A recent FINRA regulatory settlement seems to be on sound footing when it comes to citing a member firm for email violations. Then you re-read the fact pattern. And then you try and figure out not so much what the firm did wrong as what FINRA is suggesting it should have done right. And then your head aches. And then your head explodes.
Case In Point
For the purpose of proposing a settlement of rule violations alleged by the Financial Industry Regulatory Authority ("FINRA"), without admitting or denying the findings, prior to a regulatory hearing, and without an adjudication of any issue, Coker & Palmer, Inc. submitted a Letter of Acceptance, Waiver and Consent ("AWC"), which FINRA accepted. In the Matter of Coker & Palmer, Inc., Respondent (AWC 2013035330101, January 15, 2016).
Since 1991, Corker & Palmer has been a FINRA member firm engaging in a general securities business, which generates the largest percentage of revenue from private placement. The AWC asserts that CPI has 34 registered persons operating from four branch offices.
Firm-Sponsored Email Address
The AWC asserts that from the relevant time of August 23, 2010, through October 1, 2012, CPI prohibited its associated person from using personal email addresses for any business-related communications. In furtherance of that policy, CPI provided its associated persons with a CPI-sponsored email address for use in business-related communications; and the firm's written supervisory procedures mandated that all business-related emails were to be run through that address.
Notwithstanding CPI's email policies, the AWC alleges that during the relevant time, the firm permitted four associated persons to maintain and utilize outside email addresses for communications relating to their respective outside businesses, which included investment-advisory, real-estate, and insurance services. Although the firm permitted these four individuals to communicate away from the firm's email address, the AWC asserted that CPI allegedly lacked an effective system or procedure:
During the relevant time, the AWC asserts that the cited outside email addresses were utilized for communications relating to CPI business, but CPI did not preserve, maintain, or timely review those communications.
The AWC further alleges that from November 1, 2013, through October 31, 2014, CPI failed to establish, maintain, and enforce adequate written procedures relating to its participation in contingency offerings. Namely, the AWC alleges that the firm's contingency-offerings procedures did not address actions that were either required or prohibited in the event that a given contingency offering was subject to a modification of its terms.
Private Placement Due Diligence
From November 1, 2013, through March 31, 2014, the AWC alleges that CPI failed to enforce its written procedures requiring the documentation of the specific details of due diligence conducted by the firm in connection with a private-placement offering. The AWC cites two private-placement offerings in which CPI participated as selling agent but the firm allegedly failed to fully document the details of its due diligence.
Accordingly, FINRA deemed CPI's conduct as related above, constituted violations for:
In accordance with the terms of the AWC, FINRA imposed upon CPI a Censure and $30,000 fine.
Bill Singer's Comment
As best I understand FINRA's email allegations, CPI implemented a policy that required all business-related communications to be run off of its sponsored email address. What prompted the charges of misconduct in this case was that CPI permitted at least four associated persons to engage in communications about their non-brokerage outside business activities (e.g., advisory, insurance, real estate) through personal email addresses. Having given its associates permission to use personal email addresses for communications that did not involve CPI's business, the firm came under FINRA's criticism for failing to ensure that, in fact, those associates were meticulous in not using their personal addresses to communicate about CPI-business-related matters. FINRA's rules, however, seem limited to the use of business-related communications and I am unaware of a blanket regulatory prohibition against anyone using a personal email address for solely personal communications -- if there were, no registered representative would be able to use a Gmail, Yahoo, or other personal email account; yes, there may be limits imposed upon the communications of associated persons with firm customers or restrictions on discussing market-related activity or bans on the use of unapproved devices during business hours, but that's a different proposition.
In terms of FINRA's jurisdiction, the term "business" is normally interpreted as being limited to the "business" of the member firm; for example, a stockbroker at XYZ Broker Dealer communicates with an XYZ customer about a recommended stock purchase or about the balance in the account or about anything involving the business of or the business conducted through XYZ. In the preceding example, such communications should be conducted through an XYZ email address (or firm approved address), which should be monitored and archived by the firm's Compliance Department.
Now, lets consider an XYZ stockbroker who also owns a local pizza shop and wants to communicate with a third-party about some business aspect of that food business. In the regulatory sense of things, the communications about the pizza shop are not "business-related" to XYZ's business or to the stock markets. Under normal circumstances, such a communication would not seem to fall under FINRA regulation or subject to XYZ's supervision (although prior written notice of the outside business activity should have been provided to the member firm).
Essentially, this AWC sanctions CPI for allowing its associated persons the right to do what is not prohibited to them under the rules to begin with. In a technical sense, the four associated persons didn't necessarily need CPI's permission to communicate off of the firm's email address when it came to non-firm-related matters. What then is the email issue in this AWC about? One might argue that the four associated persons abused the "waiver" given to them by CPI by, intentionally or inadvertently, using non-firm email addresses to communicate about firm-related business matters. If that's the case, then charge the individual associated persons but not the member firm. If nothing else, we come away from this AWC with this mind-blowing bit of circular regulatory logic:
CPI gave four associated persons the right to engage in conduct that was not otherwise prohibited. CPI admonished those associated persons to not engage in prohibited conduct. The individuals engaged in the prohibited conduct. FINRA charges CPI with not timely discovering that the individuals were doing what they were prohibited from doing.
Assuming that a FINRA member firm enforces the business-related communications policy, what legal right would such a firm have to demand access to an employee's personal emails? Sure, that could be a precondition of employment and/or you could certainly impose a policy prohibiting the business-day use of non-firm-related email address. If that's where FINRA was going with the CPI AWC, then it would have been helpful for the self-regulator to have taken the opportunity to make that ad hoc pronouncement: We think it a better compliance practice for our member firms to deny the use of any outside, non-firm-related email address by any associated person during that person's business hours.
FINRA gives its member firms the right to engage in conduct that is not otherwise prohibited under its rules. FINRA admonishes its member firms to not engage in prohibited conduct. Some FINRA member firms engage in conduct prohibited under FINRA's rules. The Securities and Exchange Commission charges FINRA with not timely discovering that member firms were doing what they were prohibited from doing.