago called “Single Points of Accountability: Navigating Firms’ Experiences with FINRA.”  Happily, as I’ve pointed out before, if you are interested in a FINRA podcast, you don’t actually have to listen to it, as FINRA is kind enough to provide the transcript, so you can quickly skim it, looking only for the good stuff.  Like, for instance, this wonderfully candid admission by FINRA made in a different podcast back in June: “[I]ntelligence is a new concept for FINRA.”[1]

Anyway, the title of this particular podcast intrigued me, as I had no idea what was meant by “Single Points of Accountability.”  I mean, I am well aware that for some reason, FINRA decided about two years ago, basically, to abandon any kind of geographic-oriented approach to its relationships with its member firms.  As a result of that decision, instead of being regulated by the District Office most proximate to your particular location, you could be regulated by someone who may be on the other side of the country. That’s because FINRA determined that being located near its members didn’t really matter; what mattered more was having a person handle the relationship with your firm who, theoretically, anyway, knows something about the kind of business you conduct.

So now, rather than being assigned to its local District Office, each BD is assigned to one of five groups:  retail, capital markets, carrying and clearing, and diversified, and trading and execution.  And within its particular group, each BD is assigned a specific human being – the Single Point of Accountability.  Sounds easy enough.

Sadly, the infrastructure FINRA erected is more complex than that.  According to this podcast, each BD also has to deal with both a risk monitoring director and a risk monitoring analyst.  So, now we’re up to three people.  How do their respective roles differ?  Well, I will let the podcast speak for itself there:

The risk monitoring director’s primarily responsible for managing the day-to-day operations of the analysts, so the underlying firms that they’re each assigned, making sure that the assessments, the risk monitoring work itself, is being done timely and it’s being done accurately. The SPoA role is more so focusing on strategic goals and consistency across the larger group.  So, by way of example, I oversee the retail private placements and the retail pooled investments and variable annuities groups. Those groups encompass almost 500 firms, so I’m looking at, across those firms, peer to peer analysis, how we’re handling the firms consistently, having discussions with firms, not treating all firms the same, we’re looking at them independently as well as against their peer group. So, the RMDs are focused on the day to day. The SPoA is focused on the macro level of the group.

Ok, that’s all fine, I guess.  And I even understand FINRA’s thinking behind the move to a business-based rather than geography-based approach to selecting a firm’s primary points of contact.  But, here’s the thing: as I kept reading this transcript, and these two SPoAs started telling about their supposed actual experiences with the member firms for which they had responsibility, it sounded more and more like I was reading some fiction story, or a story about some other regulator, because it sure as heck doesn’t sound like what my clients share with me about their relationship with FINRA.

To their credit, these guys did admit that BDs simply do not trust FINRA, and that their biggest challenge is earning that trust.  As one of them put it – and accurately so, in my view:  “I was on the exam side for 12 or 13 years, and what we often heard was, I’m afraid to say something to FINRA because they’re [sic] going to be retribution. You guys are going to do an exam.”  That is 100% true.  Given this skeptical view of FINRA, firms choose to avoid FINRA.  Knowing this, these SPoAs maintain that they’ve had great success turning that view around.  The problem is: what they say they’re doing to earn members’ trust just does not comport with reality.

They claimed this: “We’re happy to field any and every question that you guys may have. And if it’s not an answer that is readily available for us, we will get you the right person within FINRA. Allow us to kind of do the work for you a little bit versus you trying to figure out who the heck do I call at FINRA.”

Stated somewhat differently, but to the same effect, they also said: “But we’re that person that you can reach out to instead of pulling three names and reaching out to three different people to say, Hey, can we just have a quick call to talk? Because I have some concerns. And it’s a 15-minute conversation. We get it resolved and we move on.”

And this:  “We are truly here to be that Single Point of Accountability. The buck stops with us. If you reach out to us, we will be back in touch with you. We will get you the guidance or get you in touch with the right people within FINRA.”

No offense to these guys, but it is well known that apart from some notoriously helpful groups – CRED and MAP come to mind – it can be nearly impossible to get an answer from FINRA.  The notion that FINRA will “get it resolved,” or even provide guidance, as the result of a 15-minute call is fanciful, at best.  Examiners are loath to give black-and-white answers, as they don’t want to be held accountable.[2]  As a result, firms tend not to bother even to try and obtain advice from FINRA.  What would be the point?  As these guys acknowledged, no firm wants to bring an issue to FINRA’s attention if not only will no straight answer be provided, but it creates the risk that FINRA will then open an exam or, at a minimum, hold it against you.

With that said, I suppose we should at least give FINRA some small degree of credit for at least acknowledging the image problem it has with its members, and for hoping to do something to remedy it.  As these two guys put it, perhaps aspirationally,

we can be a very valuable partner. Our interests are aligned with firms in ensuring that FINRA understands the firm’s business and its risks, and that our risk monitoring and examination programs are tailored accordingly. So, we also, at the end of the day, want to ensure that firms get things right in the interest of investor protection and market integrity. So, no issue is too small, come to us, partner with us. We’re happy to work through things.

I like the sound of this, but, sadly, I will believe it when I see it.  It is going to take a lot of work to turn this battleship around.  Firms today simply do not view FINRA as a “partner,” someone that’s going to offer help and advice.  No, FINRA is largely seen as the enemy, happy to bring Enforcement actions for the slightest rule violations.  If FINRA can start even with baby steps, like having two SPoAs actually do what they promised here to do, then, perhaps, it can one day rehabilitate its tattered image.

[1] Ok, maybe that’s not a fair shot.  I should note that the podcast where I found that remark was called “FINRA’s Financial Intelligence Unit: Connecting the Dots,” so the use of the word “intelligence” in this quote had particular meaning.  Also, the speaker was Blake Snyder, a good guy, and someone I actually hired 20 years ago when I was the District Director of the Atlanta District Office.  Still, it’s pretty funny when taken out of context!

[2] Even worse, even when an examiner offers an opinion, you still can’t safely rely on it.  FINRA is perfectly free, come the next exam, to give a contrary opinion and hold against you the fact that you relied on the “wrong” advice provided earlier.  Why? Because the duty to comply resides solely with the firm, and cannot be delegated to anyone, not even to FINRA.

