Broker Dealer Archives - Compliance Risk Concepts

Annual Broker-Dealer Regulatory Review and 2019 Outlook

Kaitlyn Gibbs — Tue, 12 Mar 2019 23:12:53 +0000

With 2018 behind us and 2019 underway, we find ourselves in a position to look back across the regulatory landscape on what transpired over the course of 2018 in an effort to anticipate what this year may bring for Broker-Dealers.

Fast Facts Video

For those who are pressed for time, we’ve narrowed down the bare necessities into this 3 minute Fast Facts video. Press play and enjoy!

In the Annual Broker-Dealer Regulatory Review and 2019 Outlook, Kaitlyn Gibbs recaps the key takeaways from 2018 and what's expected to be at the center of regulatory development in 2019.

Download the Annual Broker-Dealer Regulatory Review and 2019 Outlook

To download your complimentary copy of the Annual Broker-Dealer Regulatory Review and 2019 Outlook, use the form below:

Click Only Once Please! Processing may take up to 90 seconds

The post Annual Broker-Dealer Regulatory Review and 2019 Outlook appeared first on Compliance Risk Concepts.

Mitch Avnet Discusses the Evolution of Communication with DDW

CRC — Thu, 07 Feb 2019 06:48:57 +0000

Due Diligence Works, Inc. (DDW) sat down with Mitch Avnet, Founder and Managing Director of Compliance Risk Concepts, to discuss the evolution of communication, particularly as it relates to texting and social media, and the growth opportunity it presents for Financial Services firms and their Financial Consultants. They discussed the business potential and how best to manage the risks that come with leveraging evolving forms of electronic communication. The following is an excerpt from the interview titled Texting and Social Media with Mitch Avnet. Click here to read the full interview.

DDW: Regular, ongoing communication between Advisors and their clients is key to building and maintaining strong relationships. As styles and methods of communications evolve, it’s natural for both clients and advisors to want to use all of the channels available to them, including ever-evolving electronic and social media options. These options have the potential to better engage clients and make business faster and easier, all of which lead to deeper relationships and potential revenue. Along with the benefits, however, come challenges for firms as they attempt to evolve programs to capture and monitor all lines of communication.

DDW: Of all forms of communication used today, “texting” has become the go-to source for many of us. What trends are you seeing in Advisor/Client communications related to the use of text communications?

Mitch Avnet: The number of firms allowing texting as a method of communication are on the rise. This is due to the fact that (a)clients expect this level of communication and accessibility in the digital age, and (b) archiving and monitoring/management solutions that are out there are continuously evolving. It’s the way people communicate today, and it makes sense that both clients and advisors want to exchange in the same way they communicate in the rest of their relationships. Today’s clients generally want to leverage technologies available to them to make the investment and asset management process faster and more engaging.

ABOUT DUE DILIGENCE WORKS, INC.

Due Diligence Works, Inc. supports RIAs and Broker-Dealers to provide ongoing Due Diligence of investments and insurance products, Product Shelf Management, helping firms review the entire universe of products (not just platform); ensuring firms have the best products on their shelf and can prove it. All in a variable cost and conflict fee model that can bring down cost, improve quality, and stand the test of regulatory scrutiny.

The post Mitch Avnet Discusses the Evolution of Communication with DDW appeared first on Compliance Risk Concepts.

Adviser and Broker-Dealer Annual Regulatory Deadlines

Kaitlyn Gibbs — Wed, 07 Nov 2018 19:13:49 +0000

Annual Compliance Services Offerings

The end of 2018 is approaching quickly. CRC would like to remind you that for brokers and advisers with a December
fiscal year-end, annual amendments have filing deadlines 60 to 90 days following December 31st. To facilitate
streamlined regulatory reporting and filing, CRC offers a suite of services, as outlined below.

Adviser Offerings:

Form ADV Filings
Assistance with Drafting, Reviewing, and Filing Form ADV Parts 1, 2A, and 2B (deadline March 31, 2019)
Reviewing and Assessing State Registrations and Notice Filings and Supplemental Financial Statement Requirements, as
Necessary
Other Regulatory Filings
Annual updates to Forms 13F (due February 14, 2019), 13G (due February 14, 2019), and 13H (due February 14, 2019)
Administration of CRD/IARD Account
Annual Review & Compliance Training
Annual 206(4)-7 Review Support, Execution, and Report Delivery
Annual Compliance Training (Under rule 206)
Other Services
Risk Assessment – regulatory best practice, not a requirement
Penetration Testing – CRC can liaise with a third-party vendor to facilitate a comprehensive evaluation of the firm’s network
security. Regulatory best practice, not a requirement
Annual Updates to Code of Ethics and Compliance Manual, as Necessary (must be completed annually, no specific
deadline)
Policy and Procedure Review & Updates (Cybersecurity, Business Continuity Plan, Privacy Policy etc.) (must be reviewed
and updated as regulation changes or new regulatory guidance is made available, no specific deadline, best practice to
review annually)

Broker-Dealer Offerings:

AML Review – ensure that the firm has completed an annual AML review as required under FINRA Rule 3110
Annual 3120 Review – ensure that the firm has completed a comprehensive review of the compliance program, as
required by FINRA Rule 3120
Completion of 3130 certification
Administration of CRD/IARD Account – CRC is available to manage firm’s CRD/IARD account to complete annual
amendments, filings, and payments.
Annual Compliance Training – ensure that you have held Compliance Training for firm personnel for FY 2018, as required
under FINRA Rule 3110.

Ongoing Support

As always, we are available to service all of your ongoing Compliance. At CRC, we believe that an effective Compliance
program is a proactive one, which is why we are continually keeping abreast of changes that occur throughout the year.
The regulatory landscape is constantly evolving, and we are here to help enhance your program so that you can stay on
top of it all.

Use the form below to sign up for a complimentary consultation:

The post Adviser and Broker-Dealer Annual Regulatory Deadlines appeared first on Compliance Risk Concepts.

Monitoring and Surveillance Symposium for Broker-Dealers Recap

CRC — Sun, 30 Sep 2018 22:09:47 +0000

To help navigate the wide array of compliance and risk management issues impacting the financial services sector today, broker-dealer compliance officers came together for a mastermind exchange of ideas and knowledge surrounding monitoring and surveillance challenges they face within the securities industry. Hosted by Abel Noser and Compliance Risk Concepts, The Kitano New York offered the perfect setting for this dynamic, informative and collaborative event. The following slideshow highlights the event.

Among the speakers, Mitch Avnet, Founder & Managing Partner, Compliance Risk Concepts opened the discussion with "There is No Competitive Advantage in Compliance". Ted Morgan, CEO of Abel Noser Holdings, highlighted the landscape of monitoring and surveillance solutions currently available to broker-dealers.

Participants in the event spent the afternoon in deep thought and discussion. Real world scenarios were highlighted throughout the session.
Regulatory focus on the adequacy of firms’ surveillance programs were contemplated during the event.
Best practices and pain-points were shared by all.
Unique perspectives were provided by all with an eye toward increasing consistency in processes within broker-dealer firms.
Process reconciliation versus the need for new technology solutions was also a focal point of our discussion.
The distinction between front-office versus compliance responsibilities was also debated.

Thank you all for participating in this highly productive day!

INTERESTED IN FUTURE EVENTS?

Want to be the first to know about upcoming events, provide your contact information in the form below and we will gladly keep you in the loop.

The post Monitoring and Surveillance Symposium for Broker-Dealers Recap appeared first on Compliance Risk Concepts.

IFP Selects CRC For New Broker-Dealer Filing

CRC — Fri, 22 Jun 2018 12:22:44 +0000

TAMPA, Fla., 06/18/2018 -Independent Financial Partners (IFP) has chosen Compliance Risk Concepts (CRC) to implement its broker-dealer filing. The Tampa-based RIA announced on April 6 its separation from LPL Financial in favor of creating its own broker-dealer (BD).

Establishing a BD requires the filing of a New Membership Application (NMA) with the Financial Industry Regulatory Authority (FINRA), which entails a significant investment of time and resources, as well as a deep understanding of the regulatory requirements impacting broker-dealers. IFP set out to find a compliance services organization that could assist in the filing of the application. After conducting its due diligence, IFP decided to move forward with the expert guidance of CRC. IFP anticipates attaining FINRA approval in late 2018 or early 2019.

CRC Founder Mitch Avnet formed the New York-based firm more than five years ago.

“We believe CRC has the deep knowledge and experience required to deftly navigate the New Membership Application process with FINRA,” says Bill Hamm, CEO of IFP. “Partnering with CRC should demonstrate to the industry, and more importantly our advisors, that we are devoting the appropriate resources to help ensure that our broker-dealer will be solidly established while striving for 100 percent compliance from the outset. It is critical to us that our compliance program is primed and fully-operational as soon as the BD application is approved to facilitate a smooth transition for our advisors.”

