FIRMA National Risk Management Training

Conference
New Orleans, LA
April 29, 2009

Overview of Key Rules and Regulatory

Developments affecting Broker Dealers,
Investment Advisers etc.
Sean Gray
Senior Vice President
Director of Wealth Management Compliance
PNC Bank
All statements and opinions contained herein are the sole opinion of the speaker not PNC and
subject to change without notice.

Agenda

Refresher/Overview of NASD Rules 3012, 3013, NYSE

Rule 342 etc. (i.e., new FINRA Rule 3130)
FINRA 2009 Exam Priorities and Enforcement Guidelines
Other FINRA and B-D Regulatory Developments
Annual Review Tips for RIAs
SEC Compliance Hot Spots
4 Key Areas to Focus Lori Richards
Custody Sweeps etc.
New SEC Exam Letters and Approaches
Other RIA Hot Topics

Regulatory Scheme
Annual Compliance
and Supervision
Certification
NYSE 342.30 & NASD 3013

NEW

NEW
Supervisory Control System
NYSE 342.23 & NASD 3012
Key Requirements:
Establish, maintain, enforce a system of
supervisory control
Procedures in place to review and
supervise customer activity and
Branch/Sales/Regional/District Managers
Independent day-to-day supervision of
producing managers

Supervisory Procedures
NYSE 342 & NASD 3010
Key Requirements:
Written supervisory P&Ps
Internal inspections
Supervision of RRs

Ensures process owned

by CEO, senior leadership
Assures robust reporting
between senior
leadership and
CEO
compliance leader
Certification
Mandates annual reviews
that drive continuous
process improvement,
adjustment for
Processes for
regulatory, business
Testing,
Verification, Enforcement changes
Trend spotting, early
and Reporting
warning capability clear
advantages

Processes for Monitoring

Supervisory Procedures
(Surveillance,
Corporate Audit Reviews,
Branch Inspections,
Internal Reviews)
Written Supervisory Policies and Procedures

Various impacted business areas

Note: FINRA Rule 3130 (Annual Certification of Compliance and

Supervisory Processes) replaces NASD Rule 3013 and the corresponding
provisions in Incorporated NYSE Rule 342.30 and related NYSE Rule
Interpretations (effective December 15, 2008)

 NASD Rule 3013: Annual Certification of Compliance and Supervisory Processes

Rule 3013 requires:

Designation of a CCO on Schedule A of Form BD

CEO certification that the Member firm has in place processes to:
(a) establish, maintain and review policies and procedures reasonably
designed to achieve compliance with NASD and MSRB rules and applicable
federal securities laws and regulation
(b) modify these policies and procedures as business, regulatory and
legislative changes and events dictate
(c) test the effectiveness of such policies and procedures on a periodic
basis, the timing and extent of which is reasonably designed to ensure
continuing compliance with applicable rules, laws and regulations

At least one annual meeting between CEO and CCO to discuss prescribed
compliance matters

Members processes must be evidenced by a report reviewed by the CEO,

and Chief Compliance Officer (and such others as the Member deems
necessary) and submitted to the Members Board of Directors and
Audit Committee

The CEO certification is a process certification and does not require

performance or completion of any compliance testing or verification

NASD Rule 3012: Supervisory Control System

Supervisory control policies and procedures include procedures reasonably designed to review and supervise customer account activity, branch office managers, sales managers, regional and district sales managers and any other person performing a similar supervisory function
Rule 3012(a) requires designation of one or more Principals tasked to establish, maintain and enforce a system of supervisory control policies and procedures and continually improve such procedures as required after reviews or testing or in response to business or regulatory changes
Rule 3012 also requires procedures for senior or otherwise independent day-to-day supervision of Producing Managers account activity and heightened supervision of producing managers with 20% or more revenues generated from units supervised by the producing managers supervisor
Requires annual testing and verification of WSPs by January 31 st of each year to demonstrate that they are reasonably designed with respect to the members activities (and those of its RRs and Assoc Persons) to achieve compliance with NASD rules and applicable securities laws and regulations, and the creation of additional policies and procedures where the need is identified by such testing and verification

NASD Rule 3012: Supervisory Control System

COM MON EXAM FINDINGS R ule 30 12
Failure to recognize that Supervi sory Cont rol Proced ures (SCP s) differ from WSPs
Need WSPs plus control process for insuring such proce dures a re adequate and curre nt, i.e., fundamental purpose of 3012
A firm that does not have SCPs, frequently fails to:
o
o