Not too long ago, a single, small BD experienced a bizarre combination of regulatory overzealousness and regulatory indifference, by the SEC and FINRA, respectively.  These things, sadly, happen all the time, but what happened to this unfortunate firm presents an excellent case study in regulators who simply do not wield their considerable prosecutorial discretion in any sort of fair, or predictable, fashion.

Let’s start with FINRA.  Spartan Securities Group was – notice the portentous use of the past tense here – a very small BD in Florida with a modest retail business, but also with a niche business in filing Forms 211, i.e., the application necessary for any BD to begin offering quotes on an issuer’s securities.  Unless and until some BD files a Form 211, no one can serve as a market maker for the issuer’s shares.  While perhaps a bit out of the realm of what “typical” BDs do, filing Forms 211 is not a particularly difficult thing, as the information contained in the form is pretty much supplied by the issuer itself.  A BD is not required under the applicable rule, i.e., FINRA Rule 6432, to independently corroborate the information supplied by the issuer.  It is worth noting that BDs may not receive any compensation in exchange for filing a Form 211, so issuers hoping to see their shares covered by market makers may not simply pay a BD to accomplish this.  Despite its small size, Spartan filed a significant percentage of all Forms 211 filed by all BDs.  Finally, but importantly, in addition to this business, Spartan also maintained a modest proprietary account in which it traded its own capital.

Unfortunately, two things happened in close succession for Spartan, neither one of which was good.

First, according to court filings, in early March 2019, Spartan’s head trader made a series of unauthorized short trades in Bio-Path Holdings Inc. in the firm’s prop account.  These trades were big enough that they exceeded the trading limits imposed on the head trader by Spartan.  Sadly, the share price kept climbing.  By the time the short positions were all covered, at great expense, it eventually resulted in a loss to Spartan, as well as Axos Clearing, Spartan’s clearing firm, in excess of $16 million.  Obviously, this caused a big hit to Spartan’s net capital, a hit from which the firm never recovered.

Second, the SEC took an interest in Spartan’s 211 business, and eventually filed a complaint in federal court against the firm and three of its principals alleging a variety of things, but principally that in filing the Forms 211 for 19 companies – out of approximately 1,500 such forms that Spartan filed overall – they failed to discover that these companies were shams, and that the individuals behind these 19 issuers were perpetrating a fraud on the investing public.  In their defense, the defendants argued that they had done nothing wrong, that they were unaware of anything untoward by the issuers, that they had done everything that FINRA and the SEC required of a BD that files a Form 211, and that the SEC was attempting to hold them to a standard of conduct in filing the Forms 211 that was not articulated in the applicable rules or any of the guidance that had been previously issued.[1]  By the time the case made its way to trial, Spartan was already out of business as a result of the unauthorized short sales described above.  The SEC persisted, however.

This is a sad tale, to be sure.  But, that’s not the point of this post.  The point is to ask you to consider the roles that FINRA and the SEC played, and just how oddly they did their jobs.

First, FINRA.  I want you to take the minute it will cost you to read this excerpt from the findings contained in the explained Award that resolved the arbitration that Spartan filed against its former trader (and which came to involve Axos, as well):

Responsibility has been defined as “the state of being held as the cause of something that needs to be set right” (Merriam-Webster Thesaurus). The Panel finds that [head trader] Respondent Scott Richard Reynolds (“Reynolds”) is solely responsible for the losses suffered by Third Party Respondent Axos Clearing LLC (“Axos”) and Claimant Spartan Securities Group, Ltd. (“Spartan”).

The witnesses called by Spartan and Axos were credible and Reynolds’ testimony was not. Moreover, the evidence of unambiguous text messages, created contemporaneously with the occurrence of operative events were highly probative, especially when compared to contradictory testimony proffered by Reynolds.

Reynolds, a licensed securities professional, initiated the short sale position in BPTH on or about March 6, 2019, creating an open-ended risk of loss to Spartan/Axos. Primarily using Axos’ money and being aware of Axos’ lending limits and its right to reject trades and close trading positions, he was caught in a short squeeze, causing Spartan to violate its net capital requirement, which as a member of FINRA, it self-reported.

As a licensed individual, trading through a FINRA member firm’s proprietary account, Reynolds had no discretion to disregard the explicit directives of Spartan’s compliance officer to cover the BPTH short on March 6, 2019 and in fact, exacerbated the highly risky short position by adding to it, in contravention of his supervisor’s instructions and his own trading limits.

The Panel finds that Reynolds’ unlawful actions were not merely negligent or reckless, but intentional. This is evidenced by numerous acts such as fictitious trade entries made by Reynolds into Spartan’s control/Brass system in order to make it appear as if the BPTH short position was materially smaller than the true amount. Reynolds’ explanation for these “wooden” tickets defied common sense. His further assurances that there was a “block-order” or big seller coming in late on March 6 was likewise false. These actions/representations, among others, caused both Spartan and Axos to reasonably rely to their detriment. Reynolds did not want to close out the short position on March 6 despite orders to do so by his employer. He lied to keep it open and concealed his intent from Spartan/Axos. Those two entities reasonably relied, suffering large losses, including the destruction of Spartan’s on-going business.

This is pretty strong language from the panel.  “Intentional.”  “Lied.”  “Concealed.”  And look – I am not saying the hearing panel was right or wrong; indeed, Mr. Reynolds is, to my understanding, pursuing a Motion to Vacate the Award that could eventually result in a different outcome.  But, what I AM saying is: what do you think FINRA did about this?  What action did FINRA take against the guy whom the panel concluded was “solely responsible” for the $16 million in losses that put Spartan out of business?

Nothing.  Not. A. Thing.

