Download - Cybersecurity Gap Analysis Worksheet

Rebalance Cybersecurity Initiatives for 2018

Update CyberSecurity Policy and Procedures for 2018

Broker-dealer and RIA firms are becoming more vulnerable to cyber threats everyday due to increased reliance on web-based solutions and mobile device activity. As a regulatory compliance consulting firm our staff can see the cybersecurity plan for BD’s and RIA’s  becoming an increasingly important part of business strategy. Data theft by cyber-criminals, attacks by nation states or terrorist groups, hacktivists causing embarrassment, internal attacks from company insiders, employees or competitors; all present a viable threat to financial service businesses. Given the broad spectrum of threats, firms should closely monitor cyber activity at their firm and use methods outlined by FINRA and SEC for implementing their cyber-security program. Download - Cybersecurity Gap Analysis Worksheet

Elements of an effective Cybersecurity plan –

FINRA released a report in February 2015 outlining their expectations of a sound cybersecurity program. They included the following criteria;

  • Cybersecurity Governance and Risk Management – A governance framework for decision making and handling issues; policies, processes, and relevant controls.
  • CyberSecurity Risk Assessment – Conduct regular assessments to identify risks and threats; maintain an inventory of assets posing a risk; prioritize threat level and implement remediation where appropriate.
  • Technical Controls – Protection of firm software and hardware, and data; penetration testing and encryption standards.
  • Incident Response Planning –  Procedures for identifying the threat level of a cybersecurity incident and escalating the crisis appropriately for an efficient resolution.
  • Vendor Management – Risk-based analysis of vendors; analysis of cybersecurity threat from data sharing with third-party vendors.
  • Staff Training – Training tailored to staff and business operations to include; testing, periodic training schedules, and remediation efforts.
  • Cyber Intelligence and Information Sharing – Periodic evaluation of cyber threats, strategic objectives, and assessment of the firms’ ability to respond to breach or disruption.
  • Cyber Insurance – Analysis of potential to offset remediation expense of a cyber-incident; regular review of coverage and objectives.

Regulators such as FINRA and SEC suggest using a risk-based approach to cybersecurity. This should be implemented along with use of industry frameworks and standards. An example of an acceptable industry framework is the one developed by NIST (National Institute of Standards & Technology), “Framework for Improving Critical Infrastructure CyberSecurity”.  The NIST Framework is a flexible method designed around business needs, risk tolerance, and resources.

Below are 7 suggestions from RND Resources Inc. to improve cyber-security strategy for firms updating & reviewing cybersecurity initiatives for 2017-2018. These recommendations when implemented can ease anxiety about regulatory cybersecurity examination and improve chances of a smooth FINRA or SEC examination process.

  • Appoint an executive leader to take ownership of the cybersecurity program for your firm.
  • Review the FINRA released whitepaper on cybersecurity practices for broker-dealers and investment firms annually; including the FinCEN Suspicious Activity Report.
  • Test the firms’ incident response plan (IRP) and make adjustments where appropriate.
  • Review employee manuals regarding cybersecurity procedures and policies. Regularly update the employee cybersecurity manual to include new threats and risks.
  • Maintain a written standard for employees to refer to in case of an incident. Be sure to distribute updated policy changes and include them in employee cybersecurity manual.
  • Strategize a training program that includes testing criteria for each job description and department. Recognize the majority of cyber-incidents are attributed to carelessness, ill-will, or lack of staff training. Test employees on using the plan; periodically, randomly, and without warning.
  • Develop standards for on-boarding vendor service providers who have been given access to electronic data. Annually review each third party vendors cybersecurity policy and determine their risk to your firms electronic data security.