Desi gnat e th e P ri nci pal (s) responsible for establishing, maintaining and enforcing the firm s system of supv control p ol & proc;
Ann uall y test and verify su pv pro cedures and am end them, w hen ne eded;

Adequ at ely supervi se custo mer account activity o f producing m anagers;

Adequ at ely supervi se producing m anagers subject to H S; and

Review , m onitor and confirm transm ittal of funds/ securities from custom ers to 3 rd parties, changes of address an d chan ges of inv objs

NASD Rule 3012: Supervisory Control System

C O M M O N EXA M FI ND I NG S Rule 30 12
Testing and Verification
FINR A has noted that some firms failed to test and verify on annual basis that supv procedures are sufficient and reasonably designed with respect to activities of the me mber firm and its RRs and Assoc Persons
o Each firm must have written testing and verification procedures that detail steps to be taken by firm to conduct testing and v erification to identify any gaps in supv proce ss
o Procedures must also detail steps to be taken by firm for drafting and approving new procedures, including identification of responsible Principal and implementation process.
Failure to prepare and timely submit the Rule 3012 annual repo rt to firms senior management.
Limited Size and Reso urce Exception
One of most common 3012 finds is inaccurate understanding and application of this exception.
It only provides alternative method for who may perform a producing managers review
Failure to supervise Producing Managers
Must correctly identify any and all producing managers

NASD Rule 3012: Supervisory Control System

COMMON EXAM FINDINGS Rule 3012
Failure to confirm, verify or follow-up with customers in the event of a:
change of address;
transmittal of funds; or
transmittal of customer funds or securities.

Responsibility Matrix
Employees
All employees must
understand:
-their job
responsibilities
-the rules and
regulations, and the
related policies and
procedures,
applicable to their
duties
All employees are
responsible for:
- carrying out
control activities
- communicating
identified control
weaknesses,
deviations from
established
standards, and
violations of policy
or law

Management and Supervisors

Managers are responsible
for establishing and
maintaining effective
control systems by:
-maintaining a control
environment that
encourages control
activities. Setting the
tone.
-identifying risks, and
establishing objectives,
goals, and standards in
accordance with risk
assessments
- ensuring through
information &
communication and
monitoring procedures,
that internal controls are
established and
functioning effectively to
achieve objectives

Compliance
Compliance:
- Works with Legal in
interpreting rules and
regulations
- Provides consultation
and advice on
compliance controls
- Independently
Reviews/Tests the
adequacy of internal
controls and reports the
results to Management
- Makes
recommendations on
how to mitigate risks
and remediate
weaknesses identified

Rule Comparison Chart

Comparison of NASD Rules 3013, 3012 and NYSE Rule 342
Rule

NASD 3013 (New) / NYSE 342.30

(New)

NASD 3012 (New)

NYSE 342 (Expanded)

Timing

4/1/2006 and annually

thereafter

4/1/2006 and annually thereafter

Annually by 4/1

Requirements

1) CEO certification that member

firm has processes in place to
establish, maintain, review, modify
and test the effectiveness of
policies and procedures
reasonably designed to achieve
compliance with NASD, MSRB
rules and applicable federal
securities laws and regulations;
2) At least one annual meeting
between CEO and CCO to
discuss prescribed compliance
matters

1) Designation by member firms of a

principal to establish, maintain and
enforce a supervisory control system
and test and verify that the
supervisory procedures are reasonably
designed to comply with applicable
rules;
2) Heightened supervision of producing
managers

Establishment and maintenance of a

compliance and supervisory
framework, including supervision of
registered representatives, foreign
branch offices, supervisor
qualification, supervision of
producing managers, information
requests, trade review and
investigations and internal controls

Deliverables

Report reviewed by CEO, CCO

documenting the processes in
place to comply with Rule 3012
and submitted to the member
firms board of directors and Audit
Committee

Annual report to senior management

describing the supervisory controls
system, test results and resulting
changes implemented

Annual report to senior

management on the members
supervision and compliance
efforts
Annual report to be filed with the
Exchange

Comments

No testing or verification
required for certification; NASD
expecting member firms to
begin work plans to comply
with Rule 3012
CEO is certifying to processes
not substantive compliance
Certification intended to raise
stature of CCOs to compare
with CFOs and get senior
leadership actively engaged in
compliance dialogue

Dual NASD/NYSE member firms can

elect to comply with NASD Rule 3012
or NYSE Rule 342
Dual NASD/NYSE members can use
either the NASD or NYSE standard for
defining who is a producing manager
(either standard acceptable to both
NASD & NYSE)

