FINRA has announced the publication of the 2021 Report on FINRA's Examination and Risk Monitoring Program. The new Report combines and replaces two previously published annual reports, the Report on Examination Findings and Observations and the Risk Monitoring and Examination Program Priorities Letter. It addresses 18 regulatory areas organized into four categories: Firm Operations, Communications and Sales, Market Integrity and Financial Management, and will adapt the areas of focus for its Examinations and Risk Monitoring programs during 2021.

Stay tuned for our annual commentary, coming soon, on FINRA’s 2021 objectives and how they may impact your legal, regulatory and compliance matters.

Just prior to the new year, the SEC finalized significant changes to rules and forms governing advertising and cash solicitations under the Investment Advisers Act (“IAA”). In the original proposal, introduced more than a year ago (see previous Bates coverage), the SEC sought comment on the first significant changes to investment adviser marketing rules in decades. On December 22, 2020, the Commission issued the new final rule, which replaces both the prior Advertising Rule and Cash Solicitation Rule with a single, broad, “modernized” marketing rule. The new rule also amends investment adviser registration Form ADV and the books and records rule to reflect the related changes. In an accompanying fact sheet, the SEC stated that the Division of Investment Management staff will withdraw previously issued guidance and no-action letters related to the advertising and cash solicitation rules, as those “no longer apply” under the new final rule. Here are some highlights.

Marketing Rule – Key Provisions

Key provisions of the new final marketing rule include the introduction of a definition of the term “advertisement,” prohibitions on numerous advertising practices, strict limitations on the use of testimonials and endorsements, required disclosures and criteria for the use of third-party ratings, and general prohibitions and conditions on the use of performance results or hypothetical performance information. New compliance requirements under corresponding amendments to Form ADV require advisers to provide additional information on their marketing practices to “help facilitate the Commission’s inspection and enforcement capabilities.”

Advertisements

Under the new rule, the definition of “advertisement” includes any direct or indirect communication by investment advisers offering new or additional services to prospective clients, existing clients or private fund investors. (Among a number of exclusions, one notable change from the original proposal is the exclusion of most one-on-one communications under this part of the definition.) The new advertisement definition also covers any compensated endorsement or testimonial provided either directly or indirectly. These two definitional “prongs” largely “capture” the communications covered by the precursor advertising and cash solicitation rules. 

Marketing Practices

In general, the marketing rule prohibits practices that result in untrue or misleading statements of material fact. Specifically, these practices include communicating information (i) that may be untrue or misleading (including by omission); (ii) where an adviser does not have a reasonable basis for—and would not be able to substantiate—the information communicated; (iii) concerning potential benefits without communicating material risks or other limitations; and (iv) that is not presented in a fair and balanced manner (e.g., performance results).

CONTACT BATES COMPLIANCE TODAY FOR HELP NAVIGATING AND IMPLEMENTING THE NEW RULE.

Use of Testimonials and Endorsements

The marketing rule imposes disclosure, oversight and disqualification limitations on the use of testimonials and endorsements. To use testimonials, an adviser must disclose whether the endorser is a client or investor, is compensated or has some other conflict of interest. Further, to use testimonials, the adviser must oversee compliance with the rule and “enter into a written agreement with promoters, subject to certain allowances and conditions,” for example, where the promoter is an affiliate or receives de minimis compensation. (Notably, a broker-dealer acting as an endorser could be exempt from the disclosure requirements for a recommendation subject to Regulation Best Interest). Finally, the marketing rule generally disqualifies ineligible persons from acting in a testimonial capacity.

Third-Party Ratings

Disclosures and satisfaction of set criteria are also required under the marketing rule before third-party ratings can be used in an advertisement. The advisor must disclose the identity of the third party, the date and time period of the rating, and direct or indirect compensation by the adviser to the third party. An adviser must have a reasonable basis for believing that the rating was unbiased and not created in such a way as to produce a predetermined result.  

Performance Information

Further to the goal of prohibiting misleading information in advertisements, the SEC provided specific requirements on performance information before it can be used. These include prohibitions against the use of information: (i) on gross performance without inclusion of net performance data; (ii) on performance results, without including specific time periods; (iii) suggesting that the SEC reviewed or approved of the advertised performance results; (iv) related to performance results, without inclusion of all related portfolios, and extracted performance results without the results of the entire portfolio; (v) on any hypothetical performance unless the adviser, among other requirements, discloses the criteria used and assumptions made in calculating the hypothetical performance, as well as its risks and limitations; and (vi) on the use of predecessor performance unless the personnel and accounts at the predecessor adviser and the personnel and accounts at the advertising adviser were substantially similar and that any advertisement include all relevant disclosures.

Compliance Dates

The marketing rule and related books, records and Form ADV amendments will be effective 60 days after publication in the Federal Register. Because of the scope and complexity of the rule changes, the SEC has set an 18-month transition period for compliance.

Conclusion

The marketing rule was intended to address technological advances including social media and mobile communications under a principles-based approach to supervision and regulation. In this way, the rule is an attempt to strike a balance encouraging the use of electronic media for adviser marketing purposes, while protecting retail investors from the higher risks of fraud associated with it.

The new marketing rule imposes considerable oversight, recordkeeping and disclosure requirements on investment advisers. The SEC stated it expects that “100 percent” of investment advisers will be involved in activity regulated by the marketing rule. That will require substantial modifications to compliance programs across the industry. Notwithstanding the long compliance transition period, advisers will need to review their current advertising and solicitation policies, make adjustments to their performance presentations and disclosures, ensure effective supervision and set in place new policies and procedures for testimonials and endorsements.

Bates Compliance provides tailored compliance consulting solutions to financial services clients. In anticipation of the compliance transition for the new marketing rule, Bates has formed a team to address investment adviser concern and support efforts to conform oversight, recordkeeping and disclosure requirements under the new rule.

Our compliance team includes senior compliance staff and former regulators, with expertise in the development of policies, procedures, supervisory and compliance processes and best practices to enhance compliance and supervisory systems.

For more information, please contact:

Hank Sanchez, Managing Director - hsanchez@batesgroup.com

Linda Shirkey, Managing Director - lshirkey@batesgroup.com

David Birnbaum, Managing Director - dbirnbaum@batesgroup.com

Rory O'Connor, Director - roconnor@batesgroup.com

FireEye, Inc., a leading U.S. cybersecurity firm, recently disclosed that it had been hacked by a nation-state actor. The company has since revealed that the hack was likely perpetrated, in part, through an ongoing compromise of “Orion” IT monitoring and management software offered by SolarWinds Worldwide, LLC.

Additional reports indicate that the U.S. Department of the Treasury and other agencies have also been affected by the breach, and thousands of other entities could be involved, as SolarWinds boasts more than 300,000 customers, including more than 425 of the Fortune 500, all of the top-ten U.S. telecom companies, all five branches of the U.S. military, and all of the top-five U.S. accounting firms. Indeed, according to FireEye, the hacking campaign resulting from the SolarWinds compromise is widespread and has likely affected numerous public and private organizations around the world.

As a result of this news, the U.S. Cybersecurity & Infrastructure Agency (CISA) has issued an emergency directive to all federal civilian executive branch agencies. The directive indicates that the SolarWinds exploit “poses an unacceptable risk” to the agencies and “requires emergency action,” including the immediate disconnection or powering down of Orion products and the blocking of all traffic to and from external hosts with any version of Orion software installed. Although the CISA directive applies only to federal agencies, almost every organization (including state agencies, for-profit companies, and non-profits) should take note of the advice contained in the directive and take immediate action to address the issue.

We encourage you to confer as soon as possible with your information-technology personnel to determine if your organization might have been affected by this incident. If your organization was or might have been affected by this incident, you might want to consider taking immediate steps similar to those outlined in the CISA directive. In addition, please feel free to contact a member of our Data Protection and Cybersecurity Team if you would like to discuss this incident or if you have any other questions pertaining to data privacy or security.

On December 15, 2020, the Department of Labor finalized long-considered regulations on investment advice for retirement accounts under the Employee Retirement Income Security Act (“ERISA”) and the Internal Revenue Code (“Code”). The new exemption would allow investment advice fiduciaries to receive compensation, “including as a result of advice to roll over assets from a Plan to an IRA,” and to engage in principal transactions otherwise prohibited under ERISA and the Code.

As we previously described, the new class exemption would be available to registered investment advisers, broker-dealers, financial institutions and insurance companies that “provide fiduciary investment advice to Retirement Investors” (e.g., Plan participants and beneficiaries, IRA owners and Plan and IRA fiduciaries).

A summary of the exemption’s key provisions is available in this important DOL Fact Sheet titled “Improving Investment Advice for Workers & Retirees.” The DOL press release accompanying the action affirmed that the “standards in the Department’s exemption … align with [the Best Interest] standards of other regulators, including the SEC.”

The new prohibited transaction class exemption will be effective 60 days after the date of publication in the Federal Register. Consequently, even the earliest effective date would fall under the purview of a new administration, which may affect the schedule.

For more information, or to learn how the new regulations will affect your firm, please contact Bates Compliance today.

Hank Sanchez, Managing Director

• hsanchez@batesgroup.com | 504-450-9632

Rory O'Connor, Director

• roconnor@batesgroup.com | 860-671-7270

On October 26, 2020, the SEC and FINRA staff held a remote public roundtable to discuss the implementation of Regulation Best Interest (“Reg BI”) and the Customer Relationship Form (“Form CRS”) since mandatory compliance began on June 30, 2020. During the regulators’ roundtable, staff reviewed the core obligations required by Reg. BI and Form CRS and reported that firms generally were meeting those obligations. Staff also highlighted their observations on the areas that require improvement.

As Chair Jay Clayton remarked on the call, compliance with the Reg BI obligations and Form CRS requirements is necessary to improve the quality of the relationship between retail investors and their professionals. “That is what it is all about,” he said. Bates held its own webinar on Reg BI and Form CRS implementation and compliance (“120 Days On”) on Wednesday, October 28, 2020 to review client observations and the guidance provided at the roundtable. Here’s a recap on the key issues presented during the regulators' roundtable.

A Focus on the Practical

During the roundtable, SEC and FINRA staff methodically reviewed observations on current implementation of the obligations—disclosure, care, conflicts and compliance—under Reg BI. While acknowledging the “good faith efforts” by firms to comply, and the different approaches firms have taken to tailor their compliance to their firm’s products and business models, staff detailed many “necessary improvements.”

