FINRA's $25,000 Antiviral Guessing Game

December 10, 2012

Norton Antivirus 4.0

For the purpose of proposing a settlement of rule violations alleged by the Financial Industry Regulatory Authority ("FINRA"), without admitting or denying the findings, prior to a regulatory hearing, and without an adjudication of any issue Equity Services, Inc., submitted a Letter of Acceptance, Waiver and Consent ("AWC"), which FINRA accepted. In the Matter of Equity Services, Inc., Respondent (AWC 2010020870401, November 6, 2012).

Equity Services, Inc. has been a registered brokerage since 1969, nestled in lovely Montpelier, VT - not exactly a hotbed of Wall Street securities fraud. Notwithstanding the likely inferences of having a home office in such a bucolic setting, during the relevant period of 2007 through June 1, 2011, Equity Services had an impressive roster of as many as 775 registered representatives spread out over 263 branch offices; in more recent times, those numbers are reduced to under 600 reps and under 200 branch offices of which 27 are Offices of Supervisory Jurisdiction ("OSJs").

The AWC alleged that during the relevant period, although Equity Services  required its registered representatives to maintain antivirus software on their computers, the firm failed to adopt written policies and procedures that:

  1. were reasonably designed to ensure its representatives' compliance with this directive; and
  2. provided for follow-up on potential computer security issues uncovered during branch audits.

Pointedly, the AWC alleged that:

Respondent also did not adopt written policies and procedures providing for follow up on potential computer security issues uncovered during branch audits. Moreover, the firm's written policies and procedures also did not provide for the verification of information provided to it by registered representatives regarding antivirus software use. Further, Respondent did not provide its Office of Supervisory Jurisdiction principals with adequate training or guidance on how to conduct inspections of branch office registered representatives' computers.

Accordingly, the AWC deemed the alleged failures to constitute violations of NASD Conduct Rules 3010 and 2110 and FINRA Rule 2010; and the sanction of a Censure and a $20,000 fine was imposed.

Bill Singer's Comment

Amazin'. FINRA imposes a hefty $25,000 fine and I don't have the faintest idea as to what the firm actually did wrong or, to be a bit less diplomatic, what exactly the self-regulatory organization is actually talking about.

For regulatory settlements to have any value, they must specify with reasonable clarity the underlying misconduct so that industry members can understand what transpired. FINRA should minimally offer some guidance as to what steps could/should have been taken to prevent the cited violations and what better practices are suggested to avoid future recurrences.

What would a compliance officer or manager at one of FINRA's indie/regional firms learn from this Equity Services AWC?  What lessons or warnings are provided to those who supervise at the likes of Merrill LynchMorgan StanleyWells Fargo, UBS, or JP Morgan?  From my perspective: Zippo.  All of which raises the disturbing inference that too much of what passes these days for Wall Street regulation is little more than generating revenue via fines rather that timely detecting and preventing misconduct.

Apparently, there was some snafu with the use of antivirus software at Equity Services.  Frankly, that's an intriguing scenario and I would very much have appreciated some details - and I do mean "some" details in contradistinction to the absence of any substantive facts in this AWC.  Having raised the specter of a problem with antivirus software, what does FINRA tell us happened here or went wrong?

Ah yes, the member firm's written policies and procedures were deficient. Ka-ching.

This AWC wags a finger at a member's failure to reasonably ensure compliance with its directive about antivirus software, which apparently resulted in a violation about something to do with the antiviral program but, gee, we don't exactly know what that was.

Then there's the titillating allegation that Equity Services uncovered "potential" computer security issues during branch audits but failed to follow-up.

Okay, so lemme see if I got this: The firm didn't actually uncover a security issue during its audits but uncovered a "potential" issue and failed to pursue the possible indications that something may have been wrong with something that wasn't actually a problem but could have been but for the fact that it wasn't?

I mean, seriously, y'all at FINRA gotta do a lot better than this when explaining to the industry and the public just what the hell is going on at all those branches and OSJs.