NYSE member firms must comply

with NYSE Rule 342

10

FINRA 2009 Exam Priorities

3 General Categories Sales Practice Issues, Enterprise Control Functions,
and Financial/Operational Controls
Sales Practice Issues:
Cash Alternatives
Focus is result of ARS Issues, i.e., representing certain securities as cash
alts or equiv.'s
1 - Need to have reasonable basis for characterizing inv as cash alternative
2 Need to have Procs in place to monitor developments to ensure inv
retains characterization as cash alternative
3 Need to perform suitability analysis before recommending same to
customer
Bank Sweeps
Increase in recent use of bank deposit programs as sweep vehicles for free
credit balances
Focus on disclosures re: terms and conditions
Differentiation of SIPC vs. FDIC coverage
Methodology for calculating interest on sweep balances
Disclosure of comp earned by B-Ds and banks operating sweep programs as
well as RRs who offer these programs
Addl exam focus on reconciliation issues relating to the bank where account
is held.

11

FINRA 2009 Exam Priorities

Enterprise Control Functions:
AML
E-Trade enforcement action
Focus broadly on suspicious activities related to securities transactions vs.
solely on money movements
One size does not fit all relative to AML Program!
Each firm needs to tailor program to own business model, risk profile,
volume of transactions etc.
FCPA
Recent & significant ($$) SEC settlements
Addl recent focus by NYSBD
Reminder to members of obligation to comply, maintain accurate books
and records, implement internal controls etc.
Protection of Customer Info and IT Security
Several recent SEC enforcement actions arising from online account
intrusions
e.g., LPL Financial alleged failure to implement safeguards despite
awareness that it had insufficient controls to protect customer info
Members offering online customer access need to assess internal
surveillance and implement measures for dealing with account intrusions

12

FINRA 2009 Exam Priorities

Protection of Customer Info and IT Security (Contd)
Need to regularly monitor account activity to monitor for any
note of suspicious activity
FINRA reminding firms to develop and implement written ID
Theft Program pursuant to FTCs Red Flag Rules which the FTC
will begin to enforce May 1st See FINRA Reg Notice 08-69
Outsourcing
NTM 05-48 states that BDs may outsource certain functions, but
may not outsource supervision and oversight.
FINRA provides suggestions on how members can satisfy
supervision/due diligence on vendors by:
o Requiring vendors to meet measurable performance
standards
o Meeting frequently with vendor personnel; and
o Assigning qualified personnel to monitor review and supervise
the service providers activities
Need to assess risk of vendors operating in foreign jurisdictions
and business continuity issues related therewith
FINRA will be looking for Written Procs in all of this space!

13

FINRA 2009 Exam Priorities

Information Barriers
Ongoing FINRA enforcement sweep relative to the control of
the flow of nonpublic material info within member firms.
Firms need to have info barrier Procs tailored to business
activities and org structures, and Procs to address use of
restricted/watch lists, monitoring systems, supervision,
review of proprietary and empee trading, review of
questionable activities and recordkeeping requirements
Rumors
SEC and FINRA sweeps re: Circulation of Rumors
Recent SEC Sweep Letter to B-Ds asking about controls
relating to prevention of rumors, e.g., monitoring elec
commun such as empee internet access, chat rooms and
other websites.
Refer to FINRA Proposed New Rule on this topic Regulatory
Notice 08-68 questions re: distinguishing rumors from
mkt commentary

14

FINRA 2009 Exam Priorities

Financial and Operational Controls:

Customer Protection Rule

The Failure and/or Merger of several large firms in 08 reinforces
significance of CP Rule 15c3-3
Reminder to properly compute reserve formula numerous
recommendations provided
Reminder to reduce customer fully paid and excess margin securities
to possession or control
Excess SIPC Protection
In light of recent financial events, FINRA will review disclosures
provided to customers regarding excess SIPC insurance.
Firms that have not replaced excess SIP surety bond coverage offered
thru CAPCO are expected to notify customers of reduction of
coverage.
Also, if new arrangement have been made regarding excess SIPC
coverage, they should be clearly disclosed to customers including
dollar amount of protection available to each customer.

