Prepare Your Job Application

I just read this: Investment News Article about Well-Paid FINRA Execs .

Does it explain this: Notice 09-68 about Fee Changes (and Renewal Increases) ?

and this: Notice 09-67 about Reg Element Fee Increases ?

Wow.

Change of Accountant?

Hey, if you hired a new accountant to do your year-end audit, remember that you have to tell SEC about it. You can find the Designation of Accountant form at this link:

http://www.finra.org/web/groups/industry/@ip/@comp/@regis/documents/industry/p009841.pdf


Here is the delivery information I have:

Constance Jackson
SECURITIES AND EXCHANGE COMMISSION
mailstop - 6628
100 F Street, NE
Washington, DC 20549
fax # 202 772 9273
phone # 202 551 5526

My notes say this is due by December 10. So if you haven't done this yet, hurry.

Rule Reference: SEC 17a-5(f)(2)

SIPC Supplemental Report: Last Helpful Tip

I'm getting bored with this subject, I have to admit... but I looked into something and thought I'd pass along what I learned.

The "e-4 report," or "supplemental report" required under SEA 17a-5(e)(4), is a newly-unearthed requirement for SIPC members (read my two earlier blogs on this if you're confused right now: Sept. 24 and Nov. 10). FINRA sent out a little blurb that stated, "If your firm is a SIPC member and has net operating revenues of more than $500,000, your firm's auditor must complete the SIPC Supplemental Report..."

A helpful reader (I have readers! and some of them are helpful!!) was looking for the source of that $500,000 threshold. I, being busy, promised to look for it, but he, being helpful, found it himself and forwarded me FINRA's 89-25 NtM...here is the link to that: http://finra.complinet.com/en/display/display_main.html?rbid=2403&element_id=1400

This old Notice includes an SEC no-action letter that describes the $500,000 threshold. But SEC uses the term "total revenues" and FINRA, in said Notice, uses the term "gross annual revenue." Both of these terms contradict FINRA's newest descriptor, "net operating revenues."

So I called a woman at SIPC who is smart and kind and--again, this word--helpful! She explained that yes, it is indeed "total revenue"--that is, before deductions--and that the SEC no-action letter is the only reference to that exclusion/threshold. You won't find it anywhere else. She also surmised that this new assessment equation will be in place for a while--so get used to it, folks!

If you work for FINRA and you are reading this, a) why are you reading my blog? and b) to be helpful (pay it forward), tell someone at your shop about this discrepancy/miscommunication, so that firms may do what is required without being confused.

Thanks to Mr. A.C., who inspired today's blog entry.

Procrastination Pays Off Again: Red Flags Rule Enforcement Delayed

How did I miss this last week?? Received November 4...

"At the request of Members of Congress, the Federal Trade Commission (FTC) has delayed until June 1, 2010, its enforcement of the new Red Flags Rule. The rule requires most broker-dealers to have in place a written program to identity, detect and respond to patterns, practices or specific activities that could indicate identity theft ("red flags"). Enforcement of the Red Flags Rule, which implements a section of the Fair and Accurate Credit Transactions Act of 2003 (FACT Act), was previously scheduled to begin on November 1, 2009."

I wonder which "Members of Congress" we have to thank for this? Well, anyway, most small firms aren't pulling credit reports and don't have proprietary online account access systems that would be vulnerable to attack. So if you didn't put an Identity Theft Prevention Program in place by now, I understand why. And you know how I feel about introducing firms that open margin accounts being characterized as 'creditors' for the sake of this rule, right? Baloney. Let's hope with this third? fourth? delay, the enforcers-that-be will come to their senses on that topic.

SIPC Supplemental Report--Some More Help

On that SIPC supplemental report I discussed back in September... got this (see below) from FINRA the other day. Two things to note:

1. The $500,000 threshold -- I had not noted this in my earlier blog. Probably because I didn't know about it. This will spare some of you very small firms from having to procure this report from your auditor.
2. The AICPA site includes guidance on the 'e-4 report'--check out the link, below.

From FINRA:

SIPC Supplemental Report Requirement This year, SIPC raised its member's assessment to .0025 of each member's securities business net operating revenues. If your firm is a SIPC member and has net operating revenues of more than $500,000, your firm's auditor must complete the SIPC Supplemental Report under SEA Rule 17a-5(e)(4) for fiscal years ending April 30, 2009, through December 31, 2009. Auditors must complete and submit the Report, together with the Annual Audit, or the Audit will be deemed deficient. For guidance on what to include in the Report, see the American Institute for Certified Public Accountants Web site--http://www.aicpa.org/download/acctstd/AppendixG_V3_ff.pdf .

AML Non-Compliance Back in the Day

I just read FINRA’s release on the Scottrade fine, the one that alleges failure to establish and implement an adequate AML program to detect and trigger reporting of suspicious transactions.

Yikes!

The period of most egregious failure was from April 2003 to January 2005. Geez, back then, NASD’s testing of AML compliance consisted of seeing if firms knew what A-M-L stood for. It’s only in the past couple of years that FINRA’s examination program has raised its expectations…that is, instead of being satisfied that a firm had a program in place, they actually look at the components and consider their reasonableness. To look back at a period in which AML rules were brand new seems a bit unfair (I know—the Rule came out in April 2002--but CIP didn’t come out until October 2004, and this whole emphasis on REPORT! REPORT! REPORT! didn’t take shape until about two years ago). If their expectations were low back then, why is it okay to apply the heightened standard retroactively?

I don’t have any information on this case, so I’m reacting to the summary provided by FINRA. So I might not be fair, either.

But reading the summary leads to me a few other hysterical reactions—er, I mean, thoughtful considerations: Why was it unreasonable, in the early days of AML regulation, to assume that monitoring movement of money was a good means of detecting suspicious activity? Why was it unreasonable to let designated personnel like branch (front-line), cashiering (appropriate, non?) and margin employees refer suspicions to compliance? Why was is a bad thing that Scottrade got progressively more attuned to the challenge of AML monitoring and thus hired a risk management analyst to review its system and later developed a proprietary, automated monitoring system? Why is Scottrade being criticized, in this context, for not preventing ID theft and account intrusions back before 2007, when those hot topics were only in the early stage of regulatory focus (Nov. 1, 2009 is the effective date for compliance with the ITPP requirements under the FACT Act and to my knowledge, Reg. S-P amendments have yet to be made effective—email me if I’m wrong on this)? And Scottrade’s volume report being used back in 2006 to detect pump-and-dump schemes and unauthorized trading activity, but not to detect suspicious activity by bona fide account holders?... if NASD required this back then, why didn’t they tell them? I’m sure they were in there reviewing general and AML compliance every year.

I’m wondering, how much of this longed-for monitoring would have led to SAR reporting that would have resulted in actual cases proving terrorist financing? Was that factored into the findings? (Oops, there I go again, forgetting that BD’s are law enforcement agencies charged with uncovering fraud and tax evasion, too.) Or is this finding just a hypothetical exercise in retroactive nit-picking for the sake of making an example out of the ‘failure’ or – I’m not really a cynic – to make money?