Well, let me be clearer, actually.  FINRA actually did take action.  But not against Mr. Reynolds.  No, rather remarkably, even though it never charged Mr. Reynolds with anything,[2] FINRA chose instead to go after his supervisor, i.e., the guy, according to the hearing panel, whose “explicit directives” to close out the short positions were ignored by Mr. Reynolds, the guy to whom Mr. Reynolds supposedly lied.  According to the AWC that FINRA exacted from the supervisor, although Mr. Reynolds had “executed a series of transactions in Spartan’s proprietary account that resulted in short positions in a biotechnology stock that exceeded the trading limits set forth in the firm’s WSPs,” his supervisor “became aware of the short positions in the biotechnology stock in the morning on March 6, 2019, but failed to modify or restrict the trader’s market access until close to the end of the trading day.”

So, according to FINRA – not me – Mr. Reynolds did, in fact, exceed his written trading limits, resulting in uncovered short sales that caused Spartan to incur a $16.6M loss, but instead of charging him for that, they charged his supervisor for not stopping it sooner.[3]

Huh.

Chew on that while I shift our attention to the SEC.

In its complaint, the SEC leveled 14 separate charges against Spartan – defunct already – and three principals (one of whom, coincidentally, was – you guessed it – Mr. Reynolds’ supervisor).  The case went to trial earlier this year before a jury.  A three-week trial, at that.  And what do you think the jury did?  Well, it dismissed 13 of the 14 claims, leaving only a single finding of liability – a finding that is being challenged.  And, notably, all charges against Mr. Reynolds’ supervisor were dismissed.

So, what do you call a case where 13 of 14 claims you made are rejected by the jury?  I suppose it’s a matter of perspective.  If you’re the SEC, i.e., the plaintiff, you call it a big win!  It’s like a guy batting .125 who manages to eke out a broken-bat single and then celebrates his resounding hitting prowess.

There are lots of details here that I’ve deliberately omitted in an effort to keep this at a readable length.  But, truly, they’re not important, as they don’t change anything about the overarching observations I am making.  (For an excellent discussion of the SEC trial, please see this article by the attorney who defended it.)  FINRA, as everyone knows, will bring an Enforcement case at the drop of a hat, no matter what its senior management likes to say about how reasonable and understanding and non-adversarial they are.  Yet, here, when presented with evidence at least suggesting that Spartan’s head trader had allegedly committed a variety of acts that not only resulted in the demise of Spartan’s business but which constituted a number of heady rule violations, FINRA simply ignored the trader.

This is simply inexplicable.  Given the ticky-tack nature of many of the Enforcement actions I am called upon to defend, it is maddening that FINRA elected to take a pass here.  And again, I am not saying this because I have anything against Mr. Reynolds; I mean, kudos to him for managing to avoid FINRA’s wrath.  It’s just that I cannot fathom the decision-making process that must have taken place resulting in no action being brought against him.  I can only hope that when the SEC performs its oversight exam of FINRA that it manages to find this case and ask some hard questions to Enforcement management regarding its charging decisions.

As for the SEC, they are guilty of the exact opposite crime: they were so anxious to bring a case against Spartan and its principals that they pretty much invented a new standard by which to gauge the respondents’ conduct in order to justify their zeal.  Happily, the jury saw through this bit of trickiness, as reflected by the denial of 93% of the charges, and rejected the SEC’s argument that somehow the views of the staff, even published views, carry the same weight as actual law.

No one is perfect.  But the sort of imperfection displayed here by FINRA and the SEC is more than just annoying; it demonstrates a sense of haughtiness, of being able to do whatever the heck they want, that suggests the system is not working.  Broker-dealers, as well as the investing public, deserve a degree of consistency from the regulators in their charging decisions.  That does not exist right now, and poor Spartan understands this better than anyone.

 

 

[1] According to the guidance available at the time, all Spartan needed to file a Form 211 was a “reasonable basis” for doing so.

[2] It is notable that in support of his Motion to Vacate, Mr. Reynolds extolls the fact that FINRA took no action against him.

[3] In the interest of fairness, it should be noted that by the time this Award was issued, FINRA had already lost its jurisdiction over Mr. Reynolds.  But, it is also true that FINRA was well aware of these facts while it still had jurisdiction over Mr. Reynolds; it just decided not to bother to do anything.

Sorry for the long period of radio silence, just been busy getting ready for the continuation of the longest arbitration I have ever worked on, now in the midst of week no. 6!  But thanks to Denise for this thoughtful take on the Howey test and its application to crypto. – Alan

In any classic securities regulation textbook, you’ll be sure to find a chapter called “Definition of a Security.” Besides your typical bonds and stocks, which are easily identifiable as securities, the most infamous (and a sure-to be on a law school final exam) question is: What is an investment contract and under what circumstances is it deemed to be a security? A quintessential catchall, the term “investment contract” has been liberally construed by courts to apply to a wide range of money-raising schemes that were found to be securities (even as far-reaching as interests in whiskey warehouse receipts).

This progeny of cases comes from the landmark case of SEC v. W.J. Howey Co. in which the Supreme Court established the “Howey test” for an investment contract. For those of you not familiar with the case or need a refresher, in Howey, a hotel operator sold interests in orange groves as an investment scheme, combining both a real estate contract for the sale of tracts of land with a service contract to cultivate the orange trees. The Court, focusing on the economic reality of the transaction, held that the circumstances surrounding the sale of the orange grove interests constituted an investment contract and therefore a security. To clarify the Court’s finding, it’s important to point out the following distinction: the underlying asset (the orange grove) itself was not held to be a security, but rather it was the way in which the tracts of orange groves were sold that rendered them an investment contract. Naturally, you may be wondering, what exactly do orange groves have to do with digital assets? As it turns out, the SEC believes they have a lot more in common than you would think.

Cryptocurrencies have been all the talk lately, but despite the growth of the decentralized finance (DeFi) movement, U.S. laws and regulations have been stagnant and haven’t kept up with the crypto craze. Now, with the mainstream acceptance of cryptocurrencies, there is also mounting pressure on federal agencies like the SEC to figure out a way to regulate them under existing laws. That’s where the Howey test comes in.

Without new legislation to rely on, the SEC has determined that a digital asset (such as a cryptocurrency) may be considered an investment contract and therefore a security under the Howey framework. As SEC commissioner Hester Pierce (a.k.a. “Crypto Mom”) explained, “when we think about a cryptoasset as being a security what we’re doing is we’re saying it’s being sold as part of an investment contract. It doesn’t mean that the asset itself necessarily has to be a security. It means that it was being sold as a security.” Putting aside Pierce’s remarks, SEC Chair Gary Gensler recently admitted that cryptocurrencies are like the “Wild West,” and continues to vocalize his desire for more Congressional rulemaking on digital asset regulation.

