YES--Material Event Disclosures for 529 Plans

So I should trust my FINRA sources more, that is my conclusion. I've taken my skeptical hat off for now.

Spoke to a very helpful, very pleasant gentleman at MSRB today. He very clearly conveyed this reality: SEC has determined that Rule 15c2-12 applies to municipal fund securities. I'm talking about material event disclosure requirements--G-17 (see blog entry below)--in the context of 529 plans. To the extent municipal issuers file notices on MSRB's new EMMA portal, firms that offer/sell 529 plans MUST review those notices and provide the material event information to their customers prior to the sale. As a practical matter, you won't see many such notices relating to 529 plans.

So here's what you do: build into your procedures this requirement; train your reps on how to use EMMA; supervise 529 sales to make sure disclosures are being made when required.

The EMMA site is easy to use. Go to http://emma.msrb.org/. Click on the '529 Plan Search' box with the graduation cap icon; accept the site terms; in the orange box, select a state and hit the arrow; then look for the plan you are about to sell to a customer. Click on that plan and you'll see links to the disclosure statements and, IF there are material event notices, you'll see a link to those. That is what you'll review and discuss with your customer... ta da!

So, while this is one more thing you have to worry about (and document), it's pretty easy to implement.

It's not a bad idea to inform your customers about the EMMA portal--knowledge is power. That way, you'll be educating your customers as you should.

One more helpful link for you, courtesy of the nice man at MSRB: http://www.msrb.org/msrb1/mfs/mfs7.asp This is the 'securities regulation' page explaining which regs apply to 529 plan sales.

Hmm. Wonder how long it will take before I put that hat back on? Stay tuned.

Update: It's Sunny (and a note on MSRB Rule G-17)

One of my favorite clients just reprimanded me for not updating my blog to correctly identify our NH weather as SUNNY. Which it is. Thanks so much, Mr. Get Back to Work...

Oh, and I just talked to a gentleman at FINRA who was happy I wasn't a reporter when I asked about a rule interp. ?? Are they bombarded these days by the Geraldos of the world who aren't busily churning M.J. rumors? Guess so.

His answer to my question was that, yes, BD's who do nothing but 529 plans--that is, they sell municipal FUND securities, not municipal securities--are required to comply with interpretive material on G-17 about material event disclosures. See Notice 09-35 at http://www.finra.org/web/groups/industry/@ip/@reg/@notice/documents/notices/p119067.pdf .

This means that before having your customer sign onto that 529 plan, make sure you visit MSRB's new EMMA site at http://emma.msrb.org/ to gather and convey important disclosures about the issuer. Document that you did this; and you supervisors: check the records to make sure it's being done. Oh, and update your procedures for this new one.

I dunno. I'm a bit skeptical. I have a call into MSRB. I hope they call back before it starts raining again...

Useful Information on a Rainy Day

I walked to my NEW office this morning without drowning in a puddle. High of 61 today with downpours. Feel sorry for us, here in coastal NH. We deserve your pity.

Few things:

1. Remember the FTC Red Flags Rule? FINRA released its brand new written ID Theft Prevention Program template!--and it has an acronym: ITPP! This is great. Thank-you, FINRA. Now all you small firms that have no idea what this rule is all about, and believe that it is completely duplicative with AML and unnecessary, given that you are a tiny shop that does not use credit reports, does not provide debit cards or checkwriting, and does not extend credit (but wait, you have a clearing firm and your clients may open margin accounts through your firm), can create an ITPP without much effort. And the better news is, if FINRA examines for compliance with this rule like it did with AML, you will have years before your written program actually has to be fully customized and implemented. FTC enforcement of the Red Flags Rule begins August 1, 2009. So get going. Here is the link to the template, courtesy of FINRA:
www.finra.org/customerprotection/redflags.