Other Financial and Operation Control areas of focus Inventory and

Collateral Valuations, Funding and Liquidity, Counterparty Credit
Risk, and Intercompany& Suspense Account Reconciliations

15

Other FINRA and B-D Regulatory Developments

FINRA Guidance on its Enforcement Process

Regulatory Notice 09-17
Intended to assist firms and assoc persons with
understanding how investigative process works and to
highlight procedure safeguards in this process, including:
Enforcement Procedures and Managerial Oversight
Conducting of Investigations
Sufficiency of Evidence Reviews
Wells Process
Disciplinary Advisory Committee Review
Indep Office of Disciplinary Affairs
Indep Office of Hearing Officers

16

Other FINRA and B-D Regulatory Developments

FINRA's proposed new rule - FINRA Rule 3210, Personal Securities Transactions for
or by Associated Persons - is out for comment. See Regulatory Notice 09-22, April
21, 2009 - Response is requested by 6/5
It addresses oversight for personal trading activities of associated persons. FINRA
used NASD Rule 3050 and Incorp'd NYSE Rule 407, and adopted additional
requirements.
Here, in a nutshell, are the primary requirements:
prior written consent to open or establish, at another financial institution, an account
in which securities transactions can be effected, and in which the associated person has a
personal interest. dupe confirms and account statements to the employer firm is
required.
written notification to firm that associated person intends to open and, a specific
sentence to the effect that "he/she has a personal financial interest in the account."
[ New requirement]
executing member must not execute any securities transactions in that account
unless it has been notified that associated person obtained employer's written consent
and he/she has personal financial interest in the account.
dupe confirms and account statements from executing firm must be started ASAP i.e., "promptly."
employer must revoke consent if it does not receive in timely manner the confirms
and statements. Employer will notify executing member, and must receive promptly
notification that the account was closed. [New requirement]
for pre-existing accounts, associated person has 15 business days to obtain employer
member's consent to maintain the account, and to notify executing member of his/her
new employer's name. Dupe confirms, statements must also be arranged.

17

Other FINRA and B-D Regulatory Developments Contd

New Office of Whistleblower

During March FINRA announced establishment of new office
to expedite review of high risk tips by Senior Staff and
ensure rapid response to those believed to have merit.
New Toll Free Number established
Dedicated Web Page/E-mail Address for reporting
Not intended to replace normal complaint process
New Proposal to Tighten Misconduct Reporting
Proposed U-4 and U-5 Rule Amendments (could be rolled
out in May)
Change would requre B-Ds to disclose when a reg rep is
in an active arbitration or civil complaint, even if not
named as party
Change would also raise threshold for reporting
misconduct described in settled customer complaints
$10,000 to $15,000 increase

18

Other FINRA and B-D Regulatory Developments Contd

Variable Annuities
Contd FINRA focus on VAs
Fifth Third Securities fined $1.75 mill by FINRA(4-14-09 News Release)
Regarding 250 unsuitable VA exchanges or transactions
197 Customers and 42 individual brokers
Used lists provided by bank of customers with maturing CDs and referrals from bank
employees some elderly and/or unsophisticated with conservative
investment objectives
One Broker 74 customers with 118 unsuitable exchanges shortly after joining FTS
Switched customers from old firm into VAs issued by same insurance cos with
same riders
Ignored differences in customers ages, incomes, inv objecs, sophistication etc.
$260k+ in surrender charges also paid
N.B. NTM 07-06 Special Considerations when Supervising Recommendations of
Newly Associated Registered Representatives to Replace Mutual Funds and Variable
Products
Delivery of Official Statements to Customers in Muni Bond Sales
Edwards Jones fined $900k by FINRA for failure to deliver official statements to
customers who purchased new-issue munies and related supervisory/recordkeeping
failures
MSRB Rules require BDs selling new-issue munies (sold during initial distribution of
bonds to public) to deliver copy of official statement to customer on or before
settlement date
Edward Jones Internal Communications referenced that it was not timely delivering official
statements
but failed to take corrective action!

19

Other FINRA and B-D Regulatory Developments Contd

FINRA Consolidated Rule Proposals to Address Supervisory Rules

Most significant changes as follows:
Proposed Rule 3110 Supervision would consolidate NASD/NYSE Rules relating to
supervision, and is based on NASD Rule 3010 and NYSE Rule 342, as well as NASD
Rules 3012 and 3040
Proposed Rule 3110(a)2) would require firm to have appropriately registered
principal to supervise each business activity which it engages, regardless of whether
B-D registration is required for that activity.
N.B. - existing NASD Rule 3110(2) only requires such principal supervision for
activities for which registration as B-D is required
Uncertainty at present as to what sort of principal registration/supervision would
be required for activities not requiring registration.
Proposed Rule 3110(b)(3)(B) address supervision of dual employees of banks
and B-Ds.
Due to adoption of Reg R which permits bank employees to engage in certain
securities activities there has been call for FINRA to clarify application of NASD
Rule 3040 to such employees.
Proposed Rule would exclude from supervision requirement any bank-related
securities activities of dual employees when such activities are included within
exemptions from registration
Bank will be required to:
o Provide for comprehensive review of dual employees' securities activities
o Employ Pol & Proc reasonably designed to achieve compliance with the antifraud provisions of federal securities laws; and
o Give prompt notice to B-D of any dual employees violation of Pol & Proc.