At the same time, though, Gensler expressed his view that there is no issue on how cryptocurrencies are currently treated under the securities laws, concluding that “certain rules related to crypto assets are well settled.” Referring again to the Howey test, he also remarked that “the test to determine whether a crypto asset is a security is clear.” Yet, it is actually the lack of regulatory clarity that has kept the cryptocurrency community in limbo on how to act and at the mercy of the SEC’s scattered method of regulation-by-enforcement. As a testament to that, the SEC has now brought several digital asset cases under the Howey framework, alleging that the digital assets at issue were investment contracts and therefore securities.

In one recent case (SEC v. Ripple) being dubbed the “cryptocurrency trial of the century,” the SEC filed an action against Ripple Labs and its founders for their unregistered offering of the XRP digital token in alleged violation of the securities laws. The SEC alleged that XRP is an investment contract due to its centralized nature and the way in which it was offered, sold, and promoted. In order to preserve the sanctity of the Howey test and its application to digital asset cases, the SEC did not allege that XRP (as in the digital token) was itself a security, but, rather, it was the circumstances surrounding XRP’s offering that made it one.

Yet, the SEC felt the need to further justify its position that XRP is an investment contract by also explaining why “XRP is not a currency.” This leaves us with one remaining question: if XRP (as in the digital token itself) is not a security, but it’s also not a virtual currency, then what exactly is it? According to the SEC, the answer is simple: it’s “software code.” Respectfully, I have to disagree with the SEC here. The essence of a digital token cannot be diluted to have such a rudimentary meaning. Applying this type of logic to the Howey case would the equivalent of reducing the orange grove’s meaning to an orange seed. The XRP digital token represents something beyond software code; it represents a virtual currency. So whether the SEC would care to admit it or not, the Howey orange grove analysis does not apply as neatly to the facts and circumstances surrounding XRP and its offering.

While the Ripple case guarantees to be an interesting outcome for the DeFi movement, the SEC doesn’t plan to stop there. The SEC has put a “spotlight” on initial coin offerings (“ICOs”) and continues to bring more cases of unregistered offerings of digital assets and their promoters (celebrities not excluded), such as against “Above the Law” star Steven Seagal. While new legislation such as the Securities Clarity Act is promising, as its name aptly suggests, more clarity in this area, in the meantime, the SEC will continue regulating the nascent cryptocurrency industry under 75-year old jurisprudence. It is my hope that we will soon see formal cryptocurrency regulations in place so that the SEC can start reviewing digital asset cases using an apples-to-apples analysis rather than settling on comparing them to orange groves.

I am certain that, by now, you have read the Robinhood AWC.  Here is a fascinating take on that settlement, and what it portends for the securities industry, as well as for FINRA, by Denise. – Alan

There’s no question that FinTech firms are on the rise, and attempting to revolutionize the financial services space for the better. One such FinTech firm is none other than the notorious Robinhood. A technology company at heart, but a broker-dealer by definition, Robinhood wants its users to take trading into their own hands (or should I say smartphones?). While it’s true that more Americans are turning to the self-directed, commission-free trading model via FinTech apps, this sometimes comes at a cost, too. On June 30, 2021, FINRA announced that it reached an AWC with Robinhood, imposing a $70 million record-breaking monetary sanction against the FinTech firm. Although FINRA cited various violations of its rules, ultimately, its message to the industry goes beyond Robinhood’s underlying misconduct: FINRA is bearish on FinTech – at least for now.

FINRA acknowledges that FinTech is alive and well, even providing a loose definition of the term in a footnote (“FinTech refers to new uses of financial technology”). Yet, FINRA hasn’t quite fully accepted the FinTech brokerage model. As Jessica Hopper, FINRA’s Head of the Department of Enforcement, said, “compliance with these rules is not optional and cannot be sacrificed for the sake of innovation or a willingness to ‘break things’ and fix them later.” As a further testament to that, FINRA, through its findings in the AWC, concluded that Robinhood relied too extensively on its automation to conduct its brokerage operations, and did not conduct adequate supervision over its technology-based brokerage model. While Robinhood may want to revolutionize the financial markets, FINRA wants to continue regulating them in the way it knows how. In furtherance of this point, here are some of the key findings from the AWC.

False and Misleading Information Distributed to Customers.

FINRA found that Robinhood made various false and misleading communications to its customers, including misinformation regarding its “Free Stock” program, inaccurate cash balances and buying power, and the ability to place trades on margin, among other things. Although FINRA took issue with the misleading communications, it also brought up the corollary issue that no firm principals supervised those communications. Specifically, FINRA found that “Robinhood did not establish reasonable procedures to supervise the accuracy of the account information it displayed to customers via its website and mobile applications,” and further explained that “the firm relied on mathematical models and formulas to calculate much of the data it displayed to customers, but it did not require that a supervisory principal review the accuracy of those models and formulas.” Yet, this is only one of FINRA’s many findings that focus on the fact that Robinhood failed to employ firm personnel to supervise critical brokerage operations. Apparently, not all regulatory requirements can be outsourced to “new uses of financial technology” as FINRA sees it.

Failure to Exercise Due Diligence Before Approving Options Accounts.

This is one of the more interesting findings in the AWC. The issue here is that FINRA Rule 2360(b)(16) requires that either a Registered Options Principal or a General Securities Sales Supervisor (i.e., a person) approve a customer account for options trading, so Robinhood’s almost entirely automated system cannot satisfy the rule’s requirements. As a workaround to this rule, Robinhood employed some firm principals to review options account approvals. In reality, though, FINRA found that the FinTech giant was approving customer options accounts based almost entirely on its computer algorithms with very limited principal review (“Although Robinhood’s algorithms currently approve hundreds of thousands of options applications every month the firm’s team of principals previously reviewed only 20 applications per week; in May 2021 the firm increased its principals’ review to approximately 500 applications per week.”) As FINRA stated, “Robinhood used an almost entirely automated system for approving customers for the two levels of options trading offered by the firm.” It seems that by largely automating its options account opening process, Robinhood chose to ask FINRA for forgiveness rather than permission.