On disclosure, staff noted that firms are mostly relying on Form CRS, though some firms maintain targeted topic disclosure (e.g., on roll-overs). Based on their observations, staff recommended (i) that information be conveyed to retail investors in plain English (which is commonly determined to be at an eighth-grade level) to make it more accessible to retail investors; (ii) the use of charts rather than complicated text on fee disclosures; (iii) using technology solutions to accurately update; (iv) the use of electronic delivery with a focus on proper access to ensure, and evidence delivery; (v) detailed recordkeeping, which should be explicit in firms' written policies and procedures. Staff also acknowledged firms’ efforts to amend client onboarding processes to meet delivery requirements and that, in general, firms provided solid training to their representatives on delivery issues.

On the care obligation, staff described how firms are incorporating internal, proprietary and third-party systems in their review and documentation of decision making on roll-overs, mutual fund share classes, annuities, and other products. Staff observed that firms are incorporating various types of data gathering to bolster their compliance with the care obligation, including by providing for comments around each recommendation, distributing questionnaires, creating risk scores, capturing associated costs, and thorough other analysis. Staff said it wants to be able to review firm due diligence on product disclosures and to see, in particular, that firms are not just relying on the FINRA Rule 2111 suitability obligations, but are expanding and distinguishing between suitability and the broader obligations under Reg BI.

On Reg. BI’s conflicts of interest obligation, staff noted the “wide range of actions” firms have taken to “identify, mitigate and eliminate” conflicts, including the development of procedures and supervision around compensation, client relationships and products. Staff emphasized, however, that proper assessments must be done to identify potential for conflicts, saying that they expect firms to review such things as compensation to the firms, representatives and affiliates, and associated persons’ outside activities. They also want to see that firms reviewed their business models “to get the incentives right.” Staff reported that firms did a good job on mitigation (with some concerns about third-party reimbursements that could create a problem.) Though staff said that the SEC does not require a specific mitigation policy (in order to provide firms flexibility), the SEC offers FAQs and a non-exhaustive list on mitigation methods that firms should consider. 

On the compliance obligation, staff focused primarily on written policies and procedures, training and testing. Staff affirmed that compliance programs must adequately set out cleear policies on disclosure, care and conflicts. Staff, however, found that, while firms are demonstrating good effort in this regard, there was a gap between the written word and the actual practice of how to meet the requirements of the rule. While firms have made headway on training, staff focused on the need to evolve from what the rule says to how to comply with the rule, presenting higher expectations of what firms should memorialize in their books and records, and the need to develop testing plans to verifycompliance with the rule. As described in the Bates webinar, staff appears to want to see: “How are you vetting your investment products on your platform? How are the representatives choosing the products that are available on the platform? How are you reviewing the recommendations? And how are you memorializing what you are doing?”

Form CRS Observations

The CRS form is highly prescriptive in both formatting and content, in part to keep the disclosure document short (two to four pages). As described in a joint statement by SEC leadership, issued on October 8, 2020, the summary is intended to contain, in plain English, disclosures “on the same topics, under standardized headings and in a prescribed order,” on a form “that allows retail investors to compare different firms’ services, fees, and other important information.” 

Of the approximately ten thousand Form CRS submissions filed to date, staff observed a number of failings,  including: material disclosure omissions, vague descriptions of fee structures without direct (layered) hyperlinks, submissions that were too general on product offerings, failures to clearly identify affiliates, incorrect formatting (particularly for required “conversation starter” questions), headers in the wrong place, RIAs referring to themselves being fiduciaries where not permitted, and broken links that affect the adequacy of layered disclosure, among others. Further, staff raised concerns about those firms that were supposed to file Form CRS, but did not.

Form CRS and Disciplinary History

The broadest concern on CRS form filings raised at the roundtable was related to the sufficiency of submissions with respect to disclosure of disciplinary histories. Form CRS requires addressing the question “Do you or your financial professionals have legal or disciplinary history?” Staff warned that Form CRS is not the place for a qualifying answer to that question. It is intended to solicit only a yes or no answer, along with a link to where the investor can get more details. The failure of a significant number of firms to satisfactorily answer this question led SEC staff to add explicit new interpretations on reporting disciplinary history in its Frequently Asked Questions on Form CRS. The detailed response relates to criticisms leveled at both the Form CRS and the industry in a Wall Street Journal report.

The required disclosure on disciplinary history was intended to allow retail investors “for the first time” to be able to factor in disciplinary history information before entering into a relationship with the firm or professional. Staff reaffirmed that compliance requires that (i) the firm direct the investor to Investor.gov/CRS for additional research on firm financial professionals, (ii) the form must include the “conversation starters” to lead an investor to engage in discussion about any disciplinary history or events, (iii) a firm must report any disciplinary action that must be reported on other forms, and (iv) a firm is not allowed to add qualifying language “that might, intentionally or unintentionally, obfuscate or otherwise minimize the disciplinary history.”

Conclusion

Several takeaways were discussed during Bates Group’s follow up webinar. In addition to the analysis of the current state of implementation of Reg BI and Form CRS, the panelists agreed on several recommendations. They include the following:

• Technology – Consider the use of technology to evidence Reg BI compliance. (Take an inventory—can it be used to demonstrate delivery or reveal conflicts, ensure repeatable and auditable results, and adequately capture useful data?)
• Governance – FINRA expects appropriate memorialization in order to undertake an audit, and so that firms can standardize their processes. (What is the governance around conflicts, testing, training, and supervision?)
• Guidance – Review current SEC Form CRS checklist, FAQs, and now, the expectations discussed in the roundtable. (Guidance = Expectations)
• Training and Testing – Ensure that the practical application of the rule is being taught and tested, not simply what the rule says. (What is the follow up? How do you ensure policies are working and are effective?) Start testing, continue training, make necessary changes, and document the process.
• Exam Preparation – Regulators want specific examples of why the recommendations are in the best interests of the client. Document the recommendations. Regulators want to see your regulatory change management program. (When did it start, who was involved, etc.) “Storyboard your process.”
• Enforcement – Firms should review their reportable disciplinary history. Form CRS should be “accurate, complete and consistent with those other forms.”

Jennifer Sullivan, Bates Compliance consultant and a featured speaker at the webinar, noted that both the SEC and FINRA have been very vocal about communicating their expectations. She cautioned that there will likely be “very few excuses for non-compliance.” At the same time, she concurred with other panelists who asserted that “it’s not a gotcha exam. Shy of doing nothing, the Commission wants firms to get it right.” Bates will continue to keep you apprised of further Reg BI developments.

If we have learned anything in 2020, it is that the only thing constant in life is change.  The world has changed in just about every way and day-to-day life continues to evolve in light of those changes.  One major development is the increased use – or perhaps reliance – on remote communication.  Zoom, now a household term, has become a popular way for friends, family and colleagues to interact. However, as we increase the use of virtual meetings, we also lose many of the benefits of in-person interactions.

FINRA arbitrations are not immune to these changes.  In response to Covid-19, FINRA has administratively been postponing on a rolling basis all in-person hearings (currently scheduled through October 2, 2020) – “unless the parties stipulate to proceed telephonically or by Zoom or the panel orders that the hearings will take place telephonically or by Zoom.”  This proclamation by FINRA has been quite controversial among both FINRA member firms and their associated parties, and the customers who sue them.

Generally speaking, firms and their registered representatives have advocated for in-person arbitration hearings, while customers have been more willing to participate in hearings by Zoom.  Panels have issued orders requiring parties to proceed remotely, even when both parties have objected to the virtual hearing.  The Panel’s authority to issue such orders has been highly contested for the past several months.

Just last week, a registered representative, Carlos Legaspy (“Legaspy”), sued FINRA in the U.S. District Court for the Northern District of Illinois, claiming that a FINRA panel’s decision to compel a final arbitration hearing by Zoom was a breach of contract and a violation of his due process rights. (Legaspy v. FINRA, Case Number 1:20-cv-04700). In that regard, Legaspy sought a TRO and preliminary injunction prohibiting the hearing from proceeding via Zoom.  Legaspy cited to FINRA’s Code of Arbitration, arguing that the Rules were clear that the final evidentiary hearing will be held at a physical location defined in relation to the arbitration customer’s residence.  He also cited to the Uniform Submission Agreement FINRA registrants must sign in connection with arbitrations arguing that the language therein demonstrates the parties’ agreement that a final hearing will be held at a physical location.  Legaspy reasoned that, if FINRA intended to conduct virtual hearings, the Submission Agreement would have clearly stated that intention.  He further argued that FINRA’s Arbitration Code is entirely absent of any provision authorizing arbitrators to order a virtual hearing over the objection of a party.

In addition to the foregoing, Legaspy also alleged that his due process rights would be violated if forced to participate in a virtual final hearing.  He argued that his arbitration is going to be complicated in that it will require over two dozen witnesses, including about a dozen experts as well as hundreds of exhibits.  Further complicating his particular hearing is the fact that the customers require an interpreter as they do not speak English.  Legaspy contended that proceeding by Zoom would deprive him of his constitutional right to due process guaranteed by the Fifth Amendment because he would not be able to present an effective defense.

On August 13, 2020, the Northern District of Illinois rejected Legaspy’s arguments and held that he was not entitled to injunctive relief.  In regard to his breach of contract claim, the court held that FINRA was not a party to the Submission Agreement, so the language therein had no bearing on Legaspy’s claims.  The court further held that, even if FINRA were a party to the agreement, Legaspy would not likely succeed on his claim because under the Federal Arbitration Act the court does not oversee FINRA Rules.  Citing to FINRA Rule 12409, the court noted that the authority to interpret and apply FINRA Rules lies with the arbitrators and “[s]uch interpretations are final and binding upon the parties.”  The Court also disagreed with Legaspy’s due process argument.  It held that FINRA, as a private corporation, is not a state actor, and therefore, cannot be sued for violating the Fifth Amendment.

Most notably, perhaps, the Court further rejected Legaspy’s claim that he will be unable to present an effective defense.  Relying on its own experience with virtual evidentiary hearings (once with an interpreter), the court concluded that remote hearings do not prejudice the parties.  Although it acknowledged that remote hearings are “clunkier than in-person hearings,” the court proclaimed that they “in no way prevent parties from presenting claims or defenses.”  Finally, it concluded that the balance of equities was not in Legaspy’s favor because, among other reasons, issuance of a TRO “would force [FINRA] to choose between either holding in-person hearings that expose the arbitrators, [the parties and witnesses] to COVID-19, or indefinitely delaying its hearings.” Noting the uncertainty around the pandemic, the court stated that the delay would effectively be indefinite because it is unclear when in-person hearings will be held again.  Legaspy has appealed the District Court’s decision to the Seventh Circuit Court of Appeals which is currently pending.[1]

The Legaspy decision is a first of its kind and an unfortunate result for FINRA member firms and their registered representatives.  Being compelled to arbitrate remotely will undoubtedly cause already complicated and high-stress FINRA arbitrations to be even more challenging.  In-person witness testimony and the ability to easily navigate documentary evidence is lost in the remote setting.  Arbitration is entered into by agreement.  The fact that a panel can compel a virtual arbitration against the objections of all parties seems inconsistent with the core purpose of this forum.

