Friday, December 3, 2010

December Dates

These kinds of dates are not the fun ones, but they're worth paying attention to:

1. December 10: Due date for notification of change of accountant. If you have appointed a different accountant to do your annual audit, you have to tell SEC and FINRA about it. Please reference my blog entry of last December for specifics--the information is still good and you'll save me time. You're great: thanks!

2. December 13: FINRA renewal payments due. Remember, even if you disagree with what is on your preliminary renewal statement, pay it! You can make amendment filings now that will be reflected on the final statement (Jan. 3): at that point you can get a refund if you overpaid. Here is a link to FINRA's page on payment options.

3. December 15: Effective date of new Rule 3270 requiring reps to pre-notify the firm of their new outside business activities--and requiring the firm to consider those activities in the context of its securities business. I blabbed about this in a recent (yeah, October was recent in my mind) entry. See here.

4. December 23: Deadline for all year-end filings on CRD. Remember, you can post-mark termination filings (like dropping states or dropping reps) to December 31 if you want.

5. December 31: End of your right to use self-congratulatory Privacy Notices. The use of SEC's "model form" is advisable for those who want to be sheltered by the safe harbor. Not sure what I'm talking about? Search my blog for "Privacy Notices" and you'll hear all about it. 

6. December 31: The last day of the year. Oh, and as of the next day, in theory, the FACT ACT is enforceable. Since that effective date changes more often than I do when getting ready for a holiday party, I'm not convinced it will stick. See this blog for details and sarcasm.

Happy December, everyone!

Monday, November 15, 2010

Is an Anagram of "Wells Notice" Okay?

I'm thinking "swell notice" might be somewhere in my manual, or "client lowse"? Colleen's wit"? Or maybe "elite clowns"? Will one of these do?

What I am referring to is this: in last week's FINRA news release and attached Letter of AWC FINRA states that Goldman Sachs failed to include the term “Wells notice” in its procedures manual.  As far as I can discern, there is no rule or specific guidance calling for this exact terminology. So I'm wondering if FINRA examiners will accept a substitute...an anagram (ha ha) or perhaps something reasonable (I'm being serious now), like procedures requiring Reps to promptly inform firms of necessary changes to U4, including any new 'yes' answers on U4 disclosure questions. That--the latter--is what most firms probably have in their manuals. But let's assume that is not enough. Uh, given the whopping $650,000 fine imposed on Goldman, I think it's safe to assume that is not enough.

Okay, to be fair, I will note that the fine was also assessed for GS's failure to update its Reps' U4s to disclose the actual on-going SEC investigations that were made known to Reps via, yes, Wells notices. So there is some substance behind the action.

My point here? Check your procedures to see if they include the phrase "Wells notice" and an explicit requirement that registered persons immediately inform you of any investigations they are subjected to.  You can then sort out whether or not such an investigation merits reporting on U4 (see Question 14G(2)).


Many thanks to Andy's Anagram Solver for online assistance.

Monday, October 18, 2010

Outside Business Activities: The New Rule

Pull up Notice 10-49 to see FINRA's announcement of some recent Rule Consolidation changes. Within these is the shiny new FINRA Rule 3270 on Outside Business Activities of Registered Persons. It becomes effective December 15 for new notifications of OBA; but for reps with current outside activities, firms must comply with the supplementary material by June 15, 2011.

For what they're worth, here are my comments. Bit lengthy: my apologies.

1. This rule applies to ‘registered persons’ not ‘associated persons.’ (But the selling away rule, 3040, applies to associated persons.) Here a definitions to remind you of the difference for now--def's may change soon:

According to Article I Definitions in NASD By-Laws, "person associated with a member" or "associated person of a member" means: (1) a natural person who is registered or has applied for registration under the Rules of the Corporation; (2) a sole proprietor, partner, officer, director, or branch manager of a member, or other natural person occupying a similar status or performing similar functions, or a natural person engaged in the investment banking or securities business who is directly or indirectly controlling or controlled by a member, whether or not any such person is registered or exempt from registration with the Corporation under these By-Laws or the Rules of the Corporation; and (3) for purposes of Rule 8210, any other person listed in Schedule A of Form BD of a member

For "registered person" I offer the following: From NASD 1031(a): “All persons engaged or to be engaged in the investment banking or securities business of a member who are to function as representatives shall be registered as such with NASD in the category of registration appropriate to the function to be performed as specified in Rule 1032.” And from 1031(b): Persons associated with a member, including assistant officers other than principals, who are engaged in the investment banking or securities business for the member including the functions of supervision, solicitation or conduct of business in securities or who are engaged in the training of persons associated with a member for any of these functions are designated as representatives.

2. The rule applies to persons with a “reasonable expectation of compensation”: this broadens the scope from the prior rule. No more excuses: if the Rep may make money from an outside activity, it counts.

3. The rule newly requires “PRIOR” written notice. It used to be “prompt.” That means Reps can’t start doing outside business activities and then later inform their BD employers. Firms should have a clear pre-notification requirement in their procedures manuals and they should devise a notification mechanism, like an internal form, that prompts information from the RR about the activity. They should include a time frame for the notice that allows enough time for the firm to meet its review obligations under 3270.01 (see next comment).

4. The rule newly requires the firm to consider the ramifications of the outside activity as follows:

(1) Does it interfere with or compromise the registered person's responsibilities to the firm and/or customers?

(2) Could it be viewed by customers or the public as part of the firm’s business based upon, among other factors, the nature of the proposed activity and the manner in which it will be offered?

(3) Is the OBA really ‘selling away’ under NASD Rule 3040?

The firm should document its review of these things: it would make sense to have the results of the review appear on the notice form. If no conflict is perceived and the business is not ‘selling away,’ the firm can move forward without action (or it can document ‘approval’ of the activity—not technically required, but implicit). But if the answer to questions (1) and/or (2) is ‘yes’ then the firm has to do something about it, like imposing specific conditions or limitations on the registered person's outside business activity or outright prohibiting it. Again, the records should document all requirements/prohibitions, as well as the communications to the registered person describing the firm’s decision. If the answer to number (3) is ‘yes,’ then the firm has to apply its procedures for 3040 compliance and recordkeeping—or prohibit the activity.

5. The rule change was scaled back from the original: FINRA member voices were heard, such that now, firms will not have to supervise the surf lessons Reps are giving on the side. (However, if a firm feels like mutual customers are risking their lives by taking these surf lessons, thus increasing the possibility of losing firm accounts, firms can say CowaSorry to the Rep…no surf lessons to firm customers.)

6. Here’s what I can’t figure out: why didn’t the new rule include reference to, or somehow reflect on, the reporting requirements on U4. U4 calls for disclosure of OBA as follows:

“Enter "yes" or "no" to indicate whether you currently are engaged in any other business, either as a proprietor, partner, officer, director, employee, trustee, agent, or otherwise. Exclude non-investment-related activity that is exclusively charitable, civic, religious or fraternal, and is recognized as tax exempt.”
Better yet, why didn’t the respective Notice reflect on this subject? I have to assume the following: outside ‘business’ activities do not refer to charitable, civic, religious or fraternal organizations/activities. BUT it might be worth addressing, to a limited extent, these categories on the internal notice form. Why? So that any such activities that also include ‘investment-related activities’—for instance, helping to manage the church’s investments—are not overlooked. If these types of activities are not investment-related, then U4 reporting is not required. If they are, then the firm should complete the same review as for other OBA…and make decisions and document them. I wish I could be clear about this strategy, but I’m not. It seems like a firm could, based on the rule language, prohibit a registered person from engaging in charitable work if the firm deemed it a conflict or risk to business. But what do I know? Enough to be curious…

7. Back to the subject of effective dates: firms should notify all registered persons of this new 'prior notice' requirement--and tell them that as of Dec. 15 they must, in effect, seek pre-approval of any new OBA. And the firm must remember to review all existing OBA by next June to determine if limitations, conditions or prohibitions should be imposed.

