Sonny Corleone At the Toll Booth: A Study of a FINRA Email Review Settlement

April 16, 2019

There are times when Wall Street's so-called self regulation seems like a toll road, where you drive up to the toll booth on a nice sunny day, hand the guy a bill, and wait for your change. Then the damn toll collector disappears. You're getting impatient because he owes you, but, hey, what's with that car backing up in front of you and who are all those guys with fedoras and machine guns? Uh oh, this ain't gonna end well.

Case In Point

For the purpose of proposing a settlement of rule violations alleged by the Financial Industry Regulatory Authority ("FINRA"), without admitting or denying the findings, prior to a regulatory hearing, and without an adjudication of any issue, Wilson-Davis & Co., Inc. submitted a Letter of Acceptance, Waiver and Consent ("AWC"), which FINRA accepted. In the Matter of Wilson-Davis & Co., Inc., Respondent (FINRA AWC 2014042949704, April 12, 2019)

The AWC asserts that Wilson-Davis has been a FINRA member firm since 1968, has about 36 registered representatives, and "trades mostly low-priced securities for its customers and in its own account." The AWC asserts that the "firm does not have any relevant disciplinary history."

SIDE BAR: According to FINRA's online BrokerCheck records as of April 16, 2019, Wilson-Davis & Co., Inc. has the following "Regulatory Events": 
  • 1 "Pending," 
  • 51 "Final," and 
  • 1 "On Appeal." 
The "Pending" matter is a 1985 North Carolina Securities Division Cease-and-Desist Order, and BrokerCheck states, in part, that the firm and its named agents "requested and have been granted a hearing, and this matter is therefore pending a hearing in the State of North Carolina." So . . . that's been pending for 34 years?  

As to the regulatory event "On Appeal," that is listed as FINRA Department of Enforcement, Complainant, v. Wilson-Davis & CO., Inc., James C. Snow, and Byron B. Barkley, Respondents (FINRA Office of Hearing Officers Exgtended Hearing Panel Decision, Disc. Proc. No. 2012032731802 / February 27, 2018). As set forth in the OHO Decision's "Syllabus":

Respondent Wilson-Davis & Co. is fined $1,170,000 and ordered to disgorge $51,624 for improper short sales. For its failure to supervise and implement adequate AML procedures, Wilson-Davis is fined an additional $300,000, while Respondents James Snow and Byron Barkley are fined $140,000 and $115,000, respectively, and both are suspended for one year and ordered to requalify before re-entering the industry. 

So . . . lemme see if I got this. FINRA's AWC states that its member firm Wilson-Davis "does not have any relevant disciplinary history." No relevant history??? FINRA's online BrokerCheck records disclose that the firm has 53 "regulatory events." All of which prompts me to wonder just what the hell FINRA means by "relevant," who at FINRA makes that determination, and what the guidelines are for determining whether something is a "relevant disciplinary history." 

One Thing Leads to Another

The 2019 AWC asserts that in October 2014, FINRA began an investigation of a former representative (who is not named in the AWC) of Wilson-Davis, during which time the regulator obtained emails sent and received by the rep. FINRA's email review apparently prompted a follow-up review of the member firm, which appears to have concluded with the instant settlement.

Review and Retention

The AWC alleges that during the relevant period from January 2013 through August 2013, Wilson-Davis's written supervisory procedures ("WSPs") stated that "electronic communications are subject to review and retention;" however, the WSPs failed to describe:
  • the type or scope of review,
  • how often the reviews would occur, and 
  • who at the firm was responsible for conducting the review.
Notwithstanding the allegedly deficient WSPs, the AWC concedes that Wilson-Davis's President and Chief Compliance Officer (referred to in the AWC only as "JS") performed email  reviews during the relevant period. As set forth in the AWC:

[I]n alternate weeks, JS reviewed either:

(a) 100 emails selected randomly by the firm's email vendor, or 

(b) messages flagged by the email system as containing a suspicious word or phrase from a lexicon of 24 search terms created by the firm.

Not Reasonable

Apparently, FINRA didn't think much of Wilson-Davis's alternate-weeks-reviews.  Pointedly, the AWC alleged that the number of reviewed emails did not constitute a reasonable amount of the firm's overall electronic communications, and did not take into account the individuals, branch offices, departments, or business units generating the correspondence. Similarly, the AWC alleges that [Ed: footnote omitted]:

The firm's lexicon-based review was also not reasonable. The firm contacted its email provider to discuss appropriate lexicon search terms and selected 24 search terms that would "flag" an email for a principal review. Collectively, these search terms were not comprehensive enough to yield a meaningful sample of flagged communications. Moreover, the lexicon was not based on an assessment of risk areas at the firm, nor was it reasonably tailored to the firm's size, structure and business model. As a result, most the search terms resulted in an unreasonably small number of emails flagged for review. Further, two search terms generated the vast majority of the flagged emails, and at least one of those terms was ineffective because it resulted in an unreasonably high percentage of "false positives." Despite the obvious indications that the firm's lexicon system was not reasonably designed, the firm did not evaluate the efficacy or make any changes to its lexicon system during the entire Relevant Period.