I have to admit: I see small firms being examined on the bare basics of AML and I find that FINRA continues to be gentle with these small firms. It’s almost like ‘principle-based’ compliance, but not really. It’s more like, “Okay, you’ve met the minimum requirements under 3011, but don’t forget to get exception reports” and all ends well. Personally, I’m okay with this, especially in the context of very small firms with a limited business whose clientele is local and very familiar. To expect anything more than token AML compliance is wrong in those cases. For bigger firms, yeah, sure, take it to the next level—but don’t mix subject areas and don’t retroactively apply developing standards to a time when AML was new and little understood. Even for the big firms that’s not fair. They are slow-moving beasts and should have been afforded a learning curve.

I think I’m too tolerant. That’s my problem. The world might very well be a charred sinkhole had it been under my watch until now. Never elect me President*.

(*Attorney General, maybe. I promise I’ll follow in Holder’s footsteps. --here I go again, with that tolerance thang.)

Internal Testing of AML: Loophole Closed

Just yesterday I was blathering about the loophole in NASD IM-3011-1, which allows firms to have internal staff do annual testing of their AML programs. This rule lets firms have someone in the AML chain of command do the testing. The way it was written was always a bit curious: as if meant to strictly limit firms, but with a nice rabbit hole to jump into to safely avoid the limitation. Don't get me wrong: I've been a fan of the loophole, since I tend to sympathize with really small firms that have to meet onerous, big-firm requirements....and that's who would have relied on the loophole until now: very small firms with no staff remote enough from the AML staff and supervisor (usually the same person) to be considered independent. Well, thanks to FinCEN, these small firms will henceforth have no choice but to pay up for their annual independent AML testing.

You see, in Notice 09-60 FINRA announced its recent slate of rule consolidation changes. One of those is new FINRA Rule 3310, replacing NASD Rule 3011 and its IM's. The rule essentially stays the same except for the removal of the independence carve-out.

Firms can still appoint an internal staff member to conduct the testing, but that person must absolutely meet the following requirements:

1. The person must not perform the functions being tested,
2. The person may not be the designated AML compliance person, and
3. The person may not report to either anyone performing AML functions or the designated AML compliance person.

So if your firm is big enough such that you have senior staff who do not get involved at all in AML stuff, and you have employees who are well-versed in BSA/other AML requirements who do not do any AML work, you should be able to continue to rely on in-house AML testing.

The reason for the change? FINRA blames it on FinCEN, which stated that "the independent testing provision of the BSA precludes AML program testing by personnel with an interest in the outcome of the testing..." Seems reasonable--if you believe that our current AML rules, regulations and applied guidance have proven useful in fighting terrorism and if you believe that it is the role of the broker and the brokerage firm to police its clientele. Might seem unreasonable if you closely run a very small firm with a local, familiar clientele and have seen the cost of compliance sky-rocket right along with the increase in regulatory expectations, and you now have to pay a third-party to come in and verify the obvious: you're trying hard to follow the rules.

(Oops. I let myself go for a second, there... back to the subject at hand...)

The rule change is effective Jan. 1, 2010. You tiny firms out there will have to find someone to do your independent testing next year. (This is not a sales pitch, by the way--could you tell?)

SIPC Assessments: Something You Might Not Know

...but which your accountant should know.

Okay, so you know by now that SIPC assessments went from a coins-under-the-couch-cushions-amount ($150) to a revenue-based number (.0025 of annual net operating revenues). This change happened as of April 1 and there are new assessment reporting forms that apply: see http://www.sipc.org/members/members.cfm for links to the new forms: Form 7T (interim reporting) and Form 6 (general form used for semi-annual reporting/payment). Depending on your fiscal year end, SIPC will mail you the correct forms to complete. You will be given credit for the $150 you might have paid earlier this year. But be prepared to pay a bunch more: firms making millions in revenue will pay tens of thousands.

The last time SIPC imposed a revenue-based assessment was 14 years ago. When the SIPC Fund balance gets low (under $1 billion), they invoke their right to raise money this way. If you're feeling sorry for yourself, maybe because your investors are institutions or otherwise won't be relying on SIPC coverage anytime soon, here's the theory behind this universal assessment: your business is dependent on a robust market; that market consists of individuals—they drive the market by virtue of their investments. Without them you wouldn’t do the business you do. You therefore benefit from the retail market in the end. And you want those investors to have confidence, some of which is provided by SIPC coverage. So you pay for SIPC, along with every other broker, regardless of your niche.

Onto the meaningful part of this message...

When your auditor does your annual audit, he/she has to remember to do an 'e-4 report.' That refers to paragraph (e)(4) of SEC Rule 17a-5: 'Reports to be made by certain brokers and dealers.' Your accountant knows to what to provide to FINRA and SEC, based on years of service in this industry. But now that the SIPC assessment is based on revenues, he/she has to provide this new item, too--and he/she may not know about it. It's basically a 'negative assurance letter' and will include either a schedule of payments to SIPC or copies of the assessment forms that were filed for the period. The bummer is, SIPC does NOT address this on its members site....they say it's an SEC Rule, not theirs, and that's why...but hey, give a BD a break! It would be nice if they provided clear guidance on this. I guess that's why I'm writing this entry--to introduce the subject and suggest that you talk to your auditor to make sure he/she is prepared to comply.

Here's the text from the SEC Rule that applies (from http://edocket.access.gpo.gov/cfr_2002/aprqtr/17cfr240.17a-5.htm):

(4) The broker or dealer shall file with the report a supplemental report which shall be covered by an opinion of the independent public accountant on the status of the membership of the broker or dealer in the Securities Investor Protection Corporation (``SIPC'') if, pursuant to paragraph (e)(1) of this section, a report of the broker or dealer is required to be covered by an opinion of a certified public accountant or a public accountant who is in fact independent. The supplemental report shall cover the SIPC annual general assessment reconciliation or exclusion from membership forms not previously reported on under this paragraph (e)(4) which were required to be filed on or prior to the date of the report required by paragraph (d) of this section: Provided, That the broker or dealer need not file the supplemental report on the SIPC annual general assessment reconciliation or exclusion from membership form for any period during which the SIPC assessment is a minimum assessment as provided for in section 4(d)(1)(c) of the Securities Investor Protection Act of 1970, as amended.

The supplemental report, an original of which shall be submitted to the regional or district office of the Commission for the region or district in which the broker or dealer has its principal place of business, the Commission's principal office in Washington, the principal office of the designated examining authority for such broker or dealer and the office of SIPC, shall be bound separately, be dated and be signed manually, and shall include the following:

(i) A schedule of assessment payments also showing any overpayments applied and overpayments carried forward including: payment dates, amounts, and name of SIPC collection agent to whom mailed, or

(ii) If exclusion from membership was claimed, a statement that the broker or dealer qualified for exclusion from membership under the Securities Investor Protection Act of 1970, and the date and name of the SIPC collection agent with whom a Certification of Exclusion from Membership (Form SIPC-3) was filed, and

(iii) An accountant's report which shall state that in the accountant's opinion either the assessments were determined fairly in accordance with applicable instructions and forms, or that a claim for exclusion from membership was consistent with income reported. If exceptions are noted, the accountant shall state any corrective action taken or proposed.

