Putting FINRA’s priorities into practice

The Financial Industry Regulatory Authority’s full court press on addressing emerging and existing risks in the securities industry will continue to intensify in 2016, reinforced by a steady surge in restitution, disciplinary actions, and bars and suspensions over the last five years.

According to a recent analysis conducted by law firm Sutherland Asbill & Brennan, FINRA ordered $96 million to be paid in restitution to harmed investors in 2015—triple the $32 million paid in restitution in 2014. Furthermore, this figure represents a more than ten-fold increase from the $9 million in restitution paid in 2013.

In comparison, total fines declined significantly over the past year from $134 million reported by FINRA in 2014 to $94 million. That said, FINRA continues to be more aggressive in bringing so-called “supersized” fines of at least $1 million.

“If FINRA views conduct as being serious, it certainly won’t shy away from bringing supersized fines,” says Brian Rubin, administrative partner in charge of the securities enforcement and litigation team at law firm Sutherland who co-authored the report.

FINRA has said, however, that fines are not as important to them as restitution. “This year’s statistics seem to bear that out,” says Rubin. “So to the extent that firms have issues where customers were harmed, it may make sense for the firms to make the customers whole before FINRA orders them to do that.”

The more proactive that firms are at resolving an issue, the more favorable the outcome. “In a number of enforcement actions, specifically those where its members have come forward and self-reported the conduct at issue, FINRA has foregone fining the firms in favor of making investors whole,” says Amy Greer, a partner at law firm Morgan Lewis.

Mitigation measures are all the more important when you consider that FINRA disciplinary actions are also on the rise. According to recent analysis conducted by Morgan Lewis, FINRA brought 1,512 new disciplinary actions in 2015, up from the 1,397 disciplinary actions that FINRA initiated in 2014.

The number of individuals barred and suspended also increased. In 2015, FINRA barred 492 individuals up from 481 the prior year and suspended 737 others compared to 705 such actions in 2014.

“We urge you to review your supervisory, risk management and control systems—as well as the other issues we raise in the letter—as part of your overall programs.”
Richard Ketchum, CEO, FINRA

Last year marked the third year in a row that individual bars increased, while the number of suspensions has increased every year since 2007, according to Sutherland’s analysis. The number of firms expelled by FINRA also increased from 18 in 2014 to 25 last year.

The numbers are even more telling when you look at FINRA enforcement activity over the last five years: “They’ve definitely become far more aggressive in seeking monetary relief from firms, and they’ve definitely become far tougher in suspending and barring more individuals from the securities industry,” says Jonathan Eisenberg, a partner at law firm K&L Gates.

Amid FINRA’s relentless enforcement environment, compliance and audit teams will want to pay attention to the areas that command their closest attention, based on FINRA’s 2016 Regulatory and Examination Priorities letter issued in January. These areas are firm culture, conflicts of interest and ethics; supervision, risk management, and controls; and liquidity. It’s important for firms to focus on FINRA’s priorities letter, “because we do see enforcement actions stemming from those same topics,” says Rubin.

Firm culture. New in this year’s priorities letter is a description of how FINRA intends to formalize its assessment of firm culture to understand how culture affects compliance and risk management practices. In its assessments, FINRA said it will focus on “the frameworks that firms use to develop, communicate, and evaluate conformance with their culture.”

In particular, FINRA said it will assess the following five indicators of a firm’s culture:

Whether control functions are valued within the organization

Whether policy or control breaches are tolerated

Whether the firm proactively seeks to identify risk and compliance events

Whether supervisors are effective role models of firm culture

Whether sub-cultures (e.g., at a branch office, a trading desk, or an investment banking department) that may not conform to overall corporate culture are identified and addressed

In its priorities letter, FINRA recommends that firms take visible actions that help mitigate conflicts of interest and promote the fair and ethical treatment of customers. “For example, material breaches of firm policies and procedures should not be tolerated, and compliance functions should be equipped with necessary resources to help firms navigate a complex and changing regulatory and market environment,” FINRA said.