2. As of August 17 you have to provide a new disclosure to customers. New FINRA Rule 2267 is based on old NASD Rule 2280 (Investor Education and Protection). The old rule applied only to firms carrying customer accounts. Now it applies to everyone. BUT: if your firm has an clearing firm that will make the disclosures for you, you're all set (confirm this with them, ok?). If you have other (or only) customers that aren't serviced by a clearing firm and that don't, for instance, receive statements or confirms, then your firm will have to make the disclosures. An example would be an 'application-way' shop that processes MF/VA applications and does not have brokerage accounts. I'm guessing PP/M&A firms are in this category, too, but let's not expect FINRA to be clear on that (you know how I feel about this subject, right?).

So, if all your customers are receiving statements, etc. from the clearing firm, make sure they'll include the disclosures annually to your customers.

Otherwise, you have to provide the disclosures (annually if you carry accounts). If you don't carry accounts, as I desdcribed above, or have some customers not receiving statements, you have to provide the disclosures at or prior to the time of the customer’s initial purchase, in lieu of once every calendar year.

Disclosures may be provided electronically (yahoo).

Here is what you have to disclose:

1. FINRA Broker Check Hotline Number -- (800) 289-9999;
2. FINRA Web site address -- www.finra.org; and
3. A statement as to the availability to the customer of an investor brochure that includes information describing FINRA Broker Check. ...Harder than it sounds. Here's what I recommend: "You may find information about Broker Check online by visiting this link http://www.finra.org/web/groups/industry/@inv/@tools/documents/industry/p009888.pdf or by calling the Hotline number and requesting a hard copy via mail."

Here's what FINRA says about the due date: "Any firm subject to NASD Rule 2280 that complies with its annual (calendar year) mailing requirement on or after January 1, 2009 but prior to the August 17, 2009 effective date of FINRA Rule 2267 will be deemed to have complied with FINRA Rule 2267 for the 2009 calendar year."

So check with your clearing firm to see it they will have complied with old 2280 by 8-17; if not, you're not in compliance. For other firms (see above), start making the disclosures for new accounts. And what the heck, if you send out an annual disclosure notice with other things, like privacy policy and SIPC info, why not include this one, too?

3. Rule 2821 on Variable Annuities--they FINALLY finalized the rule. And the great news is, they took out that requirement to consider ALL deferred V/A purchases and exchanges as 'recommended.' The rule changes also clarify the 7-day review/approval process and funds transfers in that 7-day period. It's good, and the Notice is written well. Look it up: Notice 09-32 is at http://www.finra.org/Industry/Regulation/Notices/2009/P118955. BUT DON'T start enforcing the rule yet. It's effective 2-8-10. I have a call into FINRA about whether optional compliance before then is okay, but I haven't heard back yet :( . In the mean time, you have the usual 24 hour turnaround period to move funds out and approve the business.

Looking out my window: still raining.

Beat It, Bernie Madoff

"I'm Starting With The Man In The Mirror.
I'm Asking Him To Change His Ways
And No Message Could HaveBeen Any Clearer
If You Wanna Make The World A Better Place
(If You Wanna Make The World A Better Place)
Take A Look At Yourself, And Then Make A Change
(Take A Look At Yourself, And Then Make A Change)
(Na Na Na, Na Na Na, Na Na,Na Nah)"

There you go, the chorus from one of Michael's soul-searching songs. (I did the moonwalk in honor of our beloved--demented--King of Pop...did you? Did you join any Michael Jackson Flashmobs?) This song, Man in the Mirror, did Bernie ever listen to it? Did he, himself, look in the mirror while in the midst of defrauding thousands out of their billions? If he did, his own eyes believed his lies.

Michael's gone and doesn't know the world really did love him; Bernie's gone and finally knows how much the world despises him. Will both men meet soon on one of Dante's circles? I have to believe Bernie will be closer to the chewy center.

Bye for good, Bernie. "They're Out To Get You, Better Leave While You Can.... So Beat It. Just Beat It."

The Rumor Was True!

That is, the one about FINRA revising its proposed rule on circulation of rumors. This is good! The new language is more focused and will allow industry professionals to discuss amongst themselves and with clients the nature of circulating rumors (without triggering a regulatory reporting obligation). That is, firms can talk about rumors: they just can't spread them with the intention of moving markets... that makes sense, right? If those folks on TV are all blabbing about a rumor, why shouldn't a broker be allowed to speak to the subject with his/her client? to help things, rather than hurt them?