The accountant's review on which his report is based shall include as a minimum the following procedures:

(A) Comparison of listed assessment payments with respective cash disbursements record entries;

(B) For all or any portion of a fiscal year ending in 1976 and each fiscal year thereafter, comparison of amounts reflected in the annual report as required by paragraph (d) of this section, with amounts reported in the Annual General Assessment Reconciliation (Form SIPC-7);

(C) Comparison of adjustments reported in Form SIPC-7 with supporting schedules and working papers supporting adjustments;

(D) Proof of arithmetical accuracy of the calculations reflected in Form SIPC-7 and in the schedules and working papers supporting adjustments; and

(E) Comparison of the amount of any overpayment applied with the Form SIPC-7 on which it was computed; or

(F) If exclusion from membership is claimed, the accountant shall review the annual report required by paragraph (d) of this section for all or any portion of a fiscal year ending in 1976 and each fiscal year thereafter to ascertain that the Certification of Exclusion from Membership (Form SIPC-7) was consistent with the income reported.

[Some of this is outdated due to changes in form names, but you get the idea.]

OH--and this 'e-4 report' has to go to SIPC, too. So include it in your filings with FINRA and SEC, and also send it (alone, not with the annual audited f/s) to SIPC.

Talk to your accountant; make sure this is clear. And chat it up over drinks, too. You'll impress your peers by being up on this subject way ahead of the crowd. Ah, the joys of compliance.

Another Delay of Red Flags Rule Enforcement (and other stuff)

Greetings, surfers!

Topic 1: Red Flags Rule (dedicated to my tipster: Mr. B. Gray)

FTC announced yesterday that they would delay enforcement of the Red Flags Rule--again. Now you have until November 1 to figure out what it all means for your broker-dealer firm. On this note, I tried to create a flow chart to help you decide if you needed an Identity Theft Prevention Program, but I ran out of ink (and brains) in the process. It's complicated--and I disagree with the going interpretation, so I should just stay out of it.

I guess I can be a little helpful by providing some reference links for you:

http://imhoffconsultingproject.blogspot.com/2008/11/update-on-fact-act.html and http://imhoffconsultingproject.blogspot.com/2009/07/useful-information-on-rainy-day.html contain my ranting (I mean, informative content) on the subject.

FINRA's ITPP template: http://www.finra.org/web/groups/industry/@ip/@reg/@notice/documents/notices/p119093.pdf

FINRA's page that has all kinds of references to guidance and stuff: http://www.finra.org/Industry/Issues/CustomerInformationProtection/p118480

FTC site on the Rule: http://www.ftc.gov/redflagsrule

FTC site on ID Theft: http://www.ftc.gov/bcp/edu/microsites/idtheft/

+++++++++++++++

Topic 2: Investment Banking Registration Category

Wow! At last, for investment bankers, a test of their own! I'm impressed. If you are an investment banker, now you have your very own registration category: the Series 79. (Monty Python's Life of Brian came out this year--but that's off topic.)

Notice 09-41 does a terrific job explaining this new test and registration requirement. Here is a summary:

• If you're currently doing only private placements (not of munis, govt's or DPP's) you only need the Series 82 so don't worry about this.
• If you're currently doing investment banking activities--such as originating offerings, underwriting, marketing, structuring, syndication, or doing M&A deals like advising on restructurings, asset sales, corporate reorganizations, writing fairness opinions, etc., then YES, you need the Series 79.
• If you're doing this business, and you're not registered--better get that way.
• If you're doing this business and you have your Series 7, you have to 'opt-in' between November 2, 2009 and May 3, 2010. During that 6-month period, make sure a U4 amendment is filed for you, adding the Series 79 registration. That's all you need to do.
• If you miss the opt-in period, you have to pass the Series 79 to keep doing your investment banking business.
• If you're a Series 7 and you just kinda want the Series 79, well, that's not okay. You can't opt-in, because, technically, you have to be engaged in investment banking business to earn the opt-in registration.
• If you're new to the business and were going to get your 7 so that you could work as an investment banker, you can still take your 7 during the six-month period before May 3, 2010...after you pass the 7, do the U4 amendment to add the 79 and voila! It's yours!
• If you're an intern like I was, guess what? You don't have to get the 79 (see the Notice for details on this one--some qualifying factors).
• If you also do general securities business or other business like muni structurings or DPP's or whatever, you need the 7 in addition to the 79.
• If you are a Series 24 who supervises investment banking activities, you now need the Series 79. You can opt-in (see above) by May 3, 2010.
• If you're thinking of being a supervisor of investment banking activities, but aren't yet licenced, the Series 79 will qualify as a prerequisite to the 24. Take both and supervise away! But wait: if you supervise any other securities activities, like trading or retail sales, you'll need the 7, too.
• You know how you can take the Series 66 instead of the 65 and 63 to register as agent and IA in states? Well, the Series 7 is a pre-requisite for the 66...you can't rely on the 79 to do that job. The 79 is, however, a pre-requisite for the 63.

Okay, that's enough of that topic. One little thing...did you see the words "asset sales" above? That's kinda scary for unregistered M&A shops out there who always thought that arranging asset sales didn't require registration. Well, then again, those folks aren't reading this, so why waste my words.

++++++++++++++

Topic 3: U4 Disclosure Questions: no 'wet' signatures

New FINRA Rule 1010 allows firms to amend the U4 disclosure answers without having the rep manually sign the U4 amendment. Instead, you have to: provide the rep with a copy of the amended disclosure information prior to filing and get the rep's written acknowledgement (like an email or signature on internal form) prior to filing that shows the rep received and reviewed the changes. Keep records of this for examiner review.

(Note: My firms had reps answer the new disclosure questions on an internal form, sign the form and return it. To me, this satisfies the new Rule.)

If reps are on military duty, otherwise unavailable or refuse to acknowledge the disclosure information, you should note that in the rep's electronic signature field.

The effective date is July 27, 2009. Notice 09-40 explains that this new rule helps out with the new disclosure questions that have to be answered by November 14....but it doesn't explicitly say that if your firm was conscientious enough to have made all those U4 amendment filings already--that is, before 7-27--then you don't need 'wet' signatures under the new rule. Hmmm. Let's assume you don't, and that your documentation of rep approval of the new disclosure answers will suffice. Wouldn't seem fair otherwise.

Back to the beach. Surf's up!

YES--Material Event Disclosures for 529 Plans

So I should trust my FINRA sources more, that is my conclusion. I've taken my skeptical hat off for now.

