The Financial Industry Regulatory Authority’s (“FINRA”) enforcement division brought 88 disciplinary actions against broker-dealer members during the second quarter of 2016.1 The nearly $63 million in fines FINRA assessed during the period more than tripled the amount from the second quarter of 2015, during which members received $20 million in fines for 91 disciplinary actions. During the first half of 2016, FINRA charged over 100 members with 196 disciplinary actions and assessed fines of roughly $72 million. In comparison, FINRA assessed members nearly $40 million in fines for 201 disciplinary actions during the first half of 2015.
Some of the largest fines and enforcement actions during the second quarter resulted from violations relating to variable annuity sales, suitability, research, and anti-money laundering (“AML”). Key fines levied by FINRA during the second quarter follow.
Variable Annuity Sales
FINRA fined a firm $20 million and ordered it to pay $5 million to customers in restitution for allegedly making negligent material misrepresentations and omissions on variable annuity replacement applications. For a period of nearly six years, registered representatives allegedly misrepresented and omitted at least one material fact relating to costs and the guarantees of customers’ existing annuity contracts in over 20,000 replacement applications. The paperwork associated with a replacement application included a section called the Annuity Replacement and Transfer Disclosure (“ARTD”) form. State insurance laws also required the firm to include a side-by-side comparison between the customer’s existing contract and the proposed contract. According to FINRA, a sample of the transactions revealed the following violations:
- The firm incorrectly represented to customers that their existing annuities were more expensive than the annuity being recommended by the firm.
- The firm failed to disclose to customers that replacing their current annuity would reduce or eliminate certain important features in their existing contract, such as guaranteed income benefits and guaranteed fixed interest account riders.
- The firm violated state insurance laws by inaccurately stating customers’ death benefit values on their existing annuity contracts.
FINRA also noted that the firm failed to supervise its annuity replacement business in several ways. According to FINRA, registered representatives of the firm had not received training or guidance on how to complete ARTD forms properly. As a result of the lack of training, registered representatives failed to gather the required amount of information necessary to form a suitable recommendation for the replacement transactions.
The firm used an automated system to flag suitability issues for each of its replacement applications. During the period, the system was not programmed to flag issues that related to the side-by-side comparison of annuity features. In addition, supervisory principals of the firm did not consider this information when determining the suitability of each replacement.
According to FINRA, the firm’s illustrations calculated incorrect results relating to customer death benefits on existing contracts by failing to factor in a stepped-up death benefit offered by customers’ existing contracts. A stepped-up death benefit occurs when a customer’s account value performs well and reaches a gain, which the insurance company should periodically lock in. The firm had not tested its calculators to ensure that they included the stepped-up death benefit amounts. As a result, customers believed the replacement death benefits represented an improvement over their existing contracts.
The firm also failed to comply with FINRA Rules 2330(d) and (e).2 FINRA Rule 2330(d) requires that firms implement surveillance procedures to determine if their associated persons effect deferred variable annuity exchanges at rates that raise the possibility of conduct inconsistent with the applicable provisions of the rule, other applicable FINRA rules, or the federal securities laws. Rule 2330(e) requires firms to develop specific training programs to ensure that associated persons who effect, and registered principals who review, transactions in deferred variable annuities comply with the requirements of the rule and that they understand the material features of deferred variable annuities. Management can avoid violating Rule 2330 by designating Compliance as an initial reviewer of annuity replacement applications. Compliance should provide details of its review to senior management, including reasons for support of the replacement transaction. In addition, members that conduct a retail annuity business should include training for the sales of these products. Training would be provided to any person who has direct contact with customers and who can accept orders on their behalf. At a minimum, the training should be conducted during the firm’s annual compliance meeting.
A broker-dealer was fined $2,250,000 and ordered to pay $716,000 in restitution for allegedly failing to supervise sales of non-traditional exchange-traded funds (“ETFs”) to retail customers and for recommending unsuitable ETFs. The firm’s policy was to prohibit its registered representatives from soliciting retail customers to purchase non-traditional ETFs. The firm also prohibited the representatives from executing unsolicited non-traditional ETF purchases for retail customers unless those customers met certain qualifications.