Specifically, the amendments:

• Narrow the prohibition to apply to rumors that are 'likely to influence' the market price of a security;
• Retain the reporting obligation, but narrow it to report only those instances of origination/circulation when the offender did it 'for the purpose of improperly influencing' the market price of the security;
• Include supplementary material: defining 'rumor,' allowing certain exceptions (permissible communications), reminding firms that such rumor origination/circulation could violate lots of other rules, not just this new one, and requiring firms to have WSP's and training programs (the usual).

The revised rule is out for comment through July 16. Go to http://www.finra.org/web/groups/industry/@ip/@reg/@notice/documents/notices/p118807.pdf to read the notice on this topic.

Pssst: It's okay if you pass this on--not a violation, I promise.

Privacy Clauses in Contracts

Another reminder for you. (This was discussed at the April conference, too.)

Your contracts with third parties, such as payroll services, clearing firms and, of course, ESM (electronic storage media) providers, should have some language about safeguarding customer information. FINRA seems to be enforcing this in anticipation of final approval/effectiveness of amendments to Regulation S-P. Here’s a summary of the related change in that SEC rule:

Currently, Section 30(a) of Regulation S-P requires institutions to adopt written policies and procedures that address administrative, technical and physical safeguards to protect customer records and information.

Amendments to Reg. S-P would require firms to develop “information security programs” that would require firms to, among other things:

“oversee service providers by taking reasonable steps to select and retain service providers capable of maintaining appropriate safeguards for the personal information at issue, and require service providers by contract to implement and maintain appropriate safeguards (and document such oversight in writing).”

The term “service provider” would mean any person or entity that receives, maintains, processes, or otherwise is permitted access to personal information through its provision of services directly to a person subject to the rule.

Reasonable steps to evaluate the information safeguards of service providers could include the use of third-party review of those safeguards such as a Statement of Auditing Standards No. 70 (“SAS 70”) report, a SysTrust report or a WebTrust report. (This is straight from the SEC release—it seems geared towards large firms; small firms will have to determine which ‘reasonable steps’ are practical, affordable and effective.)

See http://www.sec.gov/rules/proposed/2008/34-57427.pdf for the SEC’s proposed amendment from last year.

The Adam Lambert Memorial Exam Findings Tips and other Reminders

Well, now we know: southern, culturally-conservative (i.e., anti-guyliner) voters favoring the underdog. That's who crowned Kris last night. But do we care? No. FINRA suits are walking through the door soon, armed with lists of practically irrelevant exam priorities. And you, my friend, have no-one calling 1-800-I Comply! to vote for you. (No-one except me: I'm here to help.)

btw: Not enough of you requested free conference notes. That means: a) you don't care, b) you're afraid to write to me, knowing I'll write back and talk too much, or c) you're not even reading this. You're over on that other, better blog: http://thereformedbroker.com/ But is that guy giving you practical information you can use immediately to improve your compliance grade (Randy Jackson wants to give you an "A+")? No, he's giving you insightful analysis of current economic and political events, all in a well-written and sometimes hilarious fashion. What good is that?*

*Real good. Check him out.

Oh, back to my exam findings tips, in honor of my favorite second-place, soon-to-be superstar, Glambert. Recent findings:

1. BCP summary disclosure not on website -- 3510(e);
2. CCO not disclosed on Schedule A of Form BD -- 3130(a);
3. AML testing not done by independent person or firm didn't comply with exemption provisions when using in-house, non-independent person -- 3011(c) and IM-301101;
4. Supervisory Control Procedures don't address electronically notifying FINRA of the reliance on the limited size and resources exception -- 3012(a)(2)(A)(iii);
5. Don't have procedures for monitoring new rules proposed under Section 311 of the USA Patriot Act -- 3011(b);
6. [The age-old] failed to notify of electronic storage media and provide required representations on format/storage and third party access -- SEC 17a-4(f)(2) and (f)(3)(vii);
7. Don't a have a third party to access electronic records to meet SRO requests -- SEC 17a-4(f)(3)(vii).