FINRA deemed Wilson-Davis's cited conduct as in violation of NASD Conduct Rule 3010(a), (b), and (d), and FINRA Rule 2010. In accordance with the terms of the AWC, FINRA imposed upon Wilson-Davis a $32,500 fine and a Censure.

Bill Singer's Comment

Oddly missing from the AWC is any sense as to the scope of Wilson-Davis's purported failed oversight. Did FINRA catch 100, 1,000, 10,000, 100,000 emails that were not reviewed by the firm but should have been? Was there any common issue or word in those un-reviewed emails that proved FINRA's contention that the member firm dropped the ball in an unreasonable manner? If the firm had engaged in "reasonable" email reviews, what is it that FINRA contends would have been prevented or discovered? This AWC comes off a a tad too conjectural for me. The lack of written procedures and/or the inarticulate nature of what was written, is fair game. That much of FINRA's case I get. As to what the firm did, and why that wasn't reasonable (notwithstanding the absence of reasonable WSPs), that I'm struggling with.

In making its allegations about Wilson-Davis's allegedly non-compliant "random selection" and lexicon, the AWC cites to "FINRA Provides Guidance Regarding the Review and Supervision of Electronic Communications" (FINRA Regulatory Notice 07-59, December 2007) To better understand FINRA's perspective on what constitutes an acceptable "random review" of emails, consider this section of NTM 07-59:

Lexicon-Based Reviews of Electronic Correspondence - Members using lexicon-based reviews (those based on sensitive words or phrases, the presence of which may signal problematic communications) of correspondence should utilize an appropriate lexicon, take reasonable security measures to keep the list confidential and periodically evaluate the efficacy of the lexicon. Members must make informed decisions regarding how best to utilize the surveillance tools they have chosen. Thus, a member that conducts lexicon-based reviews may determine that it is not necessary to review each and every lexicon "hit" in order to maintain an effective review system. The rationale for such determinations should be maintained as part of the member's policies and procedures. 

Members should also consider regular periodic reviews of the lexicon system to determine whether any changes/updates are necessary, such as adding or deleting phrases and/or words. Members should periodically inquire as to the effectiveness of the system, especially if the system is that of a vendor. Members are responsible for ensuring that the system utilized is functioning properly. As discussed more fully below, if a member does not have confidence in the effectiveness of its lexicon system, a supplemental random review of electronic communications should be considered. 

Members should consider targeted concentrated reviews of employees' emails when warranted (e.g., when concerns are raised in connection with regulatory examination findings, internal audits, customer complaints or regulatory inquiries). 

When assessing the effectiveness of a lexicon-based system, members should consider the following features: 

(a) A meaningful list of phrases and/or words (including industry "jargon") based on the size of the member, its type of business, its customer base and its location (including any branch offices that may require the inclusion of certain foreign language components). The lexicon system should be comprehensive enough to yield a meaningful sample of "flagged" communications. 

(b) Ability to add and delete phrases and words on an ongoing basis.

(c) Ability to review attachments and identify attachments that could circumvent lexicon-based reviews. 

(d) Ability to restrict access to the phrases and/or words that make up the lexicon system. 

(e) Ability to conduct searches that exclude any trailers or disclaimers used by the member, as these trailers or disclaimers often contain sensitive words such as "guarantee" (e.g., "firm does not guarantee") which would "flag" every such email. 

Random Review of Electronic Correspondence - Members may choose to use a reasonable percentage sampling technique, whereby some percentage of the electronic communications generated by the member is reviewed. There is no prescribed minimum or fixed percentage that is required by regulation. However, the amount of electronic communications chosen for review must be reasonable given the circumstances (for example, member size, nature of business, customer base and individual employee circumstances). In this regard, members conducting random reviews may consider factors such as: 

(a) Percentage of Electronic Correspondence Based on a Branch Office, Department or Business Unit - For a branch office, department or business unit, a member could establish a percentage of electronic communications requiring review that is based on its size, type of business, customer base and location (including its sales locations), which includes emails from each individual in that branch office, department or business unit. 