That's all for now. Why don't you let me know what you think?

More New Rule Numbers: Chapter X

First off, who doesn't love the letter X? C'mon, it's true. What popped into my head today as I read FinCEN's announcement on simplifying the structure of its rules and regulations? Racer X! No, not the 80's band, but Rex Racer himself! That guy's posture, not to mention his mystique, is something to adore.

Anyway...back to national security...(Racer X is clearly a candidate for SAR filings, non?)...check out the link I just provided you and you will see that, thanks to the motivated bunch over at FinCEN, we will soon be able to use the handy--and if this term doesn't call to mind Sparky's mechanical prowess, you are not on my page--"Chapter X Citation Translator" to figure out the new rule numbers (and to revise your AML written programs). Yes, more new rule numbers. As if we haven't had enough of those lately.

Implementation date: March 1, 2011. So, Speed, push that calendar accelerator button and mark this date (with an X?) as a reminder.

Tuesday, September 21, 2010

Hedge Fund Marketers: Beware The Dodd-Frank Act!

Unregistered hedge fund marketers, that is. Important distinction (for now).

Let me explain.

Hedge funds (i.e., IA firms) that use third parties (finders/consultants/solicitors/placement agents) for introductions to potential investors may face a new limitation. In June, SEC adopted the 'pay to play rule' which, among other things, "Prohibits an adviser from paying a third party, such as a solicitor or placement agent, to solicit a government client on behalf of the investment adviser, unless that third party is an SEC-registered investment adviser or broker-dealer subject to similar pay to play restrictions." (See SEC news release.)

What this means is that IA firms/hedge funds cannot pay an unregistered entity for introductions to public pension plans. The entity has to be an SEC-registered investment adviser or a registered broker-dealer. So you FINRA member BD's out there are in a stronger position when competing with unregistered finders (you know who those guys are...the ones not reading this blog). These unregistered types will now have to, under temporary Rule 15Ba2-6T of the Securities Exchange Act of 1934, register as "municipal advisors" by October 1, 2010. See SEC's links about Form MA-T. (And don't ask me why they decided to spell 'advisors' with an 'o' this time...?)


Back to you, the FINRA member firm who offers investments in hedge funds, sometimes to public pension funds: What changes? Nothing yet, as far as I can tell. But be on the lookout for new rules from FINRA about this sales activity. Not sure how much misery they'll inflict on you, but somehow I think it will be mildly annoying at very least. Stay tuned.

SIPA Amended by Dodd-Frank Act. But Not Really.

On my son's 16th birthday, this announcement was made about changes to the Securities Investor Protection Act (SIPA, enforced by SIPC). One of the changes is described as follows:
Sounds clear to me.
"Dodd-Frank Act Section 929V amends the minimum assessment amount for SIPC member firms. The highest amount that SIPC can impose as a minimum assessment has been changed from $150 per annum to 0.02 percent of the gross revenues from the securities business of the SIPC member. (15 U.S.C. §78ddd(d)(1)(C))."


But. If you dig around in SIPC's member site and go to "News for Members," you'll stumble on this July 23, 2010 Notice about the minimum assessment changes. Here's what SIPC says about the Dodd-Frank amendment cited above:

(I can't figure out this out. .02 percent is smaller than .25 percent, so the D-F Act doesn't conflict with SIPC's current assessment rate, so why did SIPC have to put out the 'disregard' notice? Probably because everyone is still tee-oh'ed that they have to pay this new assessment and SIPC assumed everyone would start paying the new minimum (.02 percent) instead of the published rate (.25 percent). If that's the case, then SIPC thinks people actually read this stuff! In the summer, no less! [Birthday] hats off to SIPC for having that kind of faith in compliance personnel.

Well, anyway, here's a change that might really be a change:

"UNTIL FURTHER NOTICE, FOR MEMBERS WHOSE FISCAL YEAR ENDS ON OR AFTER JULY 31, 2010, PLEASE DISREGARD ANY REFERENCE TO A MINIMUM ASSESSMENT. THE SIPC ASSESSMENT WILL CONTINUE TO BE ONE FOURTH (1/4) OF ONE (1) PERCENT (.0025) PER ANNUM OF NET OPERATING REVENUES FROM THE SECURITIES BUSINESS, WITHOUT REGARD TO ANY MINIMUM ASSESSMENT."
Thus paraphrased by the late, great Gilda Radner as "Never mind."*
'In addition, for your information, the definition under the Securities Investor Protection Act of "gross revenues from the securities business" has been changed. Gross revenues now also includes "... revenues earned by a broker or dealer in connection with a transaction in the portfolio margining account of a customer carried as securities accounts pursuant to a portfolio margining program approved by the [Securities and Exchange] Commission." (15 U.S.C. §78lll(9)).'

*Bonus points to those who remember the character played by Gilda when offering this phrase weekly on SNL.

Miss EMMA Says, "Disclose It!"

Just a reminder to teach your Reps about disclosing 'material information' to customers (except institutional buyers--sophisticated muni market participants) when selling munis. Even if not recommended. The EMMA portal is the place to find most such information. And here is a link to FINRA's news release on the subject--don't forget to search for "material events" in my blog to be treated to some other useful information...like a reminder that this rule applies to 529 sales.

FINRA provided in the news release a 'checklist' for Reps to use as a means of documenting their notification efforts (necessary! always document!). It's pretty lengthy and for some reason I don't envision Reps reading it. But if they did, they would surely be enlightened: it's full of instructions and explanations and ultimatums and guilt trips (jk). You may want to put your brilliant word processing staffers to work on this in order to create a more user-friendly checklist (send it to me and I'll send you my thanks and maybe chocolates!).

Also, MSRB's Fact Sheet is a very lovely tool for educating your muni customers. I hope they don't mind me passing it along.

Thursday, August 5, 2010

Update Your Procedures: Summary of Some Recent Changes

Summary of some changes during the first half of 2010. You'll want to be sure to update your procedures manuals (there were more changes than those listed here...read all your Notices!).

 
1. The Red Flags Rule will not be enforced until year-end 2010. If I provided you with an “Identity Theft Protection Program,” you don’t have to worry about documenting your compliance until then.

2. Reminder: all initial U4 filings (not amendments) require ‘wet’ signatures from both the rep and the firm signatory. Make sure you have original, signed U4’s in your files.

3. If you are holding a Variable Annuity application/customer check for up to seven days after the application was complete (as allowed under Rule 2330), the following must be true:
a. It was a recommended purchase or exchange (non-recommended trans. still must happen w/in one day)
b. Staff made reasonable efforts to safeguard the check and deliver the completed application to the supervisor for review
c. The reason for holding the check is to review the application for approval
d. You have procedures in place for this (yes, you do)
e. You keep a record of the date when the principal (OSJ) receives a complete and correct copy of the application package
f. A principal reviews the application as required under the rule
g. You don’t hold the check/application longer than 7 business days
h. You keep a copy of the check and a record of the date it was received from the customer and the date it was transmitted to the ins. co or returned to the customer
See Notice 10-05 for details.

4. I’ve already reminded you a lot about RR’s use of Social Networking Sites. Remember that you have to deal with compliance on this issue if your personnel discuss their services on sites like Facebook.

See Notice 10-06 for details.