Spoke to a very helpful, very pleasant gentleman at MSRB today. He very clearly conveyed this reality: SEC has determined that Rule 15c2-12 applies to municipal fund securities. I'm talking about material event disclosure requirements--G-17 (see blog entry below)--in the context of 529 plans. To the extent municipal issuers file notices on MSRB's new EMMA portal, firms that offer/sell 529 plans MUST review those notices and provide the material event information to their customers prior to the sale. As a practical matter, you won't see many such notices relating to 529 plans.

So here's what you do: build into your procedures this requirement; train your reps on how to use EMMA; supervise 529 sales to make sure disclosures are being made when required.

The EMMA site is easy to use. Go to http://emma.msrb.org/. Click on the '529 Plan Search' box with the graduation cap icon; accept the site terms; in the orange box, select a state and hit the arrow; then look for the plan you are about to sell to a customer. Click on that plan and you'll see links to the disclosure statements and, IF there are material event notices, you'll see a link to those. That is what you'll review and discuss with your customer... ta da!

So, while this is one more thing you have to worry about (and document), it's pretty easy to implement.

It's not a bad idea to inform your customers about the EMMA portal--knowledge is power. That way, you'll be educating your customers as you should.

One more helpful link for you, courtesy of the nice man at MSRB: http://www.msrb.org/msrb1/mfs/mfs7.asp This is the 'securities regulation' page explaining which regs apply to 529 plan sales.

Hmm. Wonder how long it will take before I put that hat back on? Stay tuned.

Update: It's Sunny (and a note on MSRB Rule G-17)

One of my favorite clients just reprimanded me for not updating my blog to correctly identify our NH weather as SUNNY. Which it is. Thanks so much, Mr. Get Back to Work...

Oh, and I just talked to a gentleman at FINRA who was happy I wasn't a reporter when I asked about a rule interp. ?? Are they bombarded these days by the Geraldos of the world who aren't busily churning M.J. rumors? Guess so.

His answer to my question was that, yes, BD's who do nothing but 529 plans--that is, they sell municipal FUND securities, not municipal securities--are required to comply with interpretive material on G-17 about material event disclosures. See Notice 09-35 at http://www.finra.org/web/groups/industry/@ip/@reg/@notice/documents/notices/p119067.pdf .

This means that before having your customer sign onto that 529 plan, make sure you visit MSRB's new EMMA site at http://emma.msrb.org/ to gather and convey important disclosures about the issuer. Document that you did this; and you supervisors: check the records to make sure it's being done. Oh, and update your procedures for this new one.

I dunno. I'm a bit skeptical. I have a call into MSRB. I hope they call back before it starts raining again...

Useful Information on a Rainy Day

I walked to my NEW office this morning without drowning in a puddle. High of 61 today with downpours. Feel sorry for us, here in coastal NH. We deserve your pity.

Few things:

1. Remember the FTC Red Flags Rule? FINRA released its brand new written ID Theft Prevention Program template!--and it has an acronym: ITPP! This is great. Thank-you, FINRA. Now all you small firms that have no idea what this rule is all about, and believe that it is completely duplicative with AML and unnecessary, given that you are a tiny shop that does not use credit reports, does not provide debit cards or checkwriting, and does not extend credit (but wait, you have a clearing firm and your clients may open margin accounts through your firm), can create an ITPP without much effort. And the better news is, if FINRA examines for compliance with this rule like it did with AML, you will have years before your written program actually has to be fully customized and implemented. FTC enforcement of the Red Flags Rule begins August 1, 2009. So get going. Here is the link to the template, courtesy of FINRA:
www.finra.org/customerprotection/redflags.

2. As of August 17 you have to provide a new disclosure to customers. New FINRA Rule 2267 is based on old NASD Rule 2280 (Investor Education and Protection). The old rule applied only to firms carrying customer accounts. Now it applies to everyone. BUT: if your firm has an clearing firm that will make the disclosures for you, you're all set (confirm this with them, ok?). If you have other (or only) customers that aren't serviced by a clearing firm and that don't, for instance, receive statements or confirms, then your firm will have to make the disclosures. An example would be an 'application-way' shop that processes MF/VA applications and does not have brokerage accounts. I'm guessing PP/M&A firms are in this category, too, but let's not expect FINRA to be clear on that (you know how I feel about this subject, right?).

So, if all your customers are receiving statements, etc. from the clearing firm, make sure they'll include the disclosures annually to your customers.

Otherwise, you have to provide the disclosures (annually if you carry accounts). If you don't carry accounts, as I desdcribed above, or have some customers not receiving statements, you have to provide the disclosures at or prior to the time of the customer’s initial purchase, in lieu of once every calendar year.

Disclosures may be provided electronically (yahoo).

Here is what you have to disclose:

1. FINRA Broker Check Hotline Number -- (800) 289-9999;
2. FINRA Web site address -- www.finra.org; and
3. A statement as to the availability to the customer of an investor brochure that includes information describing FINRA Broker Check. ...Harder than it sounds. Here's what I recommend: "You may find information about Broker Check online by visiting this link http://www.finra.org/web/groups/industry/@inv/@tools/documents/industry/p009888.pdf or by calling the Hotline number and requesting a hard copy via mail."

Here's what FINRA says about the due date: "Any firm subject to NASD Rule 2280 that complies with its annual (calendar year) mailing requirement on or after January 1, 2009 but prior to the August 17, 2009 effective date of FINRA Rule 2267 will be deemed to have complied with FINRA Rule 2267 for the 2009 calendar year."

So check with your clearing firm to see it they will have complied with old 2280 by 8-17; if not, you're not in compliance. For other firms (see above), start making the disclosures for new accounts. And what the heck, if you send out an annual disclosure notice with other things, like privacy policy and SIPC info, why not include this one, too?

3. Rule 2821 on Variable Annuities--they FINALLY finalized the rule. And the great news is, they took out that requirement to consider ALL deferred V/A purchases and exchanges as 'recommended.' The rule changes also clarify the 7-day review/approval process and funds transfers in that 7-day period. It's good, and the Notice is written well. Look it up: Notice 09-32 is at http://www.finra.org/Industry/Regulation/Notices/2009/P118955. BUT DON'T start enforcing the rule yet. It's effective 2-8-10. I have a call into FINRA about whether optional compliance before then is okay, but I haven't heard back yet :( . In the mean time, you have the usual 24 hour turnaround period to move funds out and approve the business.

Looking out my window: still raining.

Beat It, Bernie Madoff

"I'm Starting With The Man In The Mirror.
I'm Asking Him To Change His Ways
And No Message Could HaveBeen Any Clearer
If You Wanna Make The World A Better Place
(If You Wanna Make The World A Better Place)
Take A Look At Yourself, And Then Make A Change
(Take A Look At Yourself, And Then Make A Change)
(Na Na Na, Na Na Na, Na Na,Na Nah)"

There you go, the chorus from one of Michael's soul-searching songs. (I did the moonwalk in honor of our beloved--demented--King of Pop...did you? Did you join any Michael Jackson Flashmobs?) This song, Man in the Mirror, did Bernie ever listen to it? Did he, himself, look in the mirror while in the midst of defrauding thousands out of their billions? If he did, his own eyes believed his lies.

