FINRA Censures and Fines Securities America Over Outsourced Onboarding

March 2, 2021

BrokeAndBroker.com Blog publisher, Bill Singer, is no fan of Wall Street's version of self regulation, as spearheaded by the Financial Industry Regulatory Authority ("FINRA"). At best, FINRA comes off as a glorified trade group on steroids; at worst, as a lap dog for its larger member firms. Pointedly, the industry's small fry -- the mom-and-pop brokerages and their hundreds of thousands of associated persons -- never quite seem to get the mercy, the benefit of the doubt, or the concessions that seem afforded to the industry's big fish. In today's featured FINRA regulatory settlement, it could be that FINRA has pulled its punches because of Covid. It could be that what's a "relevant" prior disciplinary history is open to broad interpretation. Maybe FINRA got it right and Bill is being overly sensitive. So . . . why don't you take a smell and see if you would eat this sushi?

Case In Point

For the purpose of proposing a settlement of rule violations alleged by the Financial Industry Regulatory Authority ("FINRA"), without admitting or denying the findings, prior to a regulatory hearing, and without an adjudication of any issue, Securities America, Inc. submitted a Letter of Acceptance, Waiver and Consent ("AWC"), which FINRA accepted. In the Matter of Securities America, Inc., Respondent (FINRA AWC 2019064323201 / February 23, 2021) (the "Securities America 2021 AWC") https://www.finra.org/sites/default/files/fda_documents/2019064323201
%20Securities%20America%2C%20Inc.%20CRD%2010205%20AWC%20va.pdf

The AWC alleges that Securities America has been a FINRA member firm since 1981 with about 4,170 registered persons at 2,440 branches. The AWC alleges that Securities America "does not have any relevant disciplinary history." 

Third-Party Vendor

In pertinent part, the Securities America 2021 AWC alleges that 

In June 2017, Securities America contracted with a third-party vendor to provide assistance to recruited registered representatives who had agreed to join the firm but were still registered through their prior firms. Securities America understood that the vendor would collect information about the recruited representatives' customers, including nonpublic personal information such as customers' social security numbers, driver's license numbers, and birth dates, as well as information pertaining to their financial position (account numbers, annual incomes, and net worth, etc.). Securities America employees arranged and participated in conference calls between the vendor and the recruited representatives, and provided recruited representatives with guidance about how to interface with the vendor to collect customer information. Once a recruited representative became registered through Securities America, the vendor used the customers' information to automatically pre-populate new account forms.

Between November 2018 and September 2019, 12 representatives joined Securities America from other broker-dealers whose privacy policies did not authorize customer nonpublic personal information to be disclosed to a non-affiliated third party in the event that the customer's registered representative joined a new broker-dealer. Securities America knew that these broker-dealers' privacy policies did not authorize the disclosure of customers' nonpublic personal information. But, despite knowing that, Securities America introduced these 12 recruited representatives to the third-party vendor so that their customers' nonpublic personal information could be collected. 

Securities America also knew that these representatives thereafter, in fact, took nonpublic personal customer information from their broker-dealers and disclosed it to the vendor. Securities America's arrangement with the third-party vendor resulted in these 12 recruited representatives taking nonpublic personal customer information from their broker-dealers and disclosing it to the vendor during the relevant period. In so doing, Securities America caused the other broker-dealers to violate Regulation S-P. 

Sanctions

In accordance with the terms of the AWC, FINRA found that Securities America violated FINRA Rule 2010, and the self regulator imposed upon Securities America a Censure and $125,000 fine.

Bill Singer's Comment

NASD NTM 05-48

Way back in July 2005, the old NASD (FINRA's predecessor) issued "Outsourcing / Members' Responsibilities When Outsourcing Activities to Third-Party Service Providers" (NASD Notice to Members 05-48 / July 2005) 
https://www.finra.org/sites/default/files/NoticeDocument/p014735.pdf
Pointedly, NASD NTM 05-48 admonishes that [Ed: footnotes omitted]:

B. Supervisory and Compliance Activities 

NASD has noted in previous guidance that the ultimate responsibility for supervision lies with the member. Accordingly, a member may never contract its supervisory and compliance activities away from its direct control. This prohibition, however, does not preclude a member from outsourcing certain activities that support the performance of its supervisory and compliance responsibilities. For example, a member may implement a supervisory system designed by another party, which could include a computer software program that detects excessive trading in customer accounts. However, if a member chooses to implement such a system, it must make its own determination that the system implemented is current and reasonably designed to achieve compliance as required under Rule 3010. This may include, for example, monitoring the system to ensure that it functions as designed and that such design is of an adequate nature and breadth.

For many routine aspects of a FINRA member firm's compliance and operational roles, outsourcing is an acceptable option provided that the third-party is capable and someone in-house is detailed with oversight. Unfortunately, some firms resort to an outside vendor as a way to cut compliance costs and, cynically, to shift the blame in the event something goes amiss - - the old CYA. All of which underscores NASD's and now FINRA's warning that "a member may never contract its supervisory and compliance activities away from its direct control." 

12 Reps and NPI

During parts of 2018 and 2019, the Securities America 2021 AWC alleges that 12 reps joined that firm, and, pointedly, "Securities America knew that these broker-dealers' privacy policies did not authorize the disclosure of customers' nonpublic personal information. But, despite knowing that, Securities America introduced these 12 recruited representatives to the third-party vendor so that their customers' nonpublic personal information could be collected." As further noted in the AWC, Securities America made a decision to retain a third-party "to provide assistance to recruited registered representatives who had agreed to join the firm but were still registered through their prior firms." 