CRC is a comprehensive compliance partner, offering full outsourced and co-sourced compliance execution services focused on the broker-dealer vertical. CRC’s diverse and robust team of compliance professionals have been engaged to provide critical guidance and services to support the important transition to becoming a broker-dealer. Upon receiving approval from FINRA, CRC will provide ongoing compliance support to IFP for a period of time, further ensuring seamless integration for IFP’s advisors and clients.

Avnet and the team at CRC are excited to work with a technology-focused firm like IFP.

According to Avnet, “I’ve gotten to know Bill and IFP over the past several months and I can say they are truly looking forward to creating a broker-dealer of the future. We will partner with IFP to build a compliant infrastructure that is powered by advanced technology. I am beyond thrilled that they chose CRC to embark on this exciting journey.”

About IFP

Family-owned and privately-held since it was founded in 2000 by CEO William Hamm Jr. on the principals of independence, flexibility and collaboration, Independent Financial Partners (IFP) is a comprehensive financial advisor support firm with home/corporate offices in Tampa, Florida, and Phoenix, Arizona. It is dedicated to delivering personalized service to a growing network of more than 520 independent advisors nationwide, allowing them to better focus on the needs of their clients.

An SEC Registered Investment Adviser (RIA) and an Office of Supervisory Jurisdiction (OSJ), IFP works directly with its advisors to provide them technological, compliance, marketing, business development, and operational support. As of Dec. 31, 2017, IFP’s advisors have more than $40 billion in assets under advisement. The firm has annually earned the trusted CEFEX certification for support services for adhering to the industry’s best practices since 2014. For more information, visit www.ifpartners.com. Follow the firm on Twitter at @IF_Partners.

The post IFP Selects CRC For New Broker-Dealer Filing appeared first on Compliance Risk Concepts.

Research This! Complex Future for Research Analysts

Jeanine Oburchay — Mon, 09 Apr 2018 12:49:38 +0000

The world of research sure has changed over the last few decades. When the author Jeanine Oburchay, CRC Director of Research Advisory Practice, first started in the field in 1987, equity research analysts worked primarily for investment banks and broker-dealers. Landing a gig at a bulge bracket firm meant that as long as you delivered good product, created buy-side relationships, and made sure your bankers were well-served, your paycheck was pretty secure for the foreseeable future. But a lot has changed since then.

As we watch the latest changes to the world of research, this is a great time for analysts or analysts-to-be to be considering their next (or even first) move. In Research This! Complex Future for Research Analysts, Jeanine looks inside the evolving world of research including MIFID II, the state of research firm, investment bank and broker-dealer research in the post-Eliot Spitzer/Global Analyst Research Settlement age, transitioning from big firm to independence, Independent third-party research, Third party co-branding research and new opportunities for analysts that didn’t even exist just a generation ago.

Download Research This! Complex Future for Research Analysts

Research the industry like you would an industry you’re covering. Use the form below to sign up to receive your complimentary copy of Research This! Complex Future for Research Analysts.

Click Only Once Please! Processing may take up to 90 seconds

The post Research This! Complex Future for Research Analysts appeared first on Compliance Risk Concepts.

Regulatory Focus: Cryptocurrency

Kaitlyn Gibbs — Thu, 29 Mar 2018 12:43:42 +0000

According to the 2018 Exam Priorities Report released in February, OCIE plans to monitor the sale of products in the cryptocurrency and initial coin offering markets and examine for regulatory compliance in instances where products are determined to be securities.

It is expected that the SEC, and likely FINRA, are aiming to treat cryptocurrencies as securities in the near future, which would mean that appropriate registration of all parties involved in managing, trading, holding, or transferring them is the key to avoiding regulatory trouble and enforcement actions. Investors of varying levels of sophistication, entering the crypto space will likely place more trust – and therefore funds- in a company that is conscious of regulatory implications and relevant securities laws.

A clear picture is emerging of what it means to be a trustworthy, legitimate business operating in this space, principally: liquidity of investments, visible efforts to protect client assets and data, and transparent and accessible communication with clients. Regulators want to see that you are putting the needs of your clients ahead of your own; investors want to know that you are not just another digital currency scam. In a developing and volatile cryptocurrency market full of unknowns, it is better to be safe than sorry.

Download Regulatory Focus: Cryptocurrency

Showing good faith with regulators by ensuring compliance with securities laws and adopting appropriate policies and procedures surrounding cryptocurrencies holds the potential to pay off in the end – with regulators and investors alike.

In Regulatory Focus: Cryptocurrency, Kaitlyn Gibbs walks through the key areas of consideration for financial institutions looking to enter or already operating in the cryptocurrency market to help facilitate compliance with regulatory guidance and avoid regulatory issues, including: determining whether a coin offering should be considered a security, The Howey Test, safeguarding client assets and data, best practice and adequate disclosure of risks.

Submit the form below to receive your complimentary copy of Regulatory Focus: Cryptocurrency.

Click Only Once Please! Processing may take up to 90 seconds

The post Regulatory Focus: Cryptocurrency appeared first on Compliance Risk Concepts.

Understanding FinCEN’s Customer Due Diligence (CDD) Final Rule

Kaitlyn Gibbs — Thu, 22 Feb 2018 12:40:12 +0000

Compliance Risk Concepts presents Fast Facts: Customer Due Diligence, A Quick Guide To FinCEN’s New Requirements. It offers a snack-size snapshot of key points from our more detailed regulatory release Understanding FinCEN’s Customer Due Diligence (CDD) Final Rule, that outlines FinCEN’s new Customer Due Diligence (CDD) Final Rule, in advance of its effective date on May 11, 2018.

New Fast Facts Video Series

To help Compliance professionals stay ahead of the curve in a regulatory environment that is constantly evolving, our dedicated compliance team is persistently researching regulatory updates and getting material out there to help give our clients a leg up. While these resources are useful, we understand that industry professionals have their plates full designing and running compliance programs and performing a wide breadth of day to day functions.

To that end, we are making an effort to pair our detailed regulatory releases and analysis with palatable, to the point digital shorts, like the one above, to relay material industry information to our clients. These videos, typically running one to two minutes, serve as a regulatory highlight reel and give an overview of pending regulatory updates, guidance from governing bodies, and hot issues without taking up too much valuable time.

Download Understanding FinCEN’s CDD Final Rule

The CDD Final Rule is a move toward increased financial transparency- a growing trend for regulatory bodies in 2018. While financial institutions have until May 11, 2018 to ensure compliance with the Final Rule, as a best practice, they should also consider implementing a process to review and update this information on a regular basis.

In Understanding FinCEN’s Customer Due Diligence (CDD) Final Rule, Kaitlyn Gibbs outlines the four central principles of the CDD Final Rule and offers insight on the five things Financial Institutions should remember when updating AML procedures.

Submit the form below to receive your complimentary copy of Understanding FinCEN’s Customer Due Diligence (CDD) Final Rule.

Click Only Once Please! Processing may take up to 90 seconds

The post Understanding FinCEN’s Customer Due Diligence (CDD) Final Rule appeared first on Compliance Risk Concepts.

Annual Broker-Dealer Regulatory Review and Outlook

Kaitlyn Gibbs — Thu, 11 Jan 2018 11:10:41 +0000

Now that 2017 has ended and 2018 is emerging on the regulatory horizon, we find ourselves in a position to look back on what has transpired over the course of the past year in an effort to anticipate what the New Year may bring for Broker-Dealers.

In the following Annual Broker-Dealer Regulatory Review and Outlook (2017), Kaitlyn Gibbs offers her perspective on what the highlights were in 2017, as well as what will be at the center of regulatory development in 2018.

Download Annual Broker-Dealer Regulatory Review and Outlook

To download your complimentary copy of the Annual Broker-Dealer Regulatory Review and Outlook (2017), use the form below:

Click Only Once Please! Processing may take up to 90 seconds

The post Annual Broker-Dealer Regulatory Review and Outlook appeared first on Compliance Risk Concepts.

Broker-Dealers: Let’s Talk Turkey – Don’t Get “Carved” Up By Year End Requirements

CRC — Tue, 14 Nov 2017 22:06:01 +0000

As we approach the Thanksgiving Holiday, the end of 2017 will be here before we know it! As former Chief Compliance Officers, CRC completely understands year-end pressures for FINRA registered broker-dealers and the need/importance of executing and completing mandatory annual Compliance requirements.

Over the last several years, we’ve helped many Broker-Dealers complete each of the discrete tasks identified below. Additionally, we have helped many broker-dealers through their cycle exams in 2017 and have a very clear understanding of FINRA’s hot-button items, which continue to include Cyber-Security, Outside Business Activities, and Business Resiliency.

Increasingly, more and more firms are turning to external third parties to conduct year-end reviews. It eliminates the appearance and perception of potential conflicts of interest – as firm’s remove the individuals that are responsible for the execution of the programs throughout the year from the actual testing being done – creating a truly independent review of the state of play within an organization.

