Chief Compliance Officer Fined and Suspended For Failed Email Review

March 4, 2016

Today's analysis of a Financial Industry Regulatory Authority starts off with a consideration of the shortcomings of a Chief Compliance Officer. The BrokeAndBroker.com Blog considers what happens when a brokerage firm purchases an email review system but, oh well, someone didn't actually do what was required to implement the third-party product. The article ends with an exaltation of Murphy's Law and a bit of rambling and musing by our publisher Bill Singer.

Case In Point

For the purpose of proposing a settlement of rule violations alleged by the Financial Industry Regulatory Authority ("FINRA"), without admitting or denying the findings, prior to a regulatory hearing, and without an adjudication of any issue, Jeffrey Stinnett submitted a Letter of Acceptance, Waiver and Consent ("AWC"), which FINRA accepted. In the Matter of Jeffrey Stinnett, Respondent (AWC  2014039194102, February 23, 2016).

From 2001 until March 2014, Stinnett was associated with FINRA member firm MidAmerica Financial Services, Inc.("MFS").The AWC asserts that he had no prior disciplinary history.

Email Review System

The AWC asserts that from June 2013 through November 2013, Stinnett was MidAmerica Financial Services's Chief Compliance Officer ("CCO"). Among Stinnett's CCO responsibilities was to conduct the firm's email review. The AWC alleges that during the relevant five-month period in 2013 when Stinnett served as CCO, MidAmerica Financial 

used a commercially available system for email archiving and review. If used properly, this system would have allowed MFS to review a randomly selected percentage of all emails to or from the firm's representatives, flag emails containing specific terms for supervisory review, and document those reviews.

The thing about compliance tools, however, is that you have to use them. It's one thing for a FINRA member firm to go out and purchase a high-priced, third-party compliance product with all the bells and whistles but it's quite another thing to read the directions for using the system and then, you know, actually doing the daily tasks that implement whatever it is the firm purchased. In fairly blunt, stark, and terse terms, the AWC alleges that 

Between June 2013 and November 20 I 3, however, Stinnett failed to conduct the required review and failed to ensure that anybody else from MFS did so. Through this conduct, Stinnett violated NASD Conduct Rule 3010(d)(2) and FINRA Rule 2010.

In With The New, Out With The Old Rules

Old NASD Conduct Rule 3010 was replaced in December 2014 by FINRA Rule 3110. As explained in "FINRA Regulatory Notice 14-10: Consolidated Supervision Rules / SEC Approves New Supervision Rules / Effective Date: December 1, 2014" (FINRA, March 2014): 

2. Correspondence and Internal Communications Review 

FINRA Rule 3110(b)(4) (Review of Correspondence and Internal Communications) generally incorporates the substance of NASD Rule 3010(d)(2) (Review of Correspondence) and requires a firm to have supervisory procedures, which are appropriate for the firm's business, size, structure and customers, to review incoming and outgoing written (including electronic) correspondence and internal communications relating to its investment banking or securities business.10 In particular, the supervisory procedures must require the firm's review of (1) incoming and outgoing written (including electronic) correspondence to properly identify and handle in accordance with firm procedures, customer complaints, instructions, funds and securities and communications that are of a subject matter that require review under FINRA rules and federal securities laws; and (2) internal communications to properly identify communications that are of a subject matter that require review under FINRA rules and federal securities laws.11 

The rule also requires that reviews of correspondence and internal communications be conducted by a registered principal and be evidenced in writing, either electronically or on paper. 

Cited Footnotes

10. FINRA Rule 3110(b)(4) and FINRA Rules 3110.06-.08 refer to "correspondence," consistent with FINRA Rule 2210's (Communications with the Public) definition and use of the term "correspondence." 

11. Communications that are of a subject matter that require review under FINRA rules and the federal securities laws include (without limitation): 
* Communications between non-research and research departments concerning a research report's contents (NASD Rule 2711(b)(3) and NYSE Rule 472(b)(3)); 
* Certain communications with the public that require a principal's pre-approva (FINRA Rule 2210); 
* The identification and reporting to FINRA of customer complaints (FINRA Rule 4530) (as further detailed herein, FINRA Rule 3110(b) (5) also affirmatively requires firms to capture, acknowledge and respond to all written (including electronic) customer complaints); and 
* The identification and prior written approval of changes in account name(s) (including related accounts) or designation(s) (including error accounts) regarding customer orders (FINRA Rule 4515).