20

Other FINRA and B-D Regulatory Developments Contd

Top Five (5) FINRA Violation Types March 2009:

FINRA announced sanctions against 46 individuals.
(i) Forgeries;
(ii) Failure to Respond to Requests for Information;
(iii) Failure to Update Form U-4;
(iv) Suitability;
(v) 3-Way Tie: Misappropriations; Unauthorized
Discretion; Insurance Sales and Exchanges.
Supervise Your Supervisors!
During March 2009, (13) of the 46 disciplined
individuals, or 28%, were Registered Principals
Last month it was 20%.
Important - Maintain checks and balances over
supervisory personnel
after all, they could be your firm's worst offenders!

21

Other FINRA and B-D Regulatory Developments Contd

SEC to prohibit Brokers from voting Proxies

SEC to eliminate NYSE rule allowing brokerage firms to vote proxies of
investor clients
Shareholder Activists long pushed to end this practice!
Occurs when clients dont vote
Argument is that Brokerage Firms typically vote the way management
suggests
Under current rule, brokers can vote client proxies on routine votes,
e.g., uncontested director elections etc.
Rule change effective 12/31/09
FINRA to Propose Expanding BrokerCheck to Permanently Disclose
Disciplinary Histories of Former Brokers
FINRA proposing a major expansion of its BrokerCheck service to
make records of final regulatory actions against brokers permanently
available to the public, regardless of whether they continue to be
employed in the securities industry.
Under current rules, a broker's record generally becomes unavailable to
the public two years after he or she leaves the securities industry and is
therefore no longer under FINRA's jurisdiction.
FINRA estimates there are more than 15,000 individuals who have left the
securities industry after being the subject of a final regulatory action and
whose disciplinary history is not currently available on BrokerCheck.
FINRA filed its rule proposal to expand BrokerCheck with the SEC late last
week. The SEC will publish the proposal in the Federal Register and solicit
public comment in the near future.

22

Movement towards consistent Fiduciary Standard

SIFMA recommendation to Harmonize IA and BD
Regulation
2007 Rand Corp Study (SEC commissioned) that Financial
Service providers duties or standards of care e.g., fiduciary,
suitability etc. contributed to investor confusion
Also, ERISA and IRC (for IRAs) have different definitions of
fiduciaries and prohibitions on conduct that differ from IA Act and
state fiduciary law concepts
SIFMA recommends Universal Standard of Care fundamentals of
fair dealing investors can expect from all Financial Service providers
whether financial planner, investment adviser, broker-dealer,
bank, insurance agency or any other type of financial services
provider.

23

Movement towards consistent Fiduciary Standard

Contd

State Farm CFP Approach

During 2008 Certified Financial Planner Board of Standards, Inc. added a fiduciary
standard to its Code of Ethics
Reported that State Farm (which sells annuities, mutual funds, financial advice and slate of
insurance products) instructed approx. 270 Agents who are CFPs to abandon the
designation
Other Insurance Companies reportedly exploring same approach
State Farm has asked CFP Board to exempt insurance sales from definition of financial
planning
Concerns primarily revolves around the imposition of fiduciary standard when selling
insurance and legal risk related therewith

FINRA & SEC - Consistency in Investor Protections

Primary issue regarding investor protection differences between IA and BD
channels is difference between IA fiduciary standards and BDs rule
requirements, e.g., suitability
Need to explore whether fiduciary standard can effectively be applied to
broker-dealer selling activities and, if there are problems - make a strong
effort to resolve those problems.
IAs believe Fiduciary Standard is more customer-protective that suitability
standard of B-Ds
B-Ds maintain that suitability standard is sufficiently rigorous and that IAs
are more lightly regulated than brokers
In any event, IAs should look forward to more audits; population of RIAs
increased 30+% since 05

24

RIA Annual Review Requirements

Rule 206(4)-7 - Compliance Rule requires RIA to adopt and

implement written policies and procedures reasonably deigned to
prevent a violation of the feral securities

Compliance Rule also requires Annual Review of Pol & Proc to

consider any compliance matters that arose during prior year, any
changes in the business activities of the adviser of affiliates, and any
changes in the Advisers Act or applicable regs
Top 10 List for IA Annual Reviews;