Going forward with cybersecurity initiatives

In August 2017 the SEC released a National Exam Program Risk Alert from the Office of Compliance Inspections and Examinations (OCIE). The release detailed findings from cybersecurity examinations of BD and RIA firms conducted 2014 through 2016. Weaknesses uncovered in the Cybersecurity 2 Initiative examinations conducted and areas where the OCIE sees potential for improvement are to follow –

  1. While nearly all BD’s and RIA’s examined have maintained written policy manuals, many were not reasonably tailored to the firm. Examiners found manuals were too general, vague, or limited in defining examples and best practices. They noted manuals vaguely described procedures for initiating a cyber incident response.
  2. While firms had devised cybersecurity policy, many were not adhered to. For instance, annual reviews were not conducted annually. Testing of security protocols were never conducted or rarely improved upon. Some instruction manuals were structured too poorly relative to their critical purpose.
  3. With regards to Regulation S-P, “Privacy and Protection of Consumer Financial Information”, installation of software updates and patches were not timely. Poorly maintained or outdated systems put consumer data at risk and pose an unreasonable threat to consumer data. Further, discoveries made from system penetration tests were not remediated in a timely manner.

In further explanation of sound cybersecurity policy and procedures the OCIE and SEC offers the following suggestions;

Maintain an inventory of data, information, and vendors having access to data. Include classification of risks, data, business consequences, and service provider information.

Keep a cybersecurity log to track events and include instructions for; conducting penetration tests, monitoring and auditing security, restricting access rights for employees and vendors, recording incidents and outcomes.

Maintain a schedule of testing data systems for integrity and vulnerability. Use a log to track patch updates and steps taken to implement upgrades.

Enforce established controls. Detail logs showing enforced restrictions and controls such as password change schedules. Require activity logs from service provider vendors demonstrating proof of cybersecurity protocol. Implement same day expiration of access upon terminating employees. Enforce employee acceptable use policy.

Implement mandatory employee training on system use and cybersecurity protocol at on-boarding and periodically thereafter.


RND Resources Inc is an outsourced solution for small broker-dealer and RIA firms that are highly focused on growth strategy and business development and do not have the capacity to handle critical components of their cybersecurity framework and governance program. Our professional staff is adept at preparing your cybersecurity program  and updating existing manuals to meet current trends and threats. We strive for vertically integrated compliance solutions which are tailored to flow with your business model and meet your firms overall business objectives. We encourage firms to reach out to us for assistance when updating their cybersecurity program or planning cybersecurity policy and procedures for a startup BD or RIA. RND Resources Inc – Ph: 818.657.0288

 

Resources:

FinCEN Advisory Guide for Cyber-Events

FINRA CyberSecurity Practices Guide 2015

Visit our Resource Guides page for more CyberSecurity tools and guides

Features of CIT's or CIF's

Collective Investment Trusts

Use of Collective Investment Trusts as a Retirement Plan Investment Vehicle

When considering appropriate investments for retirement plans, all types of investment vehicles should be considered.  One investment option is a Collective Investment Trust (CIT). CIT’s are fast growing in popularity in the retirement and pension marketplace.   Collective Investment Trust definition

A Collective Investment Trust, sometimes referred to as commingled funds or collective trust funds, are bank-administered trusts that hold pooled assets of various trust accounts with similar objectives into a single portfolio. A CIT is managed and operated according to each trust’s governing documents called the “Declarations of Trust”. The bank acts as a fiduciary for the CIT and holds legal title to the trust assets whereas participants in a CIT are the beneficial owners of the trust assets. Overall, the commingling or pooling of assets lowers fees associated with investing in fiduciary assets and enhances risk management and investment performance for the participating accounts.

Unlike mutual funds, eligible investors of CITs only include certain qualified retirement plans.  Accordingly, CITs may only admit eligible assets and may not hold assets of 403(b) plans, individual retirement accounts (IRA) or health savings accounts (HSA).  Investments in a CIT are neither insured by the Federal Deposit Insurance Corporation (FDIC) nor are subject to potential claims by a bank’s creditors.

Features of CIT's or CIF'sAn important feature of a CIT is that the capital gains and income received by the CIT are ordinarily not subject to federal taxes. Although tax-exempt, CITs are treated as a separate tax entity from participant accounts.  Since 2000, CITs have operated more similarly to mutual funds.  CITs now offer automated subscription and withdrawal transactions and continue to receive expanded coverage from data aggregators.