FINRA enforcement actions

Below is a summary of some of the largest enforcement actions issued by the Financial Industry Regulatory Authority in 2015.
Barclays Capital. FINRA in December 2015 ordered Barclays Capital to pay more than $10 million in restitution, including interest, to affected customers for mutual fund-related suitability violation relating to an array of mutual fund transactions, including mutual fund switches. Barclays was also censured and fined $3.75 million.
FINRA found from January 2010 through June 2015, Barclays’ supervisory systems were not sufficient to prevent more than 6,100 unsuitable mutual fund switches, causing customers $8.63 million in harm. In particular, the firm incorrectly defined a mutual fund switch in its supervisory procedures to require three separate transactions within a certain time frame. As a result, Barclays failed to act on thousands of automated alerts for potentially unsuitable transactions, excluded transactions from review for suitability, and failed to ensure that disclosure letters were sent to customers regarding the transaction costs.
Additionally, FINRA found that the firm failed to provide adequate guidance to supervisors to ensure that mutual fund transactions for its retail brokerage customers were suitable based upon customer investment objectives, risk tolerance and account holdings. During a six-month look back review, 1,723 (39 percent) of mutual fund transactions were found to be unsuitable, with 343 customers experiencing financial harm totaling more than $800,000.
LPL Financial. FINRA in May 2015 censured LPL Financial and fined it $10 million for broad supervisory failures in a number of key areas, including the sales of non-traditional exchange-traded funds, certain variable annuity contracts, non-traded real estate investment trusts and other complex products, as well as its failure to monitor and report trades and deliver to customers more than 14 million trade confirmations. In addition to the fine, FINRA ordered LPL to pay approximately $1.7 million in restitution.
FINRA also found that LPL’s systems to review trading activity in customer accounts were plagued by multiple deficiencies. For example, LPL used a surveillance system that failed to generate alerts for certain high-risk activity, including low-priced equity transactions, actively traded securities and potential employee front-running. The firm used a separate, but flawed, automated system to review its trade blotter that failed to provide trading activity past due for supervisory review.
LPL failed to deliver over 14 million confirmations for trades in 67,000 customer accounts. In addition, due to coding defects that remained undetected for nearly six weeks, LPL's anti-money laundering surveillance system failed to generate alerts for excessive ATM withdrawals and ATM withdrawals in foreign jurisdictions.
Cantor Fitzgerald. FINRA in December 2015 fined Cantor Fitzgerald & Co. $6 million and ordered disgorgement of nearly $1.3 million in commissions, plus interest, for selling billions of unregistered microcap shares in violation of federal law. Cantor Fitzgerald & Co. was also sanctioned for failing to have adequate supervisory or AML programs tailored to detect “red flags” or suspicious activity connected to its microcap activity.
Among Cantor Fitzgerald & Co.'s failings were insufficient guidance and inadequate training about when or how to inquire into whether a sale was exempt, and inadequate tools for supervisors to identify red flags associated with illegal, unregistered distributions. As a result of these failures, Cantor Fitzgerald & Co. sold billions of shares of thinly traded microcap securities between March 2011 and September 2012 without adequate review and due diligence, a significant portion of which were neither registered nor exempt from registration. These violations were accompanied by a failure to implement an adequate AML program tailored to detect red flags and patterns of potentially suspicious money laundering activity related to these sales.
Macquarie Capital. FINRA in December 2015 censured and fined Macquarie Capital $2.95 million for failing to provide complete and accurate trade data in an automated format when requested by the SEC and FINRA.
FINRA found that from January 2012 to September 2015, Macquarie experienced multiple problems with its electronic systems used to compile and produce blue sheet data. This caused the firm to submit some blue sheets that misreported buys as sells and vice versa on allocations of certain customer trades, miscalculate the net amount of transactions, fail to report post-trade cancels and corrections, and fail to provide accurate customer information. FINRA also found that Macquarie failed to have adequate audit systems in place.
Source: FINRA

Supervision. “Our emphasis on culture is also closely aligned with supervision, another area of focus for 2016,” FINRA CEO Richard Ketchum said. “We urge you to review your supervisory, risk management, and control systems—as well as the other issues we raise in the letter—as part of your overall programs.”