5. FINOP’s should review the details of the following Notices:


a. 10-12 on changes to line-item reporting on FOCUS (guidance on FAS 167)
b. 10-15 on new requirements for subordinated loans to BD’s, including new standard forms that can be used (*remember that changes to the terms—even maturity—of outstanding sub loans will be subject to the new rule requirements)
c. 10-21 on consolidated rule 2261: When the Company is party to an open transaction with another FINRA member, or has on deposit cash or securities of another member firm, it has to, if requested by the other firm, deliver the Company’s most recent balance sheet (FOCUS) in either paper or electronic form. (This is not required for non-member customers unless the firm holds customer funds/securities)
6. If you provide consolidated financial reports (that contain information on various holdings, even those away from the firm) to customers, you have to have a review/approval process in place. Sources of information included on the statements should be verified and documented, unless pre-approved exceptions are made. You’ll have to make certain disclosures to customers about the statements; you may want to get a signed acknowledgment form from customers.
See Notice 10-19 for details.

7. Consolidated FINRA Rule 3240 concerns borrowing money from or lending money to customers. In certain instances, such as where the customer is also a member of a Rep’s immediate family, or is in the business of lending money/providing credit/etc., your firm does not have to require notification and pre-approval. Other lending arrangements always require pre-approval. If your procedures aren’t specific on this topic, or prohibit all lending arrangements with customers, you may end up getting in trouble for breaking the rule without understanding why. It’s worth understanding the requirements, since this is a very common FINRA disciplinary action.

8. FINRA has provided specific guidance on due diligence requirements for Reg. D offerings. You already know about these, but it’s worth reviewing revised procedures. Remember that if you contribute to PPM’s, you’ll be held to compliance with the advertising rules. You are also required to fill gaps in due diligence performed by others, if you perceive of them. You’ll want to document everything, including your vetting of outside sources of due diligence. Some of this guidance may apply to hedge fund offerings. Think about creating a stand-alone “Due Diligence Checklist” based on FINRA’s guidance. You may want to use it as a means of ensuring proper documentation.

See Notice 10-22 for details.

9. As of February 14, 2011, asset-backed securities are reportable to TRACE. Mortgage pool numbers may be used as identifiers.

See Notice 10-23 for details.

10. Effective November 1, 2010, OTC equity trades must be reported within 30 seconds of execution. The new reporting time frame also applies to trade cancellations that currently are subject to 90-second reporting, as well as stop stock and prior reference price trades. Firms are also required to report secondary market transactions in non-exchange-listed DPP securities within 30 seconds of execution.

See Notice 10-24 for details.

11. There is a new ODD supplement. You can find it here.

12. FINRA will phase in the REX system, which replaces its existing Reg. T system to collect Reg. T extension of time requests. The first effective date is August 23, 2010. There is a REX tutorial for those who are interested: REX Tutorial.

 13. As of June 10, FINRA put into place a temporary program that permits it to halt trading otherwise than on an exchange—the ‘trading pause pilot.” It expires December 10, 2010. Under this pilot, FINRA may halt trading in individual securities where the primary listing market has issued a trading pause in that security due to a move of 10 percent or more from a sale in a preceding five-minute period. Halts apply to all trading, including otherwise than on an exchange.

See Notice 10-30 for details.

14. SEC Rule 15c2-12 regarding material event notices (Muni securities) was amended and the changes are effective as of 12-1-10. The information that must be reported by issuers to MSRB now include new categories, and not all events are characterized as ‘material.’ Also, demand securities (like VRDO’s) are no longer exempt from event notice reporting. Because you have to inform muni customers of events listed on the EMMA portal, revise your procedures to show the new event categories. You may also want to add a list of voluntary event-based disclosures.

See MSRB Notice 10-20 for details.

15. I revised the annual Rep Questionnaire to include the topics of social networking and protection of information on personal devices such as cell phones and computers. You will see that revised form during the Annual Meeting process.

16. As of February 1, 2010, MSRB revised Rule G-37 (and G-38) by adding contributions to bond ballot initiatives/campaigns to the existing list of reportable contributions. The rule parallels the requirements of existing disclosure rules (de minimis exceptions for annual amounts $250 or less), except that there is no ban on municipal securities business as a result of contributions to bond ballot campaigns. Form G-37 was revised and should be used to report contributions when required.

See MSRB Notice 10-01 for details.

17. As of November 10, 2010, Rule 201 of Reg. SHO will be in effect. This is the new Circuit Breaker/Alternative Uptick Rule approved by SEC this year. Firms may not display any short sale order, absent an exception, at a price that is equal to or below the national best bid if the price of that security decreases by 10% or more from the security’s closing price as determined by the listing market for the covered security as of the end of regular trading hours on the prior day “circuit breaker”); likewise, in such circumstances, for the remainder of the day and the following day, short selling is permitted only at a price above the current national best bid. There are exceptions and trades meeting them must be marked ‘short exempt.’ As such, OATS will reinstate its “SX” value in the buy/sell code field.
 The rule is found here.


For the Notices cited, go to FINRA Notices or MSRB Notices for specific links.

Work hard! Relax harder!

ESM: Another Provider

Just wanted to let you know about another provider of electronic storage--for emails and other files: OneSecure Technology. From what I hear, they provide good service at a good price--especially for you small firms out there struggling to keep up the expensive cost of compliance.

Here is an overview of some of the support and compliance help the firm provides: The firm also offers other services aimed at the financial services industry: web site design and hosting, email hosting, email encryption service, social media archiving / controls, data protection and back-up, web filtering (control web access to Facebook, other websites), and network security.
Required attestation lettes: format and access Supervisory Lexicon - monitoring tools for flagging electronic communication containing potential compliance violations; assigns them for further review
Contacts for support, training and system URL’s
Email Set up Documentation
Email Admin Interface Training
New Client Communications
Email Archive Admin Training
Archive End User Training Documentation
Product Documentation for Companies written Policies and Procedures
Mock Audit run through


Don't forget to keep your CRD notifications current: if you switch providers, you have to file a new notification in Forms and Filings/Financial Notifications/Electronic Storage Media and you have to upload new attestation letters.

Wow, this subject has a way of spoiling a good mood. Yikes.

Changes to Broker Check: Update Rep Complaint Filings!

If you've been reading your Notices (10-34 and Info Notice 8-3) you know that Broker Check will, as of August 23, display complaints that are older than 24 months and that haven’t been settled or adjudicated, or that settled for less than the prior, respective U4 disclosure threshold. There are other changes, too...here's a full summary of the changes, courtesy of FINRA:
The SEC approved amendments to FINRA Rule 8312, which governs the release of informtion through Broker Check. The amendments:
(1) make publicly available in Broker Check all historic customer complaints that became non-reportable after the implementation of Web CRD;
(2) permanently make publicly available in Broker Check information about former associated persons of a member firm, as reported to CRD on a uniform registration form if they were (a) convicted of or pled guilty or no contest to certain crimes; (b) subject to a civil injunction involving investment-related activity or found in a civil court to have been involved in a violation of investment-related statutes or regulations; or (c) named as a respondent or defendant in an arbitration or civil litigation in which they were alleged to have committed a sales practice violation, and which resulted in an award or civil judgment against them;
(3) expand the Broker Check disclosure period for former associated persons of a member firm to 10 years from two years; and
(4) codify FINRA’s current process for disputing the accuracy of (or updating) information disclosed through Broker Check.
For instance, if one of your Reps had a customer complaint that was reported on U4 3 years ago, but was never resolved—say it faded away, for instance, because you or the Rep never heard from the complainant again—that complaint currently does NOT show up on Broker-Check. As of August 23, it will show up. It’s status will show ‘pending’ if it remains pending.

It is in your Reps’ best interest to make sure their historic complaint disclosures are accurate. For instance, if a complaint was resolved but the CRD record was never updated to show that, then now is the time to do it.