CITs are subject to laws and regulations of state and federal bank regulatory agencies. Additionally, Collective Investment Trusts are subject to ERISA and the DOL, in which transactions must comply with ERISA’s prohibited transaction rules. To qualify for “tax-exempt” treatment, CITs must also operate in conformance with IRC revenue rule 81-100.  Moreover, the sale of CITs by a broker-dealer may subject the CIT sponsor to FINRA rules.  The SEC also governs investment advisers’ activities to the extent that a bank employs a sub-adviser to assist it in its exercise of investment discretion. However, most CITs are not required to register under the federal securities laws if the fund qualifies for specific exemptions of the Securities Act of 1933 (the ’33 Act) and the exclusions provided in the Investment Company Act of 1940 (the ’40 Act).

Several factors have helped increase the popularity of CITs as an investment vehicle for institutional investors and qualified retirement plans.  Ultimately, retirement plan fiduciaries must gauge all types of investment vehicles that they consider in fulfilling their suitability and fiduciary obligations.

Are you considering adding a Collective Investment Trust to your RIA or Fund product portfolio? Reach out to our sales team for guidance with procedure and policy updates, employee training, and updates to Form ADV brochure, and accounting. (818) 657-0288. 

RND Resources Inc – Fund Development Services include organization and start-up consulting, preparing regulatory documentation, compliance administration, and principal registration. See Fund Development Services and Steps to forming funds for more.

Read our Collective Trust Q&A for more

RIA Compliance Support

Form ADV Amendments due October 2017

(Anna Felipe – 8/2017) The Securities and Exchange Commission (the “SEC”) adopted rules, to improve the quality of information that clients and the SEC receive and to enhance Form ADV disclosure requirements. Investment advisers will need to comply with the new Form ADV Amendments on October 1, 2017. However, for majority of advisers with a December 31 fiscal year end, this means Form ADV compliance with respect to October 1, 2017 amendments is no later than the annual Form ADV filing in March 2018.

RIA Compliance Support | Form ADVSeparately Managed Account (SMA) reporting

One of the most noteworthy requirements of the Amendments is the increased disclosure requirements with regards to Separately Managed Accounts (SMA). Part of the amendment require the reporting of the approximate percentage of their SMA assets invested in the appropriate asset categories (i.e. ETF, non-exchange traded equity securities, U.S. government bond, corporate, derivative, etc.) and the reporting of information on borrowing and derivatives in Separately Managed Accounts.

Under certain preconditions, the amendments also permitted advisers to file a single Form ADV on behalf of itself and other investment advisers, provided that the advisers are controlled by one another or are under common control of a parent entity and conduct a single advisory business involving private funds.

Social Media Platforms & Adviser Office Reporting

Instructions to Form ADV have also been revised to require disclosure of all internet websites of the adviser and all publicly available social media platforms where the adviser has a presence and controls the content; including social media platforms targeted towards non-U.S. clients. The Form ADV now also requires advisers to provide the number of offices as well as information about their 25 largest offices. Finally, the amendments  require advisers to maintain additional written materials related to calculation and distribution of performance information.

These changes are the biggest revision to Form ADV since 2010 and are aimed in part to help SEC better target examinations. For more details read the SEC rule release IA 4509.

Need help with the SEC Form ADV amendments? Learn how RND Resources Inc assists Investment Adviser Firms with Compliance and tailored to meet SEC and RIA requirements.

The rise in regulatory fines

How FINRA compliance consultants ease enforcement action outcome

Regulator examiners are focused on deterring fraud and uncovering supervisory failures, but aren’t expected to draft tailored compliance programs and procedures for a firm. Firms that need this type of assistance reach out to qualified FINRA compliance consultants for guidance. Additionally, FINRA experts are often called upon by either firms or regulators to supervise remediation efforts and monitor on-going compliance activities.

Benefit of hiring a FINRA consultant to assist in remediation

FINRA compliance consultants improve enforcementOne of the benefits of on-boarding a compliance consultant to resolve a violation is having them communicate directly with the regulatory examiner. A consultant with appropriate credentials, such as a General Securities Principal Series 24, can directly communicate procedural changes to enforcement examiners while providing an added sense of relief to the firm’s managing members and confidence for the regulator. Additionally, if new business practices are recommended, the business owner may benefit from better devised solutions through an expert in compliance, rather than an examiner who’s focus is limited to regulation and not hands-on compliance supervision.