Based on the above, CRC provides our clients with a cost-effective approach to execute any / all of the requirements below. We remove the “pricing barrier” – by providing “modular” approaches that enable our clients to truly benefit from our significant knowledge base and expertise.

• FINRA 3120 / 3130 Annual Testing of Supervisory Controls / CEO Certification

Annually, FINRA member broker-dealers are required to test and verify the adequacy of their supervisory program, and the CEOs are required to certify their awareness of the program’s state.

As part of the annual review, firms should identify and discuss the impact of “hot topic” industry issues on their respective organizations. For instance, Outside Business Activity/Private Securities Transactions is an area that firms’ should consider assessing as part of their 2017 Annual Testing Program.

In 2017, we continue to see FINRA focus on firms’ obligations concerning their registered representatives’ outside business activities and private securities transactions. Firms must evaluate and test internal procedures to review registered persons’ written notifications of proposed outside business activities, including firms’ consideration of whether the proposed outside business activities may compromise a registered person’s responsibilities to the firm’s clients or be viewed as part of the firm’s business. FINRA is also focused on firms’ procedures for handling associated persons’ notifications of proposed private securities transactions and firms’ ongoing supervision over associated persons’ approved private securities transactions for compensation.

The annual review may offer a practical way for firms’ to assess this discrete risk – as part of their overall assessment of the state of compliance and supervision within their respective organizations.

• SEC Rule 17a-5 – Annual Compliance Report

SEC Rule 17a-5 requires broker-dealers that did not claim exemption from Rule 15c3-3 throughout the most recent fiscal year to prepare and file an annual report on compliance, and internal control over compliance, with certain financial responsibility rules (“FRRs”), specifically the Net Capital Rule (Rule 15c3-1), Customer Protection Rule (Rule 15c3-3), Quarterly Security Count Rule (Rule 17a-13), and Account Statement Rules.

The compliance report must include statements as to whether:

The broker-dealer has established and maintained internal control over compliance
The internal control over compliance of the broker-dealer was effective during the most recent fiscal year
The internal control over compliance of the broker-dealer was effective as of the end of the most recent fiscal year
The broker-dealer was in compliance with Rule 15c3-1 and paragraph (e) of Rule 15c3-3 as of the end of the most recent fiscal year
The information the broker-dealer used to state whether it was in compliance with Rule 15c3-1 and paragraph (e) of Rule 15c3-3 was derived from the books and records of the broker-dealer

Impacted Broker-Dealers will also be required to engage their independent registered public accountant to examine the broker-dealer’s statements (2) through (5), above, in its compliance report.
Following PCAOB standards, the independent registered public accountant would issue a report based on that examination.

• Independent Anti-Money Laundering (“AML”) Test / Review:

Every broker-dealer is required to perform an annual review of their Anti-Money Laundering Compliance Program (“AMLCP”). This review must be undertaken by a qualified individual that has a strong working knowledge of the Bank Secrecy Act (“BSA”).

As an FYI – FINRA allows firms that do not have any customers/customer accounts to perform this review once every two years.

• Written Supervisory Procedures (“WSPs”) Review

As part of its responsibilities under FINRA Rule 3012, a Firm must ensure that all business areas and new regulatory requirements are sufficiently addressed in its annual review of WSPs.

• Continuing Education

All FINRA member firms must complete their Firm and Regulatory Element Continuing Education obligations by year-end.

• Branch Office Reviews

FINRA member firms must perform inspections of all offices of supervisory jurisdiction (“OSJs”) and branch offices that supervise one or more non-branch locations on an annual basis. Each branch office that does not supervise non-branch locations must be inspected at least once every three years.

• Annual Compliance Meeting

All FINRA member firms are required to complete an annual compliance meeting (“ACM”). Although all registered representatives and principals are required to be present, an interactive internet-based “ACM on Demand” approach is acceptable in most circumstances.

• Registrations and Renewals

Broker-Dealers have until December 18th, 2017 to pay their Preliminary Renewal Account. Failure to pay by the deadline may endanger a firm’s ability to do business in jurisdictions in which it has previously done business. Although there are a number of ways to pay, firms need to ensure that there are sufficient funds in their CRD Daily Account.

HOW CAN CRC HELP?

An independent review conducted by longstanding industry professionals, reconciling your current “state of compliance” is the most effective way to ascertain your program’s status and ensure your firm continues to meet its ongoing regulatory requirements. A great deal of regulatory intelligence is required to demonstrate an organization’s understanding of its regulatory obligations (both existing and newly enacted).

At CRC, we strive to do more than perform a “check the box” review – we strive to partner. Our team of former Chief Compliance Officers (“CCOs”) and Regulators not only provide key insights into what is required of your firm but assist your firm by executing seamlessly, helping to build a stronger program- one that your management team and regulators can have confidence in.

Please contact us for help on any of the items identified above / or for a full review/assessment of your broker-dealer’s compliance and supervisory system.
Let CRC help you turn your risk into reward.

The post Broker-Dealers: Let’s Talk Turkey – Don’t Get “Carved” Up By Year End Requirements appeared first on Compliance Risk Concepts.

WTF? Why are You Such a Fiduciary?

scottbrown — Fri, 09 Jun 2017 16:45:20 +0000

BULLETIN: The Department of Labor (DOL) Fiduciary Rule

Spotlight On Talent: Scott Brown, Senior Consultant at Compliance Risk Concepts
The Department of Labor (DOL) Fiduciary Rule, was originally scheduled to be phased in over the period encompassing April 10, 2017 – January 1, 2018, but is now to be phased in starting June 9, 2017 including a transition period for the applicability of certain exemptions to the rule extending through Jan. 1, 2018.

In his compliance bulletin WTF? Why are You Such A Fiduciary?, Scott Brown discusses who is defined as a fiduciary, the sort of investments the rule impacts and best practices during the transition period (June 9, 2017 to January 1, 2018).

Download WTF? Why are You Such a Fiduciary?

To stay on top of the Department of Labor (DOL) Fiduciary Rule, enter your information below to download your complimentary copy of Scott Brown's WTF? Why are You Such a Fiduciary?.

Click Only Once Please! Processing may take up to 90 seconds

ABOUT SCOTT BROWN

Prior to joining Compliance Risk Concepts, Mr. Brown was employed as a Principal Examiner at FINRA from 2005 to 2016. Mr. Brown’s responsibilities at FINRA included sales practice and financial examinations of member firms. Sales practice examinations entailed detailed reviews of member firms’ systems of supervision and control, reviews of policies governing marketing and sales of financial products and services (equities, mutual funds, corporate and municipal debt), and detailed reviews of broker-dealers’ anti-money laundering compliance programs. Financial Examinations involved verification of the accuracy of General Ledgers, Trial Balances, Income Statements, Balance Sheets, Net Capital Computations and FOCUS Filings for a diverse universe of broker-dealers.

The post WTF? Why are You Such a Fiduciary? appeared first on Compliance Risk Concepts.

Webinar: Establishing A Regulatory-Proof Broker/Dealer Compliance Program

lcolpas — Wed, 31 May 2017 17:22:02 +0000

Thank you to all who attended the June 20th webinar, Establishing A Regulatory-Proof Broker/Dealer Compliance Program in which Mitch Avnet, Founder and Managing Partner at Compliance Risk Concepts (“CRC”) and Kristi Kuhn, Senior Solutions Consultant at ProcessUnity discussed the necessary components of establishing and maintaining the necessary infrastructure to support and scale a best-in-class broker-dealer system of supervision.

Attendees learned about PaCE – Policy and Controls Environment, a brand new offering from Compliance Risk Concepts (“CRC”) that has been specifically created by a team of former industry leading CCOs to address the needs of firms that have been historically underserved and priced out of much needed technology solutions. Participants in this webinar learned about the following PaCE features:

Policies and Procedures Management
Forms and Certifications Management
Incident Management and Escalation Workflows
Integrated Compliance Calendar
Professional Services and Ongoing Support

Request Webinar Recording or Slides

To request a copy of the Establishing A Regulatory-Proof Broker/Dealer Compliance Program webinar recording or download the slides, please enter your information below:

Click Only Once Please! Processing may take up to 90 seconds

Presenters:

Mitch Avnet, Founder and Managing Partner, Compliance Risk Concepts
Mitch Avnet is the founder and Managing Partner of CRC LLC. Mitch is responsible for business development, relationship management and overseeing the execution of all client driven / business focused Compliance and Ethics Risk Management strategic engagements.

Kristi Kuhn, Senior Solutions Consultant, ProcessUnity
Kristi Kuhn is a Senior Solutions Consultant at ProcessUnity. Kristi has more than 12 years experience delivering governance, risk and compliance solutions to organizations of all sizes.

Moderated by:

Lilian Colpas, Senior Compliance Officer, Compliance Risk Concepts
Lilian Colpas is an accomplished compliance professional with over 12 years of global compliance experience. Lilian provides consulting services to SEC and state-registered investment advisers and conducts AML independent reviews for broker/dealers. Previously, Lilian held roles as a compliance officer for Davidson Kempner, Harding Loevner and AIG Global Investments (now PineBridge).