FINRA is being helpful (and Allison in Disclosure was extremely helpful in explaining all this!) by looking at ALL historic complaint filings to determine which are ‘pending’ and may be subject to updating. For any such complaints identified as pending, they will issue either a disclosure letter for the individual Rep, or they will batch the occurrences in a new category of disclosures letters issued to the firm, itself.

Here’s what is important:  make sure you are set up to receive notifications of outstanding disclosure letters...that way, you and your Reps can address the status of prior DRP's in order to make changes, if necessary.  Also go into Organization in CRD Main and look for the new ‘disclosure letter’ category. Later this month check that link to see if FINRA has batched 'pending' complaints for your review. NOTE: for right now, they will not send you notification of batched disclosures letters--there's no mechanism for that presently.


Good luck.

Saturday, July 17, 2010

Your Voice (My Discretion)

I finally enabled comments on this little blog o'mine. Don't be shy. Anonymous parties welcome.

(But remember that I have first right of refusal.)

Talk to you soon...

Friday, July 16, 2010

Oops...forgot to add this link: Bill Singer's Opinion

Here is What Bill Singer Has to Say on the subject of the election and proxy proposals. (Not the $5 minimum stuff...although it's funny reading... rather, Bill's personal message below.) If you generally like Bill's take on things, maybe you'll trust his judgment on the candidates and proposals.

"Too Bad I'm Not a FINOP" or "Higher Compliance Costs for Small Firms"

Rumor has it--because that's all we have to go on, here, rumors--that FINRA is moving all firms to monthly FOCUS filings. Seems to me they are starting with the smallest firms. The ones that have a $5,000 minimum, keep their net capital well above that, don't hold customer funds or securities, and pose no threat whatsoever to nation's financial security. Yes, those firms that already pay an extremely disproportionate share of their earnings on compliance will now be forced to spend more money and time reporting to FINRA about numbers that make no difference to anyone. Okay, maybe some 'small' firms (150 reps or fewer) should have their books examined monthly. Maybe if they are at risk of going out of business in this terrible economy, some customer, somewhere, would be inconvenienced by having to talk directly to the clearing firm for a few weeks instead of Mr. Little BD. But for micro-firms that don't have 'customers' per se, but only introduce sophisticated investors to private investment opportunities? Or who send applications and checks to investment companies on behalf of their small town clients? Why does FINRA need to see their bank balances every month? Especially those firms that have been in business for many years and that are consistently in net capital compliance? I don't get it.

If I'm missing something, please write me and tell me. In the mean time, I'll keep thinking this is another nail in the coffin for tiny BD's, who will now have to pay their bookkeepers/accountants/FINOP's more money and who will have to spend more time responding to inane requests from coordinators every month. Some say FINRA wants to completely weed out small BD's, that it's not profitable for them to have these firms as members. Well, yes, if they keeping adding to their costs by imposing more needless regulatory scrutiny over these firms, it does become quite cost-ineffective*.

Which brings me to another question: why are they being secretive about this?? As a member of a club, aren't you entitled to know the club rules? Shouldn't all firms right now be made aware of this coming change, rather than be surprised by a sudden announcement from the District, with no specific explanation of the required change? And how about explaining the roll-out strategy: who goes first? and why? C'mon FINRA, be fair about this. Give small firms a chance to prepare their staffing/budgets for the change. And give'em a good reason for doing this (okay, maybe that's too much to ask).

*Have you, too, received correspondence from FINRA staffers written/sent out in the wee hours, including on weekends? Those folks are definitely overworked.  

Get Involved
And for those of you who follow and participate, as members, in FINRA's election process, remember (from recent Election Notice): "The Financial Industry Regulatory Authority, Inc. (FINRA) will conduct its annual meeting of firms on Thursday, August 12, 2010, at 10 a.m. in the FINRA Visitors Center, 1735 K Street, NW, in Washington, DC. The purpose of the meeting is to elect individuals to fill the seven Elected Governor seats on the FINRA Board of Governors (FINRA Board) and to vote on proxy proposals submitted by a member firm."  The link provided includes information on each candidate.

The proxy proposals are getting a lot of attention, including from the dissident community. Some reading and resources:
The SIPA blog on the proxy proposals
Investment News article about FINRA's recommendation to vote AGAINST the proxy proposals
Site for members to vote on the proxy electronically

Mr. or Ms. Micro Firm, maybe it's time to speak your mind. I mean, really, all this brown-nosing: where has it gotten you?

Thursday, June 3, 2010

New Reg. Category for Operations Professionals: Let's Be Clear About This

Notice 10-25 solicits comments on a new registration category for "Certain Operations Personnel." I only wish they'd have called them "Operations Supervisors" so as to limit the hysteria sure to result when folks hear about this. Okay, maybe I'm the only hysterical person in the room. Consider me a bellwether. (Mais, je prefere "belle-weather.")

Here are two excerpts from the Notice that should calm everyone down:
"Persons subject to the new registration category generally are those persons who are directly responsible for overseeing that tasks within the covered functions are performed correctly in accordance with industry rules, firm protocols, policies and procedures, and who are charged with protecting the functional and control integrity of the covered functions for the firm."
and
"The requirements would not apply to persons who perform a covered function, but whose responsibilities are below these three specified levels, or persons who perform a function ancillary to a covered function or whose function is to serve a role that can be viewed as supportive of, or advisory to, the performance of a covered function, such as internal audit, legal or compliance personnel. Also, the requirements would not apply to persons who are engaged solely in clerical or ministerial activities in any of the covered functions."
It seems to me it's all about supervisors and those with control.  I guess after the comments are received and addressed, we'll have convincing clarity on this, as we normally do when a rule is made effective.

[throat clearing sound]

Alright, maybe there is room for worry, in the end...another quote:
Importantly, those persons subject to the new Operations Professional registration category would be considered associated persons of a firm irrespective of their employing entity and would be subject to all FINRA rules applicable to associated persons and/or registered persons.
So, just like outsourced professionals who are doing work requiring registration and qualification, employees of parent companies, affiliates, etc. will be treated as if they work for the BD. Ah, the long arm of the law gives a bear hug to your whole enterprise...

I'm done for now. Three blog entries in one day? Gotta get back to work.

New CCO Reg. Category

Quick note on proposed Rule 1230(a)(4). Reference: Notice 09-70.

The rule makes a stand-alone registration category for Chief Compliance Officers, which will require a new qualification examination. Here are some reminders:
  • If you are already on Form BD as CCO when the rule is made effective, you'll be 'grandfathered' and won't have to take the new test. You will be registered as CCO via a U4 amendment.
    • This includes any person listed on Form BD, such as co-CCO's and limited principals filling that role.
  • If you are added to Form BD after the effective date of the rule, but before the new examination is available, you will likewise be grandfathered, BUT only if you hold a 24. That is, if you are a limited principal and the firm adds you as CCO in this interim period, you will not qualify for the freebie CCO registration--you'll have to take the 24 or wait and take the new CCO exam.
  • If you are added to Form BD after the effective date of the rule and after the new examination is available, you will have to pass the exam first before your CCO registration is approved. Even if you have a 24...it won't matter.
So think about this and plan accordingly. I'm not sure when the rule will be approved. See this link for links to Comments about the proposal.

The Difference Between June 1 and June 2: Red Flags Rule Delayed AGAIN

June 1:
>The effective/enforcement date of FTC's Red Flags Rule, whereby you, my broker-dealer friends, had to put in place an Identity Theft Prevention Program.
>The date by which I (against my better judgment/procrastination instincts) worked my buttocks off in an attempt to customize/deliver FTC's neat-o PDF customizable 'low-risk' form.
>The date before which, if a regulatory body were going to announce a delay in enforcement of the Rule, said regulatory body should have announced a delay of said Rule.