Regulators realize they get a benefit from member firms who employ FINRA or SEC consultants in resolving their remediation concerns and value the partnership. Regulation consultants have expertise that extends beyond resources of regulators, which increases examiner confidence. Use of a compliance expert often demonstrates to regulators that the firm takes the violation seriously and is committed to improving. Most firms find, outsourcing to a compliance firm outweighs the cost by getting matters settled sooner and with less frustration. Managing partners also benefit by eliminating uncertainty in interaction with the examiner, so they can focus on assuring clients and helping the business recover from negative press or otherwise.

In some instances, a regulator will require a compliance expert for remediation and on-going monitoring. Settlement may include reviewing transactions, determining whether responsibility lies upon officers or employees, and uncovering additional victims.  Delegating this responsibility onto the compliance consultant does not come lightly. Regulators will seek complete independence between the parties. Restrictions of working together in the past and/or future will be part of the agreement; to ensure conflicts of interest are eliminated.

It’s possible the compliance firm may be asked to enforce the necessary settlement reparations. They may take on the responsibility to calculate and release agreed disbursements for the firm. This gives the regulator confidence the settlement shall be paid under the terms of the enforcement agreement. In such cases, the compliance firm is generally required to submit a report to the regulator showing proof of activities on a scheduled basis. By assigning these tasks to a compliance consultant the regulator can move on to other cases needing attention without the work of verifying receipts or calculating damages. When a mandated restitution is expected to be resolved over several months or a few years, outsourcing to a consultant can significantly shift the burden away from examiners and make life for the firm easier as well.

In some cases, regulators run a risk by mandating support from a outsourced compliance expert. Compliance consultants look at policy and procedure compliance from a perspective that differs from the view of examiners. Occasionally a compliance professional will interpret the degree of egregiousness different than the examiner. The compliance professional may assert the examiner was too strict in applying the rule, or even too broad. These types of discrepancies may delay resolution of an enforcement case until resolved. Therefore, it is important to work with a compliance consulting firm with strong experience in enforcement matters that knows how to demonstrate their own assessment clearly to regulators if necessary.  A seasoned compliance professional may even be able to draw a conclusion that sanctions imposed by the regulator are disproportionate to the level of misconduct. In this type of situation, it is important to have a solid team of compliance professionals advising your firm before coming to a resolution agreement.

Read more articles like this

 

 


Does your FINRA, MSRB, or SEC member firm need assistance navigating remediation for an enforcement action or exam? Our professionals are highly experienced with regulatory rules. We develop policy and procedure manuals for Broker-Dealers, RIAs, Municipal Brokers, Private fund managers, and more. Our expertise is vertically integrated compliance solutions for firms; bringing business planning, operations, trading, and registration. RND professionals provide –

RND Resources Brochure

Click here for our company brochure

  • Full service brokerage support
  • On-site audits
  • Expert regulatory consulting
  • Customized compliance programs
  • Registered principal services (FINOP   CCO   Municipal)
FINRA_DLT_Report_Jan2017

FINRA Report January 2017: Distributed Ledger Technology for the Securities Industry

Distributed Ledger Technology (DLT) has been gaining ground in the financial services sector for a few years now and as with many emerging technologies, adoption is slow for authorities such as FINRA and SEC.  

However, tying it all together between state regulations, international exchanges, clearing houses, banking systems, and more is proving to be a challenge for regulating authorities which are often tasked with providing clear and concise oversight based on existing data sets and future paradigms.

Implementing DLT for BDs and RIAs

New era Fintech developers are hoping to see flexibility and adaptability in new regulation rulings for the securities industry; where past rulings and actions would often stifle technology growth because rules had been devised based on historical recordkeeping processes; systems which are less efficient since the wakening of distributed ledgers. Broker-dealer and RIA firms that are eager to modernize and gain a competitive advantage are challenged in finding ways to apply best practice approaches for compliance with books and records rules as well as many other areas of regulatory compliance.