The post Webinar: Establishing A Regulatory-Proof Broker/Dealer Compliance Program appeared first on Compliance Risk Concepts.

Bulletin: FINRA 2017 Regulatory and Examination Priorities Letter

damster — Tue, 17 Jan 2017 20:56:12 +0000

Sometimes, Being Two-Faced is a Good Thing…

Spotlight On Talent: David Amster, Principal and Head of Fund and Dealer Advisory

On January 1, 153 B.C., Rome was the site of the first recorded new year’s celebration during which Romans paid tribute to Janus – January’s namesake and the Roman god of beginnings and endings. Janus had two faces, one looking forward and one looking back. Taking a cue from Janus and in keeping with its own New Year’s tradition, FINRA looks both back on the past and forward toward the future with its annual Regulatory and Examination Priorities Letter. As always, it’s a particularly useful tool that offers a straightforward glimpse into the collective mindset of FINRA’s senior leadership. CRC strongly advises its clients (and all other member firms, for that matter) to heed FINRA’s counsel and to apply critical thought to those areas of the letter that are relevant to their firm’s business lines and operations.

Download Compliance Bulletin

David Amster offers key takeaways from FINRA’s annual dispatch. Enter your information below to download your complimentary copy of Sometimes, Being Two-Faced is a Good Thing… FINRA 2017 Regulatory and Examination Priorities Letter:

Click Only Once Please! Processing may take up to 90 seconds

The post Bulletin: FINRA 2017 Regulatory and Examination Priorities Letter appeared first on Compliance Risk Concepts.

Broker Dealers, Don’t Be A Turkey. Complete Your Year-End Requirements!

Mitch Avnet — Fri, 18 Nov 2016 17:20:35 +0000

With the end of 2016 just days away, 2017 will be here before you know it! As former Chief Compliance Officers, CRC completely understands year-end pressures for FINRA registered broker-dealers and the need / importance of executing and completing mandatory annual Compliance requirements.

Over the last several years, we’ve assisted many Broker-Dealers in completing each of the discrete tasks identified below. Additionally, we have helped many broker-dealers through their cycle exams in 2016 and have a very clear understanding of FINRA’s hot button items, which continue to include cyber-security, Retention of Books and Records and Business Resiliency.

Increasingly, more and more firms are turning to external third parties to conduct year-end reviews. It eliminates the appearance and perception of potential conflicts of interest – as firm’s remove the individuals that are responsible for the execution of the programs throughout the year from the actual testing being done – creating a true independent review of the state of play within an organization.

• FINRA 3120 / 3130 Annual Testing of Supervisory Controls / CEO Certification

Annually, FINRA member broker-dealers are required to test and verify the adequacy of their supervisory program, and the CEOs are required to certify their awareness of the program’s state.

As part of the annual review, firms should identify and discuss the impact of “hot topic” industry issues on their respective organizations. For instance, WORM Storage / Books and Records is an area that firms’ should consider assessing as part of their 2016 Annual Testing Program.

In 2016, we continued to see FINRA assess electronic storage of Books and Records within Broker-Dealers. While many of us have grown accustomed to having our electronic communications stored in WORM Format (Write Once, Read Many) – there are several types of records within a broker-dealer that FINRA will assess to understand the mechanism in which these records are being stored and whether or not there is adequate business resiliency in place if / when these records should need to be accessed.

Based on the above, firms’ should proactively consider the best way to assess / measure their internal record retention requirements and ensure they have appropriate documentation and controls in place to evidence oversight and compliance with SEC Rule 17a-4. (Records to be Maintained by a Broker-Dealer).

• SEC Rule 17a-5 – Annual Compliance Report

The compliance report must include statements as to whether:

The broker-dealer has established and maintained internal control over compliance
The internal control over compliance of the broker-dealer was effective during the most recent fiscal year
The internal control over compliance of the broker-dealer was effective as of the end of the most recent fiscal year
The broker-dealer was in compliance with Rule 15c3-1 and paragraph (e) of Rule 15c3-3 as of the end of the most recent fiscal year
The information the broker-dealer used to state whether it was in compliance with Rule 15c3-1 and paragraph (e) of Rule 15c3-3 was derived from the books and records of the broker-dealer

Impacted Broker-Dealers will also be required to engage their independent registered public accountant to examine the broker-dealer’s statements (2) through (5), above, in its compliance report.

Following PCAOB standards, the independent registered public accountant would issue a report based on that examination.

• Independent Anti-Money Laundering (“AML”) Test / Review:

The review can be performed by an outside consultant or someone employed by the firm. However, it cannot be performed by the Anti-Money Laundering Compliance Officer (“AMLCO”) or someone that reports to the AMLCO.
As an FYI – FINRA allows firms that do not have any customers / customer accounts to perform this review once every two years.

• Written Supervisory Procedures (“WSPs”) Review

As part of its responsibilities under FINRA Rule 3012, a Firm must ensure that all business areas and new regulatory requirements are sufficiently addressed in its annual review of WSPs.

• Continuing Education

All FINRA member firms must complete their Firm and Regulatory Element Continuing Education obligations by year-end.

• Branch Office Reviews

• Annual Compliance Meeting

All FINRA member firms are required to complete an annual compliance meeting (“ACM”). Although all registered representatives and principals are required to be present, an interactive internet based “ACM on Demand” approach is acceptable in most circumstances.

• Registrations and Renewals

Broker Dealers have until December 16th, 2016 to pay their Preliminary Renewal Account. Failure to pay by the deadline may endanger a firm’s ability to do business in jurisdictions in which it has previously done business. Although there are a number of ways to pay, firms need to ensure that there are sufficient funds in their CRD Daily Account.

HOW CAN CRC HELP?

At CRC, we strive to do more than perform a “check the box” review – we strive to partner. Our team of former Chief Compliance Officers (“CCOs”) and Regulators not only provide key insights into what is required of your firm, but assist your firm by executing seamlessly, helping to build a stronger program- one that your management team and regulators can have confidence in.

Please contact us for help on any of the items identified above / or for a full review / assessment of your broker-dealer’s compliance and supervisory system.
Let CRC help you turn your risk into reward.

The post Broker Dealers, Don’t Be A Turkey. Complete Your Year-End Requirements! appeared first on Compliance Risk Concepts.

E&O: Are You In The Know?

Mitch Avnet — Sat, 17 Sep 2016 23:31:02 +0000

Several times over the past decade FINRA has indicated they may be considering making it a requirement for broker-dealers to maintain errors and omission insurance (E&O) to cover the payment of arbitration awards to investors. A 2013 article in the Wall Street Journal indicated that FINRA was “frustrated” over nonpayment of arbitration awards to investors whose retirement savings were eviscerated by financial advisor malpractice. FINRA has reported that $51 million of arbitration awards granted in 2011 were not paid – this was 11% of all awards against broker-dealers, which was up from 4% in 2010.FINRA has not yet enacted that requirement. However, it is a very good idea for all participants in the financial services industry to maintain some sort of insurance coverage to protect from arbitration awards and court litigation related to the professional services.

At CRC, we have seen instances of investor awards against broker-dealers and registered representatives that ruined both. A simple mistake could spell disaster for even the most careful practitioner and his/her employer. There are numerous reasons to purchase E&O insurance. But, to put it bluntly, the primary reason is that everyone makes mistakes. Even the most experienced representatives, and the best supervision and operations departments, mistakes will be made. No one is perfect.

In one recent case, a representative made a mistake in calculating the taxes associated with a 1031 real estate exchange for a 30-unit apartment complex. His former client has initiated litigation against him alleging over $1 million in damages. Just the attorneys’ fees alone will cost him several hundreds of thousands of dollars. The representative had been with his broker-dealer for over 20 years, did not have a single mark on his U4/U5, had never had a grievance lodged against him. Nonetheless, it appears he made a mistake in calculating the tax liability for his client. However, the bigger mistake he made, which he shares with his broker-dealer, is that they did not have E&O insurance coverage.

With all that said, understanding E&O insurance is difficult. How much overage do you need? What exclusions and endorsements are appropriate? What does the “Covering Clause” of the insurance policy actually mean? Does my E&O policy cover all of the products available on the Broker-Dealer’s platform? Will you policy cover losses other than damage awards, such as attorneys’ fees, litigation/arbitration expenses, subpoena costs, regulatory investigation expenses? Just asking these questions is the right start in finding and purchasing E&O insurance.

Want To Know More?

Give us a call (646)346-2468 to review your current E&O insurance policy status or use the form below to learn more about an E&O Tune-up:

Click Only Once Please! Processing may take up to 90 seconds

The post E&O: Are You In The Know? appeared first on Compliance Risk Concepts.