June 2:
>The date after which you, my broker-dealer friends, put into effect your IDTPP's, after having struggled to customize either FINRA's template or FTC's 'customizable low-risk form.
>The date after which we all collectively considered this topic done/handled/put to rest and happily forgotten about it.
>The date we got notice from FINRA that the enforcement date of the Rule had been delayed AGAIN...now to Dec. 31, 2010.
>The date, perhaps, you and I both swore under our breath something profane and un-American.


Here is the announcement, in case you missed it:
The FTC has again delayed enforcement of its Fair and Accurate Credit Transactions Act of 2003 (FACT Act) Red Flags Rule, from June 1, 2010, to December 31, 2010. The delay will allow Congress to consider legislation limiting the businesses covered by the rule. If legislation passes with an effective date earlier than December 31, 2010, the FTC will begin enforcement as of that effective date.

Firms subject to this rule—which include most broker-dealers—must have in place by the FTC enforcement date a written program to identify, detect and respond to patterns, practices or specific activities that could indicate identity theft.

As a reminder, FINRA has developed an optional template that firms may use as a guide when fulfilling their requirements under the FTC's Red Flags Rule. You can find more information about the FACT Act regulations in Regulatory Notice 08-69.

I won't start babbling about how I think this Rule is redundant and how the criteria for determining applicability is being interpreted in a bogus way. You can always search the subject on my blog to read more. But why bother? Let's just forget this all happened. And let's hope the Rule NEVER gets enforced for you BD's who are already, under AML rules, required to act as law enforcement and root out any nefarious attempts to usurp identities (even if they're not terrorists).

What a Difference a Day Makes: No, what a difference two weeks would have made! Now that kind of lead-time would have been appreciated! (Here I am again, Daydream Believer.)

Friday, May 21, 2010

S(M)ocialware, E(?)-Learning, Report C/Enter, Proposed Rule 20Fuzzy

Just commenting on some miscellaneous topics. Variety is the spice of life.

S(M)ocialware: The company "Socialware" (which recently partnered with Smarsh) offers compliance tools for social media. If you are brave enough to allow your Reps to use tools like Linked In, Facebook and Twitter to expand their business, then you should check out this vendor's products. As you know, archiving and monitoring those types of communications is required, and, the fact that I am an ITiot, I can't fathom managing that compliance without some sophisticated help. I see on their website that they will be at the May FINRA conference in Baltimore. Check'em out when you're there. (PS: Here's a link to a free, interactive webcast on the topic of advisers using social media sites as business communication tools... June 2 webcast).

E?-Learning: Let me commence by stating unequivocally that the people who work in FINRA's E-Learning department are wonderful---> helpful, dedicated, pleasant. I appreciate them with my entire being. [pause] BUT: oh-em-gee. Having just gone through the process of setting up a firm's reps for participation in E-Learning in order to meet C/E firm element assignments, I have to surmise that the regulatory body formerly known as NASD did not do proper due diligence when choosing a programmer for their newly (?)improved FINRA Education online system. From start to finish, the system is crazily inefficient and cumbersome. To choose "Mandatory" for an assigned course, you can't just type the word, or choose it from a drop down menu--instead, you have to click/search/type/click/etc. before the magic word "Mandatory" appears in the box. Adding courses to a Rep's training plan is equally puzzle-like...instead of a list or drop down menu to choose from, you have to search for specific course names. I have more nit-picks but this is getting boring...take it from me, give yourself mucho time to set up Reps' training plans if you intend to use this system. And don't blame our friends at E-Learning: they really are great.

Report C/Enter:  FINRA now offers a 'continuing education regulatory element report' on Report Center. It is a quarterly report that shows how your firm's Reps perform on Reg. Element testing, compared to industry averages. You may want to incorporate this report into your C/E needs analysis process. Check it out on Report Center in Firm Gateway (you won't see a report listed if there were no Reps who took Reg. Element training in the prior quarter).

Proposed Rule 20Fuzzy: --'er, I mean, 2040. See Notice 09-69 for a description of the proposed rule, which concerns payments to unregistered persons. What everyone is always hoping for is crisp rule language on paying people like finders. For now, it's fuzzy, and according to the Notice and thoughtful comment letters, it will remain so. I suggest you read a few of the comment letters, like the one from NASAA and the one from Morgan, Lewis, to understand how this Rule, as proposed, will provide no clarity on this issue. (Wanna pay an unregistered finder? Hire a legal team to prepare an opinion of counsel that, by relying on specific regulatory guidance, no-action letters and interpretations [not rules, mind you!], justifies how your payment will not subject the recipient to SEC registration. ...G'luck with that.)

Gee, I wish I weren't so critical, cynical, analytical and generally bitch-ical. But seriously, can you blame me?? Enjoy your sunshine and your weekend--may it be varied and spicy.

Thursday, May 13, 2010

SEC's Model Form Builder: What's Up Doc?

I'm so happy I started this process seven months in advance. By December, I should know how to properly customize SEC's new "model form" privacy notice (see earlier blog entries). Reminders: here is the link to the site with the links to the model forms--Form Builder Site; and here is the link to instructions for customizing the forms.

The forms are a great idea and would be very useful IF they didn't create substantial frustration when attempting to fill them in. Certain fields don't accept the information you want to include; other fields are too small to accept your chosen disclosures; lines or fields that may be omitted (according to the instructions) can't be; and, well, I generally fear that small firms not well-versed in Reg. S-P and the Fact Act will not be able to customize the form correctly. On the "Reasons" table, is the answer Yes? or No?...situations where your affiliate IA markets to your BD customers using information you shared with it will necessitate considerations like, "Is the BD subject to the Fact Act?", "Is the IA subject to the Fact Act?" and "Does the affiliate use personal information in a manner that requires an opt out?" Will micro firms know the answers? Will they even know the questions? Probably not. It's complicated stuff. And despite what the SEC thinks--that firms are supposed to be familiar with these rules (that's a paraphrase from my convo this morning)--you and I both know only the firms with the big-budget legal teams can feel good about what's in the fine print.

The form, quite simply, is not a user-friendly, prompt-driven tool for small BD's without legal departments or idle word processors. I wish it were, it would save me time, too. But instead, I just spent all day creating Word documents with input fields (big enough fields!) and comments (explaining the choices) so that I can help my clients adopt and complete the form without seriously profane outbursts (a friendly, grateful shout out to KN, whose "bite me!" did indeed fit into an SEC input field with no problem).

If anyone wants my Word forms, write me. I may accept modest remuneration for my efforts.

Oh, and perhaps you should think about using your old Privacy Notice, instead. My next research project is to understand completely what changed in Reg. S-P and how much effort it would take to simply revise my clients' existing forms. The dangling 'safe harbor' carrot presented by the Model Form may not be enough, in the end. Warn Bugs if you see him.

Wednesday, April 28, 2010

Back to the Subject of Real Regulation

Now that I'm no longer watching C-SPAN 3's version of The Good, The Bad and The Ugly, here are a few reminders about real regulatory matters that are not being debated anywhere on TV: 

INVESTMENT BANKERS: Remember: if you are an investment banker you can opt-in to the new IB exam by filing a U4 amendment instead of taking the Series 79 exam. But you only have until May 3 to do it! See my July 30, 2009, entry for the details. 


