Far too many compliance officers at broker/dealer firms are unprepared for the surging personal liability risks that they themselves face this year. Industry pundits talk a lot about firm-level penalties, but home-office employees who oversee compliance at a FINRA-registered firm should be at least as concerned about individual legal and financial repercussions that could emerge due to work-related missteps.
Consider that just last year, FINRA fined a firm $300,000, suspended its chief compliance officer and levied a $10,000 fine against the CCO. The firm and the CCO failed to properly supervise an ex-broker, with clients losing money via unsuitable recommendations. In this instance, both the firm and its CCO at the individual level were ordered to pay restitution.
This type of regulatory enforcement is bound to become more common, with fines likely to increase for negligent compliance officers at the individual level. Between 2019 and 2020, FINRA enforced a greater number of cases and fines, imposing larger financial penalties than the year before. The SEC also collected more in fines last year compared to 2019.
Signaling a break from previous years, cases in 2020 were not just about regulatory violations, with a focus on each firm’s procedural gaps. These included failing to sufficiently operate under remote working conditions, spot and fix policy vulnerabilities, interact with third-party vendors, or address emerging cybersecurity scams in the COVID-19 era. In fact, some broker/dealers had to endure multiple regulatory examinations at the same time.
The massive upheaval of the pandemic has accelerated the spread of remote work so much that many firms have adopted digital communication and collaboration platforms without building out the necessary policies and procedures to prevent mistakes and misbehaviors. Regulators are aware of this and will scrutinize firms and their compliance officers in efforts to get the financial services industry to take these issues more seriously.
As a result, compliance officers who want to avoid FINRA fines and suspensions should focus on making critical improvements now instead of later. Here are three easy steps you can take to better protect your firm and yourself.
1. Enhance supervision of the firm’s digital platforms. Whether your office has gone fully remote, or only partially, chances are very high that all of your workers are using digital communication and collaboration platforms of some kind.
Email, mobile phone calls and texts, voicemail, social media, Zoom, Microsoft Teams, and Slack are all popular among financial services professionals. A single inappropriate conversation on any of these channels could lead to major complications. Furthermore, regulators have stated that they can both demand firms turn over recordings of such conversations and penalize firms for failing to produce the required conversations in a timely fashion.
Since there’s no way of predicting which conversations will be relevant, firms must be ready at a moment’s notice. That calls for implementing versatile supervision and surveillance tools that automatically capture and archive electronic communications data, while allowing compliance officers to search for crucial conversations in their proper context.
2. Update the firm’s written supervisory procedures. This step documents what everyone at the firm should and should not be doing to adhere to regulations and the firm’s own compliance requirements, given the realities of remote work and digital platforms.
Your firm’s WSP ought to reflect the specifics of your firm’s products and services, operations, technology, employees, vendors, and so on. Therefore if the way your firm conducts business has changed over the past year, you need to update your WSP accordingly and make sure all key stakeholders are aware of it.
Relying on new software, allowing work on personal devices, or adding positions to the leadership team are all examples of changes possibly meriting inclusion in the WSP. Keep in mind that omitting details from the WSP offers no protection from regulatory action. For instance, if a financial advisor posts the wrong thing on Facebook, it will not help much if your WSP only stipulates how to act on Twitter.
3. Stay on top of technological developments. Just as nobody could have foreseen in 2019 that Zoom would become essential technology in 2020, nobody knows what future technology will prove essential in the years ahead. However, you can make some educated guesses.
Artificial intelligence and machine learning have been helping FINRA and the SEC track regulatory failures at firms for at least six years. These technologies will soon play even bigger roles, as forward-thinking broker/dealers incorporate them into their communications intelligence strategies. This will allow firms to anticipate risks better and generate more revenue-boosting insights.
Tools that enable electronic delivery of financial documents also probably will become standard, replacing the need for postal mailing of physical papers. Within a few years at most, clients and potential new recruits alike will consider shipping hard copies to be antiquated. That means broker/dealers will have to adopt cybersecurity safeguards that secure transmissions and surveillance tools that track what’s sent.
Compliance officers that do all of the above will be in a much better position than those who fail to act. Provided you use the full arsenal of tools at your disposal to take corrective action when appropriate, you will protect yourself from the upcoming surge in personal liability risks and your firm from what is bound to be a year of increased regulatory scrutiny.
Marianna Shafir is regulatory advisor at Smarsh, which provides digital communications compliance technology to financial services firms.