2016 SEC Actions - Key Cases

Welcome and thank you for joining today's webinar hosted by me Joe Boyhan of MCO and Brian Rubin and Adam Pollet of Eversheds Sutherland. With that I'll hand you over to me co-hosts.

So now we'll be talking about some of the key cases primarily focusing on broker dealer investment advisors. Let's go to the next slide please. So this is an example of the SEC using big data and there have been some speeches about big data. The SEC brought a case against a firm, assessed a $6 million penalty, and disgorgements and pre-judgment interests of more than     $9 million.

In this case, the firm failed to develop and implement policies and procedures reasonably designed to educate and train its reps in connection with the sale of reverse convertible notes, or RCNs so that they could form a reasonable basis to make  suitable recommendations. The firm sold about $548 million of the RCNs to 8,700 relatively inexperienced retail customers. These are complex products that featured embedded derivatives.

Because of the lack of adequate education training, the SEC found that certain reps made unsuitable recommendations. The SEC charged the firm with program-wide violations rather than finding unsuitable sales for particular customers and that's where the big data issue comes into play. The take-aways here are first while RCNs and other complex products aren't per se unsuitable, this case shows that broker dealers have to adequately train their sales force to deal with suitability issues with regard to their customers and particularly customers with limited experience or lower net worth or income.

Second the case demonstrates the SEC is becoming more sophisticated, focusing on harnessing big data to build enforcement cases and it's possible that there could be future unsuitability cases based just on data. Interestingly, FINRA has brought similar cases charging that firms had inadequate supervisory procedures rather than looking at individual suitability for each customer and we'll see some examples of that with regard to variable annuities.

Next slide please, on conflicts of interest. This is a big area and we've seen a number of enforcement actions here. The first one highlights an interesting case where the commission overturned an ALJ's decision to dismiss charges against a small investment advisor and two of its principals. There was a lot of press when the respondents initially beat the SEC at trial but then the Division of Enforcement appealed to the full commission.

The SEC alleged that the IA sales disclosed to its clients that it received compensation from its custodian for maintaining client assets in certain mutual funds. The firm's ADV stated that the firm may "receive compensation that presents a conflict of interest and announced our compliance consultant advised the firm that its disclosures were sufficient." Despite the testimony of the firm's principals who believed that the fees were fully disclosed and that there was no actual evidence of knowing or reckless deception, the commission found that the conduct demonstrated a clear failure to fulfill the disclosure obligations and the case is currently on appeal to the DC Circuit.

The take-aways here are first that the SEC will charge a firm for marginal conflicts even where there's no evidence of harm. Second, the SEC found that individuals caused the violation on behalf of the advisor and we're seeing this pop up more and more where the SEC is charging individuals for the firm's violations. Then third, advisors have to be careful if they aren't disclosing all sources of compensation or potential compensation in their form ADVs that might lead to potential or actual conflicts and the use of the may language is often a concern to the SEC as well.

Brian, you wrote an article about another important issue from the case, "The Reliance on Compliance Consultants as a Defense". Can you elaborate on that?

Yeah, we've written a couple of articles. One of them used the musical "Alexander Hamilton" as a theme and it was called "Not Throwing Away Your Shot Relying on Compliance Consultants to Defend Regulatory Actions". In it we wrote that even though the SEC rejected in that case a reliance on compliance consultant as a defense, there are ways to argue it more effectively and some things that advisors should think about is first documenting specifically what they told their consultants, second documenting the advice that they received, and then third demonstrating how they implemented that advice. If you do that, you'll have a much stronger position than respondents did in the other case.

Just quickly, there's another conflict of interest case where the firm failed to disclose payments it received for putting clients into certain mutual funds. Then there have been a few cases and there will be several more that are already in the works where IARs invested clients in shares that paid 12b-1 fees where the clients were eligible to invest in shares without such fees. The I shares are institutional shares. So if any firms have not focused specifically on 12b-blue sheets and advisory accounts you should do that because the SEC is looking at that a lot.

The other take-away is as I mentioned before, the SEC is focused on conflicts of interests and so is FINRA so it makes sense that that is something the firm should be looking at.

Next topic is cyber security. There was a firm agreed to pay a million dollar penalty to settle allegations that it failed to protect customer information and didn't have adequate policies and procedures to protect that information. In that case, the firm allegedly didn't properly restrict access to customer data based on legitimate business needs and the firm failed to test for proper authorization of that access. As a result, some of the customer information was hacked and then offered for sale on line. The former employee who downloaded some of the customer data to his server at home was actually criminally convicted.

So the take-away here as Andrew Ceresney the former Director of Enforcement of the SEC said, "Data security is a critically important aspect of investor protection. You expect SEC registrants to have policies and procedures that are reasonably designed to protect customer information." Just having policies and procedures alone isn't going to be enough. Firms should consider testing, auditing, and monitoring them as well.

Cyber security and other related issues that surround it are growing in importance and we can expect to see a lot more of these type of cases going forward.