Four areas where compliance and audit teams should focus their attention related to supervision are management of conflicts of interest; technology; outsourcing; and anti-money laundering (AML).

The supervision and risk management practices related to firms’ technology infrastructures, “including the hardware, software, and personnel who develop and maintain a firm’s information technology systems,” is a big focus for FINRA this year. This includes firms’ approaches to cyber-security risk management.

Depending on a firm’s business and risk profile, FINRA said it will examine one or more of the following topics:

Governance

Risk assessment

Technical controls

Incident response

Vendor management

Data loss prevention

Staff training

FINRA is also seeing significant operational breakdowns at firms that have changed from legacy systems to new systems. These breakdowns often result in inadequate retention and supervision of e-mail and other electronic communications, inaccurate position reports, and problems with the identification of activity in customer accounts for review, among other issues.

Sutherland’s analysis supports FINRA’s observations. According to the findings, trade reporting cases—many of which resulted from supervisory and technical failures—generated the highest amount of fines for FINRA in 2015, totaling $30.3 million resulting from 159 enforcement actions.

AML controls. Suspicious activity monitoring is another high-risk area. FINRA recommends that firms “routinely test systems and verify the accuracy of data sources to ensure that all types of customer accounts and customer activity, particularly higher-risk accounts and activity, are properly identified and reviewed in a manner designed to detect and report potentially suspicious activity.”

Firms still have improvements to make in this area. According to Sutherland’s analysis, AML-related violations generated the second highest amount of fines for FINRA in 2015, totaling $20.6 million from 36 cases. Total fines imposed in AML cases have increased every year since 2010, according to Sutherland’s analysis.

Common compliance pitfalls that lead to an AML enforcement action include failing to verify new customer account information, not obtaining sufficient trade information, or failing to investigate suspicious trading activity. In situations where a firm makes a risk-based decision to exclude certain customer transactions from AML surveillance, “the rationale for the decisions should be documented and will be checked,” FINRA said in its priorities letter.

“FINRA also reminds firms to consider reviewing customers' activity over a period of time sufficient to identify patterns and ensure they assess the full picture of activity,” the priorities letter stated. “When firms delegate the monitoring of suspicious trading activity to personnel outside of the AML function, firms should ensure that appropriate delegation has been made, and that the AML function has an open line of communication with the personnel conducting reviews of trading activity.”

Case resolutions. Moving forward, it’s becoming more important that firms fully meet production deadlines and in a timely manner when faced with a FINRA investigation. “FINRA is no longer willing to have its patience tried,” says Greer. Over the past year, the agency has not been shy about publicly chastising firms, in connection with settled enforcement actions, about late or incomplete productions, she says.

“We can certainly expect that this will continue,” Greer adds, “and we are recommending our clients take care to document all discussions with FINRA personnel about extensions of deadlines and limitations to the scope of written production requests.”

In the majority of cases, firms will negotiate an AWC (Acceptance, Waiver, and Consent settlement) without admitting liability. Depending on the violation, it may make a lot of sense to negotiate an AWC, because it is hard to prevail in a FINRA case, says Joshua Horn, a partner with Fox Rothschild.

In other situations, especially where the firm and FINRA cannot see eye-to-eye, you may have no choice but to challenge the allegations. One way to make such a decision is to look at recent fines and penalties FINRA has issued based on similar allegations of wrongdoing, says Horn. “What’s FINRA offering, and is it reasonable?” That’s one way of assessing the potential cost and risk exposure of challenging a FINRA case, he says.

The best approach, however, is to go over FINRA’s examination and priorities letter with a fine-tooth comb to understand where issues frequently lurk. No option is more cost-effective than addressing and fixing issues now before FINRA finds them for you.