PRIVATE PLACEMENTS: For those of you doing private placements, check out  Notice 10-22. The Notice, in my opinion, does not go as far as it should in clarifying expectations. It remains vague and incomplete. A few comments: they lay the responsibility for the PP Memorandum on the firm that prepared it or assisted in its preparation, but expect you to fill in any holes if you perceive them; if you didn’t prepare the PPM, you still have responsibility for any sales literature you distribute, whether or not you prepared it; and you may rely on counsel or syndicate managers to prepare the PPM and do due diligence, as long as you have confidence in that third party (and have documented your vetting process).  Oh, and yes, you have to determine suitability of your investors—even if they are accredited. You already knew that, but now it’s official. 
     The Notice includes a list of due diligence topics. For those of you putting together offerings and charged with this responsibility, it would be behoove you to review the list to make sure you are currently addressing these areas of investigation.

PRIVACY NOTICES: As I noted in my January 28, 2010, entry, SEC has put out a 'model form' to use as your privacy notice. There are difference versions, depending on opt-out options. Here is a link to SEC’s newly released Privacy Form Builder. This site provides links to the different model forms. If you do not use the model form, which assures safe harbor if customized correctly, then you must make sure your privacy notice conforms to Reg. S-P changes by year-end.


Tuesday, April 27, 2010

Drunk on Goldman Lemonade

...and havin' a blast! Yes, I'm spending my day watching the Goldman hearing. I didn't plan to do this, it just happened. But I'm sure glad it worked out this way. I vacillate between hating the senators and hating the GS kids. And between loving the senators and loving the boys. Sometimes the conversation looks like my 17-year-old son trying to explain the difference between the music of Lil Wayne and P. Diddy to an 85-year-old Belarusian who speaks no English. The knowledge divide is immense! But there's plenty of CYA and political rhetoric to go around, that's for sure. I respect Mr. Sparks' attempts to explain the complexities of the market to his elders; I like Mr. Tourre's willingness to not rest on legalese; I get a huge kick out the predictability of Mr. Birnbaum's CYA-speak (he wins in this event); and the exasperated brevity of Mr. "Um"'s (forgot his name) responses. There's nothing new about this showdown and it was very easy to explain it to my teenage boys (who watched with me for quite a while, much to my surprise): I mean, c'mon, politicians expressing disbelief and anger at these apparently unethical, greedy players versus slick, coached, extremely experienced and smart professionals defending their daily grind and covering for their employers?...not hard to explain. They could be speaking Farsi and we'd all still get it.

My problem is, I see both sides. I respect the skill of Wall Street bartenders, but I, like many, have suffered thanks to their concoctions. They made great lemonade, as Mr. Sparks said, but it was folks like me and my neighbors that were left to suck the lemon rinds. 

And yet, can I trust our DC reps to sort this out and come up with the best answer? I'm not that drunk..

Thursday, March 11, 2010

Our Top Five Unsuspicious States

Or is it our bottom five suspicious states?

FinCEN's "By The Numbers" report from January shows SAR-SF reporting summary totals from 2003 through June 2009. SAR-SF's are forms filed by securities brokerage firms and other non-depository institutions (non-banks). Here are the states with our nation's most trusting brokers (or most honest investors, depending on how you look at it), in order of fewest SAR-SF's filed since 2003:
  1. Alaska (!! How can they be that unsuspicious? Is there no check fraud, mail fraud, insider trading, or at very least, forgery, taking place up there? I'm suspicious...)
  2. Wyoming (1 SAR-SF filed since 2003 for check fraud. I hope it was against Cheney.)
  3. Hawaii (5 total: 1 for embezzlement and the others for other... you can't trust surfers...or maybe you can...)
  4. Rhode Island (twice the population of Wyoming living on 1/100 the land mass and only 4 more SAR-SFs? Obviously the most trusting lot on the East Coast. We should all move there.)
  5. South Dakota (Hmmm. How can they have filed 10 SAR-SF's to date more than Alaska, a state full of corrupt politicians and crazed hunters with helicopters? I'm still suspicious...)
I skipped non-states in my list, such as District of Columbia. DC beat SD with fewer SAR-SFs. WHAT?? Wait, DC has 600,000 people living there, most of them working for the government (okay, that might not be technically true), and these numbers make it look like Mayberry RFD. What do these numbers mean: are there no BD's, CPO's, CTA's, FCM's, IA's or other such financial institutions in DC, resulting in the dearth of filings? Or is everyone in DC really, really honest, their activities arousing no suspicions? (Uh, did I just say that?) Or does everyone in DC have each other's backs?--oh wait, I may have stumbled onto something. Hmmm. Again, I'm suspicious.

Oh, in case you're wondering, NY has the highest number of SAR-SF's filed to date. Ho hum.

And once again, the type of suspicious activity near the bottom (ranked 20 out of 21) is--yes, that's right--Terrorist Financing! The reason you're all in this mess called AML compliance represents less than 1% of all SAR-SF's filed to date--206, to be exact. The SAR Activity Review offers a lot of information on the growth of mortgage loan fraud as a reported event, but nothing on how all these SAR's are fighting terrorism. But then again, we now know that it's not about that anymore.

________________________

As for bankers and their customers: completely different story. Alaska redeems itself in that race, with the second highest number of SAR's filed from 1996 through June 2009. Now that's what I'm talkin' about! Wyoming is still pretty unsuspicious, ranking 48th out of the 50 states (but that doesn't absolve Cheney of my personal suspicion); and surfers, believe it or not, turn out to not be so trustworthy (Hawaii ranks 30th). South Dakota (23rd) has thousands more SAR filings by banks, but still looks good compared to Alaska; and lastly, I still think it's a good idea to move to Rhode Island...38th of the 50 states.

The good news for New Yorkers is that California outdid them in the SAR's-filed-by-banks competition: CA has more than double NY's filings.

And yes, Terrorist Financing ranks equally low in these filings, just like with SAR-SF's: second to last with less than 1% of all filings. Sigh.

_________________________

Here are the links to my resources. I suggest you take a look, so you can glean useful information (as opposed to useless information like the kind I presented above). The last link is especially valuable for you AML Compliance Officers and auditors.

FinCEN's News Release on the Jan. 2010 By The Numbers Report

FinCEN's SAR Activity Review--By The Numbers Jan. 2010

FinCEN's SAR Activity Review, October 2009

Wednesday, March 3, 2010

Reminders, My Friend, Are Blowin' In The Wind

Having survived a wind storm and a semi-annual procedures update process that nearly killed me (the update, not the wind storm), I am resurfacing to provide a few reminders:


1. R.I.P. Webcasts: After March 31 you will no longer be able to view Webcasts on FINRA's website. All of the prior content is included in other offerings, such as Video E-Learning or plain-old E-Learning courses. But, well, you have to pay for those. Webcasts were free. All's fair in love, war, and a crappy economy.


2. TRACE: Agency Debt Securities became TRACE eligible on March 1, as did certain primary market transactions (those that qualify as list or fixed price offering or takedown transactions). See Notice 09-57.


