Controls, Custody, Advertising, and Cybersecurity

Cory Roberson
Sep 7, 2018 · 6 min read

By Cory Roberson, Principal at FIN Compliance and FIN Community

Case #1 — Misleading Advertising claims lead to heavy fines

Sept. 5, 2018. The Securities and Exchange Commission (“SEC”) charged a Texas-based investment fund and its founder with defrauding clients with false guarantees of large returns for its cannabis-related investments. The SEC’s complaint alleges that both parties used misleading marketing materials in raising more than $3.3 million from investors.

According to the compliant, investor money was spent on personal items such as luxury cars and clothes. As a result, criminal courts seized more than $1.4 million in assets from the advisor due to the alleged activities.

Tips to address marketing material reviews.

Advertising reviews can include any or all of the following:

Inspect firm websites for misleading, exaggerated, and/or false claims.

Monitor social media for testimonials*, misleading, exaggerated and/or false claims.

Generate performance data that includes accurate fees, citations, disclosures, and valid sources for research, models, or calculations.

Mention certifications/credentials with proper disclosures and standards for obtaining such information. Avoid reporting any exaggerated, misleading, outdated and/or false credentials.

Document advertising procedures.

Generally, all advisory advertising materials should avoid any misleading, exaggerated, and/or false claims. FINRA Rule 2210 permits testimonials under certain conditions for broker-dealers. Refer to RIA Review (Premium/Premium Plus): Guidelines: Advertising for general advisory advertising guidelines.

Ref. SEC Rule 206(4)-1 (advisors act) *, FINRA Rule 2210, SEC Rule 482 (company act), state securities rules, SEC touting initiative, ADV Part 2B Supplement.

Case #2 — Internal Control Failures leading to big settlements (“Supervision”)

August 28, 2018. The Securities and Exchange Commission (“SEC”) announced that Moody’s Investors Service Inc., one of the most prominent credit ratings agencies, settled a penalty in the amount of $16.25 million for charges involving internal control failures regarding its credit rating symbols.

Moody’s agreed to pay $15 million to settle charges of internal controls failures involving models it used in rating U.S. residential mortgage-backed securities (RMBS) and will retain an independent consultant to assess and improve its internal controls. Moody’s separately agreed to pay $1.25 million and to review its policies, procedures, and internal controls regarding rating symbols. Moody’s did not admit or deny the SEC’s charges.

Tips for internal controls and supervision for advisors.

Document the firm’s ongoing tasks into a schedule.

Conduct a forensic test of best execution, fees, invoicing, or trading practices.

Conduct an annual review of the firm’s compliance program.

Summarize the firm’s operations into a risk assessment.

Summarize internal/external audit results as a part of the firm’s books/records.

Summary of SEC/state annual reviews/testing *:

SEC (Advisors) — Rule 206(4)-7

SEC (Registered Investment Companies “Funds, ETF’s, etc.”) — Rule 38(a)-1

FINRA (Broker-Dealers) — Rule 3110, Rule 3012 — supervision

Florida (Advisors) — Rule 69W 600.0014(3) — annual review

Washington (Advisors) — Rule WAC 460–24A-120 — annual review

Georgia (Advisors) — Rule 590–4- 15 — policies and procedures are enforced

California (Advisors) — CCR 260.238.3 — business continuity plan/testing

*The following is not an exhaustive list of annual requirements for federal/state-registrants.

Case #3 — Fraudulent wire requests and phishing email scams

August 20, 2018. The Financial Industry Regulatory Authority Inc. (“FINRA”) censured Buttonwood Partners (“broker-dealer”) in the amount of $50,000 for having inadequate procedures in place to prevent unauthorized transfers from client accounts.

FINRA claimed that the broker-dealer exposed itself to risks with the use of pre-signed letter of authorization forms that permit payments from clients’ accounts to third parties without an additional form of verification in place. In one occurrence, the brokerage wired more than $200,000 from a customer’s account when directed by a fraudulent (“phishing”) email by an unscrupulous person(s). This proved to be a costly mistake as more than $60,000 was unrecoverable from the scam.

Tips for protecting your firm against fraudulent wire requests

Maintain a communications policy for verifying client activity.

Maintain a cybersecurity plan to protect the firm against phishing, scams or other data hacks. Advisors, broker-dealers, and financial institutions.

Maintain an AML Compliance Program for: (1) Customer Identification Procedures (CIP) and (2) Due Diligence (CDD) — broker-dealers, financial institutions, money transmitters.

Ref. FINRA Rule 2210 (broker-dealers), SEC Rule 204–2 (advisors)

Case #4 — Client assets stolen from investment advisor representatives

August 15, 2018. The Securities and Exchange Commission (“SEC”) announced that Ameriprise Financial Services Inc. (“firm”) paid a $4.5 million settlement as a part of its admission of failing to safeguard investor assets from theft by its representatives.

The SEC claimed that a group of representatives committed numerous crimes, including the theft of more than $1 million in client funds during a four-year period. In addition, the SEC found that firm failed to adhere to policies and procedures “reasonably designed to safeguard investor assets against misappropriation by its representatives.”

Tips for addressing firms risks and employee thefts

Review trading practices and procedures.

Maintain a code of ethics policy.

Supervise trading activities of representatives.

Review all wire activities to third-parties.

Report any issues to proper authorities.

Ref. Rule 204–1 (advisors act)

Lastly, firms can create a series of procedures by protecting its data and electronic systems from attacks; safeguarding client assets; creating accurate marketing materials; verifying client activity, monitoring trading activities, responding to conflicts of interests, and addressing general risks to the firm in a policies and procedures manual and review systems.

Compliance Management and Review system

Our solution, RIA Review is a documentation-based solution to help boutique investment advisors to maintain an internal compliance program.

There are three versions available including:

Free Versionfor those who want to try out a limited version.

Premium Versionfor state-registrants with basic reporting needs.

Premium Plus Versionfor SEC and State Registrants that also require an annual review.

Introducing RegTech, FinTech, Blockchain and Crypto compliance issues.

We will be holding periodic webinars to feature service providers in the FinTech, RegTech, Crypto and Blockchain communities. Stay tuned for announcements as we prepare for the launch of an upcoming platform.

FinComunity.io is a business listing and rewards network for providers in the Financial Services, FinTech, RegTech, Crypto and Blockchain (financial) communities. Coming Soon.

Our Mission: “Serving the Investment Community to Make a Social Impact”

Investment Advisor/Compliance/Broker Dealer

Cory Roberson is Principal of RIA Review, a compliance and document management portal Https://riareview.com — 130+ users and growing. He is also Principal of RIA Consults -Roberson Consults Group), a consulting firm providing compliance, operations, and business development services for registered investment advisors and next-gen fintech entrepreneurs (www.riaconsults.com) more than 160 SEC & State advisors clients across the US (including a few in Europe).

Our integration division, RegConsults helps to mitigate compliance issues for other Fintech businesses. RegTech Products, a compliance tech notifications portal featuring RIA and other regulatory Products (SaaS/IaaS -beta) — http://regtechproducts.com

FinTech/RegTech/Crypto

FinComunity.io is a business listing and rewards network for providers in the Financial Services, FinTech, RegTech, Crypto and Blockchain (financial) communities — https://FINcommunity.io.

Impact

As a social entrepreneur, through his mission-driven arm SoCap Missions (http://SoCapmissions.com), he provides business support group sessions and has volunteered for more than fifteen youth programs in locations such as like S. Korea, China, S. Africa, Thailand, and India.


Originally published at www.mycomplianceblog.com.

Cory is principal of FIN Compliance and FINCommunity

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade