I had some financial problems a while back and, stupidly, borrowed some money from some clients without talking to my firm. I was fired, and FINRA is now investigating. What are the chances I'll be able to get another job and how bad are the sanctions likely to be?

— P. M., via e-mail

Taking your second question first, here are some of the factors FINRA will consider when deciding on sanctions: your willingness to accept responsibility for, and acknowledge, the misconduct to your employer prior to detection and intervention by the firm; attempts you made voluntarily and reasonably, prior to detection and intervention, to pay restitution or otherwise remedy the misconduct; duration of the misconduct; the existence of other patterns of misconduct; and attempts made to conceal your misconduct. There are other factors listed in the sanction guidelines that FINRA will consider, but those are the main ones as far as you're concerned. Without knowing more about your mitigating or aggravating circumstances, it's hard to give you a definitive answer.

In addition, the sanction guidelines don't reference Rule 3240 (which governs loans to and from clients) specifically, so we have to look at some of the other rules and the recommended sanctions applicable to them. In doing so, it would seem like the monetary sanction could be anywhere from $2,500 to $50,000 including repayment of the loan before you'd be allowed to reapply. A suspension could run anywhere from 30 days to a year or even a complete bar in egregious cases. In a recent matter I handled, the individual received a $10,000 fine and a one-year suspension in addition to being ordered to pay restitution. As for finding another firm that would be willing to take a chance on you, as with anything else in this business, that would depend on how much money they thought you could make them versus how much they think you might cost them.

 

Are we now required to have a separate identity theft policy?

— F. N., New York

On April 10, 2013, the SEC and the CFTC issued joint final rules and guidelines pursuant to Dodd-Frank (Release No. 34-69359), requiring certain financial institutions and creditors (including broker-dealers and investment advisors) to develop and implement a written identity theft prevention program designed to "detect, prevent and mitigate identity theft in connection with certain existing accounts or the opening of new accounts." The rules include guidelines to help you create these programs. In addition, the Release says that financial institutions "may incorporate into their program their existing policies, procedures and other arrangements that control reasonably foreseeable risks to customers ... from identity theft. An example of such existing policies, procedures and other arrangements may include other policies, procedures and arrangements that the financial institution or creditor has developed to prevent fraud or otherwise ensure compliance with applicable laws and regulations." To the extent that your existing anti-fraud policies can be applied to detect and prevent identity theft, it may not be necessary to create entirely new procedures.

The proposed guidelines identify five categories of identity theft red flags that financial institutions and creditors must consider in crafting their programs: alerts, notifications or warnings from a consumer reporting agency; suspicious documents; suspicious personal identifying information; unusual use of, or suspicious activity related to, the covered account; and notice from others regarding possible identity theft in connection with covered accounts held by the financial institution or creditor. Supplement A to the guidelines includes a non-comprehensive list of examples of red flags from each of these categories. The full Release can be found here: http://www.sec.gov/rules/final/2013/34-69359.pdf

Alan J. Foxman is an attorney with the law offices of Rita G. Dew, P.A.
and a senior consultant with National Compliance Services, Inc.
in Delray Beach, Fla. He can be contacted at: this email address.