As the issues surrounding virtual hearings continue to develop, one thing is certain – technology is crucial in today’s society.  Knowing how to use technology and having a level of comfort with it will only help parties and their counsel combat at least some of the challenges they are sure to face during virtual arbitrations.  Having a technological edge on one’s opponent is something to consider as we work to succeed despite the challenges we all face in our COVID-19 reality.

[1] As of the time of publication of this alert, the Court of Appeals issued an Order denying interim injunctive relief pending appeal and denying Legaspy’s request for expedited briefing on appeal.

---

WSSLLP is actively monitoring developments in the securities industry as a result of the impact of the Coronavirus.  If you have any questions or concerns on how it may impact you, please contact Michael Schwartzberg at Schwartzberg.m@wssllp.com or Allison Beatty at beatty.a@wssllp.com.

Over the past several weeks, the Financial Crimes Enforcement Network (FinCEN) has issued new guidance on customer due diligence requirements, an advisory on cyber-enabled financial crime and an alert concerning scams involving fraudulent payments denominated in convertible virtual currency. These are significant compliance communications for financial institutions and come on the heels of FinCEN’s recent alerts on imposter fraud and money mule schemes (see previous Bates coverage). Here’s what you need to know.

NEW FAQS ON CUSTOMER DUE DILIGENCE

The CDD Rule, which went into effect in 2018, requires covered financial institutions to develop procedures to identify and verify a customer’s beneficial owners when an account is opened, and to establish risk-based procedures for conducting ongoing due diligence. (FinCEN provides an active topic page on the subject which includes links to exemptive relief rulings and the latest regulatory FAQs.) On August 3, 2020, FinCEN issued new responses to FAQs concerning obligations “related to obtaining customer information, establishing a customer risk profile, and performing ongoing monitoring of the customer relationship.” The core message in this guidance is a reaffirmation that financial institutions must tailor their CDD program around customer risk.

On questions about the collection of customer information, FinCEN responded that the CDD Rule “does not categorically require” the collection of any particular information other than developing a customer risk profile, monitoring, and collecting beneficial ownership information. FinCEN emphasized that the collection of information is directly related to the level of risk, (i.e., where the customer’s risk profile is low, the collection of any specific information may not be necessary in order to understand the customer relationship.)

FinCEN reiterated that the CDD rule requires covered financial institutions to “establish policies, procedures, and processes for determining whether and when, on the basis of risk, to update customer information to ensure that customer information is current and accurate.” Consequently, while the rule does not require specific due diligence, media searches, or the collection of information concerning certain underlying transactions (e.g., identifying information on a “customer’s customer”), the level of risk determines the appropriate level of information that needs to be collected, which, ultimately, would help to alert a financial institution as to suspicious transactions.

Similarly, FinCEN noted that the CDD rule “does not prescribe risk profile categories, and [that] the number and detail of these categories can vary.” FinCEN’s broader guidance is that financial institutions should understand the types of financial crime risks that are consistent with the customer risk profile and that “any program for determining customer risk profiles should be sufficiently detailed to distinguish between significant variations in the risks of its customers.”

Concerning specific schedules for ongoing customer relationship monitoring, FinCEN relayed that there is “no categorical requirement that financial institutions update customer information on a continuous or periodic schedule.” While the specifics of a monitoring program are also based on risk, FinCEN said that a covered financial institution must update customer information as is relevant to assessing that risk and in order to “reassess the customer risk profile/rating.”

NEW ADVISORY ON CYBER-ENABLED CRIME

Only a few weeks after FinCEN cautioned institutions about a rise in money mule schemes and imposter frauds that attempt to con investors and other consumers into deceptive transactions, FinCEN issued a new warning alerting financial institutions to indicators of COVID-19-related cyber scams. The advisory reviews “the means by which cybercriminals and malicious state actors” exploit the pandemic through malware, phishing schemes, extortion, business email compromise fraud, and exploitation of remote applications, especially against financial and healthcare systems. The advisory is based on data analysis of suspicious activity reports and law enforcement and other public reports. It describes risks and red flags for financial institutions to protect customers and legitimate COVID-19 relief efforts.

In the advisory, FinCEN identifies numerous red flag indicators and warns financial institutions to guard against:

• potential vulnerabilities of remote applications and in virtual environments (including potential manipulation of online verification processes and compromised login credentials across customer accounts) that can jeopardize private information, compromise financial activity and disrupt business operations;
• schemes targeting health care and pharmaceutical providers that seek the collection of personal and financial data (through malware, ransomware, phishing schemes and extortion);
• schemes targeting municipalities and the health care industry supply chain that attempt to modify or redirect payments to new accounts (“business email compromise” (BEC) fraud schemes).

FinCEN relayed that financial institutions should consider these indicators in context given “the surrounding facts and circumstances, such as a customer’s historical financial activity, whether the transactions are in line with prevailing business practices, and whether the customer exhibits multiple indicators, before determining if a transaction is suspicious or otherwise indicative of potential fraudulent COVID-19-related activities.”

FinCEN advised financial institutions to use specific language on SARs reports and to reference (in specific fields) these COVID-19 related schemes where the circumstances or subject matter matches.

NEW ALERT ON CONVERTIBLE VIRTUAL CURRENCY SCAMS

In an alert issued in late July, FinCEN addressed concerns raised by a highly public incident exploiting Twitter accounts. The scheme involved the compromise of the Twitter accounts of public figures and organizations in order to solicit fraudulent payments denominated in convertible virtual currency (CVC). The fraudsters claimed that any CVC “sent to a wallet address would be doubled and returned to the sender.”

The Twitter advisory references a prior FinCEN alert on illicit activity involving CVCs and adds to the broader concern about identifying bad actors seeking to exploit CVCs “for money laundering, sanctions evasion, and other illicit financing purposes” (e.g., those involving darknet marketplaces, peer-to peer exchangers, foreign-located Money Service Businesses, and CVC kiosks.) Together, these warnings paint a daunting picture of the finance vulnerabilities posed by virtual currencies.

In the Twitter alert, FinCEN identifies several indicators to help detect, prevent, and report potential suspicious activity related to social media posts. Among others, these include solicitations from individuals or organizations where there is no prior existing business relationship (like from celebrities or public figures) and solicitations requesting donations where the solicitor is not affiliated with a reputable organization.

CONCLUSION

FinCEN has had a busy summer. The agency has now warned financial institutions to be on alert for a host of threats, from simple to highly sophisticated fraud and malicious activity. The advisory on increased vulnerabilities resulting from operating during the pandemic reminds us how quickly circumstances can turn into opportunities for bad actors and how alert compliance teams must be to keep up. The advisory on virtual currency risk is an indication that there is much more work needed to protect clients in the virtual markets. Finally, FinCEN’s additional CDD Rule guidance highlights how risk-based frameworks require constant tuning in order for compliance professionals to be able to execute the practical details of their programs.

In the meantime, expect FinCEN to keep issuing these advisories. Bates Group will keep you apprised.  

To discuss this article and/or learn more how Bates can help you navigate AML, please contact:

Edward Longridge, Managing Director and Pratice Leader, Bates AML and Financial Crimes at elongridge@batesgroup.com.

Dennis Greenberg, Managing Director, Bates AML and Financial Crimes at dgreenberg@batesgroup.com

For additional information, please follow the links below to Bates Group’s Practice Area pages:

Bates AML and Financial Crimes

Bates Compliance

Regulatory and Internal Investigations

Retail Litigation and Consulting

Institutional and Complex Litigation

Consulting and Expert Testimony

FINRA issued Special Alert Notice 20-16 to share COVID-19-related off-site transition and supervisory practice information. The information was derived from recent FINRA discussions with small, mid-sized and large firms. FINRA cautioned that they “have not yet evaluated these practices in our examination programs,” but, nonetheless suggested that firms consider whether they are “applicable” and whether they would enhance supervisory systems and compliance programs during this period.

Bates has been reporting on COVID-19-related guidance since the pandemic began and maintains a topic page on the subject with links to both federal regulatory sites (including FINRA’s resources page) and Bates news and information. Here we take a closer look at FINRA’s observations on firm efforts to transition to remote work environments and to supervise remote work activities.

REMOTE WORK ENVIRONMENT TRANSITION PRACTICES

FINRA reports that firms took a wide range of steps to enhance their compliance efforts and their ability to serve customers from remote locations. FINRA categorizes these steps in four areas: customer assistance, off-site work protocols, staff communications and cybersecurity.

For customers, firms took immediate steps to provide contact and branch office closure information on their web sites and to route customer calls and requests for appointments through a centralized hub. For employees, firms added procedures to better monitor and to record the location of staff, and to continuously update contact information for “compliance, legal, operations and other departments.”

Some firms adjusted communications practices to minimize the risk that staff “would use personal or unapproved systems and technology to conduct firm business.” FINRA stated, for example, that firms were providing (i) “all-hands” videoconferences on operations; (ii) “clear guidance” on working remotely; (iii) technology hardware “to better equip staff to work from home” and (iv) virtual trainings on new and approved technology platforms and applications.

Further, firms reported that they increased their use of virtual trainings and other efforts with respect to cybersecurity and the confidentiality of firm and customer information. Firms disclosed that they were issuing frequent internal reminders on compliance with material non-public information requirements. In addition, firms communicated precautions around “maintaining a private workspace from home,” including extra care when working near family or friends. Firms also said they were enhancing the oversight of their “critical information” technology vendors.

REMOTE WORK SUPERVISORY PRACTICES

FINRA relayed that while firms expressed confidence that they were “relatively prepared” to supervise associated persons working from home (i.e. through the use of “checklists, surveillance tools, incident trackers, email review and trade exception reports”), some firms described additional steps they took to ensure that their supervisory practices and procedures were followed. These additional steps cover (i) overall supervision, (ii) trading supervision, (iii) supervision over customer communications and (iv) branch inspections.

Firms reported many steps to strengthen general supervision of associated persons working in remote locations. In anticipation of the lock-down, for example, some firms described special efforts to test and perform a “gap analysis” to ensure adequate remote compliance with documentation requirements. Firms also set up processes to identify emerging issues or trends gleaned from “increased alerts, exception reports and customer complaints.” These processes supported additional firm guidance to supervisors acting on these concerns, including coaching and “over-escalating” identified issues.