Failure to Supervise Technology Critical to Providing Customers with Core Broker-Dealer Services.

FINRA also drew an important distinction between brokerage operations and broker-dealer oversight when it found that Robinhood (the broker-dealer) failed to supervise the activities of its parent company, Robinhood Markets Inc. (RHM), which is responsible for operating and maintaining technology related to its brokerage operations. Specifically, FINRA found that:

From January 2018 to February 2021, Robinhood failed to reasonably supervise the operation and maintenance of its technology, which, as a FinTech firm, Robinhood relies upon to deliver core functions, including accepting and executing customer orders. Instead, Robinhood outsourced the operation and maintenance of its technology to its parent company, Robinhood Markets, Inc. (RHM)—which is not a FINRA member firm—without broker-dealer oversight. Robinhood experienced a series of outages and critical systems failures between 2018 and late 2020, which, in turn, prevented Robinhood from providing its customers with basic broker-dealer services, such as order entry and execution.

FINRA’s mandate is clear: Robinhood – as a regulated, broker-dealer entity – must adequately oversee its brokerage operations and ensure compliance with FINRA rules, even if those core brokerage activities are conducted through technology-driven processes by its parent company. While FINRA didn’t mind that Robinhood outsourced its operations to its parent company, it did take issue with the fact that Robinhood failed to oversee those operations. This distinction is important in the way that FinTech firms must learn to balance both their business and regulated sides. So, while Robinhood may have passed its brokerage operations off to its parent company so it can be the fun technology company it wants to be, ultimately FINRA reminds us that Robinhood cannot avoid its role as a boring, old, regulated broker-dealer entity.

Failure to Have a Reasonably Designed Customer Identification Program.

In another consequential finding, FINRA determined that Robinhood did not have a reasonably designed customer identification program in violation of its AML rules. FINRA’s main concern here was the fact that Robinhood delegated most of its account opening processes to algorithms “without any effort to verify that the information provided by the customers was accurate.” Here, FINRA set an expectation that FinTech firms should engage in some type of “manual review” conducted by personnel in order to ensure compliance with its AML rules. This is what FINRA had to say about it:

Robinhood failed to establish or maintain a customer identification program that was appropriate for the firm’s size and business.” The firm approved more than 5.5 million new customer accounts during that period, relying on a customer identification system that was largely automated and suffered from flaws.

FINRA also raised the fact Robinhood did not have any employees whose primary job responsibilities related to its customer identification program during the period, and that a single principal approved more than half of the more than 5.5 million new accounts that were opened. These findings reinforce the AWC’s principal theme: an automated brokerage model cannot run on its own without meaningful human oversight.

In all, these AWC findings, along with the others, formed the basis for the largest fine ever issued against a broker-dealer. FINRA’s award against Robinhood is monumental, and not just because of it is record-breaking amount, but also because it establishes a new regulatory precedent for FinTech firms to follow.

Still, it seems that the real winner here at the end of the day is: Robinhood. Just one day after the AWC was entered against it, Robinhood filed for its IPO under the catchy ticker, “HOOD,” showing its playing power in this industry. With over 31 million users and counting, Robinhood isn’t going anywhere anytime soon.

The question remains: Will it be FINRA that decides to update its rules to adapt to the rise of FinTech or will FinTech firms need to continue accommodating their operations until FINRA catches up with the trend? While it may be the latter for now, my prediction is that FINRA will eventually have no choice but to accept the rise of FinTech as more investors are choosing this financial path. In the end, it may be FINRA that needs to adapt to the FinTech model instead of the other way around – and FINRA may find itself bullish on FinTech after all.

There have been tons of cases where firms got in trouble – in AML trouble, which is one the worst kinds of trouble – for failing to be sufficiently on top of third-party wires, i.e., where a customer wires money not to himself but to someone else.  In a change of pace, last week, the SEC published a settlement it entered into with Securities America Advisors (SAA) that involved a failure to adequately supervise first-party wires, i.e., wires sent by the client to him- or herself.  It is a super-interesting case, as it tees up a few thought-worthy issues.  Like, did SAA’s supervisory requirements go too far?  That is, did the firm make the mistake of holding itself to a standard that was not only unnecessary, but practically impossible to meet?  Should first-party wires be treated the same as third-party wires?  Is it really reasonable to expect a firm to require that an existing customer who wants to take money out of his securities account and send it to his bank account disclose what his plans are for that money before it can be disbursed?

Let’s start, as always, with the facts.  SAA is an investment advisor.  Securities America, Inc. (SAI) is the BD that served as the introducing firm for SAA’s clients.  They share common ownership.  SAA “adopted SAI’s policies and procedures for safeguarding client assets from misappropriation . . . thereby delegating to SAI responsibility for surveilling SAA advisory accounts.”   Hector May was an RR with SAI and the owner of his own independent state-registered investment adviser.  His advisory clients participated in SAA advisory programs and opened SAA advisory accounts.  Hector, as it turned out, was not a good guy, and a rather poor fiduciary.

He encouraged certain of his SAA advisory clients “to buy bonds away from” their SAA accounts, “falsely claiming that he could obtain the bonds at a better price and avoid certain fees if they did so.”  To pull that off, “he instructed the clients to transfer the necessary funds from their SAA advisory accounts to their personal bank accounts and to approve the transfer in the event they were contacted for confirmation.”  Once the money hit the personal bank accounts, Hector then had his +clients transfer the money to an account owned by his RIA.  He did not then use the money to buy bonds, however.  Instead, he “diverted” it “for his own personal use,” and hid his misconduct by ginning up fake advisory account statements that, falsely, showed the bonds.  (For this, Hector later became a respondent in an SEC case and a defendant in a federal criminal case, resulting in associational and penny stock bars, a 10+ year prison sentence, and a restitution obligation of $8 million.)