To advance through obstacles, consortiums and start-ups have developed sandbox environments where Fintech innovators can experiment and test ideas. In the beginning there were blockchains, however disadvantages were uncovered in the all access central ledger of “write-only-read-many” (WORM). Seeking new technology designs developers expanded on the role and purpose of ledger distribution, and added smart contracts to help round out automation. This sparked the development of distributed ledger technology which builds upon information restrictions based on a party’s relevance in the transaction.

In January 2017 FINRA released the report “Distributed Ledger Technology: Implications of Blockchain for the Securities Industry” outlining discussion about challenges facing regulated firms and regulators. The report addresses several potential risks and concerns, and poses numerous questions for feedback from the financial services industry. FINRA also discusses various methods of incorporating DLT while factoring in questions about its risk in applications. Market applications being researched for DLT include:

  • Equity market – administration purposes in tracking transfer of shares, fulfilling privacy restrictions, and developing real-time settlement recording
  • Debt market – creating faster clearing and settlement turn-around and automating bond payment and coupon redemption
  • Derivative market – simplifying complex post-trade events with automated processes and transparency
  • Industry utilities – developing a central repository of reference data for securities products, thus eliminating the need for each participant to maintain their own reference data

The FINRA report dives into concerns such as market efficiency and how real-time trade settlements could impact operations; desired level of transparency and disadvantages to non-market players; the role of intermediaries and blurring of line between execution and settlement; and operational risk from data sharing.  

In exploring opportunities and evaluating risk of DLT applications, FINRA opened a window of comment through March 2017 where industry participants and technology developers were able to provide feedback on methodology and challenges. The January 2017 report by FINRA on Distributed Ledger Technology outlines many of the challenges FINRA has identified and asks for comment regarding governance concerns, operational structure designs, and network security considerations.

Broker-dealers exploring the possibility of issuing and trading securities using automated actions, or maintaining records on a DLT network are advised to be cognizant of federal and state laws as well as regulatory guidelines from authorities such as FINRA and the SEC. RND Resources Inc is familiar with DLT approaches and provides guidance to BD’s and RIA’s pursuing a Fintech strategy. Contact us to discuss your next move.

FINRA_DLT_Report_Jan2017

Download a copy of the FINRA | Distributed Ledger Technology: Implications of Blockchain in the Securities Industry


(DLT) Distributed Ledger Technology improves financial industry efficiency, transparency, post-trade processing, and operational risk. RND Resources is leading the way for Broker-dealers and Registered Investment Advisors. We assist with start-up development of Fintech strategy and provide consulting services for firms seeking emerging technology solutions or development of DLT, blockchains, and smart contracts. Our expertise includes:  

DLT | Smart Contract Framework Implementation & Testing Firms we can help
Regulatory considerations Governance Broker-Dealers
Procedures – Recordkeeping Cybersecurity RIA / Investment Co
Materiality impact Supervision High Frequency Traders
Digital currencies / securities Carrying & clearing Wealth – Private funds
FINRA & SEC Registration Automating actions Robo-advisors / online services
Rules and Regulations

Guide to SEC Use of Independent Compliance Consultants

Regulators rely nearly every day on independent consultants to monitor member firms entangled in enforcement cases. Leveraging independent consultants for oversight of a firm improves efficiency of regulatory organizations by freeing up auditors to review more cases. The consultant may be required to handle any number of tasks in order to fulfill remediation.  Services of the consultant may be required for a set number of months or years. Proactive firms reach out to consultants while they’re in preliminary stages of an enforcement case as a show of good-faith effort in remediation, and to prepare policy and procedure solutions that they plan to present to the enforcement agency.

Rules and RegulationsFrequent ways Independent Consultants are used to resolve enforcement and compliance issues

Below are examples of common requests by regulators when calling for an independent consultant to provide oversight in the remediation terms:

