Compliance: Controls, Custody, Advertising, and Cybersecurity

By Cory Roberson, Principal at FIN Compliance and FIN Lancer

Case #1 - Misleading Advertising claims lead to heavy fines

Sept. 5, 2018.  The Securities and Exchange Commission (“SEC”) charged a Texas-based investment fund and its founder with defrauding clients with false guarantees of large returns for its cannabis-related investments.  The SEC’s complaint alleges that both parties used misleading marketing materials in raising more than $3.3 million from investors. 

According to the compliant, investor money was spent on personal items such as luxury cars and clothes.  As a result, criminal courts seized more than $1.4 million in assets from the advisor due to the alleged activities. 

Tips to address marketing material reviews.

Advertising reviews can include any or all of the following:

Inspect firm websites for misleading, exaggerated, and/or false claims.

Monitor social media for testimonials*, misleading, exaggerated and/or false claims.

Generate performance data that includes accurate fees, citations, disclosures, and valid sources for research, models, or calculations. 

Mention certifications/credentials with proper disclosures and standards for obtaining such information.  Avoid reporting any exaggerated, misleading, outdated and/or false credentials.

Document advertising procedures.

Generally, all advisory advertising materials should avoid any misleading, exaggerated, and/or false claims.  FINRA Rule 2210 permits testimonials under certain conditions for broker-dealers.  Refer to RIA Review (Premium/Premium Plus): Guidelines: Advertising for general advisory advertising guidelines.

Ref. SEC Rule 206(4)-1 (advisors act) *, FINRA Rule 2210, SEC Rule 482 (company act), state securities rules, SEC touting initiative, ADV Part 2B Supplement.

Case #2 - Internal Control Failures leading to big settlements (“Supervision”)

August 28, 2018.  The Securities and Exchange Commission (“SEC”) announced that Moody’s Investors Service Inc., one of the most prominent credit ratings agencies, settled a penalty in the amount of $16.25 million for charges involving internal control failures regarding its credit rating symbols. 

Moody’s agreed to pay $15 million to settle charges of internal controls failures involving models it used in rating U.S. residential mortgage-backed securities (RMBS) and will retain an independent consultant to assess and improve its internal controls. Moody’s separately agreed to pay $1.25 million and to review its policies, procedures, and internal controls regarding rating symbols. Moody’s did not admit or deny the SEC’s charges.

Tips for internal controls and supervision for advisors.

Document the firm’s ongoing tasks into a schedule.

Conduct a forensic test of best execution, fees, invoicing, or trading practices.

Conduct an annual review of the firm’s compliance program.

Summarize the firm’s operations into a risk assessment.

Summarize internal/external audit results as a part of the firm’s books/records. 

Summary of SEC/state annual reviews/testing *:

·         SEC (Advisors) - Rule 206(4)-7

·         SEC (Registered Investment Companies “Funds, ETF’s, etc.”) - Rule 38(a)-1

·         FINRA (Broker-Dealers) - Rule 3110, Rule 3012 - supervision

·         Florida (Advisors) - Rule 69W 600.0014(3) - annual review

·         Washington (Advisors) - Rule WAC 460-24A-120 – annual review

·         Georgia (Advisors) - Rule 590 – 4- 15 – policies and procedures are enforced

·         California (Advisors) - CCR 260.238.3 - business continuity plan/testing

*The following is not an exhaustive list of annual requirements for federal/state-registrants.

Case #3 - Fraudulent wire requests and phishing email scams

August 20, 2018. The Financial Industry Regulatory Authority Inc. (“FINRA”) censured Buttonwood Partners (“broker-dealer”) in the amount of $50,000 for having inadequate procedures in place to prevent unauthorized transfers from client accounts.

FINRA claimed that the broker-dealer exposed itself to risks with the use of pre-signed letter of authorization forms that permit payments from clients' accounts to third parties without an additional form of verification in place.  In one occurrence, the brokerage wired more than $200,000 from a customer's account when directed by a fraudulent (“phishing”) email by an unscrupulous person(s).  This proved to be a costly mistake as more than $60,000 was unrecoverable from the scam.   

Tips for protecting your firm against fraudulent wire requests

Maintain a communications policy for verifying client activity.

Maintain a cybersecurity plan to protect the firm against phishing, scams or other data hacks. Advisors, broker-dealers, and financial institutions.

Maintain an AML Compliance Program for: (1) Customer Identification Procedures (CIP) and (2) Due Diligence (CDD) - broker-dealers, financial institutions, money transmitters.

Ref. FINRA Rule 2210 (broker-dealers), SEC Rule 204-2 (advisors)

Case #4 - Client assets stolen from investment advisor representatives

August 15, 2018.  The Securities and Exchange Commission (“SEC”) announced that Ameriprise Financial Services Inc. (“firm”) paid a $4.5 million settlement as a part of its admission of failing to safeguard investor assets from theft by its representatives.

The SEC claimed that a group of representatives committed numerous crimes, including the theft of more than $1 million in client funds during a four-year period.  In addition, the SEC found that firm failed to adhere to policies and procedures “reasonably designed to safeguard investor assets against misappropriation by its representatives.”  

Tips for addressing firms risks and employee thefts

Review trading practices and procedures.

Maintain a code of ethics policy.

Supervise trading activities of representatives.

Review all wire activities to third-parties.

Report any issues to proper authorities.

Ref. Rule 204-1 (advisors act)

Lastly, firms can create a series of procedures by protecting its data and electronic systems from attacks; safeguarding client assets; creating accurate marketing materials; verifying client activity, monitoring trading activities, responding to conflicts of interests, and addressing general risks to the firm in a policies and procedures manual and review systems.

Email Us to schedule a brief session to review needs

Compliance and Business Management

FIN Compliance (FINCompliance.io) is a consortium of compliance services including: RIA Consults-Roberson Consults Group, a compliance consulting firm, RIA Review, a compliance-management software tool (SaaS), B-D Review, a RIA/Broker-Dealer compliance management software tool, and FINLancer is a business management portal featuring:  E-signature tools; Invoicing integration, Vendor Directory, continuity directory*, business client document portal, and more (available by Q3 2019).  Access all services on one site: FINCompliance.io.

Impact

FIN Missions (FINmissions.com) provides business support group sessions for other entrepreneurs.  In addition, Cory has volunteered for more than fifteen youth programs in locations such as like S. Korea, China, S. Africa, Thailand, and India.