But, enough about Hector, let’s get back to SAA and SAI.  Putting aside for the moment whether this was a smart thing to do, SAI had systems in place designed to surveil for potentially improper disbursements – apparently including first-party disbursements – both before and after the disbursement.

Beforehand, SAA required, quite predictably, that customers actually document their requests.  Interestingly, SAA policy allowed a customer to sign a disbursement request once, and it could then be used for the next 12 months.  At least one customer, however, was permitted to rely – six times – on a disbursement request that had already expired.

In addition, there was a separate policy that required the back office to review outgoing wire requests over $50,000 for possible misappropriation.  This entailed a four-step process.  First, the back office staff had to contact the advisor to confirm that the customer had verbally confirmed the wire request.  Next, the back office was required to speak directly to the client to confirm the request, including confirming the client’s full name, last four digits of the client’s social security number, date of birth, and the amount and destination of the wire.  Third, the back office had to administer a Verification ID test designed to confirm the client’s identity.  Last, once steps 1-3 were done, staff was required to complete the Representative Verification and Client Verification section of the brokerage disbursement verification checklist.  While this is an impressive sounding list of requirements, in practice, staff failed to do everything in every case that the policies required.  One customer had 20 outgoing wires that should have resulted in a call to him, but he only got called 11 times.  Another five disbursements were approved where the customer could not identify the amount or the destination of the wire.

As for after-the-fact supervision, SAI had an automated AML surveillance system that generated alerts “based on certain preset rules and scenarios for potentially suspicious disbursements from client accounts,” including alerts based on the size of disbursements, size of disbursements relative to total account value, frequency of disbursements, and the percentage of disbursements to deposits.  Once generated, these alerts were supposed to be reviewed “within two to ten days depending on the alert” and analyzed for suspicious activity.  The disbursements by Hector’s customers triggered multiple alerts.  Indeed, between November 2014 and March 2018, at least 55 alerts were generated for outgoing disbursements to May’s advisory clients were identified as suspicious, but they were not analyzed, and not escalated for further action.  Why were the alerts triggered?  As examples, the SEC pointed to Client A, a senior citizen, and Client B, a company pension fund.  Both had account profiles that identified growth among their investment objectives and both stated that they held no assets away from SAA, facts apparently inconsistent with multiple withdrawals. Despite these facts, and despite the fact that these multiple disbursements were emptying the accounts, the alerts were not analyzed; indeed none of the 55 alerts was analyzed as per SAA’s policies.

For this, SAA paid the SEC $1.75 million, and had to retain an Independent Consultant.  Hardly a slap on the wrist.

And for what, really?  That’s what I’m trying to figure out.  When you read the details of the actual violations, it certainly seems that what got the SEC worked up is the fact that SAA had policies in place that seemed pretty good, but, for whatever reason failed to abide by them:  “SAA failed to implement its policies requiring AML analysts to review automatically generated surveillance alerts for suspicious client disbursements. SAA also failed to implement the signature requirements delegated to Cashiering and the call-out requirements for Trade Support.”    Granted, the failure happened multiple times, and resulted in over $8 million in customer losses.  When you put it that way, the result doesn’t sound crazy, right?  The SEC hates seeing that much money misappropriated from customers, so its reaction is hardly surprising.

But…would this have been the result if SAA didn’t have policies in place to monitor first-party wire disbursements?  What if SAA didn’t bother to make customers explain why they were taking money from their advisory or brokerage accounts and transferring it to their bank accounts?  Would the SEC have written the firm up in that circumstance for not having a first-person disbursement surveillance program in place?

I don’t think the answer is clear.  I don’t represent banks, but I am unaware of any rule that says a bank – which, of course, also has to abide by the very same AML rules – is obliged to ask a customer who makes a withdrawal – even a big withdrawal – why the customer wants his or her money and how it’s going to be spent?  Assuming that I am correct, why, then, would a BD or an RIA have to pose those same questions to their customers?  I have defended hundreds of customer arbitrations, and in many of them, I am faced with facially odd spending decisions by the customer.  My response is generally the same:  a customer is free to do with her money whatever she wants.  Not my problem, or, more importantly, my clients’ problem, if a customer decides to pull money out of an account – even money that when deposited was represented to be a long-term investment – and buy a car, or re-do a kitchen, or pay an unexpected medical bill.

In 2020, FINRA entered into an AWC with Royal Alliance that suggests I am correct.  In that case, FINRA found that two Royal Alliance RRs stole more than $3.8 million from customers by having their customers send wire transfers or checks from their brokerage accounts into accounts for entities the RRs created.  The gravamen of the complaint is that “the firm’s cashiering group unreasonably treated these . . . transfers as first-party transactions and thus processed them in contravention of the firm’s prohibition against third-party wire transfers.”  In other words, Royal Alliance was ok with first-party transfers, but not third-party transfers.  Notably, however, FINRA did not write the firm up for not having a more robust policy to cover first-party transfers, but, rather, for not doing a particularly job of figuring out that the transfers at issue were, in fact, third-party transfers.  That is consistent with my experience: first-party disbursement requests are routinely made without the same scrutiny that third-party requests are supposed to require, and the regulators are cool with that.

Notwithstanding this, the SAA settlement certainly suggests that there is some real risk to any advisor or BD that is not paying the same attention to first-party wires as it is to third-party wires.  I just don’t see that this reflects reality.  I cannot imagine that customers will cotton to having to tell their advisors why they want their own money.  The answer that “well, sorry, Mr. Customer, but I am required to ask” is not going to stop customers from taking ALL their money out and moving it elsewhere, where the advisors aren’t quite so nosy.

In conclusion, I am conflicted on what advice to give here.  The conservative me says that you should use the SAA settlement as a lesson not to distinguish between how you treat first- and third-party disbursement requests.  But, given the ridiculous amount of work that advice engenders, and the lack of prior indications from regulators that this is something you HAVE to do, the reality me says that you don’t need to do this.  Well, maybe only in those situations where your advisors are using first-party transfers to steal customer money.  Once you figure out how to detect those, maybe you can share it with the rest of us.  But in my experience, it is not easy to do, no matter how robust your supervisory system.  I will say this, however, which I have said before: Be very careful about creating a supervisory policy that holds you to a standard above and beyond that which the regulators demand.  Because once you do, then it’s fair for the regulators to insist that actually do what you say you’re going to do.