Michael's gone and doesn't know the world really did love him; Bernie's gone and finally knows how much the world despises him. Will both men meet soon on one of Dante's circles? I have to believe Bernie will be closer to the chewy center.

Bye for good, Bernie. "They're Out To Get You, Better Leave While You Can.... So Beat It. Just Beat It."

The Rumor Was True!

That is, the one about FINRA revising its proposed rule on circulation of rumors. This is good! The new language is more focused and will allow industry professionals to discuss amongst themselves and with clients the nature of circulating rumors (without triggering a regulatory reporting obligation). That is, firms can talk about rumors: they just can't spread them with the intention of moving markets... that makes sense, right? If those folks on TV are all blabbing about a rumor, why shouldn't a broker be allowed to speak to the subject with his/her client? to help things, rather than hurt them?

Specifically, the amendments:

• Narrow the prohibition to apply to rumors that are 'likely to influence' the market price of a security;
• Retain the reporting obligation, but narrow it to report only those instances of origination/circulation when the offender did it 'for the purpose of improperly influencing' the market price of the security;
• Include supplementary material: defining 'rumor,' allowing certain exceptions (permissible communications), reminding firms that such rumor origination/circulation could violate lots of other rules, not just this new one, and requiring firms to have WSP's and training programs (the usual).

The revised rule is out for comment through July 16. Go to http://www.finra.org/web/groups/industry/@ip/@reg/@notice/documents/notices/p118807.pdf to read the notice on this topic.

Pssst: It's okay if you pass this on--not a violation, I promise.

Privacy Clauses in Contracts

Another reminder for you. (This was discussed at the April conference, too.)

Your contracts with third parties, such as payroll services, clearing firms and, of course, ESM (electronic storage media) providers, should have some language about safeguarding customer information. FINRA seems to be enforcing this in anticipation of final approval/effectiveness of amendments to Regulation S-P. Here’s a summary of the related change in that SEC rule:

Currently, Section 30(a) of Regulation S-P requires institutions to adopt written policies and procedures that address administrative, technical and physical safeguards to protect customer records and information.

Amendments to Reg. S-P would require firms to develop “information security programs” that would require firms to, among other things:

“oversee service providers by taking reasonable steps to select and retain service providers capable of maintaining appropriate safeguards for the personal information at issue, and require service providers by contract to implement and maintain appropriate safeguards (and document such oversight in writing).”

The term “service provider” would mean any person or entity that receives, maintains, processes, or otherwise is permitted access to personal information through its provision of services directly to a person subject to the rule.

Reasonable steps to evaluate the information safeguards of service providers could include the use of third-party review of those safeguards such as a Statement of Auditing Standards No. 70 (“SAS 70”) report, a SysTrust report or a WebTrust report. (This is straight from the SEC release—it seems geared towards large firms; small firms will have to determine which ‘reasonable steps’ are practical, affordable and effective.)

See http://www.sec.gov/rules/proposed/2008/34-57427.pdf for the SEC’s proposed amendment from last year.

The Adam Lambert Memorial Exam Findings Tips and other Reminders

Well, now we know: southern, culturally-conservative (i.e., anti-guyliner) voters favoring the underdog. That's who crowned Kris last night. But do we care? No. FINRA suits are walking through the door soon, armed with lists of practically irrelevant exam priorities. And you, my friend, have no-one calling 1-800-I Comply! to vote for you. (No-one except me: I'm here to help.)

btw: Not enough of you requested free conference notes. That means: a) you don't care, b) you're afraid to write to me, knowing I'll write back and talk too much, or c) you're not even reading this. You're over on that other, better blog: http://thereformedbroker.com/ But is that guy giving you practical information you can use immediately to improve your compliance grade (Randy Jackson wants to give you an "A+")? No, he's giving you insightful analysis of current economic and political events, all in a well-written and sometimes hilarious fashion. What good is that?*

*Real good. Check him out.

Oh, back to my exam findings tips, in honor of my favorite second-place, soon-to-be superstar, Glambert. Recent findings:

1. BCP summary disclosure not on website -- 3510(e);
2. CCO not disclosed on Schedule A of Form BD -- 3130(a);
3. AML testing not done by independent person or firm didn't comply with exemption provisions when using in-house, non-independent person -- 3011(c) and IM-301101;
4. Supervisory Control Procedures don't address electronically notifying FINRA of the reliance on the limited size and resources exception -- 3012(a)(2)(A)(iii);
5. Don't have procedures for monitoring new rules proposed under Section 311 of the USA Patriot Act -- 3011(b);
6. [The age-old] failed to notify of electronic storage media and provide required representations on format/storage and third party access -- SEC 17a-4(f)(2) and (f)(3)(vii);
7. Don't a have a third party to access electronic records to meet SRO requests -- SEC 17a-4(f)(3)(vii).

Comments on the above:

1. BCP: If you have a website, it has to be there. Remember, post just your summary, not the whole plan. Just do it.
2. CCO on Sked A: the thing is, no CRD deficiency is generated if it's not there. This rule came out in 2004--FIVE American Idol seasons ago!--and it's hard to believe that this violation can still exist. But it does. I think, like for FCS and other nec. disclososures, that the system should alert the firm on Gateway if no CCO is listed on Sked A.
3. AML Indep. Tester: for very small firms, this is frustrating. Yes, they may rely on an in-house person who isn't independent, but they have to provide justification for doing so and have written procedures about non-retaliation, etc.... look at http://finra.complinet.com/en/display/display_viewall.html?rbid=2403&element_id=3719&record_id=4397 for the requirements under IM-3011-1. Just do it. The obvious alternative is to hire an outside party (cha-ching).
4. Procedure to notify of LS&R exemption: Uh, this is easy to comply with. Put in your supervisory control procedures that you will make a filing in CRD, notifying FINRA of your reliance on this exception if you appoint someone not 'senior' to do branch examinations. Just do it.
5. 311 procedures: Guidance came out in 2007. If your firm doesn't have foreign accounts, just mention in your procedures that you don't have to include due diligence procedures for 'specified banks' under FinCEN's 'special measures' rules--from Section 311 of the USA Patriot Act. You can promise you'll add such procedures when deemed relevant to your business. Add a link to FinCEN’s Special Measures page http://www.fincen.gov/reg_section311.html for fast reference to changes.
6. ESM notification: Oh, don't get me started. Well, at least FINRA is showing some patience on this issue. For goodness sakes, by now firms should know what they have to do! Look at my many, verbose postings on this subject for more information. If you haven't notified FINRA on CRD of your use of acceptable ESM, just do it (it's under 'financial notifications' on the forms and filings tab on the Gateway).
7. Access: See my earlier postings on this topic. You have to have a third party to assert that they will provide access to your e-records in case you can't/won't produce them upon request. This party does not have to maintain your records--they just have to be able to access/produce them. There is a firm called Securities Industry Records Services in Utah that provides this access letter for a an annual fee...check them out at SIRSCO.com. (I don't endorse these guys...haven't yet had personal experience with them--but it might be worth talking to them if you want to store your own records.)