Some firms strengthened their existing “electronic supervisory checklists with attestations and electronic affirmation via voting buttons.” As to other general supervision issues, firms said they improved their overall communications efforts by requiring frequent and regular senior leadership meetings, opening communications channels between supervisors and compliance staff and by establishing feedback mechanisms from staff to promote best remote office practices.

On trading supervision, firms added to their oversight by tightening controls and adding new special elements to supervisory checklists. Specifically, firms enhanced their oversight capabilities by requiring additional prescreens, additional supervisory approvals (with attestations), additional testing of traders’ remote technical capabilities, and by increasing the frequency and thresholds for certain trade reporting and alerts. Further, some firms reported additional monitoring of supervisory activities and increasing the frequency of “check-ins” with traders.

In addition to supervision of customer communications through existing methods, some firms added several more layers of oversight. These include increasing the frequency of email review, enhancing communication surveillance, expansion of using recorded lines for orders, and disabling certain features of communications platforms in order to ensure full and accurate recordkeeping.

Finally, FINRA asked firms about their branch office inspections. Some firms reported that they created a temporary remote branch office inspection plan which relies on technology and video and electronic document review. Firms made clear, however, that such inspection plans merely defer the required onsite inspections to a later time and that when pandemic restrictions are lifted they will prioritize high-risk, on-site branch inspections.

CONCLUSION

In this Notice, FINRA documented a broad range of methods firms have devised to transition to remote offices and to supervise associated persons. These steps are, of course, a proactive way for firms to fulfill their obligation to implement a reasonably designed supervisory system appropriate for the firm’s size and business model. FINRA recommends that firms contact their designated Risk Monitoring Analyst with questions about these or other methods undertaken during this time. FINRA is once again setting the expectation that firms need to fully consider their compliance practices carefully during this time. Bates will continue to monitor and summarize these regulatory compliance developments.

Bates Compliance practice leaders and consultants are available to answer your questions on compliance, risk, supervision and audit matters to help you through this period. Please reach out.

CONTACT:

• Robert Lavigne, Managing Director and Practice Leader, Bates Compliance
• Linda Shirkey, Managing Director
• David Birnbaum, Managing Director
• Hank Sanchez, Managing Director
• Steven Engel, Managing Director
• Rory O’Connor, Director

Concern about recommendations of complex financial products for retail investors has been at the center of the debate over changing standards for broker-dealers and investment advisers. With full implementation of the heightened Regulation Best Interest (Reg BI) requirements less than a month away, FINRA issued a Notice reminding firms of their sales obligations when offering recommendations on complex oil-related exchange-traded products (ETPs).

The FINRA Notice is straightforward. It describes dramatic volatility in the oil market, related ETP product complexity and risk, suitability obligations and soon-to-be-in-force Reg BI obligations on those firms and registered representatives that trade in these products. FINRA’s Notice, therefore, provides an important case study not only as to the specific expectations of firms that trade oil-related ETPs, but also on how the self-regulator appears to be handling concerns about recommendations to retail clients of complex products in a volatile market. Here’s a closer look.

OIL-RELATED ETPS

Oil-related ETPs are complex financial products. They are listed securities that “provide exposure” based on “the performance of an index, benchmark, or actively-managed strategy.” As such, they meet the description set forth in a previously issued FINRA Notice as having features that “make it difficult for a retail investor to understand the essential characteristics of the product and its risks.”

FINRA describes these risks in the context of a representative’s ability to explain them to retail investors. Specifically, FINRA cautioned that firms must understand how tracking futures contracts and indices actually works, how certain conditions currently existing in the market, for example, contango and backwardation, can affect performance, and how ETP securities perform relative to the price of the commodity in the cash market. Further, FINRA warned that firms must comprehend (i) differences among varying ETPs in order to advise clients on how they can be used within an investment strategy, (ii) differences and risks based on product structures—such as the difference between commodity pools which hold futures assets and exchange-traded notes which hold debt—and (iii) risks from different ETPs concerning “structural features,” such as those with provisions for accelerated terminations or suspensions of new issuance.

According to FINRA, current market conditions are highlighting these risks. A decline in oil demand (due in part to COVID-19), has led to a plunge in cash market values which has had a significant impact on the market for futures and ETP indices. (FINRA repeatedly warned that firms must understand and explain to retail investors the differences between the spot market and ETPs). Extreme volatility in several oil-linked ETPs has led to ETP terminations and suspensions and has exacerbated investor losses.

COMPLIANCE WITH SUITABILITY AND REG BI

FINRA warned firms that oil-related ETP recommendations require representatives to fully comprehend the terms, features and risks of these complex products. FINRA also advised firms that sales obligations on these complex products require compliance with rules on suitability (Rule 2111), communications with the public (Rule 2210), and supervision (Rule 3110). After June 30, 2020, oil-related ETP recommendations will require compliance with Reg BI.

FINRA noted that both customer-specific suitability and reasonable-basis suitability were “particularly relevant” to oil-related ETPs. The former requires a reasonable basis to believe that a recommendation or strategy is suitable for a specific customer based on a “customer's investment experience, risk tolerance, liquidity needs, investment objectives, and financial situation and needs.” Reasonable-basis suitability requires that the firm “perform reasonable diligence to understand the nature and risks of the transaction or strategy, and then to determine whether there is a reasonable basis to believe that the recommendation is suitable for the investor.”

FINRA pointed out that in less than a month, recommendations of ETPs to retail clients “will be governed” by Reg BI, and firms must act in the client’s best interest at the time the recommendation is made, “without placing the financial or other interests of the firm ahead of the interests of the retail customer.” (See recent Bates article describing FINRA’s recent proposal to modify the suitability rule.)

PUBLIC COMMUNICATIONS AND SUPERVISION

FINRA advised firms that public communications of oil-related ETPs should “balance” the benefits of these securities with “a clear description of the risks,” (including those related to contango an backwardation), and that firms “may not omit any material fact or qualification that would cause such a communication to be misleading.” Specifically, FINRA said that public communications must describe the “speculative nature of futures investments and must explain clearly that the ETP’s price will not track directly the spot price of oil.” Further, FINRA warned firms that risk disclosure in a prospectus “does not cure otherwise deficient disclosure in sales material, even if the sales material is accompanied or preceded by the prospectus.”

On compliance with supervisory obligations, FINRA reminded firms to establish and maintain a reasonably designed and tailored supervisory system that takes into account the complexity of any offering of oil-related ETPs in the context of the firm’s customer base. FINRA relayed that firms must conduct training for registered representatives about the terms, features and risks of these products as well as on the suitability of recommendations, given the “investor’s time horizon, impact of time and volatility on the ETP’s performance.”

CONCLUSION

FINRA issued this Notice because of volatility in the market for oil-related ETPs, the resulting ETP terminations and suspensions, and consequent investor losses. The self-regulator’s emphasis on sales practice reinforces the message that sales of these complex products meet the requirements of FINRA’s suitability, communications and supervision rules, and fall under the new Reg BI standard commencing at the end of the month. Bates will continue to keep your posted on developments.

For more information, please do not hesitate to reach out to Bates:

Julie Johnstone, Managing Director, Retail Securities Litigation 

Robert Lavigne, Managing Director, Bates Compliance

Alex Russell, Managing Director, White Collar, Regulatory and Internal Investigations

On April 7, 2020, the SEC Office of Compliance Inspections and Examinations (“OCIE”) issued two new alerts to broker-dealers and investment advisers about the “expected scope and content” of its compliance examinations for Regulation Best Interest (“Reg BI”) and the Client Relationship Summary (“Form CRS”). Previously, SEC Chair Jay Clayton announced that the June 30, 2020 compliance deadline for Reg BI will not be delayed due to the impact of  COVID-19. These alerts, therefore, underscore the need for firms to be prepared and compliant by the deadline.

The first alert, Examinations that Focus on Compliance with Regulation Best Interest, emphasizes the OCIE’s determination to evaluate whether firms have established policies and procedures reasonably designed to achieve compliance with Reg BI, and whether firms have made reasonable progress in implementing those policies and procedures. OCIE said the examinations will focus on the four component obligations of “best interest” recommendations: those of disclosure, care, conflict of interest, and compliance.

Regarding the disclosure obligation, the OCIE said it would review all disclosures and documents that bear on the “material facts relating to the scope and terms of the relationship with the retail customer,” and “relating to conflicts of interest that are associated with recommendations.” Specifically, OCIE said it may assess the “capacity in which the recommendation is being made,” fees and costs of transactions, holdings and accounts, and “material limitations on the securities or investment strategies involving securities that may be recommended to the retail customer.” To assess compliance with the obligation of care, OCIE relayed it would review the information that a firm collects from retail customers to develop investment profiles, as well as a broker-dealer’s process for having a reasonable basis to believe they are acting in the best interest of the client (i.e. factors considered when assessing the “risks, rewards, and costs of the recommendations in light of the retail customer’s investment profile”). To assess compliance with the conflict of interest obligation, OCIE stated that it would assess policies and procedures that identify potential conflicts, existing conflicts, evolving conflicts, disclosures of conflicts and mitigation of conflicts. To assess Reg BI’s compliance obligation, OCIE stated that part of its review of a firm’s written policies and procedures will focus on “controls, remediation of noncompliance, training, and periodic review and testing.”

The second alert, Examinations that Focus on Compliance with Form CRS, emphasizes that the OCIE will evaluate whether firms have made a good faith effort to implement the new customer relationship summary requirements. After the deadline, firms must deliver these forms to their retail customers, post them on their website, and file them with the Commission (at the Central Registration Depository or Investment Adviser Registration Depository, as required).

The OCIE stated that it will review delivery considerations on Form CRS as to existing retail investors (particularly, in light of certain types of recommendations, e.g. rollovers or new services) and new retail investors (that may involve accounts involving investment strategy, order placement, or the opening of a brokerage account). OCIE also noted it will assess whether the content in the summary is adequate and accurate and that it does “not omit material facts necessary in order to make the required disclosures.” Finally, OCIE stated that it will consider certain technical compliance, e.g. that the form complies with proper formatting, that there are policies and procedures in place for updating the form, and that the firm has the attendant record-making and recordkeeping procedures.

These two alerts show that the scope of the anticipated review of compliance with Reg. BI and the CRS will be broad. SEC Chair Clayton emphasized, however, that the agency is looking to see a firm’s “good faith” compliance effort and that it understands the stresses that COVID-19 may be causing during this time.