 

Most securities regulations, by design, create a gray world where compliance is not crystal-clear, but, rather, subject to interpretation.  After all, what you think constitutes “reasonable” supervision and what FINRA or the SEC think is reasonable may very well be two extremely different things.  Indeed, it is the existence of subjective standards of conduct like this that, ultimately, put food on my table, as people and firms hire me to advocate on their behalves that they have met such standards.  (When the issue is black-and-white, alas, I am reduced to arguing what the appropriate remedial sanctions ought to be.)  Sometimes I win, sometimes not, but there is always plenty of room to accommodate the discussion.

That is not the case, however, in those relatively rarer instances where a rule is plain and simple enough that the issue of compliance vs. non-compliance cannot generate any legitimate debate.  When a rule is like that, and articulates a specific standard in clear, precise language, there is no real excuse for violating it.  Yet…somehow, perhaps inexplicably, firms can still be counted upon to get it wrong.

Guggenheim Securities discovered this hard truth a week or so ago, as reflected in this short-and-sweet SEC settlement.  The facts, blessedly, are awfully straightforward:

  • One of the explicit purposes of the Dodd-Frank Act was “to encourage whistleblowers to report possible securities law violations.”
  • To help fulfill this Congressional purpose, the SEC created Rule 21F-17, which provides that “[n]o person may take any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement . . . with respect to such communications.”
  • That rule became effective in 2011.
  • Despite the existence of that rule, from at least April 15, 2016 to July 2020, Guggenheim’s Compliance Manual included a section called “Communications with Regulators,” which stated, in relevant part: “Employees are also strictly prohibited from initiating contact with any Regulator without prior approval from the Legal or Compliance Department. This prohibition applies to any subject matter that might be discussed with a Regulator . . . .  Any employee that violates this policy may be subject to disciplinary action by the Firm.”
  • In 2018 and 2019, as part of its annual compliance training, Guggenheim reminded its employees that they were “prohibited from initiating contact with any regulator without prior approval from Legal or Compliance.”
  • While Guggenheim’s majority indirect owner, Guggenheim Capital, LLC, maintained a Code of Conduct that provided it “should not be interpreted to restrict or interfere with any employee’s rights, free speech, or any whistleblower protections under applicable laws, regulations and requirements,” Guggenheim’s Compliance Manual provided that in the event its policies were “more restrictive” than a Guggenheim Capital policy, Guggenheim “personnel should follow the more restrictive of the policies or procedures, absent explicit direction to the contrary.”

When the SEC discovered this, and apparently brought the problem to the attention of the firm, Guggenheim promptly revised the offending language to remove the impediment to any employee who might be interested in blowing the whistle.  Somehow, it seems that the SEC gave Guggenheim credit for this remedial action.  (In many, probably most, cases, to get any kind of real credit for taking remedial action, you need to do it BEFORE the SEC points out your problem.  But, who am I to argue with this?)  But, it still cost Guggenheim the (strangely specific) sum of $208,912 in a civil penalty. Small potatoes on a day when Robinhood just paid $70 million, but, still, enough to get your attention.

The lesson from this settlement seems pretty obvious to me.  And it’s not too different from Ferris Bueller’s observation that “Life moves pretty fast.  If you don’t stop and look around once in a while, you could miss it.”  The same goes for rules – especially new rules – and your WSPs and Compliance Manual: you have to pay attention when new rules are created that impose new requirements, and make sure that you are timely and appropriately updating your internal documentation to comport with those requirements.  It is inexcusable to continue to have a prohibition in your Compliance Manual that is at odds with a rule that was implemented, say, five years earlier.

I actually got to thinking about this not too long ago when I happened across Reg Notice 21-16.  That was issued in April 2021 to remind people about FINRA Rule 2268, which dictates – in very precise language – what must (and must not) be included in a pre-dispute arbitration clause in a customer agreement.  That rule first became effective in 1989, and has existed pretty much in the same format ever since.  Yet, over 20 years after the rule came out, FINRA claims it felt compelled to issue this Reg Notice because it “has become aware that customer agreements used by some member firms contain provisions that do not comply with FINRA rules.”  Apparently – and I say “apparently” because FINRA cites no actual Enforcement cases that it brought recently involving this rule – FINRA found firms using arbitration clauses that wrongfully (1) dictated the hearing location, (2) attempted to shorten an applicable statute of limitations, (3) limited a customer’s right to pursue a class action in court, (4) prohibited a customer from seeking punitive damages, and (5) included indemnity language.

Rule 2268 is super easy to comply with.  I mean, the rule actually spells out the exact verbiage that you have to use in an arbitration clause.  Compliance with the rule could not be easier.  It literally is a matter of accurately cutting-and-pasting.  And, yet, if you believe FINRA, firms still manage to blow it.  I just don’t get it.

The good news, I suppose, is that the SEC did not name anyone individually, and clearly it could have.  Someone was responsible for the care and feeding of the firm’s Compliance Manual.  FINRA Rule 3130(b) requires that annually, the CEO certify that the firm “has in place processes to establish, maintain, review, test and modify written compliance policies and written supervisory procedures reasonably designed to achieve compliance with applicable FINRA rules, MSRB rules and federal securities laws and regulations, and that the chief executive officer(s) has conducted one or more meetings with the chief compliance officer(s) in the preceding 12 months to discuss such processes.”  In light of this requirement, and Guggenheim’s five-year failure to figure out that its Compliance Manual conflicted with the SEC Rules, it is easy to see how the CEO could have been implicated here.  So, take this case as the warning it is meant to be: Pay Attention!

FINRA Enforcement has often been accused (again, admittedly, by me, and not too infrequently) of going after the “low-hanging fruit,” that is, taking the easy case when it presents itself.  Putting aside the question whether this observation is accurate or not – for what it’s worth, I think the answer is that it is often, but not always, true – a recent case triggers a better, more nuanced question: does FINRA Enforcement sometimes bring the wrong case, because it is easier?

