Subject to Inquiry

Subject to Inquiry


Government Investigations and White Collar Litigation Group
Financial Institution Regulation, Securities and Commodities

The More Things Change, the More They Stay the Same –Joint Statement by FINRA and the SEC on the Customer Protection Rule and Digital Asset Securities

On Monday, July 8th, FINRA and the SEC took the unusual step of issuing a joint statement on broker-dealer custody of digital asset securities. In doing so, the Staffs of the SEC’s Division of Trading and Markets and of FINRA’s Office of General Counsel made clear that the SEC and FINRA will continue to apply the existing regulatory framework to the rapidly evolving world of digital assets.

The joint statement notified market participants that any entity that buys, sells, or otherwise transacts in, or effects transactions in, digital asset securities, may be subject to federal regulations, including regulations that may require them to register with the SEC as a broker-dealer and become a member of FINRA.

The joint statement focuses on the Customer Protection Rule, noting that any entity that acts as a broker-dealer must comply with that rule. The Customer Protection Rule requires broker-dealers to safeguard customers’ assets and keep them separate from the firm’s assets, which makes it more likely that a customer’s assets will be returned if the broker-dealer fails. Given the potential for cyberattacks on digital assets trading platforms, and given the way digital asset securities are issued and exchanged, the Customer Protection Rule can present challenges to broker-dealers operating in the digital asset space.

FINRA has received New Membership Applications and Continuing Membership Applications from new and existing broker-dealers that wish to engage in broker-dealer activities involving digital assets. The Applications show that broker-dealers are considering two types of business models. Some broker-dealers are considering providing non-custodial services when it comes to digital assets, which means that the broker-dealer would engage in transactions without ever taking custody of the digital assets (for example, by trade-matching or providing introductions).

Other broker-dealers are pursuing a business model that involves custodying assets. The joint statement noted that broker-dealers that wish to custody assets may find it difficult to comply with the Customer Protection Rule. Fundamentally, the unique way that digital asset securities are issued, held, and transferred makes it challenging to comply with the requirements of the Rule, which requires that a good control location is established and verified. There is an increased risk to the assets from cyberattacks and resulting fraud or theft. Further, transfers to unknown or unintended addresses may leave the broker-dealer without a means to reverse the transaction or otherwise recover the assets. The statement also acknowledges that the issues of establishing the existence of the asset, or establishing that it is in a good control location, also present challenges for the firm’s independent auditor in completing the audit and evidencing their review. The staffs of the SEC and FINRA expressed their desire to engage with market participants, as market participants continue to develop technology that might provide solutions to custody issues.

While it is unusual for the SEC and FINRA to issue joint statements, this statement is similar to other SEC pronouncements in the fintech field in that it expresses a desire to engage with, and learn from, market participants, and makes clear that the existing regulatory framework applies to this rapidly evolving field.

Financial Institution Regulation

SEC Adopts Regulation Best Interest

On June 5, 2019, the Securities and Exchange Commission adopted, by a 3-1 vote, Regulation Best Interest (“Reg BI”) which, in the words of Chairman Clayton, would “substantially enhance the broker-dealer standard of conduct beyond existing suitability obligations.” The Chairman also noted: “the standard of conduct draws from key fiduciary principles and cannot be satisfied through disclosure alone.”

The Commission also passed the new Form CRS Relationship Summary and two interpretations under the Investment Advisers Act of 1940 (the “Advisers Act”). According to the Commission, the newly-adopted rules and interpretations are designed to (1) enhance and clarify the standards of conduct applicable to broker-dealers and investment advisers, (2) help retail investors better understand services offered and make informed choices regarding the relationship best suited to their needs and circumstances, and (3) foster greater consistency in the level of protections provided by each regime, particularly at the point in time that a recommendation is made.