On the heels of FINRA’s notice regarding pandemic-related business continuity measures, CRC would like to take this opportunity to remind all financial services clients that now is the time to review, test, and update BCPs, disaster recovery procedures, and cybersecurity policies and procedures. Firms should be focused on determining whether business continuity plans are sustainable for the potentially long-term duration of the COVID-19 outbreak, as well as confirming with vendors and communicating regularly with clients and, if necessary, regulators. Partnering with a compliance professional to coordinate pandemic BCP efforts can streamline this process and alleviate additional stress on your firm. Watch this video to see what other areas firms should consider to ensure that BCPs can withstand this current health, social, and economic crisis.

Watch the full video by clicking here!

The SEC’s IAA Release No. 5469 on Wednesday, March 25, 2020 amends its IAA Release No. 5463 and now allows for extending the filing (March 30) and delivery (April 30) deadline dates of the Form ADV amendment to June 30, 2020 due to COVID-19 and its consequences. The SEC has also amended the notice requirements, eliminating the need to describe why the requirement cannot be met and when you expect to file. If you cannot meet the filing deadlines, you MUST do the following:

Email IARDLive@SEC.gov AND post on your website (or, if you do not have a website, notify your clients/investors directly):

• That your firm is relying on the original Order.

Example: 

• “Our firm, ABC Inc., CRD# xxxx, SEC# 801-yyyy, will not be filing its Form ADV amendment by March 30 or delivering it by April 30 due to the COVID-19. We are relying on the SEC IAA Release No. 5463 of Friday, March 13, 2020 for this extension."

Please contact Bates Compliance to assist your firm with Form ADV or to discuss your discrete and ongoing compliance needs:

Linda Shirkey, Managing Director

lshirkey@batesgroup.com - (281) 298-7015

Rory O’Connor, Director

roconnor@batesgroup.com - (860) 671-7270

Bates Group has been tracking regulatory and enforcement developments on senior financial exploitation. Two recent publications and recent sweeping enforcement actions suggest that the phenomenon is becoming better understood and addressed. The Financial Crimes Enforcement Network (FinCEN) published a strategic analysis after reviewing Suspicious Activity Reports (SARs) filings over a six-year period. The North American Securities Administrators Association (NASAA) issued a statement and a legislative update based, in part, on an enforcement analysis showing that the Model Act to Protect Vulnerable Adults is gaining traction. And the Department of Justice, FBI and Postal Inspector jointly announced the results of “the largest coordinated sweep of elder fraud cases in history.” Here’s a closer look.

FINCEN ANALYZES SARS FILINGS ON SENIOR FINANCIAL EXPLOITATION

In December 2019, FinCEN analyzed SARs filed from October 2013 through August 2019 concerning senior financial exploitation. The analysis also reviewed a statistically random sample of SAR narratives contained in these filings between 2013 and 2017. Suspicious activity reported in elder financial exploitation SARs amounted to $21.8 billion during the six-year period, with the number of SAR filings peaking at 7,500 per month by August 2019. FinCEN also found that the total dollar amounts at issue increased annually. In 2014, the total amount reported was $2.2 billion—by August 2019, the amount surpassed $5 billion.

According to the report, “MSBs and depository institutions accounted for the majority of the filings and of the increase, while casino, insurance company, securities and futures, and ‘other’ filers’ reporting trended upward, but accounted for substantially fewer filings per month. Depository institution and securities and futures SARs saw a steady upward filing trend, while MSB SAR filings trended down in 2018 and early 2019.“

The amount reported on a per-SAR basis fluctuated over time. By year, the highest average amount was $70,809 in 2015, and the lowest average amount per SAR was $40,790 in 2017. Breaking these numbers out, however, FinCEN noted that when accounting for type of activity, the average amounts reported for theft (primarily from depository institutions and brokerage firms) were more than double that for scams (mostly from money services businesses.)  For theft, the average per SAR filing was $50,084 with the median amount $15,964. For scams, the average was $25,432, and the median was $6,105. Citing Census Bureau data, FinCEN asserts that these losses reflect as much as 28 percent of the median net worth of households aged 65 or over. 

Distinctions between theft and scams are important as well from the point of view of proposed legislative remedies. Scams (in particular, romance, emergency/persons in need, and prize/lottery scams,) are often characterized by instances where the victim does not know the perpetrator. Fraud and theft, on the other hand, implicates family members (46% of the cases) and non-family member caregivers (20% of the cases). Further, victims of theft often suffer from some cognitive decline or other incapacitation, making the crime even more egregious. FinCEN’s findings clarify the broad spectrum of abuse captured under the term “financial exploitation” and suggest effective responses using a variety of tools.

NASAA HIGHLIGHTS SUCCESS OF MODEL ACT

In a press release accompanying a 2020 legislative text and commentary on NASAA’s Model Act to Protect Vulnerable Adults From Financial Exploitation, NASAA President Christopher W. Gerold touted the success of the organization’s ongoing effort. He asserted that the Model Act is “on course to become operative in a majority of states” in 2020 and that the success of these measures will result in “additional reporting leading to more enforcement actions and greater protections for seniors and other vulnerable adults.” (Note: New Jersey enacted the “Safeguarding Against Financial Exploitation Act," a statute based on NASAA’s Model Act, on January 13, 2020.)

As described previously, the Model Act (i) “offers broker-dealer and investment adviser firms qualified immunity for delaying disbursements when the firm reasonably believed financial exploitation would result,” and (ii) requires mandatory reporting by an agent or representative upon reasonable belief of senior financial exploitation. NASAA reports that 25 jurisdictions have now enacted some form of the legislation.

Referring to its enforcement report issued last year and covering data from 2018, NASAA asserted that 14 jurisdictions received 426 reports from broker-dealers and investment advisers regarding the potential financial exploitation of a vulnerable adult. Further, these notifications led to 81 investigations which resulted in 57 delayed disbursements and 32 enforcement actions. Finally, NASAA reports that the states that have enacted the Model Act have seen a “drastic increase” in the number of reports of potential financial exploitation.

For detailed consideration of sections of the Model Act, the accompanying legislative commentary for 2020 is an important read. In it, NASAA describes the intention behind many of the definitional terms used in the Act and offers important legislative history and synopses of public comment. Further, NASAA stated that a designated committee “will undertake a review of the implementation and efficacy of the Model Act in the 25 states where the law has been adopted,” in order to “gather information about how effective the laws have been in protecting vulnerable adults from financial exploitation.” These feedback mechanisms are very important to measure the success against the intentions behind the Model Act.

FEDERAL ENFORCEMENT ACTION

On March 3, 2020, the Attorney General, FBI Director and Chief Postal Inspector announced the results of a coordinated enforcement effort that targeted elder fraud schemes. This year, the agencies racked up impressive prosecutions of more than 400 defendants who allegedly caused more than a billion dollars in damages. Unlike last year’s sweep, which focused on technical support scams and mass mail fraud, this year’s enforcement efforts targeted the “threat posed by foreign-based fraud schemes that victimize seniors in large numbers.” Attorney General Barr explained that reduction of transnational fraud schemes on older Americans has become a Justice Department priority. The agencies highlighted going after the “money mule network that facilitates foreign-based elder fraud” and said that actions were taken against over 600 money mules nationwide in an effort to stop the flow of money from seniors to perpetrators.

In addition, FBI Director Christopher Wray commended the work of the Transnational Elder Fraud Strike Force. Established in June 2019, the Strike Force has been meeting with “industry, victim groups, and law enforcement at the federal, state, and local levels to identify the most harmful schemes victimizing American seniors and to bolster preventive measures against further losses,” said Director Wray. 

In the joint announcement, the Justice Department noted additional resources are being made available on senior fraud, including (i) an interactive map showing state-by-state prosecution and educational efforts and (ii) information on a new National Elder Fraud Hotline, for reporting suspected fraud. The latter is to be staffed by case managers who can refer callers to appropriate agencies and services (including the FBI for internet-related scams and the Federal Trade Commission for consumer complaints).

CONCLUSION

FinCEN and NASAA’s latest efforts to document and analyze their initiatives on elder financial exploitation are important in the ongoing efforts to understand the scope of the problem. FinCEN’s review of available data from SARs filings reinforces prevailing notions that seniors may face an “increased threat to their financial security by both domestic and foreign actors.” NASAA’s updated legislative commentary of key definitions and clauses within the Model Act allows states that have already enacted similar laws—and those that are contemplating enacting such laws—to have the benefit of the latest reasoning based on the latest data. The most recent law enforcement sweep (as evidenced by the interactive map) shows how data sharing, interagency coordination and federal-state collaboration is having an impact.

Andre Henry was attending a concert when he was shot and killed by random gunfire. The concert was produced by a third-party and took place at a property owned by 48 Branford Place Associates, LLC, and leased to Palladium Associates, LLC. As part of the lease to the third-party concert organizer, Palladium was responsible for providing security for the event. Both 48 Branford Place’s and Palladium’s liability insurance policies included exclusions for assault and battery occurring on the premises. Palladium had secured its liability insurance policy from the Massey Insurance Agency, and there was a dispute concerning the information that had been provided by Palladium during the application process and relating to the nature of the business activities that would be taking place. The dispute specifically concerned whether “entertainment” would be taking place at the premises and whether alcohol would be available. The decedent’s estate asserted that Massey had breached its professional duty of care by not securing proper insurance coverage for the activities that were taking place.

Prior to trial, the court granted 48 Branford’s motion for summary judgment and Massey’s motion to sever the malpractice claims from the plaintiff’s personal injury action. The plaintiff then negotiated a settlement with Palladium’s principle and proceeded against Palladium in a bench trial, where Palladium didn’t contest the plaintiff’s claims or damages. A judgment against Palladium was eventually entered for $1 million.

In the ensuing malpractice trial, the court granted Massey’s motion in limine to preclude any information about the nature of the plaintiff’s injury (the shooting death of her husband) and the resulting damages since the court concluded that such information would serve no purpose but to “inflame the jury.” Instead, the jury was only told that the plaintiff had sustained “a loss.” In reaching this conclusion, the court noted that the issue of Palladium’s negligence had already been determined, as had the resulting damages. The court rejected the plaintiff’s claim that she had a constitutional right to disclose to the jury her role in the litigation and to describe the damages she was caused to suffer.

