HSBC Securities Settlement Raises Questions About FINRA Examinations

July 5, 2017

When the self-regulation of Wall Street works, it is a partnership between the regulated and regulator with all parties buying into the core principle that a fairly regulated industry redounds to the ultimate benefit of all participants. Sadly, that's a tough sell. Those who are regulated always chafe under the collar, no matter the industry and no matter the fairness of those who regulate. It's just a given that such tension is inherent in any regulatory dynamic. On the other hand, those who regulate too often view the industries that they police as a den of thieves and the men and women who work there as the enemy. That too is inbred within the regulatory system.

The result of such myopia is that those who are regulated often hide their mistakes in a desire to avoid fines and negative publicity: which has the unfortunate result of transforming a relatively minor problem into a disaster of epic proportions. Similarly, regulatory organizations seem to metastasize into ineffective bureaucracies incapable of the flexibility that best puts out brush fires before they become conflagrations. In the end, this unhealthy breeding ground of mistrust and distrust encourages really bad players to knowingly hide in the shadows where they are often ignored until a firm blows up and investors are fleeced out of their savings. Blog publisher Bill Singer came across a somewhat mundane FINRA regulatory settlement with HSBC Securities. Bill applauds FINRA's efforts and is fully on board with its findings and sanctions. On the other hand, Bill also pokes around and shows us some aspects of this settlement that should concern us and prompt more reform at FINRA.

Case In Point

For the purpose of proposing a settlement of rule violations alleged by the Financial Industry Regulatory Authority ("FINRA"), without admitting or denying the findings, prior to a regulatory hearing, and without an adjudication of any issue, HSBC Securities (USA), Inc. submitted a Letter of Acceptance, Waiver and Consent ("AWC"), which FINRA accepted. In the Matter of HSBC Securities (USA), Inc., Respondent (AWC 2017053137201, June 30, 2017).

The AWC characterizes HSBC Securities as a FINRA member since 1987 with about 1,720 registered representatives and 252 branch offices. The AWC asserts that "The Firm has no relevant disciplinary history."

SIDE BAR: Read about the variations in FINRA AWCs pertaining to the presentation of a respondent's background: "FINRA's Foolish Inconsistency" ( Blog, June 9, 2017).

WORM Format

The AWC asserts that during the relevant period since May 2003, HSBC Securities failed to retain in write-once-read-many ("WORM") format records relating to approximately 12.36 million transactions in preferred exchange traded funds, equities and fixed income products. That alleged failure to properly maintain electronic broker-dealer records purportedly affected such records as the firm's general ledger, certain internal audit records, risk management control records, unusual activity reports and certain policy manuals. FINRA deemed HSBC Securities conduct to constitute violations of Exchange Act Rule 17a-4(f)(2)(ii), NASD Rules 3110 and 2110, and FINRA Rules 4511 and 2010.

90-day Notice of Vendor

The AWC further asserts that HSBC Securities failed to provide the requisite 90-day-notice under Exchange Act Rule 17a-4(f)(2)(i), which required the firm to notify its designated examining authority FINRA prior to retaining a vendor to provide electronic storage. FINRA deemed HSBC's conduct to constitute violations of Exchange Act Rule 17a-4(f)(2)(i), NASD Rules 3110 and 2110, and FINRA Rules 4511 and 2010.

The WORM Turns

During the relevant period from May 2003, the AWC asserts that HSBC Securities failed to have in place an audit system for the records that were not properly maintained in WORM format. FINRA deemed HSBC Securities' conduct to constitute violations of Exchange Act Rule 17a-4(f)(3)(v), NASD Rules 3110 and 2110, and FINRA Rules 4511 and 2010.

Bill Singer's Comment: Truly, I hate this type of regulatory double-dip. I take no issue with charging the member firm for failing to maintain its electronic records as required. That's a fair allegation and one that should be enforced. Also, I have no issue with requiring timely notice of a firm's retention of an outside vendor. Again, I get the rationale and support it. On the other hand, does FINRA really need to don the old belt and suspenders and further charge HSBC Securities with failing to have an audit system to catch its failure to properly maintain records? Such over-charging only undermines the entire system. Just because you can do something doesn't mean you have to.

