By
Cory Roberson, Principal at FIN Compliance and FIN Lancer
Case
#1 – Custody, Theft & Client Passwords
September 21,
2018. The Securities and
Exchange Commission (“SEC”) released litigation surrounding a NY-based investment
advisor charged with misappropriating approximately $378,000
from his advisory clients.
According to the SEC, the principal
“misappropriated his clients' money by, among other things, obtaining internet access to his clients' brokerage accounts.” While doing so,
the principal directed transfers to be made directly to his personal accounts
and/or those of his affiliated businesses.
Ultimately,
the firm was slapped with fines due to improprieties made to seven clients in
violation of Sections 206(1) and Sections 206(2) of the Investment Advisors Act.
Amounts - Client
A/B: $110,000; Client C: $196,000, Client D: $40,000, Client E: $24,000; Client
F/G: $3,800.
Tips for Compliance
Monitor
client transactions and enforce procedures for staff.
Adhere
to custody rule provisions (e.g. firms’
w/access to client securities/funds).
Disclose
custody safeguards (e.g. firms who direct debit fees).
Do
not accept password access of client brokerage accounts.
Do
not allow client funds to be transferred to personal/business accounts unless
its for fee billing purposes.
Disclose
any conflicts of interests to clients.
Case #2 – Identity
Theft, Data, and Cybersecurity
September 26,
2018. The Securities and
Exchange Commission (“SEC”) settled charges against a Midwest registered investment
advisor and broker-dealer (“hybrid firm”) for $1 million due to its “failures in cybersecurity policies and procedures” that ultimately lead to numerous client
identity thefts.
According to the SEC, the firm
violated the Identity Theft and Reg Flags Rule, which placed thousands
of its clients’ personal identifiable information (“PII”) at risk. Notably, this is the first enforcement case
for the Identity Theft Red Flags Rule since its enactment on November 20, 2013.
During an examination, the SEC discovered that hackers
impersonated contractors employed by the firm during telephone conversations
over a six-day period in 2016. In doing
so, online thieves were able to reset and access account passwords for over
5,600 customers. And shortly following,
intruders used the PII to create new online customer profiles and obtain access
to documents from several customers.
Ultimately, the commission charged the large firm with a hefty
fine for failures towards: (1) not applying identity theft procedures for its independent
contractors, (2) not spotting the red flags in a timely fashion, and for (3)
not terminating the hackers’ access to its systems.
Tips for Compliance
Monitor,
update, and enforce Identity Theft (“Red Flag”) procedures (as necessary*).
Specify
procedures for handling personal identifiable information (“PII”)
Disclose
client data safeguards in a privacy policy.
Test
cybersecurity plan/procedures for vulnerabilities.
*Reg S-ID (248.30) Procedures required for
SEC Registrants
*Reg S-P (Privacy Policy notices) required
for all registrants
Case
#3 – State v. SEC Fiduciary Standards
September 27, 2018. In the wake of the Department of Labor (“DOL Rule”)
debacle, the state of New Jersey is proposing legislation to establish its own
fiduciary standards. Such moves could be
problematic if other states also enact its own rules as opposed to adopting
uniform standards from the Securities and Exchange Commission (“SEC”).
The proposal is slated to enter the New Jersey state register on Oct. 15th
ahead of a legislative (waiting) period for public comments.
State v. SEC v. Financial associations—The Regulatory Battlefield
Securities-related
associations, such as the Financial Services Institute (“FSI”), expressed
support for the revised fiduciary standard proposals drafted by the SEC. “Did I mention we won the lawsuit,” says FSI
President Dale Brown at its Forum in Salt Lake City in a joyful response to the
overruling of the DOL Fiduciary Rule by 5th Circuit Court of
Appeals. FSI was one of the major opponents
to the DOL’s Fiduciary Rule.
Regulatory battles do not end with the fiduciary rule.
Some states, such as Missouri and Louisiana, are attempting to add its
own rulings over the Certified Financial Planner (“CFP”) board and in using its
designations’ namesake. Currently, the CFP Board, as well as the
Financial Planning Coalition, are battling such issues with the Louisiana state
legislature.

Compliance and Business Management
FIN Compliance (FINCompliance.io) is a
consortium of compliance services including: RIA Consults-Roberson Consults
Group, a compliance consulting firm, RIA Review, a compliance-management
software tool (SaaS), B-D Review, a RIA/Broker-Dealer compliance management
software tool, and FINLancer is a business
management portal featuring: E-signature tools; Invoicing integration,
Vendor Directory, continuity directory*, business client document portal, and
more (available by Q3 2019). Access all services
on one site: FINCompliance.io.
Impact
FIN Missions (FINmissions.com) provides business support group
sessions for other entrepreneurs. In addition, Cory has volunteered
for more than fifteen youth programs in locations such as like S. Korea, China,
S. Africa, Thailand, and India.
No comments:
Post a Comment