3. New Capital Compliance Rule: As of February 8, the new financial responsibility rules became effective (FINRA Rules 4110, etc.). Many of the restrictive rules apply to "carrying or clearing firms"--but look at the footnote in the rule and you'll see that they also apply to firms with "k2i" accounts--you know, the account you have set up so you can receive checks from customers for mutual fund and other purchases? This new rule requires, for instance, that your firm must obtain prior written approval before withdrawing any capital that exceeds10 percent of the firm’s excess net capital in any rolling 35-calendar-day period. This includes withdrawals of profits, routine dividends and similar distributions. Wow. For small business owners who take profits this way, this rule seems extremely onerous. See Notice 09-71.
       As for the answers to these extremely logical questions: 1) "To whom do firms request approval?" and 2) "How long does FINRA have to grant approval?", well, the answers were not easy to find... in summary: 1) Eventually there will be an electronic request process on Gateway, but for now fax or email your District Office, and 2) In your communication to the District, inform them that you will be making the distribution in x days in the absence of a response from them. In the published Response to Comments on these rules, it states,"[...] requests for withdrawals can be handled in a routine manner and that decisions typically would be issued in approximately three business days": how's that for clarity?! 
     [Allow me for a moment to express frustration with FINRA for making a Rule effective without having a mechanism in place for allowing firms to comply with the Rule--and for not providing this basic, administrative information to all firms in an easily accessible, publicly-available place (like the Notice??), rather than burying (half of) it in filing documents not regularly visited by most compliance staff. And what-up with making pleasant, good-intentioned, helpful folks like moi feel wrong for asking presumably easy questions and expecting to get answers? What's wrong with regulators saying, "I don't know" or "We're still working on that" or "Three days, but sorry, we didn't put that in the Notice"? ... ugh. P.S. I'm thankful to Estee Dorfman Foster (CPA/outsourced FINOP) for her assistance in finding answers.]


4. Variable Annuity Rules: As of February 8, the formerly-delayed parts of FINRA Rule 2330 became effective. Principals now have 7 days to review recommended v/a purchases and exchanges. There are changes to customer funds rules, too--because if you held a customer's check during that 7 days, you would have otherwise broken SEC customer funds rules. Check out Notice 10-05 for fresh guidance on these changes.


5. AML Madness: FINRA released its updated AML Small Firms Template in January... it is full of wonderfully--wait, not wonderfully, but rather, dreadfully--legalistic text changes that would drive any technical writer crazy. I'm proud to say my template is still better than theirs. You should look at your AML program and FINRA's updated template to assess the time it will take to make corresponding changes; then you should drown your sorrows in a stiff drink (or call me!).  See here for a link to the template in Word format. Oh and remember that as of January 1, you may no longer have someone in your small firm conduct annual independent testing if that person has a conflict of interest (you used to be able to rely on a loophole--it is gone). For this rule change, see Notice 09-60.


6. 3012/3130--Testing & Verification:  For most of you, it's that time of year again--in fact, this is the 5th time you have to follow these rules since inception! This should be easy by now...You have to test and verify your supervisory system. And write a report. And write another report about the process of writing the report. And sign a certification. And put the whole shebang in a file drawer and hope no-one ever asks for it (...but they will). Remember, your reports and certifications are due w/in 12 months of last year's. It's not a calendar year requirement--it's every 12 months by the anniversary. Here is a link to regulatory information on supervisory controls.

7. Short Sales Rule Change: Mary over at SEC approved a change to Reg. SHO, affectionately called the "alternative uptick rule" that restricts short selling in stocks that have dropped 10% in price in one day. Effective Date: May 10, 2010; Compliance Date: November 10, 2010. See link to Reg SHO change for 334 pages of bedtime reading. I'm getting sleepy just thinking about it.


8. TARP Warrants: How do we describe these nouvelles choses? Warrants (that's what they're called)? Options (they're priced like options)? Corporate securities (they're issued by corp's)? Government securities (they were issued to Uncle Sam--is he backing them in the secondary market)? Ask 4 people and you'll get 4 different answers (ask me and you'll get a frustrated shrug of confusion and disgust). Stay tuned for the answer.

FINRA has released its March 1 examination priorities. Review it and weep. You have work to do.


Your Moment of Optimism: 17 days till Spring!

Monday, February 1, 2010

Social Networking Compliance: A Resource

I'd post this on my Wall, but none of my FB friends would understand it!

Got a follow-up email to my last post on this subject from a reader--a firm in Austin, Texas that may have just the tool you need to keep up with FINRA's demands. Check out Socialware's "Risk Manager" product. On the surface, Socialware seems to have developed something useful and, importantly, something designed specifically to meet regulatory guidance.

To allow Reps to use social networking sites as tools to build business might be the best idea of the 21st century--but it carries with it a commitment of both money and time (even an affordable automated surveillance program will require concerted attention by a Principal). The way you balance the need for online networking and the need to budget time and money will determine whether you take this leap.

Some due diligence considerations: Socialware's product is brand new with a limited number of users; the loyal following may consist more of non-FINRA-regulated firms (that is, IA's and others) and therefore may not have been tested yet by examiners; and I'm told the per user charge is small but I don't know about set-up/installation/training charges.

I think it's worth checking out. Tell'em I sent you, K? And please report back with feedback. I'd love to think this is the answer BD's are looking for.

Thursday, January 28, 2010

Identity Theft and Privacy Notice

As you know I'm not happy about the ID Theft/Red Flags rules for introducing firms that offer margin accounts through their clearing firms. Doesn't make sense that these firms are considered 'creditors.' But don't get me started on bad rules that require time, money and effort for the sake of token compliance. Yuk. But a trusted informant from another consulting firm told me that FINRA is obsessing about compliance with these new rules--even though they don't take effect until June 1 and even though FINRA does not have authority to enforce the rules (FTC does). So gear up. Read this Notice Red Flags Rule and Template Procedures and customize the template FINRA provides.

On Privacy (wait, why is this separate from ID theft: isn't protecting customer information all under the same umbrella? Ugh. Whatever.): I came across this, about changes to Reg. S-P: eCFR Link to S-P Amendment. The Reg change eliminates the 'sample clauses' that most of you are using in your Privacy Notices right now. After this year, you won't be able to use those clauses to meet the disclosure requirements under Reg. S-P. Rather, there is a new 'model privacy form.' As of 2011, firms must either use the model form or be sure that their custom privacy notices meet all Reg. S-P criteria. You don't have to wait until 2011--the model form may be used now, and will give you the comfort of knowing your notice meets federal requirements (i.e., it is a safe harbor). You may want to begin the process of switching over from your currently-used notice.

There are two versions of the new model form: Notice with Opt-Out and Notice without Opt-Out. You'll want to decide which is right for your firm and then customize it. Remember, Privacy Notices are NOT required for institutional customers; for individuals, you must deliver the Notice at account opening and yearly thereafter.

Now go forth and confidently protect the privacy and identies of your customers. And do it in a well-documented fashion. Or else.

Social Networking Sites: Word to the Wise

FINRA has put out guidance on the topic of social networking sites (SNS). The explosion of electronic communications in many forms has made it difficult for BD’s to know how to follow SEC books & records rules. It used to be straightforward, but with tools like Facebook & Twitter, it’s tough to decide what constitutes categories like advertising, public appearance, correspondence and recommendations. I suggest you read Notice 10-06 (it’s not long!) so you are aware of FINRA’s concerns.

What FINRA wants is this: if your Reps or the Firm itself use SNS’s for business purposes, then you have to be able to supervise all postings, whether they are ‘static’ (like profiles or wall posts) or ‘interactive’ (like chats or interactive posts with third parties), and you have to be able to store all that content under SEC books and records rules (17a-3/a-4). Pre-approval of anything considered an ‘advertisement’ (the static content) is required; pre-approval is not required for interactive content, but all other requirements apply to that material.

Sound like a big job? It is! Word has it the bigger e-mail storage vendors are working on products that firms can use to meet these requirements (automatically saving the online content and providing an automated review tool for monitoring it), but I can imagine those products will not be cheap. And it’s harder to imagine small firms being able to adequately meet the supervision/r-k requirements on their own.

So, if you are going to allow Reps to participate in SNS’s, you HAVE to implement procedures to meet FINRA’s guidance. And you HAVE to follow those procedures.

