Decepticons Invade FINRA As Nationwide Email Program Reload Fails

April 10, 2017

In July 2013, mankind lost a battle with our machine overlords when 86 computer servers were subjected to a so-called "standard refresh," and two of those servers turned out to be Decepticons that refused instructions to "properly" reload an email retention and supervision program. As I write these last words from the bunker, I warn you, beware of the FINRA cohorts now embedding themselves in the infrastructure of Wall Street!

Case In Point

For the purpose of proposing a settlement of rule violations alleged by the Financial Industry Regulatory Authority ("FINRA"), without admitting or denying the findings, prior to a regulatory hearing, and without an adjudication of any issue, Nationwide Investment Services Corporation ("NISC") and Nationwide Fund Distributors, LLC ("NFD") submitted a Letter of Acceptance, Waiver and Consent ("AWC"), which FINRA accepted. In the Matter of Nationwide Investment Services Corporation and Nationwide Fund Distributors, LLC, Respondents (AWC 2014041901001, April 4, 2017).


The AWC asserts that NISC and NFD had no prior relevant disciplinary history and under the heading "Background," the AWC asserts that:

NISC has been a member of FINRA since April 15, 1976. Its principal place of business is in Columbus, Ohio. NISC employs approximately 2,131 registered representatives and has 61 branch offices. NISC is a distributor of variable annuities and variable life products for affiliates Nationwide Life Insurance Company and Nationwide Life and Annuity Insurance Company.

NFD is primarily an institutional brokerage with 69 registered representatives and one office in Columbus, Ohio

Bill Singer's Comment: As noted in the above two-paragraph "Background" extract, NISC has been a FINRA member firm since 1976. Not noted in the above two-paragraph extract is whether NFD is or was a FINRA member firm and when said membership began.

Under the heading "Registrations" on Page 12 of FINRA's online BrokerCheck page for NFD is the disclosure that the firm's "Status" is "Approved" with FINRA and the "Date Effective" is "05/01/1990." 

Does a checklist exist whereby FINRA confirms that basic information is disclosed in each and every AWC? You'd sort of think that indicating whether a respondent in a settlement is a member firm (or was) and the relevant dates of such membership would be a perfunctory disclosure. Did anyone at FINRA review this settlement agreement before posting it online?

Don't Put The AWC's Words In My Mouth

Given my role as a critic of FINRA and self-regulation, I want to be meticulous in avoiding the suggestion that I am paraphrasing this AWC in order to make a point. As such, let me offer the following verbatim extract from the AWC:

During a standard server refresh in July of 2013, the email retention and supervision program utilized by Respondents was not properly reloaded on two of 87 email servers. The failure was due to human error. NISC, who maintained and administered the system, first discovered the issue in the spring of 2014 as part of an internal compliance review of emails.

Upon discovery, NISC identified the extent of the issue and took steps to recover emails potentially lost. Despite these efforts, approximately 547,000 emails were lost due to the error between July of 2013 and April of 2014. The emails of 359 representatives from NISC and 9 representatives from NFD were impacted.

By reason of the foregoing, Respondents violated Securities Exchange Act Rule 17a-4, and FINRA Rules 4511 and 2010.


In determining appropriate sanctions, FINRA considered that Respondents self-identified the issue, fully investigated the causes of the retention failure, and self-reported to FINRA, including providing specific details of its investigation.

Respondents corrected the technological deficiencies and implemented significant changes to policies, processes and procedures concerning the review and archiving of emails.


In accordance with the terms of the AWC, FINRA imposed upon the Respondents a Censure and a $65,000 joint and several fine.

Bill Singer's Comment

Word Games

This FINRA settlement is exactly the regulatory garbage that I detest. I hope you appreciate my candor; if not, please feel free to unsubscribe from my blog.

FINRA euphemises the Censure and $65,000 by the less onerous term "sanctions." I'm not going to play make-believe. FINRA has not imposed sanctions upon NISC and NFD. No . . . FINRA has punished both member firms. And for what?

The AWC doesn't assert that the email program didn't reload on two servers but, more precisely, the AWC alleges that the programs didn't properly reload. Might be nice if FINRA fleshed out what the improper reload consisted of and how noticeable that defect was to any reasonable human being and to any reasonable IT staffer. Similarly, while FINRA notes that it took about nine months from July 2013 to April 2014 for the Respondents to discover the improper reload, the AWC should have asserted at what point on the continuum FINRA believes that the error should have been "timely" discovered.

Those of us who have foolishly downloaded an update on our computers or cellphones know all too well about stuff not properly loading. All of a sudden the fonts are displayed differently or icons are ten-times larger than before or nothing works or some programs work but then don't. Both the tech-savvy and the tech-unsavvy have come to accept the inherent unreliability of technology. Programs freeze. Devices crashes. They put counterfeit parts in our computers. Batteries explode.