Comments on the above:

1. BCP: If you have a website, it has to be there. Remember, post just your summary, not the whole plan. Just do it.
2. CCO on Sked A: the thing is, no CRD deficiency is generated if it's not there. This rule came out in 2004--FIVE American Idol seasons ago!--and it's hard to believe that this violation can still exist. But it does. I think, like for FCS and other nec. disclososures, that the system should alert the firm on Gateway if no CCO is listed on Sked A.
3. AML Indep. Tester: for very small firms, this is frustrating. Yes, they may rely on an in-house person who isn't independent, but they have to provide justification for doing so and have written procedures about non-retaliation, etc.... look at http://finra.complinet.com/en/display/display_viewall.html?rbid=2403&element_id=3719&record_id=4397 for the requirements under IM-3011-1. Just do it. The obvious alternative is to hire an outside party (cha-ching).
4. Procedure to notify of LS&R exemption: Uh, this is easy to comply with. Put in your supervisory control procedures that you will make a filing in CRD, notifying FINRA of your reliance on this exception if you appoint someone not 'senior' to do branch examinations. Just do it.
5. 311 procedures: Guidance came out in 2007. If your firm doesn't have foreign accounts, just mention in your procedures that you don't have to include due diligence procedures for 'specified banks' under FinCEN's 'special measures' rules--from Section 311 of the USA Patriot Act. You can promise you'll add such procedures when deemed relevant to your business. Add a link to FinCEN’s Special Measures page http://www.fincen.gov/reg_section311.html for fast reference to changes.
6. ESM notification: Oh, don't get me started. Well, at least FINRA is showing some patience on this issue. For goodness sakes, by now firms should know what they have to do! Look at my many, verbose postings on this subject for more information. If you haven't notified FINRA on CRD of your use of acceptable ESM, just do it (it's under 'financial notifications' on the forms and filings tab on the Gateway).
7. Access: See my earlier postings on this topic. You have to have a third party to assert that they will provide access to your e-records in case you can't/won't produce them upon request. This party does not have to maintain your records--they just have to be able to access/produce them. There is a firm called Securities Industry Records Services in Utah that provides this access letter for a an annual fee...check them out at SIRSCO.com. (I don't endorse these guys...haven't yet had personal experience with them--but it might be worth talking to them if you want to store your own records.)

Some areas of exam focus:

• Reg. SHO: aggregation units, controls in place to prevent illegal short sales, affirmative determination records.
• Scrutiny of lack of SAR filings: why none?

A few reminders for those of you who didn't read my notes:

1. Get a PCAOB-registered accounting firm before December--for your next audit. Remember that, for non-public BD's, this registration doesn't change the accounting standards or protocols; for now, the auditor just has to pay a fee to register. Don't be lured into paying higher fees for your audit.

2. Don't expect 30 days advance notice of your next exam--even though Robert Errico in his February 2007 letter to members stated the following:

Advance Notice of Examinations. For the vast majority of firms, NASD is doubling the amount of notice in advance of a routine examination. Specifically, we are moving the notice period from 14 days to 30 days. This change will provide member firms with adequate time to respond to the WebIR and to gather the records and other information requested prior to the on-site portion of the examination. Similarly, it will provide our examiners with more time to review materials, leading to a more efficient examination.

I rarely see 30 days notice being given. The staff at the April conference said, 'Oh, it's up to 30 days.' I guess they didn't know about Mr. Errico's kind promise. Oh, and don't kid yourself into thinking you're on a set exam schedule--they'll use BORAM (clearly, Spock language) every year to decide when your next exam will be.

3. Establish a policy for protecting customer information when Reps leave your firm. If you let them take Outlook contacts information or other data that contains non-public info, you have to disclose this in your privacy policy (and give customers an opt-out choice).

4. Remember that the ID Theft Program requirement has been delayed until Aug. 1--and remain on the lookout for FTC's promised "template to help entities with a low risk of identity theft to comply with the rule" (but then again, we know how promises work...you promised you'd vote for Adam and you didn't).

Thanks for reading. And remember to amend your Reps' U4's for the new disclosure questions. But you've got time...first go out and enjoy the fine weather.