1. Review any and all past Deficiency Letter & ensure all deficiencies noted were
2. Perform Gap Analysis of existing controls, e.g., list of client complaints over last 12 months,
branch/compliance exam deficiencies, Internal Audit findings and other red flags noted on exception
reports
3. Evaluate any changes in business products or services over last year
4. Determine if any new Rule Promulgations, Guidance Statements or No-Action Letters could impact
your Pol, Proc or processes update, if needed. s
5. Consider Mock SEC exam to provide assessment of tone at the top, strength of Pol & Proc and
adequacy of compliance testing
6. Define Roles and Responsibilities of all associated persons
How will you meet requirements?
Who is responsible for same?
What methods will be followed?
7. Develop and deploy appropriate Training
8. DISCLOSE, DISCLOSE, DISCLOSE!
Fiduciary duty to disclose all material info to clients
Review ADV, contracts and other sales/mkt material
9. Develop Annual Review Committee and Compliance Calendar
10. Compliance is Everyones Responsibility
Interview personnel to test knowledge of Pol & Proc, sales practices etc.
Conduct periodic testing to test controls and culture
Enhance Annual Review where appropriate

25

RIA Annual Review Requirements Contd

Some Addl Ideas for tweaking Annual Review:
Revise process for documenting relationships w/
counterparties, e.g., failure of Lehman Bros.
Scan recent SEC enforcement efforts over last year
which could spotlight areas of concern
Re-visit your process for identifying new law and regs,
e.g., Regulatory Update Tracking Report
May want to implement quarterly vs. annual
process in this regard, i.e., in light of volume of
recent changes

26

Review your Compliance Program!

Speech
LoriCompliance
Richards,
March 2009
SEC
Need Staff
to maintain
Evergreen"
Program
State of constant improvement;
Identify and address new issues and compliance risks;
Incorporate new forensic tests and new technology; and
Reasonably deigned to prevent a violation of the federal securities
RIA should take a fresh look at:
DISCLOSURE
Inadequate disclosure amongst Top 5 most common deficiencies that
SEC Examiners found in exams last year and consistently a most
frequent exam finding
Need to review DISCLOSED vs. ACTUAL practices
Conflicts created by bus. arrangements/affiliations
Compensation arrangements w/ solicitors, finders or other providers
Fees paid by clients to IA or affiliates
Use of client commissions to pay for products/services
Are you delivering disclosure docs to clients as required and making
approp. filings w/ SEC
This is an area Examiners will look at!

27

Review your Compliance Program!

SEC Staff Speech Lori Richards, March 2009 Contd

RIA should take a fresh look at contd:

CUSTODY
Custody Rule Reminder client assets must be held by
qualified custodian and such custodian must provide advisory
client with at least quarterly statement
If assets held by RIA itself annual indep. Surprise Audit
required, e.g., verification of client holdings
In light of recent Ponzi schemes and other frauds, SEC will focus
on controls over custody. According, key steps to take:
Compliance Staff should obtain (sample or otherwise) client
statements sent out by Custodians
Compliance Staff should compare client statements with
Advisory records
Compliance Staff should review Advisors reconciliation
process
Compliance Staff should take addl steps to confirm assets
when custody is with the adviser or affiliate
Compliance Staff should review client account statements
sent by Adviser to ensure consistency w/ reports of
custodian

28

Review your Compliance Program!

SEC Staff Speech Lori Richards, March 2009 Contd

RIA should take a fresh look at cond:

PERFORMANCE CLAIMS
Performance claims must be accurate
Conflicts exist advisory fees may be pegged on performance,
marketing significance of performance claims and natural inclination
to deliver bad news.
Accordingly, this area will continue to be focus of CCOs and SEC
Examiners
Recent SEC Exam Findings:
Overstating firms performance returns, AUM, or length of operation
Not including disclosures necessary to prevent performance claims
from being misleading, e.g., whether results reflect dividends,
differences w/ index used to compare advisers performance etc.)
Inappropriately incl/excl info or data in composites, e.g., advertising
past specific recommendations
Best Practices:
Retain outside firm to verify performance claims
Conduct special tests to ensure complete records re:
marketing/performance advertisements
Periodic review of marketing materials to ensure info is truthful and
not misleading

29

Review your Compliance Program!