Vendor Attestation

The AWC asserts that in some instances during the relevant period starting in May 2003, HSBC Securities failed to obtain the requisite undertaking from its vendor that said third-party will provide required electronic storage media records to the SEC, FINRA, or other regulator in the event that HSBC Securities is unable to provide such records. FINRA deemed that HSBC Securities' conduct constituted violations of Exchange Act Rule 17a-4(f)(3)(vii), NASD Rules 3110 and 2110, and FINRA Rules 4511 and 2010.

Supervisory System

During the relevant period starting in May 2003, the AWC asserts that HSBC Securities' Written Supervisory Procedures ("WSPs") failed to specify how the firm would supervise its compliance with Exchange Act record retention requirements. FINRA deemed HSBC Securities' conduct to constitute violations of NASD Rules 3010(b) and 2110, and FINRA Rules 3110(b) and 2010.


In accordance with the terms of the AWC, FINRA imposed upon HSBC Securities a Censure and $1.5 million fine. Additionally, the firm undertook to review its policies and procedures and to inform FiNRA of its proposed remedial measures within 60-days of the AWC. Thereafter, the firm's Chief Compliance Officer will certify in writing the adoption and implementation of FINRA approved compliance policies and procedures.

Bill Singer's Comment

57 Priors

Here we go again with FINRA's nonsense about disclosable regulatory history -- and more to the point, so-called "relevant" history. 

Online FINRA BrokerCheck records as of July 5, 2017, disclose under the heading "Regulatory - Final" 57 records. Is FINRA asserting that someone read through each and every one of the 57 posted regulatory matters and concluded that not a single one was "relevant" prior disciplinary history? I note the following two matters are prominently featured in FINRA press releases:

Seems to me that if we're talking about inadequate WSPs that such a failure would cover a host of supervisory issues, some of which appear involved in many of the 57 regulatory matters disclosed on BrokerCheck. Similarly, since the AWC points a finger at the retention of electronic records, such a shortcoming would likely be relevant to many issues involving the recording of orders and the retention of trade data. Who exactly is it at FINRA that is mandated to parse through a member firm's regulatory history and decide what is relevant and what is not? Exactly where in FINRA's rules are the guidelines for discerning what is to be deemed "relevant" and by whom ?

As Time Goes By

Finally, consider this extract from the AWC: 


Over the past decade, the volume of sensitive financial data stored electronically by broker-dealers has risen exponentially. These broker-dealer electronic records must be complete and accurate, not only to assist FINRA and other regulators in their efforts to protect investors through periodic examinations, but also to ensure member firms can carry out their audit functions. Recent years also have seen increasingly aggressive attempts to hack into electronic data repositories, enhancing the need for firms to keep these records in WORM format . . .

Next, let's consider this extract from the AWC:

From May 2003 to the present (the "Relevant Period"), the Firm failed to maintain electronic broker-dealer records in non-erasable and non-rewritable format, known as WORM format, as required by . . .

FINRA is asserting in the HSBC Securities AWC that from about 2007 to the present ("over the past decade") that there has been a rise in the volume of electronically-stored financial data. Moreover, FINRA acknowledges the dangers of increasing incidents of hacking.

We start with a FINRA member firm with 57 final regulatory records -- apparently none of which the self-regulatory organization considered "relevant" to its most recent disciplinary settlement with that same member firm. Next, FINRA states that since 2007, it has a heightened concern about the manner in which financial data is electronically stored. Finally, FINRA asserts that HSBC Securities failed to maintain certain WORM records since 2003 -- a date reaching back some 14 years. I make no excuses for HSBC Securities and fully respect FINRA's regulatory concerns and sanctions. That being said, more than a few questions come to mind:

Are we really to believe that HSBC Securities' WSPs became inadequate overnight? 

Are we to to buy into the fantasy that for 14 years FINRA Staff was unable to uncover any evidence that an outside third-party vendor was retained to provide electronic storage services?

Did a FINRA examiner ever ask the member firm to provide an annual list of all third-party vendors used for electronic record storage and compare those names to all 90-day notifications?

Did FINRA request an annual, sample production from all third-parties handling electronic records -- sort of like the test page that we get from that $99 Wi-Fi-enabled printer on our desk?

Has the regulation of Wall Street come down to nothing more than don't-ask-don't-tell?

Why are FINRA members shouldering the huge financial burden of paying the salaries of regulatory staff if the job is nothing more than reading toe-tags at the morgue?