Data Integrity and Governance Roundtable

CRC — Mon, 16 May 2016 19:38:33 +0000

Join Gresham and Compliance Risk Concepts (CRC) for a Data Integrity and Governance for Broker-Dealers and Investment Advisers roundtable discussion and hear first-hand, from two former Senior Executives at FINRA, Bill Hayden and Jeff Holik.

Date: Tuesday, June 14, 2016 Time: Time: 12:00 pm - 5:00 pm ET

Lunch 12:00pm - 12:45pm Roundtable discussion 1:00pm - 3:45pm Cocktail reception 4:00pm - 5:00pm

Location: The Bryant Park Hotel, 40 W. 40th St. New York, NY

Today, there is a new paradigm of regulatory expectations, creating increasingly daunting compliance and operational risk management challenges. Many of these challenges relate to the data that is reported to ensure organizations continue to meet the ever expanding list of ongoing regulatory and compliance requirements. Our discussion will focus on common challenges and issues impacting Compliance Departments, such as:

Regulatory Scrutiny, Fines and Sanctions
Handling Massive Volumes of Data
Managing Across Bifurcated and Disparate Systems and Platforms
Operating in Manual Environments
Moving Forward: Understanding Your Internal Processes and Effecting Change

Bill Hayden has industry experience as both a regulator and a senior compliance officer at large financial institutions. He is currently the Chief Compliance Officer for KeyBanc Capital Markets (KBCM) in Ohio. Before joining KBCM in 2013, Bill was the Director of FINRA’s Office of Emerging Regulatory Issues, where he helped the SRO identify trends in the financial industry and assess the impact on regulatory policy. Prior to his time at FINRA, Bill held a number of senior compliance positions at Wachovia Capital Markets, including Chief Compliance Officer for Corporate Investment Banking. Bill is a former branch chief/staff attorney in the SEC’s Office of Compliance Inspections and Examinations (OCIE). Prior to his work in the industry, Bill was a criminal prosecutor in Maryland and served as an intelligence officer in the U.S. Navy. He holds a law degree from the University of Baltimore School of Law and an undergraduate degree from Miami University in Oxford, Ohio. Jeffrey S. Holik is a seasoned and accomplished lawyer who knows how to solve problems from both a legal and a practical business perspective. With more than 30 years of experience as a senior financial services regulator, industry leader and partner in global law firms, he has a deep understanding of the financial services industry. After many years as a leader of regulatory programs at FINRA and as chief legal officer for the retail investment businesses of PNC Bank, Jeff brings a proven track record of success partnering with compliance officers and business leaders to achieve corporate goals, resolve customer and business disputes, manage legal, regulatory and reputational risk, maintain strong relationships with regulators, and keep regulatory and litigation matters off the front page of the newspapers. Read Jeffrey Holik's full bio >> Bill Blythe is the Global Business Development Director for Gresham Computing. Bill has more than 18 years of experience in the financial technology sector. Previously at SmartStream Technologies where he held the role of Managing Director for North America and the UK, based out of New York, Bill was in charge of business strategy and sales management. Under his supervision the North American business grew by more than 400% in two years. Prior to working for SmartStream Technologies, Bill held management positions at Singularity, Mercator Software (formally Braid) and Misys. Mitch Avnet is the founder and Managing Partner of CRC LLC. Avnet is responsible for business development, relationship management and overseeing the execution of all client driven / business focused Compliance and Ethics Risk Management strategic engagements. Prior to launching CRC, Avnet was a member of Corporate Leadership Group (CLG) at Lincoln Financial Group (LFG) where he was Senior Vice President and Chief Ethics and Compliance Officer, having direct oversight of the company’s anti-money laundering, privacy, ethics and compliance risk management programs.

The post Data Integrity and Governance Roundtable appeared first on Compliance Risk Concepts.

Regulatory Compliance Series - Data Integrity and Governance [whitepaper]

CRC — Tue, 05 Apr 2016 19:51:27 +0000

Today, there is a new paradigm of regulatory expectations, creating increasingly daunting compliance and operational risk management challenges on FINRA registered broker-dealers. Many of these challenges are related to the governance and control environments, specific to the data that is so heavily relied upon to ensure broker-dealers continue to meet the ever expanding list of ongoing regulatory and compliance requirements, aimed at customer protection and market integrity. Given FINRA’s 2016 examination and regulatory priorities, it is evident that data management and data integrity is and will continue to be a focal point for regulators for the foreseeable future. Understanding the magnitude of data related issues that have surfaced within our industry, CRC is committed to providing our clients and prospects with practical solutions to data related risks specific to broker-dealers. Based on the above, CRC is pleased to announce our joint guide with Gresham Computing on Data Integrity and Governance for FINRA registered broker-dealers. This guide provides insight into the discrete data related issues faced by broker-dealers, offering readers an opportunity to understand the common data related struggles faced by our entire industry, as well as a solution aimed at alleviating these issues in a cost-effective and practical manner.

Download Complimentary Whitepaper

Submit the following to be taken to your complimentary copy of the Regulatory Compliance Series Data Integrity and Governance whitepaper for FINRA registered broker-dealers.

Click Only Once Please! Processing may take up to 90 seconds

The post Regulatory Compliance Series - Data Integrity and Governance [whitepaper] appeared first on Compliance Risk Concepts.

See Ya Lata – Bad Data!

Mitch Avnet — Mon, 14 Mar 2016 17:21:59 +0000

CRC Announces Forthcoming Whitepaper Addressing Data Quality and Data Integrity Issues Impacting Broker-Dealers

CRC is pleased to announce a forthcoming whitepaper written in conjunction with Gresham Computing plc addressing data quality and data integrity issues impacting FINRA Registered broker-dealers.

As we’ve all recently learned in FINRA’s Regulatory and Examinations Priorities Letter for 2016, FINRA is focusing on the following areas specific to broker-dealer data:

Operational breakdowns specific to changes from legacy to new compliance systems
Technology governance and change management practices related to algorithm maintenance (including order-routing algorithms)
Back-office and vendor system changes
Lifecycle development and new system implementation
Data quality controls and reporting practices
Verification of the accuracy of data sources relied upon to conduct monitoring and surveillance

Since CRC’s inception in 2013, our organization has dedicated itself to helping financial services firms address regulatory issues in a practical and actionable manner.

Our forthcoming whitepaper will not only pinpoint the issues most / if not all broker-dealers are facing as it relates to their data management – it will provide insight into a practical solution that will efficiently and cost effectively assist broker-dealers in mitigating the discrete regulatory risks specific to data quality and integrity.

Sign up and be among the first to receive this exclusive whitepaper:

Click Only Once Please! Processing may take up to 90 seconds

The post See Ya Lata – Bad Data! appeared first on Compliance Risk Concepts.

What to Do—and Not Do—at Your Next SEC Exam

CRC — Fri, 19 Feb 2016 20:37:48 +0000

Navigating Your Next SEC Exam

Experienced and skilled compliance officers are adept at managing almost any regulatory exams. These compliance officers use their instincts, training, and experience to manage through the issues that arise during an exam.

As a compliance consultant for the last two years, I have seen the inner-workings of multiple firms and have witnessed many different styles of managing regulators. It has surprised me how often well-meaning compliance officers miss the mark on managing an exam. The problematic styles I have observed include:

Acting too relaxed and unconcerned
Being dominant and overbearing
Behaving in a threatening manner
Delivering too many documents
Hiding the ball
Being uncommunicative
Acting overly sociable
Being too cautious

At times, these styles are the result of a strategic decision regarding exam management. Often, however, the strategy seems to develop out of fear of the examiners or regulators, or even as a result of guidance by senior management within the firm. Senior officers have become sensitized to the regulatory environment and they understand the ramifications of a negative exam. At the same time, senior officers may fear the regulatory process and, as a result, set a tone of either defensive or offensive regulatory management. In addition, in situations where compliance reports to the legal department, or the chief compliance officer and general counsel are the same individual, litigation training and instincts can overshadow good regulatory management.

As a result, I have at times guided senior managers as compliance officers toward the most effective way of managing a good regulatory exam. I’ve also helped mitigate penalties that are the result of an adverse regulatory exam.

By far, regulators value individual and firm credibility the most. No matter how negatively an exam is going, maintaining credibility should be the first concern. The following are mechanisms that enhance credibility:

Timely responses
Quality responses
Knowledgeable responses
Accepting responsibility (it should be noted that this suggestion must be handled with sensitivity to ensure that the regulators are not looking to you for personal liability)

There are, of course, ways to ease into the examination process. The value of leading the examiners through your firm with openness is significant. Often times, I have experienced pushback from firms in regard to this approach because the regulators do not require it. My experience, however, has been that this approach not only assists the regulators in helping them ask relevant questions, it often shortens the exam process. I would recommend taking the following steps:

Prepare an introductory presentation
Explain investment strategy and market opportunity
Identify risk areas and relevant compliance controls
Identify key personnel

Not only are these tactics tried and true, I have also surveyed multiple regulators in the past few months about the best way to influence members of their profession. Each participant responded that credibility and knowledge were the leading characteristics that lead to regulatory trust.