Some areas of exam focus:

• Reg. SHO: aggregation units, controls in place to prevent illegal short sales, affirmative determination records.
• Scrutiny of lack of SAR filings: why none?

A few reminders for those of you who didn't read my notes:

1. Get a PCAOB-registered accounting firm before December--for your next audit. Remember that, for non-public BD's, this registration doesn't change the accounting standards or protocols; for now, the auditor just has to pay a fee to register. Don't be lured into paying higher fees for your audit.

2. Don't expect 30 days advance notice of your next exam--even though Robert Errico in his February 2007 letter to members stated the following:

Advance Notice of Examinations. For the vast majority of firms, NASD is doubling the amount of notice in advance of a routine examination. Specifically, we are moving the notice period from 14 days to 30 days. This change will provide member firms with adequate time to respond to the WebIR and to gather the records and other information requested prior to the on-site portion of the examination. Similarly, it will provide our examiners with more time to review materials, leading to a more efficient examination.

I rarely see 30 days notice being given. The staff at the April conference said, 'Oh, it's up to 30 days.' I guess they didn't know about Mr. Errico's kind promise. Oh, and don't kid yourself into thinking you're on a set exam schedule--they'll use BORAM (clearly, Spock language) every year to decide when your next exam will be.

3. Establish a policy for protecting customer information when Reps leave your firm. If you let them take Outlook contacts information or other data that contains non-public info, you have to disclose this in your privacy policy (and give customers an opt-out choice).

4. Remember that the ID Theft Program requirement has been delayed until Aug. 1--and remain on the lookout for FTC's promised "template to help entities with a low risk of identity theft to comply with the rule" (but then again, we know how promises work...you promised you'd vote for Adam and you didn't).

Thanks for reading. And remember to amend your Reps' U4's for the new disclosure questions. But you've got time...first go out and enjoy the fine weather.

800 Overseas Investors Thank You

Alternate title: Keep those SAR Filings Coming! Terrorist financing down 36%!

Please read FinCEN's 15th Issue of The SAR Activity Review – Trends, Tips & Issues (http://www.fincen.gov/news_room/rp/files/sar_tti_15.pdf). It's a blast.

Seriously, you AML officers out there should read it. It gives you a reason to value all the time you spend worrying about whether or not to file a SAR. You and all your AML brethren are making a difference! The SAR report outlines some cases cracked thanks to your efforts (for instance, a foreign national was busted for leading a scheme involving hedge funds and advisory firms that resulted in $21 million in losses for over 800 foreign investors: that makes you feel good about doing all that AML work, right?). ....(right??)

Here's what examiners want to see from you:

1. Complete written procedures.
2. Implementation of written procedures.
3. Monitoring for susp. activity.
4. Reporting of susp. activity.

Here's what examiners are seeing from you:

1. Failure to document reviews of suspicious activity.
2. Incomplete SAR forms.
3. Crappy SAR's: completed inaccurately; inadequate narrative section (why is it suspicious?); includes supporting docs even though it's not supposed to; filed late.
4. Inadequate due diligence on potentially susp. activity--investigate to determine if you should file!

Recent transactions in the sale of unregistered securities or representing fraud/market manipulation are not being reported as required (such as those involving penny stocks). Read the publication for an example that may be familiar to you.

The report includes sound advice on how to maintain a current and effective SAR program at your firm, for instance, by addressing:

• current events and emerging trends: thanks to our little financial crisis, automated surveillance based on certain profiles and parameters don't work like they should (stock price/volume swings--all that is now normal; and customers with 'top reputations' can't be trusted anymore--those darned institutional short sellers!).
• cyber crime: one-two punch, here--electronic intrusion into online brokerage accounts combined with traditional market manipulation (market-savvy hackers, our worst nightmare).
• trade-based money laundering: no, not that kind of trade, this kind: international trade of goods and services. These Marco-Polo types under- or over-invoice or route invoices through various financial institutions (not just banks), leading to multiple payments for the same goods. Sophistication is growing in the illicit trade finance arena.
• reported suspicious activity: evaluate your firm's reporting history; analyze trends; identify similar schemes, common locales or names, or possible red flags; follow enforcement actions.
• identification and analysis of transaction types: don't just think of securities transactions that involve money: there are far more things to worry about! account transfers, free deliveries and receipts, external withdrawal by transfers and internal journal entry transfers. Your program should be able to detect activity and gaps that occur across the full spectrum of operations--all transactions "by, at or through" your broker dealer.
• identification of detection points: all departments and personnel must be adequately incorporated into escalation workflows. Matters such as ID theft, insiders trading, 314a matches, law enforcement subpoenas, customer tax issues, customer due diligence, credit reviews, back office operations, interaction with other financial institutions, and employee financial crime and prohibited trading... they all should feed into the SAR consideration stream.

(Those aren't my big words, by the way--not all of them. That summary is derived from the aforementioned SAR report.)

If you work for a huge firm with well-staffed internal legal, audit and compliance departments, this improvement to your AML/SAR program should seem reasonable. If you are a micro-firm, with one guy who pretty much wears every supervisory hat, well, my advice is to dedicate your summer in an attempt to achieve this level of AML musculature. Good luck. Take steroids.

You know what I think? That small firms should have an AML clearing house that performs their AML responsibilities for them, collectively. I mean, c'mon, it's crazy to imagine small firms being able to implement the goals expressed above. The whole cybercrime topic makes me scream louder than Danny Gokey: it's hard enough to get Outlook to work correctly, let alone defeat intergalactic cyberfiends. Wouldn't it be cool if the several thousand tiny FINRA BD's could outsource their AML stuff to one place? That place would be super-good at their job: they'd use unemployed MBA's and IT jocks to mastermind the most sophisticated and effective AML tools available on our planet, and they'd give the small firms the comfort of knowing that none of their clients was a foreign national perpetrating fraud on a global basis. They'd manage CIP, OFAC, 314a lists, 314b filings, account monitoring, suspicious activity investigations and reporting--and just think! AML audits would be a thing of the past! Instead, SEC or FINRA could do one big audit of the clearing house (let's call it AML, Inc. (tm) for now) to ensure compliance for the thousands of firms. The tiny firms could go back to doing what they do: helping their clients make money in the markets. Ahhhhh. (Un cafe, s'il vous plait...I think I was just dreaming.)

Anyway, 53,022 SAR's filed by the securities and futures industry through 2008. And exactly 6 cases solved. (Okay, I made that second number up.) Keep at it, folks! Some day a SAR you file will be profiled in a FinCEN report, and you'll be able to share your pride with your grandkids.

Oh, wait, no, you won't.

Conference Notes: For Less Than the Cost of a Snuggie!

