In November 2021, FINRA adopted changes to the Regulatory Element component of its Continuing Education (“CE”) rules which, in part, now requires registrants to complete annual CE as opposed to the previous three-year cycle.

The compliance date for the new Marketing Rule is November 4, 2022 (“Compliance Date”). Effective on the Compliance Date, investment advisers may no longer choose to comply with the previous advertising and cash solicitation rules. The SEC staff will be withdrawing certain staff statements related to previous advertising and cash solicitation rules effective on the Compliance Date. Advertisements distributed after the Compliance Date will be subject to the new Marketing Rule. Recently, the SEC published a Risk Alert addressing examinations focusing on the new Marketing Rule.

Topics covered include: Continuing Education Changes, Cybersecurity: Emerging Industry Priorities and Threats, Reg Best Interest: Lessoned Learned, Social Media and the Rise of Finfluencers, Remote Supervision, Communications: Compliance and Current Developments, FINRA’s Examination and Risk Monitoring Program, Vendor Management: Due Diligence and Oversight, Senior and At-Risk Investors, Consolidated Audit Trail (“CAT”), and Alternative Investments and Complex Products.

On December 18, 2020, the Department of Labor (“DOL”) expanded the definition of fiduciary advice under the Employee Retirement Income Security Act (“ERISA”) to include recommendations related to retirement rollovers and IRA investments, including recommendations to a plan participant to rollover assets from a plan to an IRA. The definition was expanded to protect Retirement Investors form conflicts of interest related to compensation surrounding rollovers.

An AWC was issued, and the Firm was censured and fined $55,000 for failing to timely report to Trade Reporting and Compliance Engine (TRACE) transactions in TRACE-eligible corporate debt securities. It was found that reports were late due to several issues at the Firm. These issues included delays related to manually reporting trades involved with foreign affiliates and operational errors. Additionally, the Firms personnel caused delays such as untimely matching of tickets in the Firm’s system and making amendments to trade terms outside of the 15-minute reporting time frame.

The Firm was censured, fined $550,000 and ordered to pay $456,155, plus interest, in restitution to customers. The Firm failed to establish, maintain, and enforce a supervisory system and WSPs designed to achieve compliance with FINRA and the Municipal Securities Rulemaking Board (MSRB) rules related to the firms registered representatives’ recommendations of high yield corporate and municipal bonds. FINRA found the Firm’s policies and procedures did not address suitability factors that should be considered when recommending high-yield bonds.

The 2022 Report on FINRA’s Examination and Risk Monitoring Program was released, providing information to firms that may help update and improve compliance programs. The report covers topics FINRA deems important based on 2021 firm examinations. For each section, FINRA identified relevant rules, key considerations for compliance programs, findings from recent exams, effective practices and helpful resources for firms when reviewing their own procedures and controls related to compliance. FINRA has also identified new topics for firms to monitor for 2022.

On February 9th, 2022, the SEC voted to propose cybersecurity risk management rules for registered investment advisors, registered investment companies and funds. There were also proposed amendments made related to rules that govern investment advisers and fund disclosures.

The Securities and Exchange Commission (“SEC”) advised brokerage and investment advisory firms to clearly disclose their fees and explain their conflicts of interest more thoroughly on the Form Customer Relationship Summary (“Form CRS”). The SEC required the implementation of the Form CRS in June 2020 as part of the disclosure requirement for Regulation Best Interest.

On December 17th, 2021, the Securities and Exchange Commission (“SEC”) released an order stating that employees of J.P. Morgan Securities, a JPMorgan Chase & Co. (“JP Morgan”) broker-dealer subsidiary, were often engaging in business communications on personal devices. Employees utilized un-captured applications such as WhatsApp and personal email addresses for business communications. The firm did not preserve these un-captured communications, therefore violating book-and-record-keeping requirements. JPMorgan has admitted to the SEC’s findings and understands that it was unlawful, claiming to have adjusted their policies to accommodate for these errors.

The SEC tends to educate broker-dealers and advisers by enforcement. Ironically, GAO found the Securities and Exchange Commission (“SEC”) does not have documented policies and procedures to determine which findings and corrective actions to track regarding its oversight of the Financial Industry Regulatory Authority (“FINRA”). Seems the pot has been calling the kettle black.

An AWC was issued and the Firm was censured and fined $10,000, neither admitting nor denying FINRA’s findings. FINRA discovered the Firm allowed an unregistered individual to operate as a principal and identify as the CEO. The unregistered individual held decision making responsibilities involving employee status and compensation and took part in the Firm’s securities business.

The Securities and Exchange Commission (“SEC”) sanctioned eight firms for failures within cybersecurity policies and procedures that resulted in email account hacks that exposed personal information of customers and clients. The eight firms sanctioned were either registered broker-dealers, investment advisory firms, or both.

Effective June 5, 2019, The Securities and Exchange Commission (“SEC”) adopted Form CRS, a relationship disclosure form. “CRS” stands for customer or client relationship summary). Form CRS required SEC registered investment advisers and FINRA member, SEC registered broker dealers to electronically file and deliver a detailed summary to prospective and new retail investors by June 30, 2020, implementation date.

FINRA has announced it has reached the final stages of the change in fingerprinting processing for broker- dealer firms and funding portals, as the regulator onboards new fingerprint provider, Sterling.

The Securities and Exchange Commission (“SEC”) announced that TIAA-CREF Individual and Institutional Services LLC (“TC Services” or the “Firm”) will pay $97 million to affected investors for violations related to retirement rollover recommendations. The charges related to the settlement include inaccurate and misleading statements and a failure to adequately disclose conflicts of interest to participants of the TIAA employer-sponsored retirement plan (“ESP”).

On June 30, 2021, FINRA announced that Robinhood Financial, LLC (“Robinhood” or the “Firm”) was fined $57 million and ordered to pay $12.6 million in restitution, plus interest, to affected customers. The sanctions were largely based on the Firm’s system outages in March 2020, misleading information provided to customers and the Firm’s option approval process.

June 22, 2021, the Securities and Exchange Commission (“SEC”) charged Loci, Inc. (“Loci” or the “Firm”) and Chief Executive Officer, John Wise for making materially false and misleading statements and ultimately violating Sections 5(a) and 5(c) of the Securities act by offering and selling unregistered securities. Loci is a Delaware corporation based in Reston, Virginia providing intellectual property search services for inventors through software platform, InnVenn. Neither Loci, Mr. Wise, nor securities have been registered with the SEC.

FINRA recently released Regulatory Notice 21-18 addressing an increase in customer account takeover attempts (“ATO”). An ATO involves bad actors who utilize customer information, including usernames and passwords, to gain unauthorized access to online accounts, including online brokerage accounts. An ATO often occurs via phishing emails and social engineering attempts.

RNR Securities LLC was fined $15,000 for failing to inspect its Office of Supervisory Jurisdiction (“OSJ”) properly. RNR Securities’ written reports concerning inspections of its OSJ branch and non-OSJ branch failed to evidence proper testing of RNR Securities’ policies and procedures. The report did not describe how the review was performed nor how RNR Securities determined that there were no issues or concerns.