The important takeaways from this decision are two-fold. First, the strategic and practical value of having the professional malpractice claim severed from the related personal injury or property damage claim. Having both claims proceed in a single trial increases the possibility of jury confusion, and it also allows the potential sympathy for the plaintiff to be used to increase the likelihood of a finding against the insurance professional since the jury will be mindful that the only way the plaintiff can recover a monetary award is to find against the agent/broker. Along that line, defense counsel should request that a separate jury hear the malpractice claim, not the jury that already heard the related claim. Secondly, whether due to the claim being severed or otherwise, it is important to take the appropriate steps to keep the jury’s focus on the issues relating to the allegations of malpractice and to not allow extraneous evidence to be presented that can only inflame the jury’s passion, prejudice or sympathy. The focus has to be kept on the narrow question of whether there has been a breach of the standard of care by the agent/broker.

^{The material in this law alert has been prepared for our readers by Marshall Dennehey Warner Coleman & Goggin. It is solely intended to provide information on recent legal developments, and is not intended to provide legal advice for a specific situation or to create an attorney-client relationship. We welcome the opportunity to provide such legal assistance as you require on this and other subjects. If you receive the alerts in error, please send a note tgventura@mdwcg.com. ATTORNEY ADVERTISING pursuant to New York RPC 7.1. © 2020 Marshall Dennehey Warner Coleman & Goggin. All Rights Reserved.}

By Lawrence B. Berg

Edited by Timothy Ventura, Esq.

Stephens v. 48 Branford Place Associates, LLC, 2019 N.J. Super. Unpub. LEXIS 121 (App. Div. January 16, 2019)

On February 3, 2020, the New York County Lawyers Association hosted its “21st Annual FINRA Listens and Speaks” panel. The panel members discussed recent statistics, proposed regulations, and tips for counsel and arbitrators on the agency’s dispute resolution efforts. Bates takes a closer look at what you need to know. 

Click here to read more.

The SEC Office of Compliance Inspections and Examinations ("OCIE") set out their 2020 examinations priorities in an annual report issued last week. The report reminds registered entities that all its priorities are within the SEC’s mandate to protect investors, facilitate capital formation, and maintain fair, orderly and efficient markets. The report is, in effect, a notice to the industry and chief compliance officers to address potential vulnerabilities in compliance programs and practices in order to minimize retail investor and market risks.

This year, OCIE leaders highlighted a wide variety of continuing and emerging concerns. Bates Group tracks these risks and articulated priorities from year to year (see chart below).

OCIE 2020 PRIORITIES

SEC Examination Priorities Year-To-Year Comparison Chart 2020

Legend

© 2020, Bates Group LLC
Source: OCIE 2020 National Exam Program Examination Priorities (Compiled by Alex Russell, Bates Group LLC)

OCIE explained that these priorities should be viewed in light of the rapidly changing registered investment adviser market, the recently adopted rules on broker-dealer and investment adviser conduct standards (Regulation Best Interest) and other significant financial technology and market developments. A good portion of the report is dedicated to explaining this context. Here’s what OCIE had to say.

REGISTERED INVESTMENT ADVISERS: BEWARE

OCIE leadership explained that examination coverage for RIAs was increasingly imperative, given (i) that the OCIE is “the primary, and often only, regulator responsible for supervising this segment of financial firms;” (ii) that the number of RIAs it supervises is now 13,475, up from 11,500 five years ago; and (iii) that RIAs now have $84 trillion in assets under management, up from $62 trillion five years ago. Examinations of RIAs constituted 2,180 of the 3,089 examinations OCIE completed in FY 2019. By contrast, OCIE examined 350 broker-dealers, 110 securities exchanges, 90 municipal advisors and transfer agents and 15 clearing agencies. These numbers do not include OCIE examinations of the Financial Industry Regulatory Authority (FINRA).

Notably, the OCIE pointed out that its examination coverage rates over registered investment advisers (RIAs) may suffer in 2020 due to perennial staff shortages. However, the Office made clear that it prioritizes keeping pace with year-over-year increases in examination rates for RIAs. In FY 2018, OCIE’s examination coverage of RIAs was 17 percent, and in FY 2019 it was 15 percent. OCIE made a point of noting that the decline in the past year was the result of a 35-day lapse in appropriations, and that examinations of RIAs actually increased by 10 percent over a five-year period.

REGULATION BEST INTEREST: BE READY

Compliance with Regulation Best Interest (Reg BI) interpretations related to the standard of conduct for investment advisers and the new Client Relationship Summary (Form CRS) are major 2020 examination priorities. The OCIE reminded firms that the compliance date for Reg BI and Form CRS is June 30, 2020, and to expect that OCIE will “engage” during its examinations on firms’ progress toward implementation of the new rules. This is significant, in part, because the SEC continues to clarify Reg BI obligations (see e.g. the revised FAQs just issued by the Division of Trading and Markets).

OCIE stated that it has already “integrated” the Reg BI interpretations into its examination program for RIAs. Beyond the compliance implementation date, its examinations will include an assessment as to a firm’s actual Reg BI implementation, “including policies and procedures regarding conflicts disclosures, and for both broker-dealers and RIAs, the content and delivery of Form CRS.”

OCIE restated past examination priorities as they relate to retail investors. (See Comparison Chart above.) These include a focus on certain complex products and vulnerable investors. Consistent with its Reg BI focus, OCIE stated that its 2020 examinations will look at disclosures relating to fees, expenses and conflicts of interest and the “controls and systems [intended] to ensure those disclosures are made as required and that a firm’s actions match those disclosures.” This includes supervision of outside business activities and “any conflicts that may arise from those activities.”

For RIAs, OCIE plans to examine whether they have fulfilled their fiduciary duties of care and loyalty. The OCIE relayed that it “has a particular interest” in the accuracy and adequacy of disclosures provided by RIAs concerning offers to clients on new and emerging investment strategies, such as strategies focused on sustainable and responsible investing, which incorporate environmental, social, and governance (ESG) criteria.

For broker-dealers, OCIE highlighted that examinations will focus on transfer agent handling of microcap distributions and share transfers, sales practices, and supervision of high-risk registered representatives. More generally, OCIE emphasized that it will assess recommendations and advice given to (i) seniors and “those targeting retirement communities” and (ii) teachers and military personnel. In conjunction with Reg BI compliance issues, OCIE said it will focus on higher-risk products like private placements, as well as on non-transparent products such as mutual funds and ETFs, municipal securities and other fixed income and microcap securities.

INDUSTRY AND TECHNOLOGY RISK: BE CAREFUL

The theme of information technology risk cited in the report is broad. OCIE will be “monitoring industry developments and market events” to assess broad risks and consequences for both firms and retail investors.

For registered entities, OCIE said it will examine the use of technology by third-party vendors and information security in general, including proper configuration of network storage devices and retail trading information security. The OCIE also emphasized that it will examine for (i) SEC registration eligibility, (ii) cybersecurity policies and procedures, (iii) marketing practices, (iv) adequacy of disclosures, and (v) the effectiveness of compliance programs. For RIAs in particular, OCIE said it will focus on the protection of clients’ personal financial information including on governance and risk management, access controls, data loss prevention, vendor management, training, and incident response and resiliency.

As to retail investors, on digital assets and electronic investment advice, OCIE will be examining for (i) investment suitability, (ii) portfolio management and trading practices, (iii) safety of client funds and assets, (iv) pricing and valuation, and (v) supervision of employee outside business activities.

RESOURCES AND EXAMINATIONS

OCIE leaders acknowledged the resource challenges to fulfilling its mandate and said that it will continue to invest in expertise, technology tools and data analytics to “identify potential stresses on compliance programs and operations, conflicts of interest, and … issues that may ultimately harm investors.” OCIE implied that it will use these tools to determine how to select firms for examinations and remarked that “broker-dealers may be selected for examination based on factors such as employing registered representatives with disciplinary history, engaging in significant trading activity in unlisted securities, and making markets in unlisted securities.”

For RIAs, OCIE said it would look at selecting firms that have never been examined or have not been examined for years in order to determine whether compliance programs “have been appropriately adapted in light of any substantial growth or change in their business models.” In addition, OCIE stated that it will “prioritize examinations of RIAs that are dually registered as, or are affiliated with, broker-dealers, or have supervised persons who are registered representatives of unaffiliated broker-dealers.” It will examine compliance programs to address best execution risk, prohibited transactions, fiduciary advice, and conflict disclosures related to these arrangements. OCIE will also examine firms that use third-party asset managers to advise clients in order to consider the extent of these RIAs’ due diligence practices, policies, and procedures. OCIE promises to be diligent about narrowly targeting and protecting the investor information it collects and noted some of the cross-border compliance issues it faces in covering almost a thousand off-shore RIAs that manage over $10 trillion in assets.

OTHER HIGHLIGHTS

The OCIE also emphasized that it will be examining for the following:

• Anti-Money Laundering (AML) Programs – OCIE seeks to prioritize examining broker-dealers and investment companies for compliance with their AML obligations. In particular, the Office will review for customer identification programs and customer due diligence, beneficial ownership compliance, and Suspicious Activity Report (SARs) compliance. OCIE will also review to ensure timely and independent tests of AML programs.
• Algorithmic Trading – OCIE will examine for controls and supervision around the use of automated trading algorithms, explaining that broker-dealers have expanded their use into multiple asset classes, which has the “potential to adversely impact market and broker-dealer stability.” This includes “the development, testing, implementation, maintenance, and modification of the computer programs that support their automated trading activities and controls around access to computer code.”
• Broker-Dealers that Hold Cash and Securities – OCIE will be examining to determine if broker-dealers are safeguarding these assets “in accordance with the Customer Protection Rule and the Net Capital Rule,” and to check for compliance with internal processes, procedures, and controls.
• MSRB – OCIE will prioritize review of municipal advisor fiduciary duty obligations to clients, fair dealing with market participants, and the disclosure and conduct of municipal advisers regarding conflicts of interest.” OCIE also said it will review for compliance with recently adopted MSRB rules on advertising.
• FINRA – OCIE plans to continue to conduct risk-based oversight examinations of FINRA, including oversight of the examinations FINRA conducts of certain broker-dealers and municipal advisors.

CONCLUSION  

In its report, OCIE leadership deliver several messages to the firms it examines, including identifying the hallmarks of effective compliance.  Most importantly, they underscore that the people and compliance programs play a critical role and really do matter.  Effective compliance requires (i) establishing a culture of compliance for the firm; (ii) a commitment by firm executives that compliance is “integral” to firm success: and (iii) “tangible” support for compliance in all operations and throughout all levels of the firm. They stress that the chief compliance officer must be fully empowered with the “responsibility, authority, and resources to develop and enforce policies and procedures of the firm.” And, finally, they remind firms that compliance should be “incorporated” into firm operations and business developments, including product innovation and new services.

