This is an example of what we call compliance alchemy i.e. the appearance of compliance without actually complying. The firm had the correct procedures and filed the right forms. However, there was no substance behind the due diligence or the certifications. The regulators have become wise to firms that simply check the box without actually doing the underlying compliance work.
Let’s rename this “The Compliance Officer Full Employment Act.” Compli-pros at broker-dealers will have to rework all of their Written Supervisory Procedures, revise client agreements, create disclosures, and eliminate all prohibited conflicts. Compliance offices at investment advisers must address the new Form CRS requirement and implement new client onboarding procedures while figuring out the changes required by the investment adviser fiduciary interpretation. And, we only have 12 months to get this all done.
censured and fined a broker-dealer for inadequate email reviews. Although the firm, through its President/CCO,
conducted weekly reviews, FINRA charges that the firm’s random sampling and
lexicon-based reviews were not sufficient given the firm’s size and risk
areas. The firm used 24 search terms
provided by its email provider, but FINRA asserts that the search terms did not
reflect a meaningful assessment of risk areas and resulted in a large number of
false positives. FINRA faults the firm
for failing to change the email reviews “[d]espite the obvious indications that
the firm’s lexicon system was not reasonably designed.” FINRA also criticizes the firm’s Written Supervisory
Procedures for omitting specific email review procedures.
Just doing email reviews isn’t enough. A firm must conduct effective email reviews that can statistically assess whether supervised persons are complying with the securities laws. We call this “compliance alchemy” i.e. the appearance of compliance without the implementation of adequate procedures and testing.
broker-dealer was fined and censured for failing to act against a longtime broker
charged with participating in pump-and-dump transactions. The SEC faults the firm for ignoring red flags
including emails outlining the illegal activity, FINRA arbitrations, and
customer complaints. One supervisor
explained that he did not act more aggressively because the broker worked at
the firm for 30 years and her business partner was a partial owner of the firm.
The SEC asserts that the firm’s supervisory system “lacked any reasonable
coherent structure to provide guidance to supervisors and other staff for
investigating possible facilitation of market manipulation.” The SEC also maintains that the firm “lacked
reasonable procedures regarding the investigation and handling of red flags.”
Reasonable policies and procedures must do more than simply restate the law and the firm’s commitment to comply with the law. The compliance manual or WSPs must specifically describe HOW a firm will prevent and address regulatory misconduct.
The SEC charged a broker-dealer with failing to supervise because its Written Supervisory Procedures failed to adequately detail how firm employees should respond to regulatory red flags. The SEC asserts that the firm failed to supervise a broker that charged with participating in a penny stock pump-and-dump scheme. The SEC maintains that the firm uncovered multiple red flags including a supervisor’s report, customer emails, arbitrations, and FINRA examinations. However, the SEC alleges, the firm’s WSP’s did not specify who should investigate or how such investigations should proceed. The firm did conduct two “flawed investigations” that failed to document its findings or detail a remedy. The Director of the SEC’s New York Regional Office advised broker-dealers that this case “sends a clear message that we will not tolerate broker-dealers that fail to exercise appropriate supervision over employees.”
OUR TAKE: This case shows the difference between policies and procedures. A policy states a firm’s position on a course of conduct or practice. Procedures are then required to implement that policy and ensure compliance. Firms that stop at broad policy statements have not implemented an adequate compliance program.