While you may not know who is scouring the web for dirt on you - regulators, compliance officials or both - chances are high that someone is doing just that. It's likely that the compliance team is at least occasionally reading "personal" emails sent through the company servers. And do not be too surprised if a request comes in soon for access to your personal email accounts.
Pressure on financial firms has been increasing since the Madoff debacle, but recent enforcement actions targeting top executives - CEOs and chief compliance officers - have significantly raised the stakes as far as firm audits go. With big expectations being placed on chief compliance officers in particular to ferret out fraud, firms small and large are becoming increasingly aggressive in their internal surveillance and audit programs.
In the past, these audits were somewhat cursory, check-the-box events for many firms, but that is rapidly changing. Following a number of recent enforcement actions that probed, in part, firms' audit procedures, the SEC and FINRA released an official notice on broker-dealer inspection late last year. This year, the SEC and FINRA launched a webinar for firms detailing their expectations and reaffirming that whether a firm is large or small, regulators expect the same level of diligence when it comes to audits.
Overall, statements throughout the early part of this year from regulators suggest they mean business when it comes to enforcement. As a result, your firm's next audit could well be a lot more thorough than it's been in the past.
Understanding the general outlines of what happened in the handful of recent cases against top-level executives at financial advisory firms will give some clues as to why (and how) firms' internal audits will be different in the future.
THE BAD APPLE
According to a 2011 FINRA enforcement action, a small broker-dealer had a clean regulatory record when it struck up an alliance with an outside advisor in 2004. The advisor was relatively new to the financial services industry, but had a few disclosures on his Form U4: a criminal infraction from his youth, a $5,000 tax lien and a 2002 cease-and-desist order from a state regulator for the sale of unregistered securities. The U4 claimed he was named in that state regulatory action merely because of his executive status with the corporation and that he was not engaged in any active sales.
The firm took him on board as an independent contractor in 2004 and he began working from an outside office. In 2005, his work space became an official satellite office of the firm and he became the branch manager, supervising at least one other registered representative.
According to the enforcement action, the branch manager was busy with a couple of side businesses that were undisclosed to the firm. Beginning in 2006, he began actively recruiting investors for these undisclosed business activities that allegedly included selling a variety of "products" ranging from mining rights to promissory notes.
In the midst of this selling frenzy, the firm's CEO (who was also chief compliance officer) audited the advisor's satellite office. Unfortunately, the $445,000 the manager had allegedly raised from undisclosed activities was not discovered. A second audit conducted by the same top executive the following year did not detect an additional $1.5 million the advisor had raised. Ultimately, it appears the firm may have learned of the activity when it received a customer complaint.
The employee in question was relatively quickly barred from the securities industry for life and his Form U4 reads like a laundry list of alleged securities violations and complaints. But the mess continued for the firm and the CEO until 2011, when the firm was censured and fined, and the CEO was fined and suspended from association with any FINRA member firm for 30 days. She could not be reached for comment. Ultimately, the broker-dealer firm was sold.
Bottom line: This particular case is likely to have some impact on compliance programs given FINRA's suggestion in the enforcement action that a $5,000 tax lien probably should have raised some red flags. FINRA also raised questions regarding the sufficiency of the audit process in this case, in part because the rogue advisor's personal email was not audited.
With respect to the tax lien, its relatively small size certainly suggests that FINRA takes a hard look at a registered representative's or dually registered advisor's debt issues, even those amounts considered by many firms in the financial industry to be nominal. Also, this case is a clear warning to firms that personal emails can't be ignored - especially when firm employees use these personal email accounts for firm business.