Here is what made me think of this: a series of cases concerning a mutual fund called the LJM Preservation & Growth Fund (the “LJM Fund”).  You probably recall hearing about it.  The LJM Fund was a so-called “alternative” mutual fund.  Here is how FINRA defines that:

Alternative mutual funds are publicly-offered mutual funds that seek to accomplish the funds’ objectives through non-traditional investments and trading strategies. . . .  Alternative mutual funds are often marketed as a way for retail customers to invest in sophisticated, actively-managed hedge fund-like strategies that will perform well in a variety of market environments. Alternative mutual funds generally purport to reduce volatility, increase diversification, and produce non-correlated returns and higher yields compared to traditional long-only equity and fixed-income funds, all while offering daily liquidity.

The LJM Fund’s investment strategy involved, in part, collecting premiums from the sale of out-of-the-money options on the S&P 500 futures index.  (While the LJM Fund also bought options, overall, it was “net short.”)  Actually, this is a perfectly fine strategy, provided you are in a relatively flat trading environment.  In that setting, all you do is collect the premiums, watch the options you’ve sold expire worthless, and sit back and look like a genius.  In times of volatility, however, it carries the risk of significant losses as those out-of-the-money options suddenly become in-the-money.

On casual review, the LJM Fund apparently looked like any other of the hundreds of mutual funds that appear on the long lists of available mutual funds provided by clearing firms.  It did not readily appear to be an alternative or complex fund, and so was sold by several BDs to customers with conservative or moderately conservative investment objectives.

As you might expect in a story that starts out like this, the worst case scenario did, in fact, happen: on February 5, 2018, the S&P 500 fell 113 points, a loss of about 4.1%.  In just two days, the LJM Fund (and its companion private funds) lost 80% of their value, i.e., over $1 billion (yes, billion with a “b”).  A month later the Fund was liquidated and closed.  Customers suffered large losses.

So, what did FINRA do about this?  You can guess.  It took the easy path.  It went after BDs which had sold the LJM Fund.  In March this year, FINRA accepted AWCs from three such BDs.  The principal allegation that FINRA made was that the firms permitted the sale of the LJM Fund without having conducted reasonable due diligence, i.e., without fully understanding that it was an alternative fund, with unique risks that set it apart from all those vanilla mutual funds that also appeared on the sales platform.

In other words, as FINRA saw it, the customer losses were the fault of the selling BDs.  And that’s how FINRA always sees the world, in much the same way as PIABA lawyers do: it’s always the selling BD’s fault.

Yet, fast forward a few months from March to about a week ago, when the SEC filed a complaint against investment advisers LJM Funds Management, Ltd. and LJM Partners, Ltd. and their portfolio managers, Anthony Caine and Anish Parvataneni.[1]

These are the individuals and entities who ran the LJM Fund.  And what did the SEC allege that these defendants did wrong?  According to the SEC’s Litigation Release, they “fraudulently misled investors and the board of directors of a fund they advised” – i.e., the LJM Fund – “about LJM’s risk management practices and the level of risk in LJM’s portfolios.”  More specifically, while “LJM adopted a short volatility trading strategy that carried risks that were remote but extreme,” allegedly, some of the defendants, “in order to ease investor concerns about the potential for losses . . . made a series of misstatements to investors and the mutual fund’s board about LJM’s risk management practices, including false statements about its use of historical event stress testing and its commitment to maintaining a consistent risk profile instead of prioritizing returns.”

The SEC complaint further alleges “that, beginning in late 2017, during a period of historically low volatility,[some defendants] increased the level of risk in the portfolios in order to chase return targets, while falsely assuring investors that the portfolios’ risk profiles remained stable.”

In other words, at least according to the SEC complaint, these Defendants, who were well aware that “the funds’ investors and their financial advisors were primarily concerned about the risk of loss – including estimated worst-case loss scenarios – and how the risk of investment loss was managed,” intentionally and craftily created a false narrative about the LJM Fund’s risk management practices designed to mask the true risks associated with the fund.  And mask these risks not just from investors, but, as well, from the investors’ financial advisors.  That is, from the same BDs that FINRA decided to sanction because somehow, they failed – LIKE EVERYONE ELSE – to figure out that the folks running the LJM Fund were – allegedly – fraudulently hiding its real risks.

So, now we get to the point: for FINRA, it seems that when customer losses occur, especially after spectacular blow-ups like the sudden explosion of the LJM Fund, it goes after any BD that managed to have its fingerprints on things.  Rather than taking a more deliberative approach, one that takes into full consideration the fact that we are strictly dealing with a “reasonableness” standard of supervision, and one that is open to the possibility that the BD itself may have been a victim of someone else’s fraud, FINRA takes the “easy” route, as it did here with the three firms from which it exacted the AWCs, and just blames the BD.

Attentive readers may recall that not too long ago I wrote a blog generally complaining of claimants’ counsel who troll for clients by posting notices on their websites of supposed “investigations” that they are conducting of some alleged fraud, and specifically pointing out the intensive campaign they’ve waged to induce investors in GPB to file arbitrations against the BDs that sold GPB.  All that despite the fact that, according to the SEC, the selling BDs were not the bad guys, but were themselves the victims of the alleged fraud that was perpetrated by GPB.

Yet, notwithstanding this conclusion by the SEC, who among us would be surprised in the slightest if FINRA starts filing Enforcement actions against the selling BDs, alleging some supposed failure to have conducted adequate due diligence on GPB?  Sadly, the answer is none of us.  Because we know from its historic practice of playing the role of claimants’ counsel, that FINRA will, inevitably, blame the BDs.  Because it’s easy.

 

[1] Rather remarkably, mere minutes after I initially posted this blog, I received an email from the “strategic communications and media relations firm” that represents LJM Funds Management.  According to the firm’s website, among the services it offers to its clients is “reputation management,” which is described as follows: “We actively monitor and advise our clients on market and public sentiment around their businesses in the media and online.”  To that end, I was asked to share with you a statement from Mr. Caine in which he (1) denies the allegations, (2) insists that he has “summarily rejected” the SEC’s settlement offer, and (3) states his intent to “vigorously defend these false claims while continuing to aggressively pursue actions to seek financial recourse for LJM investors,” among other things.