Governor Murphy has signed into law the “Safeguarding Against Financial Exploitation Act” (the Act) previously introduced on February 25, 2019 as Assembly Bill #5091.

The Act provides that when a “qualified individual,” defined as any agent, investment adviser, representative or other person who serves in a supervisory, compliance, or legal capacity for a broker-dealer or investment adviser, believes that financial exploitation of an “eligible adult” (defined as a person 65 years of age or older or a person subject to the “Adult Protective Services Act”) has occurred or is being attempted, the qualified individual is obligated to notify the Bureau of Securities in the Division of Consumer Affairs in the Department of Law and Public Safety and the applicable county adult protective services provider. The qualified individual is also required to notify any third party previously designated by the eligible adult, unless the third party is the party suspected of the financial exploitation.

Click here to read more.

FINRA has announced their regulatory and examination priorities for the upcoming year. You can read the letter, with an introduction by FINRA President and CEO Robert Cook, here. New for this year is a focus on Regulation Best Interest (Reg BI) and Form CRS (Client Relationship Summary).

Stay tuned to the Bates News page for our commentary on FINRA’s 2020 objectives and how they may impact your legal, regulatory and compliance matters.

The SEC’s Office of Compliance Inspections and Examinations (OCIE) has announced their exam priorities for the upcoming year. You can read the press release here.

Stay tuned to the Bates News page in the upcoming weeks for our expert commentary on the SEC's 2020 objectives, how they compare to other years, and how they may impact your legal and compliance matters in the future.

January 10th, 2020 | Angela Preston, Senior Vice President and Counsel, Corporate Ethics and Compliance with Ryan Hannan, Compliance Associate

On December 20, 2019, the President signed S. 1790, the National Defense Authorization Act for Fiscal Year 2020 which included S. 387, the Fair Chance to Compete for Jobs Act of 2019 (the “Fair Chance Act” or “Act”). The Fair Chance Act, authored by Senators Cory Booker (D-NJ) and Ron Johnson (R-WI), prohibits federal agencies and contractors from requesting applicant disclosures of criminal history record information—both orally and in writing—prior to a conditional offer of employment. The bill received bipartisan support in the Senate and in the House, where it was introduced as H.R. 1076 by Elijah Cummings (D-MD) and Doug Collins (R-GA).

The Fair Chance Act includes the following exceptions for Federal Agencies:

• Positions identified by the Director of the Office of Personnel Management to involve interaction with minors, access to sensitive information, or management of financial transactions (regulations for which are pending from the Director)
• Federal law enforcement officers
• Positions in civil service if consideration of criminal history record information prior to a conditional offer is otherwise required by law
• Positions with determination of eligibility requirements related to access to classified information, national security duties, military acceptance or retention, and positions of public trust

The Fair Chance Act includes the following exceptions for Federal Contractors:

• Positions identified by the Administrator of General Services to involve interaction with minors, access to sensitive information, or management of financial transactions (regulations for which are pending from the Administrator as well as the Secretary of Defense for Defense contractors)
• Positions with access to classified information
• Positions with law enforcement and/or national security duties
• Positions if consideration of criminal history record information prior to a conditional offer is otherwise required by law

The Federal Fair Chance Act requires policies and procedures to be developed to facilitate compliance and assist applicants with submitting complaints. These are respectively to be provided by the Director of the Office of Personnel Management for federal agencies, the Administrator of General Services for federal contractors, and the Secretary of Defense for defense contractors. The Act establishes actions for initial and subsequent violations and clarifies that there is no private right of action. The Director of the Office of Personnel Management is further required to create procedures for appeals related to violations.

The requirements of the Act are effective two years from the date of enactment, with the regulations required from the Director of the Office of Personnel Management due one year from the date of enactment.

The status and full text of S. 387 can be found here.

Do you have further questions? Our in-house compliance experts work with our team of dedicated client success managers to help you create a great environment at your workplace. Start a conversation with us to make the most of our unrivalled service.

This publication is for informational purposes only and nothing contained in it should be construed as legal advice. We expressly disclaim any warranty or responsibility for damages arising out this information. We encourage you to consult with legal counsel regarding your specific needs. We do not undertake any duty to update previously posted materials.

January 10th, 2020 | Angela Preston, Senior Vice President and Counsel, Corporate Ethics and Compliance with Ryan Hannan, Compliance Associate

Originally published on sterlingcheck.com

The Securities and Exchange Commission (“SEC” or “Commission”) recently published a proposal for significant changes to the rules and guidance surrounding the marketing and advertising activities of registered investment advisers and the engagement of solicitors. The goal of such amendments seems to be focused around bringing the rules into the digital age, as well as attempting to merge the various rules, guidance, and no-action letters into a cohesive regulation. 

Click here to read

On June 5, 2019, the SEC voted to adopt Rule 15I-1, known as “Regulation Best Interest” or “Reg. BI,” under the Securities Exchange Act of 1934. The SEC adopted Reg. BI to enhance the standard of conduct applicable to broker-dealers and their financial advisors when servicing retail clients and require that they act in their clients’ best interest. Reg. BI became effective September 10, 2019. The compliance date for Reg. BI is June 30, 2020.

The SRO and States Subcommittee of the Section of Litigation’s Securities Litigation Committee recently hosted a State Securities Regulators Roundtable to discuss Reg. BI and its implications for the financial services industry and regulators.

Click here to read more.

This newsletter is a periodic publication of Lloyd, Gray, Whitehead & Monroe, PC and is intended for general purposes only.

On October 18th, 2019, more than a year after the launch of the SEC Share Class Disclosure Initiative and targeted enforcement activity, the SEC Division of Investment Management issued information clarifying conflicts of interest raised by different types of investment adviser compensation. In a new set of FAQs, SEC staff reviewed general conflicts of interest disclosure requirements and offered insight on the “material facts” that need to be disclosed concerning mutual fund share classes and an adviser’s receipt of revenue-sharing payments. Here’s a closer look.

WHY IT’S IMPORTANT

In a recent regulatory alert, we highlighted recent actions targeting investment advisers by the SEC Enforcement Division. The noted actions were aimed at potential conflicts of interest that arose from revenue-sharing payments and other forms of representative compensation or cost offsets. In general, the actions test whether investment advisers are adequately disclosing potential conflicts of interest consistent with the fiduciary obligations owed to their clients.

These enforcement efforts follow on the heels of the Share Class Disclosure Initiative, an undertaking intended to encourage firms to self-report past violations relating to certain mutual fund share class selection conflicts, and to promptly return money to harmed clients. As Bates has cautioned, the enforcement activity sends firms a strong message to make sure that disclosure concerning revenue-sharing arrangements and other forms of compensation are consistent with SEC interpretations.

NEW FAQS

The new FAQs cover (i) general compensation disclosure obligations for investment advisers related to recommended investments, (ii) “material facts” that advisers should disclose concerning mutual fund share classes,” and (iii) disclosure requirements related to an adviser’s receipt of revenue-sharing payments. The FAQs also make clear that any amendments to share class or revenue-sharing arrangements made in annual updates are required to be highlighted on Form ADV.

General Compensation Disclosure

The FAQs restate the overarching principles that advisers must disclose financial incentives when recommending investments that are tied to compensation, and that the nature of the compensation affects the disclosure. Staff noted that conflicts are “especially pronounced” when certain share classes of the same funds that do not bear these fees are available.

The FAQs also describe more detailed disclosure obligations required under Form ADV, including the provision of “sufficiently specific facts” to enable clients to give informed consent. This includes “‘information not specifically required by’ the Form or more detail than the Form otherwise requires.”

Importantly, staff made clear (i) that merely reporting that the adviser “may” have a conflict is not adequate disclosure “if the conflict actually exists,” and (ii) that “an adviser should consider these disclosure obligations with respect to both recommendations to purchase and recommendations to continue holding an investment.”

Material Facts on Mutual Fund Share Classes

According to SEC staff, when recommending a mutual fund share class which is tied directly or indirectly to compensation, material facts include the existence and effect of different financial incentives that may lead to conflicts (e.g. those arising from shared incentives between the adviser and a clearing broker, various limitations on share class transactions within a fund, or adviser practices concerning transactions after the initial recommendations). It is also material to disclose how the adviser addresses the conflict, (e.g. on practices related to differences between share classes with different compensation structures for 12b-1 and transaction fees; or whether the adviser “has a practice of offsetting or rebating some or all of the additional costs to which a client is subject.”) The FAQs make clear that these examples are not comprehensive but rather should serve the broader message that all compensation arrangements are on the table.

Material Facts on Revenue-Sharing Payments

An investment adviser is required to disclose any arrangement they may have with anyone who provides an economic benefit for providing investment advice or other advisory services for clients. Under Form ADV, the adviser is obligated to “describe the arrangement, explain the conflicts of interest, and describe how it addresses the conflicts of interest.” The FAQs highlight examples of arrangements in which there are financial incentives provided to the adviser or shared between the adviser and clearing brokers, custodians, funds’ advisers or other service providers. SEC staff warns that such disclosures “should be concise and in plain English.”

BATES EXPERTS REFLECT

While the FAQs state explicitly that the interpretations provided do not alter or amend applicable law nor create any new or additional obligations for advisers, the SEC is clearly sending a message that the agency will continue its focus on disclosure and adviser compensation.

Bates Group Securities Litigation & Regulatory Enforcement Managing Director Alex Russell highlights several aspects of the new FAQs. He notes the SEC staff’s expansive view of adviser compensation (e.g. to include areas where a firm saved costs as well as earned fees) and the application of these staff interpretations to investments more broadly. He points out staff’s expectation as to the ongoing nature of the disclosure obligation “beyond point of sale,” underscoring the FAQ warning that “an adviser should consider these disclosure obligations with respect to both recommendations to purchase and recommendations to continue holding an investment.”

Bates Group Managing Director of Compliance Robert Lavigne urges firms to work on the language of their disclosures to ensure not only that they are “concise, direct, appropriate to the level of financial sophistication of the adviser’s clients and written in plain English,” but that they also be explicit and specific (hence, the admonition against the use of the word “may” when a conflict of interests exists). Getting this right will require a deep dive into advisers’ policies and practices as firms can no longer rely on longer disclosures or references to “potential conflicts” to withstand examination or enforcement scrutiny.

In this episode of CRC TV, we interview our Compliance and Financial Operations Professional, Scott Brown, who discusses his upbringing in Queens, NY during the 1970s and how it lead him to a career in the risk and financial services industry.

At the 2019 SIFMA Compliance and Legal Society’s New York Regional Seminar, industry panelists along with senior officials from the SEC and FINRA addressed a range of topics including Regulation Best Interest (or “Reg BI”), cryptocurrency and cannabis.