HAVE QUESTIONS?

Compliance Science, Inc. is hosting a February webinar entitled, “Navigating Your Next SEC Exam“. The webinar conversation will focus on a range of considerations that represent the end-to-end lifecycle of an exam. REGISTER NOW!

The post What to Do—and Not Do—at Your Next SEC Exam appeared first on Compliance Risk Concepts.

Annual Year End Compliance Requirements for Broker Dealers - Tricks or Treats?

Mitch Avnet — Mon, 26 Oct 2015 21:53:46 +0000

ENTER IF YOU DARE!

As Halloween is quickly creeping toward us – 2015 will vanish right before our very eyes! As former Chief Compliance Officers, CRC understands how frightening, scary and daunting it can be for Broker-Dealers to prepare for / and execute their year-end Compliance requirements.

Over the last few years, we’ve helped dozens of Broker-Dealers complete each of the discrete tasks identified below. Additionally, we have helped many broker-dealers through their cycle exams in 2015 and have a very clear understanding of FINRA’s hot button items, which includes cyber-security, Retention of Books and Records and Business Resiliency. It’s almost as if we are looking directly into a witch’s eye (Creepily Laughing in background).

Increasingly, more and more firms are turning to external third parties to conduct Year-End reviews. It eliminates the appearance and perception of potential conflicts of interest – as firm’s remove the individuals that are responsible for the execution of the programs throughout the year from the actual testing being done – creating a true independent review of the state of play within an organization.

FINRA 3120 / 3130 Annual Testing of Supervisory Controls / CEO Certification

Annually, FINRA member broker-dealers are required to test and verify the adequacy of their supervisory program, and the CEOs are required to certify their awareness of the program’s state.

In 2015, we’ve seen it become commonplace for FINRA to assess electronic storage of Books and Records within Broker-Dealers. While many of us have grown accustomed to having our electronic communications stored in WORM Format (Write Once, Read Many) – there are several types of records within a broker-dealer that FINRA will assess to understand the mechanism in which these records are being stored and whether or not there is adequate business resiliency in place if / when these records should need to be accessed.

SEC Rule 17a-5 – Annual Compliance Report

The compliance report must include statements as to whether:

The broker-dealer has established and maintained internal control over compliance
The internal control over compliance of the broker-dealer was effective during the most recent fiscal year
The internal control over compliance of the broker-dealer was effective as of the end of the most recent fiscal year
The broker-dealer was in compliance with Rule 15c3-1 and paragraph (e) of Rule 15c3-3 as of the end of the most recent fiscal year
The information the broker-dealer used to state whether it was in compliance with Rule 15c3-1 and paragraph (e) of Rule 15c3-3 was derived from the books and records of the broker-dealer

Impacted Broker-Dealers will also be required to engage their independent registered public accountant to examine the broker-dealer’s statements (2) through (5), above, in its compliance report.

Following PCAOB standards, the independent registered public accountant would issue a report based on that examination.

Independent Anti-Money Laundering (“AML”) Test / Review:

As an FYI – FINRA allows firms that do not have any customers / customer accounts to perform this review once every two years.

Written Supervisory Procedures (“WSPs”) Review

As part of its responsibilities under FINRA Rule 3012, a Firm must ensure that all business areas and new regulatory requirements are sufficiently addressed in its annual review of WSPs.

Continuing Education

All FINRA member firms must complete their Firm and Regulatory Element Continuing Education obligations by year-end.

Branch Office Reviews

Annual Compliance Meeting

All FINRA member firms are required to complete an annual compliance meeting (“ACM”). Although all registered representatives and principals are required to be present, an interactive internet based “ACM on Demand” approach is acceptable in most circumstances.

Registrations and Renewals

Broker Dealers have until December 18th, 2015 to pay their Preliminary Renewal Account. Failure to pay by the deadline may endanger a firm’s ability to do business in jurisdictions in which it has previously done business. Although there are a number of ways to pay, firms need to ensure that there are sufficient funds in their CRD Daily Account.

HOW CAN CRC HELP?

At CRC, we strive to do more than perform a “check the box” review - we strive to partner. Our team of former Chief Compliance Officers (“CCOs”) and Regulators not only provide key insights into what is required of your firm, but assist your firm by executing seamlessly, helping to build a stronger program- one that your management team and regulators can have confidence in.

Please contact us for help on any of the items identified above / or for a full review / assessment of your broker-dealer’s compliance and supervisory system.

Let CRC help you turn your risk into reward.

The post Annual Year End Compliance Requirements for Broker Dealers - Tricks or Treats? appeared first on Compliance Risk Concepts.

Goldman, Twitter & Square Entwinement

CRC — Mon, 12 Oct 2015 17:33:17 +0000

Goldman Sachs Group, Inc. will report earnings on 10/15/2015 before the market opens. Last week Goldman publicized that it would announce its earnings via Twitter (@Twitter). The talk since the publication has been about the use of social media and Twitter becoming a viable and safe competitor in the field of company news distributors. That talk and the Twitter announcement by Goldman (@GoldmanSachs) maybe helping to drive Twitter stock price upwards. The timeline below suggests that Goldman, Twitter & Square (@Square) are tightly entwined. It
isn’t clear that there is any customer harm from the relationships or other type of wrongdoing. However the timeline is an interesting window into actions that appear isolated and how they may be related:

5/18/12 – Goldman Sachs is third banker on the Facebook IPO loosing out to Morgan Stanley and JP Morgan 11/7/13 – Goldman Sachs leads Twitter IPO with Investment Banker Anthony Noto as the lead banker 5/13/14- Anthony Noto resigns from Goldman Sachs 7/1/14 - Anthony Noto announced as the CFO for Twitter and according to executive compensation filings the highest paid executive at Twitter 7/1/15 – Jack Dorsey becomes interim CEO of Twitter – Anthony Noto is widely speculated to become CEO. 7/24/15 - Square with Jack Dorsey at the helm filed for an IPO at the same time Twitter states that Jack Dorsey who is interim Chair of Twitter will not be permanent as long as he is at Square. 8/5/15 – 8/7/15 – 3 Executive Insiders at Twitter purchase shares of Twitter: Jack Dorsey, Interim CEO; Anthony Noto, CFO; and Peter Fenton, Independent Director (Is a director truly independent when they own shares of a company?) 9/30/15 – Jack Dorsey named permanent CEO of Twitter 10/7/15 – Goldman Sachs announces that it will release its earnings on Twitter – speculation arises that Twitter has found a mechanism for income via earnings releases.

Is Goldman’s support of Twitter related to the decision for Square to choose Goldman for its Lead Banker? Is the use of Twitter the best for shareholders and the investing public or was it a strategic relationship decision? Would Goldman have won the Square IPO without supporting Twitter?

The post Goldman, Twitter & Square Entwinement appeared first on Compliance Risk Concepts.

Are Broker Dealers Prepared To Respond To Customer Withdrawal of Funds ?

CRC — Sat, 19 Sep 2015 20:18:50 +0000

9 of 24 BDs Reviewed NOT PREPARED to Respond to Customer Withdrawal of Funds

Recently FINRA published its findings regarding a funding and liquidity review of 43 broker/dealers. Has anyone noticed that 9 out of 24 BD's Reviewed are not prepared to respond to customer withdrawal of funds. In fact, the only test that all 43 Firms were prepared for was liquidating inventory. I am not sure liquidating inventory is going to assist the investing public.

The results aren't so surprising, but what is surprising is that these statistics fall at the very end of the Notice (FINRA Regulatory Notice 15-33). Would it have made a difference if FINRA had published this report to the investing public and informed the investing public that FINRA has direct knowledge that 9 Broker/Dealers could not respond to an influx of customer withdrawals.

While noble that FINRA is issuing guidance to broker/dealers - does FINRA have responsibility to the investing public to inform them of these 9 ill prepared broker/dealers? And what is FINRA doing to ensure that these 9 broker/dealers become prepared quickly. Seven years ago was the last financial crisis. Are Broker/Dealers any better prepared now?

The post Are Broker Dealers Prepared To Respond To Customer Withdrawal of Funds ? appeared first on Compliance Risk Concepts.

Spotlight On Talent: Kevin Wheeler On NY's Virtual Currency Regulation

Kristy Wright — Thu, 17 Sep 2015 22:36:09 +0000

The State of New York recently passed legislation requiring those transacting in virtual currency to become licensed. The new rules mirror much of what is already in place for many broker-dealers, banks, and other financial institutions. However, there are some important parts of the legislation that may change written policies or require new policies be written and implemented.

While the new rules do not go into effect immediately – there is a 45-day comment period starting on July 23 – we summarize the legislation in anticipation of it being put into place without major changes.

