Gotcha! Audits Get Tougher

If you think no one is spying on you, think again. In a post-Dodd-Frank era of heightened scrutiny, financial firms are more proactive than ever about rooting out potential problems. Registered representatives and dually registered RIAs who haven't been paying attention to regulatory changes may be in for a shock.

While you may not know who is scouring the web for dirt on you - regulators, compliance officials or both - chances are high that someone is doing just that. It's likely that the compliance team is at least occasionally reading "personal" emails sent through the company servers. And do not be too surprised if a request comes in soon for access to your personal email accounts.

Pressure on financial firms has been increasing since the Madoff debacle, but recent enforcement actions targeting top executives - CEOs and chief compliance officers - have significantly raised the stakes as far as firm audits go. With big expectations being placed on chief compliance officers in particular to ferret out fraud, firms small and large are becoming increasingly aggressive in their internal surveillance and audit programs.

In the past, these audits were somewhat cursory, check-the-box events for many firms, but that is rapidly changing. Following a number of recent enforcement actions that probed, in part, firms' audit procedures, the SEC and FINRA released an official notice on broker-dealer inspection late last year. This year, the SEC and FINRA launched a webinar for firms detailing their expectations and reaffirming that whether a firm is large or small, regulators expect the same level of diligence when it comes to audits.

Overall, statements throughout the early part of this year from regulators suggest they mean business when it comes to enforcement. As a result, your firm's next audit could well be a lot more thorough than it's been in the past.

Understanding the general outlines of what happened in the handful of recent cases against top-level executives at financial advisory firms will give some clues as to why (and how) firms' internal audits will be different in the future.

 

THE BAD APPLE

According to a 2011 FINRA enforcement action, a small broker-dealer had a clean regulatory record when it struck up an alliance with an outside advisor in 2004. The advisor was relatively new to the financial services industry, but had a few disclosures on his Form U4: a criminal infraction from his youth, a $5,000 tax lien and a 2002 cease-and-desist order from a state regulator for the sale of unregistered securities. The U4 claimed he was named in that state regulatory action merely because of his executive status with the corporation and that he was not engaged in any active sales.

The firm took him on board as an independent contractor in 2004 and he began working from an outside office. In 2005, his work space became an official satellite office of the firm and he became the branch manager, supervising at least one other registered representative.

According to the enforcement action, the branch manager was busy with a couple of side businesses that were undisclosed to the firm. Beginning in 2006, he began actively recruiting investors for these undisclosed business activities that allegedly included selling a variety of "products" ranging from mining rights to promissory notes.

In the midst of this selling frenzy, the firm's CEO (who was also chief compliance officer) audited the advisor's satellite office. Unfortunately, the $445,000 the manager had allegedly raised from undisclosed activities was not discovered. A second audit conducted by the same top executive the following year did not detect an additional $1.5 million the advisor had raised. Ultimately, it appears the firm may have learned of the activity when it received a customer complaint.

The employee in question was relatively quickly barred from the securities industry for life and his Form U4 reads like a laundry list of alleged securities violations and complaints. But the mess continued for the firm and the CEO until 2011, when the firm was censured and fined, and the CEO was fined and suspended from association with any FINRA member firm for 30 days. She could not be reached for comment. Ultimately, the broker-dealer firm was sold.

Bottom line: This particular case is likely to have some impact on compliance programs given FINRA's suggestion in the enforcement action that a $5,000 tax lien probably should have raised some red flags. FINRA also raised questions regarding the sufficiency of the audit process in this case, in part because the rogue advisor's personal email was not audited.

With respect to the tax lien, its relatively small size certainly suggests that FINRA takes a hard look at a registered representative's or dually registered advisor's debt issues, even those amounts considered by many firms in the financial industry to be nominal. Also, this case is a clear warning to firms that personal emails can't be ignored - especially when firm employees use these personal email accounts for firm business.

 

BE CAREFUL WHOM YOU TRUST

When one broker-dealer opened up its doors and invited in a new partner, it got more than it bargained for. After managing the firm alone for a lengthy period of time, the president of the small firm accepted a partner into the fold and permitted him to open his own office. Unfortunately, the firm did not, according to the SEC, put into place a mechanism by which to supervise the new partner. Apparently, this created an opportunity for the new partner to run amok, running a separate unregistered broker-dealer out of that office and selling all kinds of products on an undisclosed basis.

The offending partner was ultimately barred from the industry, but that wasn't enough to save the broker-dealer itself. After a lengthy and undoubtedly expensive enforcement action in which the firm hired an independent consultant and also agreed to a fine and censure, the firm's website indicates that it is closed. In November 2011, the firm applied for termination of its FINRA membership. The owner could not be reached for comment.

Bottom line: No one should be above suspicion. In this action the regulators spoke of how the compliance policies and procedures were not updated to reflect the changes at the firm. Further, the firm's alleged lack of follow-up on the outside business activity indicates that possibly there is expectation that firms have in place written protocols advising in concrete detail what steps should be in place when those "What is this?" situations arise.

Most firms do not deal with fraud on a routine basis and as such may not recognize it initially. While the regulators do provide red flags to help sensitize firms to the signs of fraud, the busy routine of life often gets in the way. That funny email or strange document often does not get the second look that it deserves.

 

What This Means For You

Pressure is on and regulators, both SEC and FINRA, are keeping the pressure on senior executives of firms. While high-profile enforcement actions against CEOs and chief compliance officers have not been commonplace in the past, expect that trend to change. And because these actions are rare, each such matter is discussed and dissected by the entire compliance community. Word spreads quickly, and if one compliance department makes a significant change, firms of similar size and model will typically follow suit.

Not only does compliance pressure put all employees and officers of a firm under an even more detailed microscope, it also makes operating a broker-dealer or RIA firm more expensive. Some firms will find they can't continue on alone. Tom Sboto, managing director of mergers and acquisitions at independent broker-dealer First Allied Securities in San Diego, says, "Many broker-dealers have been more open to discussing a possible merger or acquisition with First Allied because their margins are eroding and the cost of doing business is increasing."

Leaving aside the potential for more mergers and acquisitions, financial professionals can expect daily routines at work to change thanks to stricter compliance rules. Certainly registered representatives or advisors whose U4s contain any red flags should expect significant compliance and regulatory interest in everything they're doing.

Heightened oversight won't be limited just to the workplace, either. A financial professional's personal life could be fair game for review because of the monumental damage that can occur if he takes advantage of the trust that people place in him.

Only time will tell exactly how much the recent enforcement cases will reshape the compliance audit process. However, what's clear is that firms and financial professionals who don't have a good grasp of their compliance obligations are increasingly going to find themselves subject to disciplinary actions or even termination. And because regulators have demonstrated a willingness to hold top-level executives responsible for misdeeds committed by those they were supposed to be supervising, you can be sure heads of firms and of compliance are going to be watching everyone they work with closely - very closely - in the years to come.

 

 

Jennifer Woods Burke is a Jersey City, N.J., securities attorney and the founder of compliance consulting firm CompliGuide.

For reprint and licensing requests for this article, click here.
MORE FROM FINANCIAL PLANNING