SEC Staff Speech Lori Richards, March 2009 Contd

RIA should take a fresh look at cond:

RESOURCES
Under Compliance Rule , Compliance Pol & Proc should be designed to
prevent violations from occurring, to detect violations that have
occurred, and to correct promptly any such violations.
Accordingly, SEC has cautioned against making resource reductions
to Compliance Programs
When conducting Annual Review of Pol & Proc adequacy, CCO should
consider adequacy of resources and SEC Examiners
If lack of resources undercuts CCOs ability to perform effective
review or undercuts ability to implement, CCO should include this in
CCO Annual Report or other indication of Annual Review.
When conducting Annual Review of Pol & Proc adequacy, CCO should
consider adequacy of resources and SEC Examiners
Other considerations:
Leverage work by other Functional Groups, e.g., Internal Audit
and/or Risk Management
Leverage and/or invest in technology to provide front-end
compliance monitoring

30

Increased Focus on Custody

March 9, 2009 SEC OCIE Letter to IA Assoc. and Managed Funds Assoc
requesting that they inform membership of recent IA Exam focus which
requires independent confirmation of investor assets.
Letters state:
SEC May contact various 3 rd parties
Including custodians, administrators, auditors, hedge fund investors
and advisory client TO CONFIRM CLIENT ASSET LEVELS.
New SEC Exam Letters
Two Sweeps unusual to have 2 sweeps going on at same time!
Custody
Generally, similar to past Custody Letters, but also asks for extensive
info relative to all services providers (not just custody service
providers)
May want to ask the SEC for clarification in this regard
Rumors
Started last fall
New Exam Document Request Letter
Shorter than past Letters (7 Pages)
Similar to past exam requests
Will seek to speak with Compliance Officer, plus staff responsible for risk
management, port mgt, trade execution, research, back office/admin, IT,
AML and marketing.

31

Other RIA Hot Topics - Potpourri

2008 RIA Exam Stats
SEC Examined 1,521 IA Firms in 2008; 15% of total number of RIAs and
30% of all AUM
Increase of 140 over 2007
Includes 400 quick hit exams of new RIAs
68% = Deficiency Letters
4% = Enforcement Referrals
28% (approx.)= No further action
This number spiked likely due to 400 quick visits
TOP 5 DEFICIENCIES NOTED (relatively consistent year to- year):
Disclosures and Filings
Compliance Rule
Personal Trading
Performance Advertising and Marketing (i.e., related to Disclosure)
Portfolio Management
New approaches to IA Exams and Enforcement
Exploring ways to leverage 3rd parties in oversight of IAs, i.e., without SEC
abdication of responsibility
400 SEC Staff to examine approx. 11,000 RIAs
RIA numbers 50% increase since 2001
Note Madoffs brokerage operations reviewed regulatory, but IA Business
never reviewed after 2006 registration

32

Other RIA Hot Topics - Potpourri

No Excuses Attitude from Examiners
Clear Expectation that firms should be prepared to be examined
Examiners will be less tolerant of delays in document production
Delays could result in enforcement
New RAVE Exams
Surprise SEC Exam whereby examiners show up in the morning
and request to speak with several people at the firm and leave
within a few hours
RAVE Amounts to short, focused SEC exam of a new Adviser that
takes a day or less
Outsourcing Compliance
Remember you need to indentify CCO on form ADV!
Recent IA Week Investigation reflected approx. 40 firms who
failed to identify CCO on ADV (potential SEC Violation)
CCO needs to be an Individual who is a supervised person
Outsourcing Compliance is generally acceptable to SEC

33

Other RIA Hot Topics Potpourri Contd

Code of Ethics Interns, Temps, Consultants etc.
Generally agreed that temps, interns and consultants are not
required (by SEC) to be subject to Firms Personal Trading Rules
Best Practice include anyone who has access to material, nonpublic info that could be misused for insider trading
Caveat once covered by Polices, be sure to monitor them!
Getting dup trade confirms from temps can be a challenge
Alternative do not place them under your Policy but reinforce
(training etc.) the need to be careful with proprietary info etc.
Be careful of temps that are around for months and months.
Possibilities:
Have temps sign confidentiality agreement warranting not to
trade on any material NPI they come across;
Have them agree to black-out period on trading that is in sync
with your firms Policy; or
Have agreement with flat out prohibition against buying or
selling securities /derivatives while supporting your Firm
NB FINRA rules on BD side are clearer in this regard so if your Firm is Dually
Registered, you should subject temp staff to all your Pol & Proc.

