Brian Rubin

Brian is the Washington office leader of Sutherland’s Litigation group and the Administrative Partner in charge of the Securities Enforcement and Litigation Team. Brian previously served as Deputy Chief Counsel of Enforcement at NASD (FINRA) and Senior Enforcement Counsel at the SEC.

We'll just spend a few minutes on some of the bigger and more important SEC cases that have been brought this year so far. I guess I'll talk about the first couple, and then Andrew will talk about the next ones.

Recently, a week or two ago, the SEC brought was I guess its second case dealing with cyber-security since it started the sweep. That was a $1 million penalty against a firm that failed to protect customer information and didn't have adequate policies and procedures. What was interesting about this case, there are a few interesting things. We often think of external bad guys coming in and breaching, and in this case, it was somebody who worked at the firm. He accessed client information, put it on his own personal server, and then hackers accessed the personal server. One thing that firms should be aware of, they should be looking not just against external, different countries or professional hackers, but they also have to be careful of their own employees and their own representatives.

Another issue in this case, and in the previous SEC enforcement action as well, although there was a breach, nothing bad ultimately happened so far that we know of. The information was accessed by bad guys. In other cases in years past, 5, 6, 7 years ago, the SEC brought cases where there were unauthorized trades or there were attempts to steal money from accounts, things like that. In these two cases, there was a breach, and the SEC brought the cases based on a breach.

One of the other takeaways here is that while the firm had policies and procedures and maybe had reasonable systems to some degree, the firm didn't audit and didn't follow up on the policies and procedures that they had. Firms should be careful about monitoring, testing, and auditing to make sure that their systems are doing what they think their systems should be doing. Then the last takeaway is cyber-security cases are alive and well, and we anticipate we'll be seeing a lot more of them in years to come.

The second case dealt with 3 affiliated investment advisors, and they were fined a total of $7.5 million, and more than $2 million of disgorgement. This case dealt with a couple of issues that we think there will be additional enforcement actions on in the coming years. One of them dealt with 12b-1 fees. To the extent firms haven't been focused on 12b-1 fees and advisory accounts, you should focus on it. The SEC's position seems to be that you should be having the lowest cost share class, and you shouldn't be charging 12b-1 fees, so that's something to focus in on. Another issue that this case dealt with was inactive advisory accounts. The SEC's position seems to be that if you're an advisory account, the IARs and the firms have to sort of prove why it makes sense for the clients to be in those accounts, and they're focusing on advisory accounts that don't trade a lot, so the question is why are the clients there, why aren't they trading. Here, they have some monitoring, but it wasn't as robust as the firm thought that it was going to be and as robust as the SEC thought it should be. That's something that firms should be focusing in on.

Although this issue isn't in this case, a related issue is high cash balances in advisory accounts. Firms should be focusing on that. The last issue related to this, again, but not specifically addressed by this case, the SEC has recently been looking at a number of firms to sort of justify why clients are in advisory accounts versus brokerage accounts. A number of firms haven't been focusing on that issue and don't have policies and procedures on that issue; they just think whatever the advisor thinks the client should be in along with the advisor, that is the right account, but the SEC is now coming in saying, "Justify that account, and how is the firm supervising that account?" Firms should be focusing on that issue as well. Andrew, do you want to talk about the next ones?

Sure thing. I'll briefly talk about the other two key SEC cases we highlighted for 2016, and this first one resulted in a $4 million penalty, and this involved advertising issues that the SEC alleged were misleading, and the key focus here was that the firm allegedly said on its website and a few other materials that advisors are compensated based on our clients' performance. The SEC found that that was not the case, that neither salaries or bonuses were tied to client account performance. This statement was used over a 3-year period that the SEC was focused on. What was interesting in this case is that the firm identified an inaccurate statement on 4 separate occasions but did not take the next step to correct it, so that ultimately resulted in a $4 million penalty.

Some takeaways here are that compensation issues are a key focus for regulators, so firms should consider looking into that, and that when red flags and problems are identified, firms should follow up on them promptly. If you realize a mistake's been made, it's always helpful to fix it, and the SEC here focused on that the firm identified this issue 4 times but never fixed it. Ultimately, it probably resulted in a larger penalty.

The fourth case is actually 2 cases involving dark pools. Dark pools are alternative trading systems that are not registered securities exchanges, but it's a private venue that accepts, matches, and executes order. The SEC announced these cases, the New York Attorney General announced parallel action, and this dark pool issue has been a key focus for the SEC in the past few years, and alternative trading systems, and they've got a lot of publicity from even the book "Flash Boys" and this type of issue.

In this case, ultimately the firms paid about $150 million, and that was combined in penalties to the SEC, disgorgement, interest, and also penalties to the New York Attorney General, so a lot of money being paid by these firms in these dark pool cases. There's been quite a few of these dark pool cases, and we expect to see them continue in this place. Generally, the SEC alleged that the firms were not policing the dark pools as they told the investors and participants in the dark pools how they would police them.

Chair White said, "The SEC will continue to shed light on dark pools to better protect investors," and so we expect that to be a continuing focus for the SEC. There's significant regulatory concerns about customer protection in this area, which again lends itself to more and more enforcement actions. We can turn to the next slide.

Read our blog post, "FINRA Fines 2016 - 7 Key Facts"