The firm allegedly failed to supervise the solicitation of these products in several ways. One way involved the use of a qualification letter. The firm had permitted unsolicited purchases of non-traditional ETFs for customers from whom registered representatives had previously obtained a signed ETF Qualification Letter. The ETF Qualification Letter required customers to represent that they met minimum criteria related to annual income, net worth, and trading experience. The firm did not train its registered representatives and supervisors on its prohibition of solicited non-traditional ETF purchases. FINRA allegedly found instances over a span of four years in which registered representatives entered solicited trades into the firm’s order entry system without supervisory oversight. In addition, representatives continued to make unsolicited purchases in ETFs for customers who had not completed an ETF Qualification Letter.
FINRA also alleges that it found numerous instances in which the firm violated the suitability rules.3 FINRA found that the firm had not satisfied its obligation to conduct due diligence on the ETFs that it sold to customers. Many of the ETFs that the firm sold were either leveraged ETFs or inverse ETFs. The performance of these types of products can differ significantly from the performance of a well-known benchmark or index. Generally, ETFs are more suitable for investors with longer time horizons and a higher tolerance for risking their initial investment. FINRA found that the firm allegedly sold non-traditional ETFs to a number of customers with conservative investment objectives and very short time horizons.
Firms need to confirm that their reviews of customer transactions are complete. Registered principals conducting the reviews should also be provided with training and guidelines on how to identify red flags when reviewing recommended transactions. When red flags are found, the principal needs to record the resolution of the review. In addition, evidence of all supervisory reviews should be documented. Evidence should include an assessment of the complexity of, and risks associated with, the security or investment strategy, as well as the rationale for why the securities transactions are suitable for the customers. In addition, the firm should make sure that it has provided documented training to its representatives. The documentation will evidence that the firm provided information and guidance related to the potential risks and features of the products and strategies that the registered person is recommending. The firm must also satisfy its customer-specific obligation to Rule 2111. This obligation requires a recommendation to be suitable to an investor based on the customer’s investment profile obtained by the member. ETF products are consistently on FINRA’s radar. FINRA has indicated that it will focus on the suitability of the sales of these products to retail customers. As a best practice, a firm's compliance department should receive written acknowledgment that the customer understands the terms of complex products and that the investment matches the customer’s risk profile.
FINRA assessed a combined $1 million in fines for three firms whose violations involved supervision of research analyst activities. FINRA fined one member $900,000 for allegedly failing to adequately supervise firm-wide internal “flash” emails. The member’s research analysts used its flash email program to share with sales and trading personnel publicly available facts on the companies that they covered. The firm prohibited research analysts from communicating a change in a rating, estimate, or target internally or externally, verbally or in writing, before publication of a research report announcing the change. FINRA found instances covering a period of nearly three years in which firm personnel forwarded flash emails marked “internal use only” to customers. Personnel also cut and pasted the text of an internal-use email into a separate communication sent to a customer. In at least one instance, FINRA also found that content from an unapproved, draft research report was cut and pasted into a flash email.
The firm did not subject its flash emails to the level of supervisory review and approval that it applied to published research reports. The firm’s policies only required flash emails to be reviewed prior to dissemination if an issuer mentioned in the email was on the firm’s restricted list. Moreover, the firm did not have adequate policies and procedures in place to supervise the content of flash emails. According to FINRA, there were numerous instances in which research analysts distributed flash emails that included the draft text of a pending research report to sales and trading personnel and, to a limited extent, customers of the firm. The firm’s failure to supervise the information flow between research personnel, or other persons with knowledge of the content of research reports, and trading department personnel, placed the firm in noncompliance with FINRA Rule 5280(b).4
Member firms can work to prevent Rule 5280 violations by taking several precautionary steps. First, designated principals should review the electronic communications of research personnel daily to identify potentially suspicious communications that could lead to violations. Firms should also have controls in place that require research analysts to receive approval for communications containing material information of an issuer covered by the firm. Finally, firms should review their procedures related to information barriers to ensure that they are working as there were designed. As a best practice, registered representatives should attest that they have read and received the firm’s policies for insider trading and information barriers on at least an annual basis. The attestation can also further confirm that the representatives did not distribute any communications unless they were approved or otherwise comply with the firm’s written procedures.