I attended the Small Firms Conference that FINRA presented on April 7 in NYC--and guess what? I took notes! I apologize for the delay in putting my notes into digital format. Thanks to Gokey voters (see below), I have now finished this process. Rather than post the document here (it's 12 pages long), I will be happy to email it to you upon request.

Please hit this link and send me a request for the notes. I'll send them over without even asking why you care so much, what with the economy in the tank, the Taliban gaining power, and an AI top 3 without Allison. Your priorities are your own business. mailto:inquiry@imhoffconsultingproject.com

Here are some topics sure to lure you:

• BORAM;
• Broadened supervisory authority over outside business activities;
• Required reporting of internal violations;
• Circulation of rumors (and rumors of rumors);
• Principles-based research rules;
• Customer data protection--when your reps leave;
• PCAOB compliance; and
• Unanswered questions (are you surprised?).

I'll be standing by. No credit card required.

The Allison Iraheta Memorial Promise and Red Flags Reprieve

In reaction to last night's travesty on American Idol, I now swear to you that by day's end I will have posted a message about my April conference notes. I have hunkered down and worked diligently on typing my notes--and translating my hand-scrawled gibberish. The wretched AmIdol results led me to this confinement: I am eschewing contact with the public today in hopes of snubbing those who cast votes for Danny. You Gokeyites who read my blog are henceforth required to either a) pay me money for the pleasure or b) promise you'll vote 30 million times for Adam next week.

In the mean time, I hope you've heard that (cut and pasted from FINRA's e-mail, emphasis added):

"FTC Delays Enforcement of FACT Act Red Flags Rule Until August 1
The Federal Trade Commission (FTC) has delayed until August 1 its enforcement of the new Red Flags Rule, which requires most broker-dealers to have in place a written program to identify, detect and respond to patterns, practices or specific activities that could indicate identity theft ("red flags"). In addition, the FTC will soon release a template to help entities with a low risk of identity theft to comply with the rule. Enforcement of the Red Flags Rule, which implements a section of the Fair and Accurate Credit Transactions Act of 2003 (FACT Act), was previously scheduled to begin on May 1."

God Bless the FTC. (I give all the credit to Obama.)

Be back soon.

Conference: Small Firms, Big Rules

This is just a tease...I'm not ready yet to give you my comments on the Small Firms Conference I attended Tuesday in NYC. There's plenty of information to send your way, all under the general heading, "Oh my!" So be patient please.

Summary thoughts:

What I liked (besides the coffee): the overview of recent Rule filings, their status and their significance. This was an excellent means of scaring everyone to death. And I liked John Komoroske's pun-laden wit. It felt good to laugh once in a while.

What I didn't like: the fact that my questions, e-mailed in advance at their request, were not answered or even read aloud...this means only Moi will benefit from the answers (which they promised to deliver), not the attendees. Also, I didn't like that "facts-specific" questions were dismissed as unworthy of discussion. To me, these sessions are valuable for that reason: to talk in a big group of peers about specific compliance problems. Everyone benefits from that exposure to details.

I plan to share my notes with you, so check back in a while ("while" shall remain undefined for now).

Be well!

She Audits Me, She Audits Me Not

Ah, Spring. A time of contrasts, for sure. To add to the already long list of flip-flops you'll encounter this printemps, here's a summary of my recent attempt to clarify something I thought I'd been quite clear on.

Back in February 2006, NASD put out two IM's on Rule 3011, the AML rule for BD's. One of these IM's finally spelled out the independent testing expectations under the Rule. Prior to that, we all made the assumption that testing had to be annual, although it wasn't required in writing at the time. IM-3011-1 explained what 'independent' meant and that testing for most firms was an every-calendar-year requirement. "Most firms" excluded those that didn't execute transactions, hold customer accounts or introduce customers to a clearing firm (act as introducing broker). Well, if you're a prop trading firm with no customers, that's Clariton-clear. If you're a private placement/M&A shop, it's not.

After the Notice came out in 2006, I called and spoke with its author at NASD. My question related to these types of firms--the ones that didn't seem to fit into either category--the poor PP firms that always seem to be denied the benefit of succinct rule interpretation. He explained that PP firms would indeed fall into the 'every year' category. I took him on his word and went ahead and spread that word. My PP clients lived according to this guidance and I saw repeated evidence of District examiners living by this interp, too, since they tested firms for compliance with an annual testing requirement. In conferences, when the subject came up, panelists confirmed it: PP firms were expected to have annual AML testing.

Last week a thick layer of Northeastern pollen settled on this issue. It seems there's dissension in the ranks, that certain examiners are of the opinion that a registered broker-dealer who offers investments in, say, hedge funds, should not be held to the annual testing requirement. General terms, like 'no retail customers,' and 'no brokerage accounts' are being tossed about like old, wet leaves. The well-worn "every firm is different" flag is brought out of winter storage and the conversation is over. My attempt to get into specifics fails. Specifics like: what, exactly, does "execute transactions" mean in this context? What about the apparent contradiction of requiring PP firms to do CIP work while putting them in the category of two-year cycle firms like prop traders, who don't have to do CIP work? How about the fact that FinCEN recently withdrew its proposed AML rules for both IA's and unregistered investment companies? Why? Partly because the financial transactions conducted with these firms have to go through registered BD's--and are thus subject to existing BSA AML requirements. (Doesn't this imply that BD's offering investments in HF's--unregistered investment firms--are presumed to be the front line of AML defense and can be considered to 'execute transactions'?) And lastly, what about the fact that 'corporate' has, seemingly, been clear this subject (Office of General Counsel verbally confirmed last week the continued validity of the annual testing requirement for PP firms). Last week on one call, there was some mention of my profit motive: you know, I stand to make a fortune if my PP firm clients have to have annual instead of bi-annual AML audits. ...aha! now you (and I) know: my passion for regulatory consistency is simply a thinly-veiled construct known as greed. (Note to self: stop spending so much time on this blog entry and get back to the business of manipulating your clients' understanding of their responsibilities.)

Other industry consultants are hip to this muddy subject, too. NRS years ago attempted to have NASD spell it out (they didn't). A savvy consultant in lower Manhattan feels strongly that PP firms don't have to have annual reviews, but suggests that they do, given the ambiguity on the subject. Without specific written guidance on this--or better yet, specific Rule language--different firms will live by different opinions. It seems to me that what is expected is this: you, the small PP/HF offeror firm, have to call your Coordinator and ask him or her which AML exam cycle applies to your particular firm. You may not rely on a generally-accepted, age-old definition of your business activities in order to make a determination using IM-3011-1. Nope. Assume ambiguity and call your District. Without a bright line drawn for all firms, we'll have to find out what FINRA wants, one firm at a time. I, for one, would prefer a different approach.

Yesterday snow flurries blew about the crocus buds. Nature is full of beautiful contradictions. Should securities regulation be so? I'll leave that to the Chauncey Gardeners of the world to contemplate.