First, we try the soft reboot. Sometimes that works. Sometimes not. Second, we do a hard reboot after unplugging from the power source. If the first reboot didn't work, we pretty much know the second isn't going to do the job either . . . but still, we hope against hope. Third, after the soft and hard reboots fail, we shake the device with the blue screen, then look aghast at the black screen, then shake some more, then bang the thing on the nearest hard surface, then throw it against a wall, and, finally, as the most-effective, last resort, we log on to through that six-year old back-up device buried on the floor in the closet and order a new computer or cellphone. Of course, that's assuming we remembered the password for the old device.

Hall-of-Fame Numbers

When refreshing 87 servers, the Respondents successfully reloaded the firms' email retention and supervision program on 85 of the computers, which works out to a 97.7% success rate or a 2.3% fail rate. Frankly, that's doesn't particularly strike me as an atrocious pass/fail rate. If my New York Mets were batting .977, I'd be a very happy fan. Put another way, consider this:

Since the mid-1960s, college men's players have made about 69 percent of free throws, the unguarded 15-foot, 1-point shot awarded after a foul. In 1965, the rate was 69 percent. This season, as teams scramble for bids to the N.C.A.A. tournament, it was 68.8. It has dropped as low as 67.1 but never topped 70.

In the National Basketball Association, the average has been roughly 75 percent for more than 50 years. Players in college women's basketball and the W.N.B.A. reached similar plateaus - about equal to the men - and stuck there.

"For Free Throws, 50 Years of Practice Is No Help" (New York Times, March 3, 2009)

The AWC alleges that NISC lost 547,000 emails from 359 NISC representatives and 9 NFD reps. Given the AWC's assertion that NISC employs 2,131 and NFD employs 69 registered representatives, I'm going to do the hard math again and we find that about 17% of NISC's reps and 13% of NFD's reps were involved in this snafu. We're not talking most of the firms' reps and we're not talking about nearly all. 

I'm not going to pretend that over a half-million lost emails is a minor failure but if we take the worst-case scenario and only allocate the lost emails to the 368 reps whose emails were not saved, then we wind up with 1,486 emails per rep; and if you divide that by the nine-month period at issue, that's about 165 per month; and if you divide that by 20 workdays a month, we're talking about the loss of  and about 8.3 daily emails per subject rep. On the other, it's probably a fairer calculation to divide the 547,000 lost emails by the two member firms' total complement of 2,2oo reps. That alternative computation produces about 249 lost emails per rep; that's about 28 emails a month, and that yields about 1.4 lost emails per workday.  I will leave it to your sensibilities to decide where the statistical bright-lines should be drawn; unfortunately, FINRA offers no such guidance.

To Err Is Human, To Forgive Is Not FINRA

The AWC concedes that when the Respondents discovered the improper reload, fully investigated the issue, self-reported all the embarrassing details to FINRA, corrected the deficiencies, and implemented significant new policies.

What did the AWC conclude caused this digital dilemma? Ah yes, let me quote the AWC: The failure was due to human error.

Did someone at NISC or NFD awake one fine day in July 2013 with the intent to cause the improper reload of an email program on 2.3% of the firms' servers? Likely not. What, then, could NISC and/or NFD have reasonably done to detect the improper reload issue any sooner than they had? What helpful advice does FINRA offer to all of its member firms as a way to avoid a recurrence of this problem?

Sadly, as is too often the case, FINRA's AWCs are more about alleging this and asserting that and imposing sanctions than offering anything in the way of an ounce of prevention. This AWC makes FINRA look petty and doctrinaire. Respondents' conduct comes off as likely caused by human error and the inherent unreliability of technology. Is there any point in punishing firms and individuals for such missteps? I think not. If FINRA believes that there was some debugging protocol in widespread use that the Respondents should have followed and that protocol would have sooner detected the reloading failure, then the regulator should have stated that fact in the AWC -- and if an AWC is not the proper vehicle for such education, then issue something on a timely basis. 

Censuring and fining NISC and NFD (based upon the paltry facts presented in the AWC) sends the worst possible message to every FINRA member firm that might encounter any tech glitch. Don't self-report. Don't make a clean breast of what went wrong. Don't revise policies and procedures because such may be viewed as an admission that prior policies and procedures were faulty. No . . . even when NISC and NFD moved quickly and admirably, FINRA still censured both firms and fined them $65,000. If you're a small firm or one of the last human-being supervisors in the biz, keep your mouth shut and hide the problem because a $65,000 fine could bankrupt you.

The Decepticons are not only controlling our machines but they are taking over our regulators. Beware!