During the second quarter, FINRA imposed five fines on its members for violations of FINRA Rule 3310.5 FINRA fined two affiliated broker-dealers a combined total of $17 million for their AML programs’ systemic compliance failures. One member was an introducing broker-dealer (a firm that has direct relationships with customers, but does not hold or carry their accounts) and the other member was a clearing broker-dealer (a firm that holds customers’ funds and securities after receiving them from the introducing broker-dealer). For a period of nearly eight years, the firms’ AML compliance systems allegedly failed to detect red flags indicating potentially suspicious activity. FINRA issued a three-month suspension and a $25,000 fine to the firms’ AML Compliance Officer (“AMLCO”) during this period.
According to FINRA, one firm kept separate written procedures addressing AML supervision among various departments of the firm, rather than a single written procedures manual encompassing its AML procedures. In addition, FINRA established that the firm’s AMLCO did not have adequate control or oversight over other persons responsible for AML-related processes. The clearing broker-dealer had written procedures that addressed the generation of exception reports and review of suspicious activity. However, the procedures did not list examples of red flags that would signal suspicious trading activity. Moreover, the clearing firm improperly relied on the introducing firm to conduct AML surveillance on customers’ accounts during FINRA’s review period.
Each firm’s gaps in procedures and controls led them to overlook thousands of red flags in exception reports and alerts reflecting potential suspicious activity. FINRA’s review noted that the firm only looked at a fraction of the exception reports being generated. FINRA’s findings revealed that only three to five percent of the reports during the review period were escalated to the appropriate department’s point of contact for further investigation. The firm incorrectly closed out alerts without identifying the purpose of the high-risk transaction that prompted them. Many closed-out alerts also incorrectly stated in the notes section that the transaction was in line with the customer’s profile and anticipated transaction activity.
Compliance and the AMLCO are generally responsible for creating a process to identify, review, and address any activity flagged in exception reports. Firms should revisit their AML procedures to ensure that they include examples of red flags, and that each red-flagged event has documentation of the result of the review of the items noted in the exception reports. The documentation should also be archived so that the firm can furnish evidence of those reviews to regulators during an exam.
Other Significant Events
FINRA fined two members $250,000 each for violations of Regulation S-P and FINRA Rule 2010.6 According to FINRA, newly hired registered representatives transferred nonpublic personal information (“NPPI”) from their previous firms. The NPPI included customer names, addresses, telephone numbers, account types, and account features.
The firms allegedly failed to determine whether customers had provided opt-out notices which allowed the disclosure of their NPPI to a non-affiliated entity. Regulation S-P prohibits broker-dealers from disclosing their customers’ NPPI to a non-affiliated third party without first providing customers with a clear and conspicuous notice of the broker-dealer’s privacy practices and an explanation of the customer’s opt-out rights. Broker-dealers must also provide customers with a reasonable opportunity to opt-out of any such disclosure to the non-affiliated third party. Firms must also provide an initial privacy notice upon the establishment of a customer relationship. FINRA found that the firm violated Regulation S-P because numerous customers had chosen to opt out of sharing their NPPI at previous firms, but those firms had failed to disclose that they share NPPI with unaffiliated third parties for marketing purposes.
Firms should revisit their privacy policies and procedures to confirm that they include several actions:
- Members that effect securities transactions or open brokerage accounts with customers should provide a clear and conspicuous notice that accurately reflects the firm’s privacy policies and procedures.
- Members should include an opt-out disclosure for the customer if his or her NPPI will be transmitted to a third party for marketing purposes. For example, if a broker-dealer receives an account application from a customer and opens a new account, the customer must provide an opt-out disclosure before the broker-dealer can forward any customer information that is not publicly available to another entity that will market services to them.
- Broker-dealers should check each state’s privacy laws to see whether the customer lives in a state that requires affirmative consent, and should ensure the customer provides consent prior to obtaining NPPI.
ACA notes the following key securities laws and FINRA rules referenced in actions during the second quarter of 2016:
- FINRA Rule 2330
- FINRA Rule 2111
- FINRA Rule 5280
- FINRA Rule 3310
- Regulation S-P
- FINRA Rule 2010
ACA Compliance Group’s Broker-Dealer Services Division helps firms ensure their compliance with regulatory requirements. Our services include compliance program development, trading reviews, conflicts management analysis, corrective action assessments, supervisory control and AML testing, written supervisory procedure assistance, initial and ongoing membership application help, and customized regulatory and compliance consulting.
Please contact Dee Stafford at email@example.com for more information.