  • The Independent Consultant will be retained for a set number of days or months
  • The Independent Consultant is approved and acceptable to the staff of the Commission
  • The respondent member firm bears the entire cost of the independent consultant, including compensation and expenses.
  • The Commission will require an engagement letter from the Independent Consultant detailing duties and responsibilities as required by the enforcement order.
  • A description of the independent consultants’ duties must be outlined including; review written policies and procedures; make recommendations concerning policies and procedures; assure the compliance program is effective as well as supervisory procedures and policies and procedure manuals; ensure the respondent is complying with the specified enforcement remedies.
  • Usually there is a mandate requiring the respondent and Independent Consultant work together in good faith.  They must attempt to reconcile disagreements and where the two parties cannot come to an agreement, the respondent may often be required to revert to the original recommendation made by the independent consultant.
  • The consultant engagement will specify the independent consultants obligation to the enforcement staff such as; issue a report and submit a copy of the report to the commission describing the review performed, conclusions reached, and recommendations.
  • Typically there will be a specified amount of time, such as 30 days, in which the respondent shall adopt recommendations contained in the independent consultant report. If the respondent disagrees with proposed recommendations is they may communicate in writing to the Commission to request a review or suggest an alternative policy or procedure.
  • The respondent in an enforcement case is of course required to cooperate fully with the independent consultant and provide access to files, books, records, and personnel.
  • An affidavit stating recommendations have been implemented is often required, and usually subject to a deadline such as 180 days. Also a provision is made for recommendations that have not been implemented and an explanation.
  • An independence agreement is generally required where the respondent and independent consultant may not otherwise be affiliated in any way. They are often barred from entering into an employment agreement, audit engagement, or otherwise consulting or attorney relationship with each other in any capacity for a set time; including agreements with affiliated member firms, directors, employees, or agents.
  • While the above are common requirements when the Commission uses Independent Consultants in the remediation process, there may be many other terms deemed appropriate for your enforcement situation. Other terms may include; private meetings with staff, requirements of documents to be provided to the commission, full access to all records requested by the consultant.

Does your FINRA, MSRB, or SEC member firm need assistance navigating remediation for an enforcement action or exam? Our team of professionals are highly experienced with regulatory rules. We’ve developed policy and procedure manuals for Broker-dealers, RIAs, Municipal brokers, Private fund managers, and more. We develop vertically integrated compliance solutions for firms that encompass business planning, operations, trading, and registration. We provide –  

RND Resources Brochure

Click here for our company brochure

  • Full service brokerage support
  • On-site audits
  • Expert regulatory consulting
  • Customized compliance programs
  • Registered principal services (FINOP   CCO   Municipal)

Department of Labor pushes back Fiduciary Rule Implementation

DOL Fiduciary rule implementation delayed for another 60 days through June 9, 2017

Amidst a flood of comments and opposition of the DOL Fiduciary Rule, the Department of Labor has pushed back the April 10 effective date to June 9 2017.  The DOL rule sets a strict standard for any advisor or representative selling financial products funded by retirement dollars to follow a “Best-Interest” standard or face the threat of class-action liability.

DOL Fiduciary RulePublic comments on the Fiduciary Rule were re-opened March 1, soon after the new administration took over under Trump. The administration tasked the DOL with determining whether the rule change would add undo cost burden on the industry and investors, and review whether it would actually improve retirement advice for Americans. During the short 15 day window a flood of comments from firms, industry organizations, and individuals on either side of the issue poured in. 

Comments in opposition to the DOL Fiduciary Rule change

Many opposed to the DOL rule point to the clause permitting class action lawsuit against advisors by investors who feel they got burned. Advisors who represent small retirement savings investment accounts feel most at risk. For these advisors serving the smaller savings market, threat of personal lawsuit adds a layer of risk that cannot be passed on to their limited number of small investment accounts in the form of higher monthly fees or charges. Its likely the risk will drive many advisers serving smaller accounts out of the market; leaving only large firms with resources to absorb the cost of protecting against lawsuit to serve small account investors.   

Others cite that the continual complexity and changing landscape of regulation is an unfair burden on small firms. The added cost of new rules coupled with heightened threat of litigation is insurmountable. Small firms are already stretched thin trying to keep up with regulatory changes. Many suggest an increasing number of small firms would likely choose to merge their practice with a larger firm because of the added risk to doing business. Small firm members are frustrated by continuous complex legislation that present little benefit to investors, citing broker-dealer member firm withdrawal rates at 20 firms per month, while new member firms are added averaging only 10 per month; a loss of 10 firms per month which are mostly small member firms (based on 3 year average).