Most poignantly, the New York Virtual Currency Regulation (VCR) requires, with few exceptions, all companies that store, control, buy, sell, transfer, or exchange Bitcoins (or other cryptocurrency) to become licensed with the New York State Department of Financial Services (NYDFS). In order to obtain a license, an application must be completed providing: (1) identifying information about the applicant and its individual and entity affiliates, (2) a background report prepared by an independent investigatory agency, (3) fingerprints, (4) photographs, (5) organization charts, (6) current financial statements, (7) business plans, (8) details of banking arrangements, (10) copies of written VCR policies and procedures, (11) copies of insurance policies, (12) an explanation of the methodology used to calculate the value of the virtual currency into traditional currency and(13) verification from the New York State Department of Taxation and Finance.

Since the DFS has 90 days to approve or deny your application, presumably, the NYDFS will be supplying forms to assist in the application process; if for no other reason, to provide itself the consistency necessary to process the applications it will receive.
Importantly, the non-refundable license fee required under the VCR is $5,000. You may also have to submit other fees to process additional paperwork related to the license, if the NYDFS requires. In other words, if you apply and are rejected for a license, the Department of Financial Services keeps your $5,000. Thus, it will be important that you follow the steps necessary to properly provide all required information with your application. CRC can assist in this regard.

There are capital requirements that must be maintained at all times and each licensee must maintain a surety bond. The capital requirements and the amount of the surety bond have not yet been set by the NYDFS. In addition, if a licensee undergoes a change of control or engages in a merger, the NYDFS must be given prior notice and a written application must be completed providing the detailed information about the new control group identified above. The NYDFS has authority to stop any change in control or merger if the new control group does not pass licensing requirements.

Some important items each licensee must be aware of and implement with its Virtual Currency License are:

1) Designation of a Digital Currency Compliance Officer
2) Maintenance of a Digital Currency compliance policy covering items relating to anti-money laundering, cyber security, privacy, and information security.
3) Books Records policies similar to current securities and banking books and records requirements.

The AML requirements are very similar to current AML requirements from FINRA and the Bank Secrecy Act. However, the VCR’s AML requirements require each licensee’s AML program to maintain a customer identification program. This requirement is antithetical to the nature and spirit of the origins relating to the anonymity of digital currency. However, a robust AML program combined with an even more robust privacy and information program may be a point of differentiation for you with your competitors and could be a way to encourage customers to use your services who desire to maintain their anonymity.

The VCR’s cyber security mandates mirror current regulations such as the Gramm-Leach Bliley Act and the Federal Information Security Act. Every licensee must create and enforce a cyber security written policy and designate a Chief Information Security Officer (CISO). The cyber security program requirements under the VCR include identifying risks, protecting electronic systems, detecting intrusions, recovering and restoring operations and systems. There are also annual reporting and auditing requirements that may necessitate substantial administrative work by the CISO.

The VCR requires each licensee to provide quarterly and annual financial disclosures and reports to the NYDFS. These disclosure and reports are standard types of information, but will add another regulatory requirement to the already heavy regulatory requirements of many broker-dealers, banks, and other financial institutions.

Lastly, there are disclosure requirements and advertising/marketing limitations under the new laws. The disclosure requirements are specific to virtual currency transactions and involve adding language to account applications “in clear, conspicuous and legible writing in the English language and in any other predominant language spoken by the customers of the licensee.” The list of disclosures in the legislation is extensive and will likely lengthen already long account applications. However, it may be a good idea to review your current account applications with a representative from CRC to determine the best was to combine the VCR disclosure requirements with your current regulatory disclosures. The advertising/marketing disclosures merely require each licensee’s advertising to contain the following phrase “Licensed to engage in Virtual Currency Business Activity by the New York State Department of Financial Services.”

There are other parts of the VCR with which entities and individuals who obtain licensure will have to comply. Ultimately, living within the requirements of the law will require careful consideration of the VCR’s provision for new written policies and internal procedures.
Please contact Compliance Risk Concepts if you would like more information about digital currency regulations or are interested in learning more about compliance issues relating to digital currency issues.

The post Spotlight On Talent: Kevin Wheeler On NY's Virtual Currency Regulation appeared first on Compliance Risk Concepts.

Cybersecurity: High Profile Exam Priority for FINRA and the SEC

Mitch Avnet — Tue, 20 Jan 2015 17:52:39 +0000

Earlier this month, FINRA and the SEC issued their exam priorities for 2015. Both agencies continue to pinpoint cybersecurity as a top priority for 2015. Although these priority letters serve as a “roadmap” highlighting areas of regulatory focus during the coming year, most firms continue to struggle in terms of how they should conduct their internal Cybersecurity Risk Assessments and evidence their diligence and vigilance with respect to this high profile industry risk.

In the wake of the many highly publicized data-breaches in 2014, our clients have reached out to us for advice and guidance in an effort to increase the overall awareness of Cybersecurity risk within their respective organizations. Many of these clients are seeking comprehensive training and a robust framework and methodology to conduct Cybersecurity Risk Assessments on a targeted and/or enterprise basis.

Based on the risks and costs (both financial and reputational) that can result from a Cybersecurity breach, all financial services organizations, large and small must assess the following attributes:

Identification: Can your organization identify the critical processes and the data that supports your business end-to-end? Can you recognize the difference between a “breach” and an “attack”?
Protection: What is your company doing to protect its critical data and the infrastructure and devices it rides on? How quickly after an incident can your company realize that something is amiss?
Detection: What mechanisms does your organization have in place to detect if something is going on with critical data, and how is that detection escalated throughout the firm?
Response: How is your organization prepared to respond when Cyber incidents are detected?
Recovery: How will your organization recover from a Cyber incident? How will your company keep its great name in tact at reduced risk and quickly on the mend?

Vendors and Business Partners

In addition to the items discussed above, organizations must consider the impact of their vendors and business partners in their Cybersecurity awareness efforts. When we look at many of the high profile breaches that occurred in 2014 – service providers to the companies we do business with were the targets of a significant portion of these attacks. With that said, here are some of the important questions firms must ask themselves when assessing vendor / service provider Cybersecurity risk:

Do our business partners have good Cyber-business practices in place? How do we know?
Do our contracts with partners and vendors require a legal level of Cyber-diligence to get and keep our business?
Are your business units, vendors, partners, and processes compliant with ever changing regulations, reporting requirements, and industry standards?
Does their critical data and our critical data ever co-mingle?
- Does our firm have on-boarding contracts, processes and training to ensure appropriate governance over our Cybersecurity risk?
- How does our firm keep a non-tech savvy workforce well trained and ever-vigilant against Cyber threats?
- What if you have a potential whistle-blower situation? What are our processes to handle and escalate?

The Year Ahead….

With the knowledge that FINRA and the SEC have made Cybersecurity an exam priority for the coming year, Firms should operate under the following premises:

Assume that the criminals are already in your networks. With this in mind, organizations should respond by proactively assessing their respective risks and creating the appropriate mitigation strategies to ensure your firm is appropriately protected.
Multiple studies are showing that in 2014 +40% of all businesses were hacked, exploited or denied service, mainly from overseas non-state actors. Due to the rise in the number of “network citizens” outside of the United States, this trend is only expected to continue.

According to J.R. Helmig, Founder of Leveraged Outcomes, LLC, a financial and national security consultancy, the primary point is for firms to implement solutions to meet future threats and regulations.
________________________________________________________________________________

“Too often firms spend time and resources to meet yesterday’s compliance obligation or risks. Instead, look at what the requirements and risks are going to be for the time frame when you will be implementing the solution set, otherwise you will be outdated and outgunned before the start”.
________________________________________________________________________________

How Do We “Attack” the “Attacks”?

Through our ongoing efforts to provide thought leadership and impactful guidance to our clients, we have spent a significant amount of time and resources contemplating the best ways for firms to assess Cybersecurity threats within their respective organizations. Based on our research, we have determined one of the most comprehensive and current Cyber Frameworks to apply is the National Institutes of Standards and Technology (“NIST”) Critical Infrastructure and Cybersecurity (“CICS”) Framework. NIST CICS addresses all of the FINRA and SEC Sweep letter requirements.

Incremental Tactical Wins Lead to Long Term Strategic Success

The NIST CICS Framework is very modular and can be applied incrementally as firms deem necessary and appropriate. This allows firms to “leg-in” to a Cybersecurity framework over time with a careful, thoughtful and pragmatic approach toward addressing their risk based on the risk profile of the organization and with sensitivity to internal budgetary constraints.

Buyer Beware!

Firms must be mindful of partnering with third-party vendors / service providers that cannot show some acceptable "criteria-based" framework to assess Cybersecurity risk like NIST CICS. Companies need the ability to look across their entire enterprise, from the board room to the shop floor, when considering Cybersecurity. Almost all we do today has some sort of Information Technology component associated with it. The NIST CICS framework helps companies recognize the scope and breadth of the task at hand.

How Can Compliance Risk Concepts Help?