(b) Percentage of Electronic Correspondence for Each Individual - For each individual in a branch office, department or business unit, a member could establish a percentage of emails requiring review based on its size, type of business, supervisory structure (including whether certain locations are supervised remotely), customer base and location including its branch offices. Members should not necessarily limit themselves to reviewing the same percentage of emails for each employee. For example, an individual with disciplinary history or subject to special supervision may warrant a review encompassing a higher percentage of emails

I'm sorry but a lot of the NTM 07-59's commentary comes off as so much regulatory bull-shit. It's hard to escape the feeling that the NTM is intended to be introduced during a FINRA hearing in support of the regulator's pristine 20/20 hindsight -- it all smacks of gotcha regulation. 

Odd, isn't it, that the AWC doesn't indicate the year in which Wilson-Davis's WSPs suddenly became deficient. Let's just pretend, for argument's sake, that this whole email review thing only took on some regulatory urgency about 12 years ago when FINRA published NTM 07-59. As such, when FINRA's examination staff gave Wilson-Davis the once-over in 2007, 2008, 2009, 2010, 2011, and 2012, how come no one from FINRA flagged the WSPs email-review deficiencies? Shouldn't FINRA have at least cited the deficiency during an annual on-site examination before 2013 and given the firm a chance to fix it? 

Going by the AWC's characterization, Wilson-Davis is a small firm with 36 reps. The AWC admonishes that an every-other-week review of "100 emails selected randomly by the firm's email vendor" was unreasonable. And why's that?  How frequent would have been "reasonable?" How many randomly selected emails would have been "reasonable?" What are the appropriate metrics for a firm with only 36 reps? When I rage against the regulatory machine, it's often because that machinery spews out nonsense and double-talk. Let me highlight a few such examples from the NTM:

Members may choose to use a reasonable percentage sampling technique, whereby some percentage of the electronic communications generated by the member is reviewed. 

Oh, sure, that's a big help! Members may choose (not "should" or "must") to use a "reasonable" percentage sampling technique. And what percentage would fall within that reasonable parameter? Well, none other that "some percentage." Some percentage! Some??  Also consider this further guidance from the NTM:

There is no prescribed minimum or fixed percentage that is required by regulation. However, the amount of electronic communications chosen for review must be reasonable . . .

Let me try and rephrase that for y'all. FINRA member firms may choose a reasonable percentage of emails to sample. That "reasonable" percentage is "some" number. FINRA says that there is no "prescribed minimum or fixed percentage" that is reasonable.  If you ponder it all, FINRA is telling its member firms that a reasonable percentage is composed of, well, you know, a "reasonable" percentage. Yeah, big help.

Then there's the whole issue of FINRA's high-dudgeon over Wilson-Davis's lexicon. Apparently, FINRA didn't think the member firm used enough words. Going back to NTM 07-59, let's consider this lovely bit of circular logic:

Members using lexicon-based reviews (those based on sensitive words or phrases, the presence of which may signal problematic communications) of correspondence should utilize an appropriate lexicon . . .

For godsakes, really? Use an "appropriate" lexicon? That's FINRA's guidance? I could go on, as I often do, but, in the end, FINRA comes off as a toll-taker on Wall Street. Member firms drive to the toll-booth, FINRA looks at the model of the car, its age, its color, and at the occupants, and then FINRA makes it up as it goes along and arbitrarily charges what it deems a "reasonable" toll. Should you propose a lesser amount, FINRA will say it's not reasonable. Should you ask what is reasonable and where is the formula for that calculation, the FINRA toll collector suddenly drops from view and, well, you know how that goes:

EB-5 Activity by Immigration Attorneys Lead to Industry Bars. In the Matter of Hui Feng and Law Offices of Feng & Associates, P.C. (SEC Initial Decision)

UniCredit Bank AG Agrees to Plead Guilty for Illegally Processing Transactions in Violation of Iranian Sanctions / UniCredit Group Banks agree to Pay Over $1.3 Billion for Violating Sanctions (DOJ Release)

Sonny Corleone At the Toll Booth: A Study of a FINRA Email Review Settlement ( Blog)

Credit Suisse Prevails in Promissory Note Dispute. In the Matter of the Arbitration Between Neal David Carlson, Claimant, v. Credit Suisse Securities (USA) LLC, Respondent (FINRA Arbitration Decision)

FINRA Arbitration Involves Allegation of Exploitation of Elderly Person. In the Matter of the Arbitration Between Kenneth R. Lieblein, individually and as Trustee of the Kenneth R. Lieblein Revocable Trust U/A/D 10/17/14, and Robin Lieblein, individually, Claimants, v. Herbert J. Sims & Co., Inc. and Larry C. Wolfe , Respondents (FINRA Arbitration Decision)