Comments supporting the DOL Fiduciary Rule change

Most comments in favor of the DOL rule come from investors; who stand to see a benefit from the “Best Interest Contract” (BIC). The BIC component forbids variable commissions on retirement account transactions; citing commission structures are not in the “best interest” of consumers. However, the “Best Interest Contract” does provide an option for advisors and representatives to negotiate an agreement with their investor for commission based fees. Essentially the parties sign an agreement where the advisor pledges they will act in the clients’ best interest and disclose all fees they receive.  This agreement is backed up with a clause allowing investors to take action in a class suit against their advisor to recover losses from misguided advice.

Regulators insist that protections to retirement savers should be fee based only and free from conflicted advice or incentivized commission based fees. They assert that a lesser standard allows advisors to recommend products that may be ‘suitable’ but not in the clients’ best interest. Proponents assert the rule regulates professional conduct and protects investors against misleading or biased advice. 

Trump memorandum to Secretary of Labor requesting review of the Fiduciary Rule

Upon taking office in January 2017 the new administration requested a review of the Fiduciary Standard Rule and vowed to take a stand against rules that impede market growth. The memorandum requests that the bill be analyzed against 3 economic and legal factors; 1) does the legislation reduce American’s access to retirement products and advice; 2) does it create a disruption to the industry that materially reduces its ability to properly serve clients and; 3) is the legislation likely to adversely impact market pricing and by how much.

Generally the new administration has opinioned, regulation is too restrictive with rule upon rule adding complexity to operations of financial industry firms. Suggesting its possible this, in part, is the root cause for steady decline of broker-dealer membership in recent years. 

Large Brokerages forging ahead with DOL Change

Regardless of further analysis and delay in implementation, large broker-dealer firms are pushing ahead to adopt the new fiduciary standard in anticipation it will be implemented. A few are already reaching out to clients with replacement products that do not carry commission based conflicts. Others, such as Merrill Lynch, have opted to discontinue offering commission based accounts altogether. Morgan Stanley and Wells Fargo are offering commission-based products by providing their brokers a best interest contract to sign with clients.

For the moment, Phase I enforcement of the rule is delayed until June 9, 2017. 

Phase I requires compliance with Impartial Conduct Standards such as;

  • Acting with care, skill and prudence in assessing your client’s needs, risk tolerance and time horizon
  • Putting your client’s interest first – ahead of your own
  • Getting paid reasonable compensation
  • Disclosing material conflicts of interest
  • Making no misleading statements

Full Compliance of the disclosures, supervision policies and procedures, and executing Best Interest Contracts may also be delayed, however for now they remain applicable for Jan. 1, 2018.

Read the release issued by the Department of Labor

Read the Presidential Memorandum issued February 3, 2017

 

Need an action plan for implementing the DOL Fiduciary Rule change? Visit our Resource Guides for information

SEC Enforcement Action 2008 thru 2016

Independent Compliance Consultants as a Remedy in Regulatory Cases

SEC Enforcement Action 2008 thru 2016Independent Consultants are frequently mandated as part of the remedy in securities enforcement actions. The SEC and SRO’s like FINRA and MSRB recognize the value of having an independent compliance consultant monitor or perform specific tasks related to a case and ensure corrective action is being applied appropriately. The tasks are generally outlined in the settlement agreement and can include a number of months or years a Broker-dealer or RIA may be required to retain services. In such cases, regulators describe the independent consultant as a; compliance consultant, disbursement consultant, or monitor depending on their prescribed use.

 For the most part regulators are relying more and more on the resources of consultants for obvious reasons.  Leveraging consultants reduces reliance on limited regulatory resources and frees up staff for new cases. Consultants are also able to handle tasks more efficiently where regulators are not designed to, such as cash disbursements or re-writing policies and procedures. Regulators may even request a detailed analysis of a firms’ compliance program by an outside consultant as requisite to completing remediation.

Respondents (defendants) in a regulatory case are naturally concerned about the cost of consultants, as the expense is out of pocket, but many firms agree independent consultants are generally less expensive and easier to work with than regulatory examiners. For this reason, often a BD or RIA will request review of their records prior to being fully investigated by Regulators. This allows the firm an opportunity to discover and remedy risks outside of the public eye, and may hopefully improve a firms’ chance of satisfying a regulator earlier and for less of an expense.