As such, the Securities America 2021 AWC asserts that in addition to Securities America knowing, upfront, that the 12 reps were coming from firms that did not authorize their use of NPI, "Securities America also knew that these representatives thereafter, in fact, took nonpublic personal customer information from their broker-dealers and disclosed it to the vendor."  In my opinion, this is exactly the kind of oversight that should have been retained in-house Securities America or any similarly situated FINRA member firm. If nothing else, the fact pattern invigorates that 2005 NASD NTM warning about how "a member may never contract its supervisory and compliance activities away from its direct control."

A Slap and a Fine -- no more?

Given those facts, FINRA's settlement with Securities America comes off as quite generous, to my way of thinking. Beyond the slap-on-the-wrist of a Censure, about all the oomph FINRA exerted was a $125,000 fine. 

Where in the AWC is the requirement or undertaking for Securities America to rein in its outsourcing during the onboarding process?  

Why doesn't the AWC make more of the fact that Securities America allegedly "knew" that the 12 reps had taken NPI from their former firms?  

With an AWC of this ilk, FINRA almost always requires the retention of an independent compliance consultant via the much-vaunted "undertaking," whereby a consultant  prepares some kind of report about how this shouldn't have happened, here's what I'm recommending to ensure that it won't happen again, and, now that the bad little boy stood in the time-out corner for five minutes, can he have a cookie?

A Matter of Relevance

The 2021 AWC asserts that Securities America "does not have any relevant disciplinary history." 

Really? 

No relevant prior disciplinary history at all? 

And by what FINRA guidelines was that determination made? 

52 Final Regulatory Events on BrokerCheck

As of March 2, 2021, FINRA's online BrokerCheck discloses that Securities America has 52 "Final" regulatory events. Of those 52 final regulatory events, the oldest goes back to 1992 and the most recent (other than the 2021 AWC cited in this article) is In the Matter of Securities America, Inc., Respondent (FINRA AWC 2016048243101 / September 7, 2018) (the "Securities America 2018 AWC")
https://www.finra.org/sites/default/files/fda_documents/2016048243101
%20Securities%20America%2C%20Inc.%20CRD%2010205
%20AWC%20va%20%282019-1563443361036%29.pdfdated

In the Securities America 2018 AWC, FINRA imposed upon Securities America a Censure and $175,000. As set forth in the 2018 AWC's "Overview":

Between August 4, 2014 and January 28, 2016 (the "Relevant Period"), SAl failed to establish, maintain and enforce a supervisory system and written supervisory procedures reasonably designed to ensure that representatives' recommendations of variable annuities complied with applicable securities laws and regulations and FINRA Rules. As a result, SAI violated FINRA Rules 2330(d), and (e), NASD Rule 3010 (for conduct before December 1, 2014), FINRA Rule 3110 (for conduct on and after December 1, 2014) and FINRA Rule 2010.  

How could the failed supervisory system cited in the Securities America 2018 AWC not be a prior, relevant issue for disclosure in the Securities America 2021 AWC?  

I admit that the Securities America 2018 AWC involved recommendations of variable annuities and the 2021 AWC involved the onboarding of new reps BUT the underlying failure was that Securities America did not maintain and enforce a supervisory system satisfactory to FINRA -- that's not my conclusion but, to the contrary, the allegations of FINRA in both the 2018 and the 2021 AWCs. Notably, both AWCs alleged violations of the same FINRA Rule 2010. 

You may argue that in the Securities America 2021 AWC, the issue was that Securities America "caused the other broker-dealers to violate Regulation S-P" and that then triggered the Rule 2010 violation. In contrast, you could point out that the Securities America 2018 AWC involved a failure of supervision, which triggered the Rule 2010 violation. Argue that distinction all you want. You won't convince me. The core issue in the 2021 AWC is NOT what went on at the third-party vendor but whether Securities America had an obligation to monitor -- to supervise -- that outside party's conduct and to maintain reasonable oversight of its onboarding process. 

As I often note, FINRA has a very odd sense of what is and what isn't a prior "relevant" disciplinary history. See, for example: "For FINRA, Relevant Is A Large Gray Pachyderm" (BrokeAndBroker.com Blog /  September 9, 2020) http://www.brokeandbroker.com/5401/finra-relevant-wells-fargo/

A Failure to Err on the Side of Caution

One would think that FINRA might really want to err on the side of extra caution when deeming what is or is not a prior, relevant disciplinary history when, for example, the signatory for a Respondent is also a member of any number of FINRA subcommittees, committees, panels, or boards. You know, that old line about how Caesar's wife must be above suspicion. 

In the case of the 2021 Securities America AWC, I note that the settlement agreement is dated February 12, 2021, and signed on behalf of the FINRA member firm by James D. Nagengast, who is the Chief Executive Officer and President of the company. Mr. Nagengast is one of 10 "Industry Governors" on FINRA's Board of Governors. See: "FINRA Announces Results of Governor Elections / Firms Elect Wendy Lanton as Small Firm Governor, Re-Elect Jim Nagengast as Large Firm Governor" (FINRA News Release / August 7, 2020) https://www.finra.org/media-center/newsreleases/2020/finra-announces-results-governor-elections  As noted in part in the 2020 FINRA News Release:

Nagengast has served on FINRA's Board since 2018, when he was elected by large firms via a special election to fill a Large Firm Governor vacancy. He currently serves on the Board's Finance, Operations and Technology Committee, and its Regulatory Operations Oversight Committee. Nagengast joined Securities America - - an Omaha, Neb.-based independent investment advisory and brokerage firm -- in 1994, and served as Chief Financial Officer, Chief Operating Officer and President before being named CEO in 2010. . . .

Oh my, someone at FINRA should have flagged the 2021 Securities America AWC to make sure that the regulator didn't inadvertently put itself or Governor Nagenast in an awkward position. Too late for that now.