Sanctions

In accordance with the terms of the AWC, FINRA imposed upon Stinnett a $10,000 fine and a two-month suspension from association with any FINRA broker-dealer in any principal capacity.

Bill Singer's Comment

After my first read of the Stinnett settlement, I was prepared to launch into one of my common complaints about the lack of "content and context" in many FINRA AWCs. Then I realized that FINRA had published a fairly commendable statement of facts -- sometimes there just isn't a need to say more about a given bit of industry misconduct. Stinnett was MFS's CCO for the relatively short span of about five months. Among his tasks was to undertake an ongoing review of his firm's email communications. In order to apparently facilitate the email review process, MFS had purchased a prefabricated monitoring system. 

What FINRA alleges is that Stinnett didn't do jack in terms of personally reviewing the emails at issue. Okay -- frankly, a lot of CCOs don't necessarily get hands-on in discharging all of their compliance duties but, instead, delegate. One thing about Wall Street, if you require some form of compliance oversight, you know that you are going to set off a cascade of "delegations." As explained in the AWC, Stinnett didn't do the job and also failed to ensure that anyone else was reviewing the emails. If you're going to delegate a bit of Wall Street compliance responsibilities,  when you pass the buck, you damn well better make sure that the guy lower down the feeding chain is at least going through the motions. According to FINRA, no one was doing jack.

There's more than a bit of irony in this case. You have a brokerage firm trying to do the right thing compliance-wise. They go out and buy an email review system. The firm has a CCO, and the firm is reasonably entitled to expect that the purchased email system will work and the the CCO will do his job. As many of us in business have sadly learned, our expectations are not always met. If something can go wrong, it will: Murphy's Law.

What's the "takeaway" from this regulatory settlement? Beyond the obvious admonition to a Chief Compliance Officer to do your job and to ensure that all delegated responsibilities are being met, there isn't all that much left on these bones. If nothing else, we are left with a stark reminder that Murphy's Law replete with Singer's Codicils will always come into play; namely:

If something can go wrong, it will; and at the worst time with the worst possible complications and the worst results; and after you try to fix the problem, you will learn at the worst time with the worst possible complications that your efforts caused an exponentially worse disaster than if you had pretended, at first, that you knew nothing about anything, or, as the finger pointing began, you had simply blamed it all on a convenient subordinate, particularly one who recently quit or died.

For example: You decide to save $100 by ordering a bookcase requiring home assembly rather than spending a few bucks more on a finished product that will be shipped assembled. When assembling the Do-It-Yourself bookcase, you spend 1 hour of your time performing the required 100 steps.  After bragging to your spouse about how handy you are and how you saved $100 by doing it yourself, you notice that the six shelves inserted in step #2 are all turned backwards and display a raw wood edge. In order to fix that problem and turn the offending shelves to the correct orientation, you will need to spend 2 hours and work backwards from Step #100 to Step #1. At this point, with bleeding hands and blistered fingers, you will realize that the cheap wood screws are now all stripped, you have no more wood glue, and four hours later, after you pounded the bookcase back together, you realize that the legs you nailed on in step #86 are on the top of the unit because you misread "facing this way" as meaning facing the other way and now, for the first time, you see that the "BOTTOM" of the bookcase is supposed to have the shelf with a notch in the upper right rather than the lower right corner but that shelf is now upside down atop the unit and has legs nailed into it. Amid much cursing, you destroy the DIY bookcase, haul the splintered particle board to the trash room, and order the $100-more-expensive assembled bookcase. Only after entering all the order information and the credit card number and the security number and only after you have to do all this three times because you lost your Internet connection and the order screen froze, after all of that you are informed that the unit you want is no longer available but something that looks about the same is -- at a price of $250 more! You order the $250-more bookcase in brown but they ship it to you in black. Upon attempting to install it, you realize that you forgot to adjust your measurements to allow for the opening of an adjacent closet door and the bookcase is too wide for the space on the wall. Your spouse calls you an idiot.