If a Regulator requires an independent consultant as part of a settlement, respondents should take care to have the terms and work to be performed by the consultant clearly defined. An overly broad mandate by a Regulator can have a serious consequence on an unsuspecting firm. Given the consultant is independent, they are barred from exhibiting a conflict of interest between the firm and regulator, and are often given leverage to pursue whatever remedy deemed appropriate in absence of clear instructions. With that in mind, the use of a third party consultant can be a very positive remedy to improving the relationship between firms and regulators. Often regulators value the expertise of consultants and their ability to monitor a firm after a regulatory issue has been discovered.

 Firms which are proactive about a regulatory inquiry leading to enforcement may be able to bypass the request for an independent consultant by taking steps on their own to remedy risks before a formal resolution is handed over. Early efforts by respondents demonstrate to a Regulator that the firm understands the depth of the problem and takes remediation seriously. Some steps a firm may take include; investigating and reporting problems whether they’ve been identified by the Regulator or not, and demonstrating remediation by making a voluntary restitution or adopting new policies to prevent future occurrences.   These steps can also provide a basis for reduced fines, sanctions, or suspensions.

Firms faced with a regulatory inquiry should understand that Regulators can impose “any equitable relief deemed appropriate or necessary”. This may include; providing restitution to persons harmed, revising procedures, ceasing certain business activities, and more. Requiring the resources of an independent consultant is frequently considered an appropriate course of action to ensure a complete remedy. Thus, while independent consultants are not explicitly authorized by regulators at this time under specific licensing, they are a frequent sought for their expertise and ability to develop sensible solutions in remedy enforcement cases.


 

Is there a regulatory inquiry or issue you are concerned about?  Our staff has helped numerous firms subject to inquiry and examination.  We’ve assisted law offices across the US working with Broker-dealer, RIA clients, and other financial service businesses. Our services include providing expert testimony, analysis of records and remediation; as well as outsourced compliance and principal support on an interim or month-to-month basis. We’re happy to work directly with financial service firms, their attorneys, CPAs, investors, shareholders, and liaison with Regulators. Visit our services menu for more information.

Reach out to us for a confidential discussion of your business and we’ll see what we can do to help. If we’re unable to assist, we’ll try to find a suitable resource for you.

Dave Banerjee CPA

Dave Banerjee CPA – Elected to FINRA District 2

Thank you for your support in electing Dave for FINRA District Committee

Dave Banerjee CPADave Banerjee 2017-2019 FINRA District 2 committee member

Personal statement from Dave 

” I am truly honored to have been elected to the FINRA district 2 committee small firm seat that opens January 2017. My focus is to ease the regulatory oversight crisis faced by FINRA small firm members. I welcome discussion with fellow member firms in achieving this objective and hearing other industry concerns as well.” 

In coming weeks Dave will be participating in various orientation calls and discussion with committee member colleagues. He welcomes discussion with D2 members. As a compliance and regulatory principal to small and mid-sized firms since 1984, Dave has experienced the rise and fall of various financial crisis. Presently the burden on small to mid-size broker-dealer firms by regulatory authorities is in crisis. There is a steady decline of applications for new member broker-dealer firms,and withdrawals have increased. Ever-changing regulatory rules and overwhelming recordkeeping requirements placed on smaller brokers is taking a toll. 

More recently, the rise of FinTech, Robo-advisors, and Regtech firms pose new threats to traditional BD’s, and bring formerly unheard of risks. Dave’s knowledge in Engineering, Technology, and Compliance gives him a unique advantage to understanding emerging technology and its impact on the industry and firms. Dave has the ability to develop solutions for small firms and understands the value of emerging technology.

Dave welcomes an opportunity to hear your concerns directly and work with member firms in developing strategy to tackle the high pressure points. Being elected to the District Committee is an opportunity to participate in regulatory initiatives and carry the message of small firms.  Feel free to share your insight, thoughts, and concerns using LinkedIn, Skype, Email, or Phone. 

Read more