According to the Commission, under Reg BI, broker-dealers will be required to act in the best interests of retail customers when making investment recommendations and may not put their financial interests “ahead of the interests of a retail customer when making recommendations.” Reg BI includes the following components:

  • Disclosure Obligation: Broker-dealers must disclose to retail customers the capacity in which the broker is acting, fees, the type and scope of services provided, conflicts, limitations on services and products, and whether the broker-dealer provides monitoring services.
  • Care Obligation: A broker-dealer must exercise reasonable diligence, care and skill when making a recommendation to a retail customer, with a clear understanding of potential risks, rewards, and costs associated with the recommendation.  The broker-dealer must then consider these factors in light of the retail customer’s investment profile and ensure that the recommendation is in the retail customer’s best interest, including the costs of the recommendation.
  • Conflict of Interest Obligation: The broker-dealer must establish, maintain, and enforce written policies and procedures reasonably designed to identify and, at a minimum, disclose or eliminate conflicts of interest.  Those policies and procedures must (1) mitigate conflicts that create an incentive for financial professionals to place their interests or those of the firm ahead of the customer’s interests, (2) prevent limitations on offerings from causing the firm or its financial professionals to place their interests or the interests of the firm ahead of the customer’s interest, and (3) eliminate sales contests, quotas, bonuses and non-cash compensation based on the sale of specific securities or specific types of securities within a limited period of time.
  • Compliance Obligation: Broker-dealers must establish, maintain and enforce policies and procedures reasonably designed to achieve compliance with Reg BI as a whole.

The Form CRS Relationship Summary will require SEC registered investment advisers and broker-dealers to provide retail customers straightforward and easy-to-understand information describing the nature of a customer’s relationship with their financial professional.

The Commission also issued two interpretations. First, the Commission issued an interpretation that reaffirmed and clarified its views of the fiduciary duty owed by registered investment advisers to their clients. Second, the Commission issued an interpretation that more clearly defined the “solely incidental” exclusion under the Advisers Act, which delineates when a broker-dealer’s performance of advisory activities causes it to become an investment adviser. The interpretation provides practical guidance by noting that exercising investment discretion over customer accounts and account monitoring are activities that would be beyond “solely incidental” to brokerage activity.

The new measures did not pass without controversy. Commissioner Robert Jackson cast the lone dissenting vote. At the Open Meeting and in a written statement, Commissioner Jackson stated that, while he hoped the new rules would leave “no doubt that investors come first,” the newly adopted rules create a “muddled standard” and “simply do not require that investors’ interests come first.” Earlier this year, a group of former SEC economists criticized the economic analysis underlying Reg BI as “weak and incomplete” for (1) failing to properly identify the specific problem(s) to be addressed by the rule, (2) inadequately discussing existing economic literature relating to financial advising, and (3) relying too heavily on advisers disclosing material conflicts of interest “without requiring advisers to provide a single, easy-to-digest periodic the retail customer’s actual cost of managing her funds.” Investor advocacy groups have also criticized Reg BI for (1) “making it easier for brokers to advertise themselves and weaken protections that currently apply under state fiduciary standards,” and (2) failing to require the elimination of conflicts of interest or to impose a fiduciary obligation on broker-dealers.

The documentation approved by the Commission on June 5th totals more than 1,400 pages. As the industry, counsel, consultants, other regulators, and other stakeholders wade through the materials, additional assessments will be provided.

Practical Considerations

The Commissioners, the Chairman, and the staff stressed the importance of continuing to review and assess the scope of the newly-adopted requirements and to assist firms with their implementation efforts. To facilitate effective and responsive engagement, the Commission is creating an inter-Divisional Standards of Conduct Implementation Committee. The Commission encouraged firms to engage with the Committee as questions arise during implementation. The Commission also has set up a “mailbox” to receive questions by email (

Reg BI and Form CRS will become effective 60 days after they are published in the Federal Register, and will include a transition period until June 30, 2020.  By that date, registered broker-dealers must begin complying with Reg BI and broker-dealers and investment advisers registered with the Commission will be required to prepare, deliver to retail investors, and file a relationship summary. The interpretations will become effective upon publication in the Federal Register.

Should you wish to discuss requirements and/or implications of Reg BI, Form CRS Relationship Summary or newly issued statutory interpretations, please contact any of the authors or any of McGuireWoods’ securities enforcement and regulatory attorneys.