34

Other RIA Hot Topics Potpourri Contd

Recent SEC Rumors Sweep
2nd Sweep of late in addition to Custody focus
Began last Fall, around time of short-selling concerns
Generally, give IAs 2 weeks to send in plethora of docs covering August 08
end of 08
SEC is requesting:
Whether Firm initiated, conducted or concluded any reviews or
investigations into the malicious creation, spread, or use of false or
misleading rumors related to securities
Types of training material offered to staff about rumor mongering
Changes Firm has undertaken in how it monitors use of Internal chat
rooms, message boards and/or websites
Should develop Rumor Policy
Look to FINRAs Proposed Rule on Rumors for guidance
Should remind staff that it is rumor mongering is illegal an can result in
allegations of market manipulation
Staff should be cautioned against spreading info outside the Firm unless
based on public releases by an issuer or reliable source
Staff should be instructed to contact CCO or Supvr if they may have
received false info from outside the Firm
Risk Based Policy e.g., smaller advisers trading in Mutual Funds may
require abbreviated or no Policy at all

35

Other RIA Hot Topics Potpourri Contd

ADV Recordkeeping Enforcement Case
Merrill Lynch gave clients a Disclosure Statement
considered an Alternative to its Form ADV, Part II
204-3 allows for a Copy of Part II or a written
document containing at least the information then so
required by Part II of Form ADV
However, there was no recordation of dates when
clients received such Statements
Violation of Rule 204-2
Demands record of the dates that each written
statement, and each amendmentwas given,
or offered to be given, to any client or prospective
client who subsequently becomes a client.
Expensive Lesson - $1 Million Fine imposed!

36

Other RIA Hot Topics Potpourri Contd

Penalties for Adviser Act Violations to Increase
CMPs hiked for 1st time in 4 Years
e.g., Insider Trading penalty increased to $1.42 million
Hedge Fund Registration
Bill Introduced in Congress Hedge Fund Transparency Act of 2009
Will close loophole previously used by hedge funds to escape
definition of investment company under 40 Act
New Legislation will mandate that hedge funds:
Register with SEC;
Maintain books and records that the SEC may require;
Cooperate with any request by the SEC for information or
examination; and
File information form with the SEC electronically, at least once a
year.
N.B. Bill would also mandate AML Programs for
Investment Companies

37

Other RIA Hot Topics Potpourri Contd

Potential Books and Records Changes
Rule 204-2 created in early 60s
Potential changes:
Require IAs to maintain some
Only an option today!
May have to create and produce searchable and sortable
electronic records of trading data for managed accounts, client
lists, code of ethic breach logs etc.
Update proposed communications retention requirements
Keep more categories of correspondence
Re: clients, advice, performance, compliance, commission,
as well as audits, regulatory etc .
SEC Imposters
Reports of bogus Examiners
Attempt to trick IAs and others into revealing private information
Using tricks such a purporting to be conducting an emergency
exam or the like
Make sure your IA personnel do not share info with suspicious
callers
Validate with SECs personnel locator 202 551-6000

38

Other RIA Hot Topics Potpourri Contd

Reg S-P Recent Enforcement Actions
S-P requires that firms implement reasonably adequate policies and
procedures to safeguard customer information.
LPL alleged failed to safeguard customer information
PI of 10,000 customers vulnerable to identity theft, "following a
series of hacking incidents involving LPL's online trading
platform."
LPL settled the SEC's charges without admitting or denying
anything, and agreed to pay a fine of $275,000.
The SEC noted that the firm conducted an internal audit in mid2006.
That audit identified inadequate controls relating to guarding
customer information and noted, according to the SEC, that
there was a risk of hacking.
The hacking incidents began around July 2007, and, at that
time, the SEC alleges that LPL had not implemented
increased security measures despite actual awareness of the
risks.

39

Other RIA Hot Topics Potpourri Contd

Reg S-P Recent Enforcement Actions- Contd
Recruiting Issues
Woodbury Financial - allegedly misused clients personal
info related to the firms recruitment of RRs and Advisers
Woodbury allegedly allowed recruits to provide client
NPPI (e.g., SS #s, account numbers, DOBs) before
becoming associates with Woodbury so that Woodbury
(on recruits behalf) could pre-populate account transfer
and new account forms with certain client info.
Next Financial Group - $125k Penalty (June 2008) re:
Reg S-P and recruiting-type infractions

40

Other RIA Hot Topics Potpourri Contd

Enforcer Role for CFP Board?
Proposal to make CFP Board the Rule Setter and
Enforcer for nations hundreds of thousands of
unregulated planners
Attempt to reverse growing impetus of FINRA to expand
domain to planners and advisers.
FPA, NAPFA etc. argue FINRA not suited to regulate
services (often fee-based) that financial planners provide
CFP Board employs approx. 55 people vs. 3,000 at FINRA
CFP Board limited powers, e.g., decertify a certificate
holder vs. FINRAs power to impose penalties, suspensions,
expulsions etc.

41

THE END!

Sean Gray
Senior Vice President and Director of Wealth Management
Compliance
PNC Bank
Sean.Gray@pnc.com
(215) 585-5545

42