[Very important explanatory babble: I really appreciate the dialogue I have with certain FINRA representatives and I don't want that dialogue to end. I believe in their motives and I hope they believe in mine. When I write entries like this, my goal is to assist firms understand misunderstood things and also to promote change to the extent possible. I do not write simply for the sake of complaining or criticizing: for me, it's about making things better. Thanks to those at FINRA who help me do that. --shi]

Sharing SAR's: Some Proposed Changes

FinCEN has announced proposed changes to BSA's regulations on SAR sharing and confidentiality rules. Since they're now just proposals subject to comment, I won't detail every change, but here's my summary:

The guidance on sharing with parent entities will remain intact--it will be built into the regulation so as to be all the more official. Here is the original guidance from January 2006: http://www.fincen.gov/statutes_regs/guidance/html/sarsharingguidance01202006.html You remember that it allowed BD's to share a SAR or the existence of a SAR with a holding or parent company, but not with affiliates. The guidance required that a confidentiality agreement be place with the holding co/parent entity.

BD's will now be allowed to share a SAR or the existence of a SAR with affiliate entities--that is, only if those entities are subject to SAR rules (i.e., banks, BD's, mutual funds, thrifts, insurance co's, casinos, money service business--not IA's or unregistered investment companies). BD's can only share this stuff if they filed the SAR and the affiliates can't go on to share the information with others (it's not like Facebook: 'friends of friends' don't get to see stuff...). Like with parent entities, confidentiality agreements should be in place when sharing with affiliates.

Other changes clarify some things that you might have otherwise assumed, like: the sharing prohibition applies to all employees, directors, agents, etc. (not just the firm); BD's can share SAR's or the existence of SAR's with their examining authorities; and BD's and their employees can share the information, facts, and documents underlying a SAR a) with financial institutions for the sake of filing a joint SAR and b) in connection with certain employment references or termination notices.

I would think FINRA would provide an announcement when these changes go into effect, so look for a Notice in the coming months. For the proposals and guidance, go to: http://www.fincen.gov/statutes_regs/frn/pdf/frnSAR_Confidentiality.pdf and http://www.fincen.gov/statutes_regs/frn/pdf/frnSF_SAR_Sharing.pdf .

Odds and Ends and Others

A few notes to share.

ODD: I have heard that FINRA is issuing deficiency letters to firms that have outside FINOPs if the FINOP is listed as a ‘control person’ on Form BD and if the Form BD doesn’t list every other client firm of that outside FINOP as an affiliate of the firm. So if you're using an outside FINOP, check your Form BD. If he or she is listed as a 'control person' on Schedule A, then under this interpretation, all of his or her other BD clients for whom he or she acts as FINOP must be disclosed as affiliates on Question 10A.

The reasoning (if there is any) would be that all of the entities are under common control by virtue of the outsourced FINOP being a control person of those entities. Obviously, this would unnecessarily and confusingly link completely unrelated firms.

So, the best thing to do is to file a BD amendment, removing your outsourced FINOP as a control person from Schedule A. (Of course, if that person meets the other criteria for being listed on Schedule A--through ownership, for instance--then you'll have to keep him/her listed...but that doesn't seem likely for truly outsourced FINOPs.)

END: The exemption for non-public B-D's from using a PCAOB-registered accounting firm for annual audits is now gone. It expired December 31, 2008. Your 2008 financial statements may be audited by your non-PCAOB firm, but next year is a different matter. You'll have to replace your accounting firm or make sure it got its PCAOB registration before committing to use them for next year's audit. FINRA says it's talking directly to those few firms who have January or February fiscal year-ends.

You may want to work on this before the months evaporate and you find yourself without a registered accounting firm next year. Remember that if you change your accountant you must notify SEC by December 10. Put this on you calendar!

OTHER: FINRA Notice 09-10 describes a change in their treatment of "market letters," which are now a subset of "correspondence" instead of "sales literature." As sales literature, they required pre-approval by a qualified principal--even if sent to institutional investors. Now they are treated like other correspondence and institutional sales material, and their approval requirements will depend on whom they're being sent to and how many are sent within 30 days. You should look to your existing procedures on correspondence and institutional sales material to know which approval processes to follow.

I like this distinction, because it clearly defines those communications not meeting the definition of "research report" that might have otherwise been confused with research reports. For instance, market letters are communications that discuss broad-based indices, include commentaries on economic, political or market conditions, include technical analyses of sectors, indices, or industries, statistical summaries of multiple companies' financial data, including listings of current ratings, present recommendations for increasing or decreasing holdings in particular industries or sectors, or include notices of ratings or price target changes (with certain disclosures).

OTHER: I hear that FINRA will be requiring all firms to update Forms U4 for all representatives, in order to provide answers on some new DRP questions. This will be quite a job for big firms. Stay tuned on this, as no doubt we'll all see a public announcement of the requirement. I'll be helping my clients to manage this process--you will want to make sure you appoint someone to handle it, so you that you avoid reporting deficiencies.

That's it for now. Peace out.

Shame on Who?

I have a "Yes We Can Opener" to commemorate Obama's presidency. I got it at Stupid.com. I'm not ashamed to share that with you (or it with you--c'mon over!). But Mr. Obama is ashamed: of you!

Yes, he's a little upset about the Wall Street bonuses paid for 2008. Well, even though this topic is of no value to you and will not broaden your understanding of current and changing compliance obligations, I feel like talking about it. It's my blog: I'll cry if I want to.

Is the car factory worker to blame for the auto industry's failure? Is the farmhand at fault for the effect of subsidies on our crop market inefficiencies? No. Then why are our brokers blamed for this big financial crisis we're in? Every work day last year these folks got to work by 7:30 or 8:00 a.m. , dressed quite well, by the way, and worked until an hour or two after market closing. They did what was expected of them from on-high: they bought, sold and bartered their way through the day so as to make their bosses happy. They invented or used flashy software tools, trading algorithms and order management systems in order to efficiently get the job done. They did it with skill and enthusiasm...not because they wanted to take down the free market system, but because they wanted to get paid. In their (your) world, they get paid at year-end. They all know it's coming, so they live accordingly. I would do the same. But now comes the end of the world as we know it, and some of us decide to blame the baby in addition to the bath water. What were these legions of Wall Street workers supposed to do? Fall on their superiors' swords? Not expect to get paid for a year's worth of toil and trauma? I don't think so. Yes, they can now all adjust their expectations for 2009: the gig's up. And yes, senior management--the guys/ladies who made the decisions that directly fed our slots-like odds of failure--they should go without their '08 bonuses. They can put their gold in pre-paid envelopes and walk to the post office. Responsibility for this mess falls on those at the top.

Wait, if you're conjuring WWII images, don't. Soldiers know slaughter is wrong; most brokers don't have the tools or knowledge necessary to morally object to their crimes. Or didn't. Now they do. This transition to less fun, less money and great social responsibility will be tough for brokers. I wish you well. And I wish Obama a stronger will to avoid rhetoric.

If you stop by to use my Yes We Can opener, we'll be drinking Iron City. (The Steelers six pack is in the house.)