CRC has the capability to assess all or a part of your enterprise that will meet or exceed the spirit and intent of the FINRA Sweep letter. Based on our understanding and utilization of the NIST CICS framework, we can offer your organization a best-in-class, cost effective assessment, training, and technological suite of solutions that can be tailored to meet your company’s specific needs, requirements and budgetary constraints.

Have Questions?

Use the form below to request an exploratory conversation or in-person meeting to discuss your organizations discrete needs.

Only 1 Click Required Processing may take up to 90 seconds

The post Cybersecurity: High Profile Exam Priority for FINRA and the SEC appeared first on Compliance Risk Concepts.

Just in Time For The Holidays – The Gift of Cybersecurity Awareness

Mitch Avnet — Mon, 03 Nov 2014 00:26:12 +0000

The Gift That Keeps on Giving…..

In early 2014, FINRA and SEC regulated firms caught a glimpse of regulatory focus in the form of targeted examination “sweep” letters focused on Cybersecurity. Although these letters raised awareness of regulatory focus and concern regarding Cybersecurity within the Broker-Dealer and Investment Adviser communities – most firms are still “in the dark” in terms of how they should conduct internal Cybersecurity Risk Assessments, ensuring they are meeting regulatory expectations if / when tasked by the FINRA or the SEC to evidence their diligence in this high profile area.

Based on the risks and costs (both financial and reputational) that can result from a Cybersecurity breach, all financial services organizations, large and small must assess the following attributes:

Identification: Can your organization identify the critical processes and the data that supports your business end-to-end? Can you recognize the difference between a “breach” and an “attack”?
Protection: What is your company doing to protect its critical data and the infrastructure and devices it rides on? How quickly after an incident can your company realize that something is amiss?
Detection: What mechanisms does your organization have in place to detect if something is going on with critical data, and how is that detection escalated throughout the firm?
Response: How is your organization prepared to respond when Cyber incidents are detected?
Recovery: How will your organization recover from a Cyber incident? How will your company keep its great name in tact at reduced risk and quickly on the mend?

Vendors and Business Partners

Do our business partners have good Cyber-business practices in place? How do we know?
Do our contracts with partners and vendors require a legal level of Cyber-diligence to get and keep our business?
Are your business units, vendors, partners, and processes compliant with ever changing regulations, reporting requirements, and industry standards?
Does their critical data and our critical data ever co-mingle?
- Does our firm have on-boarding contracts, processes and training to ensure appropriate governance over our Cybersecurity risk?
- How does our firm keep a non-tech savvy workforce well trained and ever-vigilant against Cyber threats?
- What if you have a potential whistle-blower situation? What are our processes to handle and escalate?

The Year Ahead….

As we all contemplate our priorities for 2015, we can be rest assured that Cybersecurity will continue to be a focus area for FINRA, the SEC and other regulators in the coming year. Based on this, firms should understand the following:

Assume that the criminals are already in your networks. With this in mind, organizations should respond by proactively assessing their respective risks and creating the appropriate mitigation strategies to ensure your firm is appropriately protected.
Multiple studies are showing that in 2014 +40% of all businesses were hacked, exploited or denied service, mainly from overseas non-state actors. Due to the rise in the number of “network citizens” outside of the United States, this trend is only expected to continue.
Change is coming. FINRA, The SEC and other regulators are expected to require the entire Financial Services sector to assess Cyber Risk and maturity.

How Do We “Attack” the “Attacks”?

Incremental Tactical Wins Lead to Long Term Strategic Success

Buyer Beware!

How Can Compliance Risk Concepts Help?

Have Questions?

Use the form below to request an exploratory conversation or in-person meeting to discuss your organizations discrete needs.

Only 1 Click Required Processing may take up to 90 seconds

The post Just in Time For The Holidays – The Gift of Cybersecurity Awareness appeared first on Compliance Risk Concepts.

Faulty Broker Dealer Gatekeeping Leads To SEC Enforcement Action

CRC — Fri, 17 Oct 2014 18:47:30 +0000

The Securities and Exchange Commission (“SEC”) recently announced an enforcement action against two broker-dealers that apparently failed in their “gatekeeper roles” and improperly engaged in unregistered sales of microcap stocks on behalf of their customers.

This action, along with issuance of the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) National Exam Program Risk Alert (“Risk Alert”) and the Division of Trading and Markets’ “Responses to Frequently Asked Questions about a Broker-Dealer's Duties When Relying on the Securities Act Section 4(a)(4) Exemption to Execute Customer Orders” (“FAQ”) will certainly have impact to broker-dealers policies and procedures, as well as other controls related to suspicious activity reports and related areas.

Red Flags Ignored
The SEC investigation found that the firms sold billions of shares in microcap companies for customers during a four-year period while ignoring “red flags” that the offerings were being conducted without an applicable exemption from the registration provisions of the federal securities laws. Red Flags ignored included:

a customer opens a new account and delivers physical certificates representing a large block of thinly traded or low-priced securities;
a customer has a pattern of depositing physical share certificates, immediately selling the shares and then wiring out the proceeds of the resale;
a customer deposits share certificates that are recently issued or represent a large percentage of the float for the security;
share certificates reference a company or customer name that has been changed or that does not match the name on the account;
the lack of a restrictive legend on deposited shares seems inconsistent with the date the customer acquired the securities or the nature of the transaction in which the securities were acquired;
there is a sudden spike in investor demand for, coupled with a rising prince in, a thinly traded or low-priced security;
the company was a shell company when it issued the shares;
a customer with limited or no other assets under management at the firm receives an electronic transfer or journal transactions of large amounts of low-priced, unlisted securities;
the issuer has been thought several recent name changes business combinations or recapitalizations, or the company’s officers are also officers of numerous similar companies; and
the issuer’s SEC filings are not current, are incomplete, or non-existent.

Section 4(a)(4) of the Securities Act of 1933 provides a registration exemption for broker-dealers when executing customers’ unregistered sales of securities if, after reasonable inquiry, the broker-dealer is not aware of circumstances indicating that the customer would be violating the registration requirements of Section 5 of the Securities Act.

In addition to a combined penalty of $1 million, the two firms agreed to settle the SEC’s charges by paying back more than $1.5 million in disgorgement and prejudgment interest from commissions they earned on the improper sales. See SEC Press Release 2014-225.

The Risk Alert and the FAQ
OCIE staff, during their targeted sweep of 22 broker-dealers, identified the following concerns in the Risk Alert:

Insufficient policies and procedures to monitor for and identify potential red flags in customer-initiated sales.
Inadequate controls to evaluate how customers acquired the securities and whether they could be lawfully resold without registration.
Failure to file suspicious activity reports, as required by the Bank Secrecy Act, when encountering unusual or suspicious activity in connection with customers’ sales of microcap securities.

As per the Risk Alert, of the 22 firms examined, 80% were issued letters of deficiency for material control weaknesses and/or potential violations of law, with the majority of the firms examined were also referred to the Division of Enforcement or another regulatory agency for further consideration of whether violations of law occurred.

OCIE concluded “most of the examined broker-dealers have policies and procedures requiring the firm to conduct a reasonable inquiry into the facts surrounding a proposed unregistered sale to determine if the customer is an underwriter.” However, the OCIE examinations “illuminated control weaknesses in the design or implementation of those policies and procedures.” The Risk Alert presented examples of certain situations where these control weaknesses have resulted in the broker-dealers failing to conduct a reasonable inquiry and/or failing to file SARs regarding suspicious sales activity. Control weaknesses identified included:

Some firms’ policies and procedures did not contain sufficient detail to assist the firms’ employees in their efforts to effectively monitor and identify situations where facts and circumstances suggest the customer may not have had a claimed exemption. For example, some firms’ policies and procedures merely stated that a reasonable inquiry should be conducted, without providing any additional discussion of potential red flags that could indicate a possible Section 5 violation, protocols that the staff should follow when encountering red flags, or supervisory reviews that should be conducted to determine whether the securities were resold in compliance with an available exemption;
Some firms relied, without further inquiry, on the absence of restrictive legends on stock certificates to conclude that the securities could be resold in unregistered transactions.
Some firms relied, without further inquiry, on the delivery of the shares into a customer’s account in electronic form through a transfer from the Depository Trust and Clearing Corporation (“DTCC”) or the issuer’s transfer agent as a basis for believing either that the shares were not restricted securities or that no further inquiry regarding the customer was necessary; and
Some firms did not collect information from the customer about how large blocks of shares, deposited into the customer’s account that the customer requested the broker-dealer to sell, had been acquired, despite the fact that the firms did not know how the customer had acquired the shares.

In addition, OCIE discussed in the Risk Alert their observations that certain types of accounts as being frequently associated with “dumping” of microcap securities.

The Division of Trading and Markets issued an FAQ in effort to remind broker-dealers of their obligation to conduct a reasonable inquiry when selling securities in an unregistered transaction in reliance on Section 4(a)(4) of the Securities Act of 1933.

The post Faulty Broker Dealer Gatekeeping Leads To SEC Enforcement Action appeared first on Compliance Risk Concepts.