Click here to read more.

On September 26, a bipartisan group of Senators led by Tom Cotton, (R-AR) and Mark Warner (D-AR), formally introduced their bill to strengthen the authority of the Financial Crimes Enforcement Network (FinCEN) to fight money laundering. As Bates Group reported back in June, the Improving Laundering Laws and Increasing Comprehensive Information Tracking of Criminal Activities in Shell Holdings Act (“ILLICIT CASH Act”) would, among other things, establish federal reporting requirements that mandate all beneficial ownership information be maintained in a comprehensive federal database, accessible by federal and local law enforcement. The Act would also require the reporting of beneficial ownership information for domestic shell companies. A similar bill, sponsored by Congresswoman Carolyn Maloney, titled the Corporate Transparency Act (“CTA”), passed a vote in the House of Representatives this week, 249-173. 

The House of Representatives also passed its version of the Secure and Fair Enforcement Banking Act of 2019 ("SAFE Banking Act"). As described in a Bates Research article early this August, the SAFE Banking Act would remove legal uncertainty for regulated banks and credit unions that provide banking services to cannabis businesses. The bill provides a safe harbor from federal anti-money laundering and regulatory enforcement actions for insured depository institutions.

These bills have the potential to significantly impact AML/BSA compliance programs. Here’s a closer look.

THE ILLICIT CASH AND CORPORATE TRANSPARENCY ACTS

In a recent Bates Research article on FinCEN, we noted that Director Kenneth Blanco publicly appealed for legislators to overhaul the BSA and provide additional federal authority to close loopholes left open by the Customer Due Diligence (“CDD”) Rule. Director Blanco advocated for more efficient law enforcement access to personal identity information. In particular, he was seeking the authority to collect beneficial ownership information at the “corporate formation stage” to prevent “sophisticated criminals of all kinds, including terrorists,” from establishing shell companies that “mask and further their criminal activity, to invest and buy assets with illicit proceeds.”

The ILLICIT CASH Act and the CTA respond directly to Director Blanco’s concerns. As described in the official legislative summary, of the ILLICIT CASH Act, the bill “comprehensively updates the BSA for the first time in decades and provides a coherent set of risk-based priorities in statute.” The Act (i) establishes “a comprehensive federal database, with strict privacy protections, accessible by federal and local law enforcement” and (ii) requires shell companies to report their beneficial owners, in order to prevent “exploitation of U.S. companies.” Further, the bill (iii) requires and improves “routine coordination, communication and feedback among financial institutions, regulators, and law enforcement to identify suspicious financial activities;” (iv) encourages greater data sharing “so that patterns of suspicious activities can be more easily tracked and identified;” and (v) provides new processes to encourage innovation.

Other highlighted provisions of the Act concern:

• recruitment and retention of top talent and the creation of a “hub” of investigatory expertise at FinCEN;
• the hiring of a Treasury liaison to improve communications about AML rules, regulations, and examinations;
• the sharing of metrics on AML data and trends from financial institutions for law enforcement purposes;
• the periodic feedback by regulators to financial institutions on their suspicious activity reports;
• the protection of personally identifying information;
• new recordkeeping requirements on foreign banks and new rules that compel them to comply with subpoenas;
• updates to certain statutory definitions to include digital currency.

The House action on the CTA reflects real movement on the issue. Like the ILLICIT CASH Act, the CTA requires all corporations and LLCs to disclose their true “beneficial owners” to FinCEN and to create a federal database of beneficial owners. The proposed database is expected to be available to law enforcement agencies, and to financial institutions (with customer consent, consistent with “Know-Your-Customer” compliance obligations.)  Otherwise, the bill exempts those entities already covered under SEC or state regulation.

The formal introduction of the ILLICIT CASH Act in the Senate and the passage of the CTA in the House are significant developments. These bipartisan legislative successes will dramatically empower both state and federal law enforcement.

THE SAFE BANKING ACT

The formal purpose behind the SAFE Banking Act is “to increase public safety by (i) ensuring access to financial services to cannabis-related legitimate businesses and service providers and (ii) reducing the amount of cash at such businesses.” The SAFE Banking Act accomplishes this by creating a safe harbor for depository institutions that provide banking services to state-licensed cannabis businesses. Further, under the SAFE Act, proceeds from such businesses would not be considered proceeds from illegal activity. This means that these loans, and collateral provided by financial institutions, are effectively protected from anti-money laundering laws and the risk of asset forfeiture.

As a consequence, the SAFE Banking Act serves as an open invitation for financial institutions to fully engage in providing financial products and services to cannabis businesses. For the cannabis businesses themselves, the Act allows them full access to capital outside of cash transactions—this serves the goal of reducing reliance on cash for these businesses.

Other notable provisions of the Act:

• prohibit regulators from taking adverse or corrective supervisory action on loans made to cannabis businesses, including their owners and employees, or real estate and equipment leased to them;
• protect from criminal, civil and administrative forfeiture any loans or other financial services provided to cannabis businesses or owners of real estate or equipment leased or sold to them;
• impose new obligations on FinCEN to provide written guidance and examination procedures for financial institutions that provide services to cannabis businesses;
• promote diversity and inclusion in the cannabis industry. 

The passage of the SAFE Banking Act by the House of Representatives is a major step toward the normalization of cannabis-related businesses. That said, the Act does not legalize cannabis, which remains a Schedule I drug under federal law—it merely carves out a safe harbor for state-licensed businesses.  Consequently, even after the SAFE Act becomes law, some risk remains that an institution may continue to be in violation of federal law. This remains a point of contention and a source for other legislative initiatives, but it does not diminish the opening up of the cannabis marketplace. 

CONCLUSION

“The bipartisanship exhibited with respect to the ILLICIT CASH Act and the SAFE Banking Act is notable,” said Bates AML and Financial Crimes Managing Director Edward Longridge. “Though these legislative efforts have not yet reached fulfillment, they do seem to be moving steadily down the path to becoming law. Until then, financial institutions must continue to comply with the prevailing AML frameworks.” Bates will keep you apprised as these and other legislative developments play out.

To learn more about Bates Group’s Financial Crimes and AML services, please contact Edward Longridge at elongridge@batesgroup.com.

On October 11, 2019, the heads of FinCEN, the SEC and CFTC issued a joint statement to remind financial institutions of their Bank Secrecy Act (“BSA”) obligations for transactions involving “digital assets.” The statement begins with an acknowledgement by the regulators that the terminology used to describe a digital asset (or those providing financial services involving a digital asset) “may not necessarily align with how that asset, activity or service is defined under the BSA, or under the laws and rules administered by the CFTC and the SEC.” The regulators’ joint statement makes the central point that, “regardless of the label,” for purposes of compliance with the BSA, it is “the facts and circumstances underlying the asset, activity or service,” that determines the regulatory treatment of the activity.

BSA anti-money laundering obligations include the establishment and implementation of an effective program, recordkeeping and suspicious activity reporting. Agency leaders reaffirmed that "financial institutions" subject to these obligations include futures commission merchants, brokers obligated to register with the CFTC, broker-dealers and mutual funds entities obligated to register with the SEC, and money services businesses ("MSBs") obligated to register with FinCEN.

In an attempt at clarifying which agencies, or combinations of agencies, have authority over other market participants that engage in digital transactions, the regulators explained that the “nature of the digital asset related activities” would be key to determining if a person must register with the CFTC, FinCEN or the SEC. In separate additional statements, the agencies described the scope of their specific jurisdictions. The regulators noted, for example, that broker-dealer-related digital asset financial services may fall under the SEC, FinCEN and FINRA and that the BSA obligations “apply very broadly” regardless of whether the digital activity involves a “security” or “commodity.”

In additional specific comments, the Director of FinCEN reminded money transmitters and other MSBs (i.e. dealers in a foreign exchange, a check casher, an issuer or seller of traveler’s checks or money orders, or a seller or provider of prepaid access) to be mindful of recently issued interpretive guidance on the application of the BSA obligations to their businesses. (See Bates Research article on the FinCEN’s 2019 Convertible Virtual Currencies “CVC” Guidance.)

“By this joint statement, the agency heads are warning market participants engaging in digital asset transactions that they are seeking compliance with anti-money laundering requirements,” said Bates AML and Financial Crimes Managing Director Ed Longridge. “Now is the time for these players to determine whether their businesses are appropriately registered, and to have the appropriate AML programs in place.”

To learn more about Bates AML and Financial Crimes services, please contact Edward Longridge, Managing Director, Bates AML & Financial Crimes at elongridge@batesgroup.com

October is here! That means the SEC’s Reg BI implementation deadline is right around the corner. To support your implementation efforts, Bates Compliance is rolling out the Bates Reg BI Countdown with action items to keep your compliance team on track as the June 30, 2020 implementation deadline approaches.

The Bates Compliance consulting team, made up of former CCOs and senior regulators, will be providing you with ongoing insight and deadline reminders as the implementation date approaches. Our goal is to make the implementation process easy for you and to encourage the participation of your entire team.

Action Item 1: Take Steps to Review Conflicts

Here are three easy steps to review potential conflicts of interest:

1. Assemble representatives from various internal groups of your firm
2. Appoint an individual to be the conflicts coordinator and/or a designated conflicts lead.
3. Identify and start documenting your firm’s conflicts and mitigation controls.

Where can you find conflicts?

According to Bates Compliance Director Jill Ehret, high-level conflicts of interest can include:

• Compensation payouts
• Products offered by the firm
• Outside Business Activities
• Individual Conflicts
• Investment Advisory and other financial services affiliations
• Ownership structure of the firm

Now that you have an initial plan, you can roll up your sleeves and get to work! But just in case you need a little extra support, Bates is here to help. Bates Compliance helps firms with their Reg BI implementation, including further defining conflicts, determining your disclosure approach and mitigating risk to your firm.

Want to learn more? Please call or email Bates Managing Director Bob Lavigne at (508) 868-6741 or rlavigne@batesgroup.com.

FINRA has been virtually silent since announcing plans for a major overhaul of the expungement process in its Notice to Members 17-42 in December 2017. This week, FINRA finally offered some insight into what will happen next.

Click here to read more.

As the regulatory landscape is constantly evolving, Compliance Risk Concepts (“CRC”) is issuing its monthly review and summary of FINRA, SEC, and NFA notices and bulletins to assist our clients in keeping abreast of notable regulatory developments and deadlines in an effort to strengthen their compliance and regulatory initiatives. Click below to read the full September 2019 monthly regulatory review and outlook. 

Click Here To Read!