If you would rather avoid this administrative challenge & expense (and the related liability of allowing the activity), you will have to be clear about your expectations of firm personnel. Make sure your procedures include a prohibition of this activity; it would also be smart to send an e-mail reminder to everyone at your firm. I suggest:

Our firm strictly prohibits you from engaging in business communications in a social media site (such as Twitter, Facebook and Linked-In, among others). Your participation in such sites must be for purely personal reasons. You may not present yourself on such sites as a representative or agent of the firm: to do so is considered “advertising” and requires pre-approval by our compliance staff. Likewise, on such sites you may not recommend securities or engage in discussions about securities or the firm’s business. Lastly, you may not: link to third party material relating to securities; assist third party site participants in preparing such material; or comment on/endorse third party posts on such material. Our firm may from time to time request access to your social networking sites in order to spot check them for compliance with this prohibition. Perceived violations will be met with disciplinary action.
No matter how you word it, the message should be clear--personnel may not use these sites for business purposes: to do so immediately puts your firm at risk.

Thursday, January 14, 2010

AML: P.O. Boxes for Address Confidentiality Program Participants

I just read about FinCEN's position on the subject of customers who are participants in Address Confidentiality Programs (ACP) and how firms can comply with CIP 'street address' rules for these customers.

To back up: right now, if you're meeting CIP requirements for a new customer, you are gathering a residential or business street address for that person; if the person gives you a P.O. Box, you kindly ask for a street address for the records, but promise to use the P.O. Box for mailing and other business purposes. That's great.

But what if your customer informs you that s/he is participating in an ACP in order to protect his/her confidentiality? These programs are State-run and help to protect victims of domestic violence, sexual assault or stalking. The customer gives you only a P.O. Box address, in keeping with ACP standards. What do you do? You have to comply with CIP rules and your firm's internal procedures, but you want to honor your customer's right to self-protection.

Well, your answer comes in FinCEN Ruling FIN-2009-R003. In this Ruling, FinCEN explains that CIP rules allow customers who do not have street addresses to provide a "residential or business street address of next of kin or of another contact individual." In this case, however, the customer does have a street address, but s/he is keeping it a secret on purpose. What FinCEN has done is made an exception to the CIP rule in this instance. They will treat the ACP participant as not having a street address. In our example above, you would record the P.O. Box of the customer and also collect the street address of the ACP sponsoring agency (such as the Secretary of State or other state agency administering the ACP). That street address will meet the CIP requirement. In essence, the entity administering the ACP will serve as the agent of the customer for CIP purposes.

Obviously, you are required to reasonably believe that you know the true identity of your new customer: if the person gives you an ACP address, risk-based thinking will compel you to check on that address, just in case. Not all states offer these programs--I found this table, which has updated information through Jan. 2009: States with ACP's .

**********

One more thing: I have seen examiners looking for OFAC checks on new associated persons. I haven't researched the rule calling for this, but it may be a good idea to incorporate this procedure in your hiring/registration practices. Run the check, put the results in the personnel file.



Wednesday, January 6, 2010

We Have a Winner! (clarification on subject of k2i a/c and fin. resp. rules)

And the Snuggie goes to: a kind gentleman at FINRA who called me back TODAY and pointed to what I should have reviewed in the first place: response to comments and amendment 2 as they relate to the original rule filing.

In summary, even if your firm is a subscription-based mutual fund retailer--not a clearing firm and not a carrying firm--you still fit into the category of ''carrying/clearing members' if you have an account for the exclusive benefit of customers as described in paragraph (k)(2)(i) of SEA 15c3-3. That is, if you receive and deposit customer checks in an account you control, you're in this category for the sake of rule compliance. It's a customer protection thing, so they say.

So review Notice 09-71 again, and remember that all of these rules might apply to you, even if you think they don't (or shouldn't).

Going home now to put on my own Snuggie. Brrrr.

Happy Oh-10: Financial Responsibilty Rules and New CCO Exam Proposal

Was just reading some Notices and had a few comments:

1. Financial Responsibility Rules (see Notice
09-71): I'm a little confused about whether non-clearing/non-carrying firms with "k2i" accounts are or are not included in the category of clearing/carrying members for many of the new rules... footnotes in the Rules, the Notice and the Rule Filing all say: "Members Operating Pursuant to the Exemptive Provisions of SEA Rule 15c3-3(k)(2)(i). For purposes of this Rule, all requirements that apply to a member that clears or carries customer accounts shall also apply to any member that, operating pursuant to the exemptive provisions of SEA Rule 15c3-3(k)(2)(i), either clears customer transactions pursuant to such exemptive provisions or holds customer funds in a bank account established thereunder."

But the Rule Filing explains, in a Pg 36 footnote: “For clarification, introducing firms and firms with limited business models (for example, firms that engage exclusively in subscription-basis mutual fund transactions, direct participation programs, or mergers and acquisitions activities) are not deemed carrying or clearing members and therefore would not be subject to Proposed FINRA Rule 4110(a), or for that matter any of the other provisions of the proposed rules that would apply only to carrying or clearing members.”

But what if a mutual fund application-way firm has a k2i account established to receive customer funds? I sent an email to one of the Notice authors: I'll let you know what I hear. Or if you can shed light on this apparent contradiction, please write me and I'll enter your name into a drawing for a free Snuggie.

2. Proposed Changes in Registration/Qualification Requirements (see Notice
09-70): One of the changes creates a new category for Chief Compliance Officers--they'd have to pass a specific exam to hold that title. Those with a 24 and who are listed on Form BD prior to the rule taking effect would be grandfathered (no new exam nec.), but those assuming the role after that, even if they have their 24, would have to take the test. I was thinking that some of you principals might want to take advantage of the "multiple CCO" mechanism before they make this rule effective. That way, you will be on the Form BD as CCO in time, and won't have to take the exam. For instance, if you're a small shop with a just a few senior managers, and you originally flipped a coin to see who would serve as CCO, what happens if your existing CCO moves to Jamaica, leaving you with an obligation to pass a new test just to step into Mr. Sun-n-Surf's shoes? Or, perhaps you have a new employee who got his 24, but hasn't yet assumed the role of CCO that you're anxiously looking forward to handing over...you could appoint him co-CCO (dividing up responsibilities, of course, and outlining all this in your WSP) and therefore he won't have to pass the new test later.

Other reminders: Look at your final renewal statements and pay what you owe or request a refund (see excerpted FINRA help, below); do your FCS check by Jan. 27; and don't forget to do quarterly complaint filing by the 15th. And send thank-you notes to all those nice people who gave you xmas gifts!! Emails don't count!

Your compliance compadre,
Sharon

RENEWALS:
If your statement shows an ‘Amount Due’ (i.e., positive amount or debit balance), then your firm needs to pay the balance to FINRA by February 5, 2010.
 Print the statement. A copy of the statement’s first page should be included if your firm is paying with a check.
 See the "How to Submit Renewal Payment" section of this Bulletin or visit the Renewal Program Payment Options page on the FINRA Web site.

If your Final Renewal Statement displays ‘Paid In Full’:
 If your Final Renewal Statement’s ‘Paid In Full’ amount is equal to the amount owed for your Preliminary Renewal Statement then the balance is $0 and no additional payment is required.
 If your Final Renewal Statement’s ‘Paid In Full’ amount is less than the amount your firm paid for its Preliminary Renewal Statement then your overpayment has been systematically transferred to your firm’s Daily Account. Any refunds should be requested from that account. You may request a refund check from FINRA or leave the funds in your Daily Account for future registration-related fees.


To request a refund check, have an appropriate signatory sign the first page of the Final Renewal Statement and mail it to FINRA for receipt by February 5, 2010. Send your refund request to:

FINRA Registration Management-CRD Accounting
9509 Key West Avenue
Rockville, MD 20850

(301) 869-6699