North American Securities Administrators Association (NASAA) Releases Model Cybersecurity Rule

On May 21, the North American Securities Administrators Association (NASAA)—an organization comprised of 67 securities regulators within the United States (all fifty states as well as districts and territories), Canada, and Mexico—released a model cybersecurity rule package governing state-registered investment advisors’ cybersecurity and privacy practices.  The model rule package, which would need to be adopted by an individual state so as to become law in that jurisdiction, provides a structure for how state-registered investment advisers must design their information security policies and procedures. Continue Reading

Energy Enforcement

FERC Rescinds Notice of Alleged Violation Policy

This week, the Federal Energy Regulatory Commission (“FERC”) issued an order rescinding its Notice of Alleged Violation (“NAV”) Policy. The NAV Policy was put in place by a 2009 order and authorized FERC’s Office of Enforcement Staff (“OE staff”) to ask the FERC Secretary to issue a public NAV at the stage of the investigation after the subject has had a chance to respond to OE staff’s preliminary findings. This usually happened at about the time staff sought settlement authority from the Commission in order to potentially resolve the matter. The NAV was a very short document stating that FERC staff had preliminarily determined that the named subject had violated a FERC rule, oftentimes FERC’s anti-Market Manipulation rule. FERC investigations typically begin non-publicly and frequently remain that way—especially if FERC decides not to charge subjects with violations. Often the NAV was the first public notice of the case.

The NAV Policy was initially and nominally put in place to add transparency to the process for cases that would possibly proceed past investigation and provide an opportunity for members of the public to come forward with information that might be relevant to the case and evaluate their own conduct in light of the allegations set out in the NAV. But, those theoretical benefits came at a very real price: damning public disclosure of the allegations against the subject before any adjudicative process that might allow a public defense or a settlement that would put the matter into a final context. In the ensuing years, the practice came under increasing criticism in the industry and the bar.

FERC is now abandoning this step because, per its own analysis, it has not worked out as intended. FERC last issued an NAV in April 2018, after which it announced settlements in other cases without NAVs, so it appears that in practice FERC had already abandoned its NAV Policy. After ten years of the NAV Policy in practice, FERC has concluded that “the potential adverse consequences that NAVs pose for investigative subjects are no longer justified” based on the limited information brought to FERC’s attention through the NAV process. FERC also claimed the need for publicly-supplied information has been reduced, as FERC’s own investigative methods have improved in the intervening decade through the addition of a slew of data driven analytical tools to FERC’s arsenal.

FERC’s re-visitation of this matter and change of course are, in our view, a sign that good government is at work. The publicly-issued NAV has been a major area of frustration for investigation subjects—especially those expecting to settle their cases. In practice, the NAV would issue once OE had obtained settlement authority but before any settlement had been finalized. Investigation subjects were thus forced, as a practical matter, to sit idly by while the news of their (alleged) bad acts was announced in the NAV, unable to make any public pronouncements for fear of disrupting the settlement negotiations. With the NAV step removed, subjects of an investigation will be able to announce their “positive” news of a settled (and final) investigation together with the negative news of the alleged bad acts.

Even subjects who expected they might not settle suffered—because they usually and correctly recognized that there was not a practical way to respond publicly to a very cryptic statement that had yet to be formally and fully advanced as an allegation by the Commission. Some subjects of NAVs never ended up being charged or settling so their names were needlessly publicized (as FERC’s order candidly recognized). All that will now stop. That is good.

Most subjects suffered real and lasting negative consequences from the reputational harm associated with these NAV disclosures. As against all of these downsides for subjects, FERC’s order recognizes what has long been known in inside and outside FERC: that the expected benefits of the NAV Policy never materialized. So, for companies and individuals that find themselves under investigation by FERC, this comes as welcome news. No longer will the NAV be the first public word of alleged violations unaccompanied by context-setting settlement or other expressions that can at least somewhat be influenced by the investigation subject.

Securities and Commodities

D.C. Circuit Vacates SEC Sanctions, Says Negligent Omissions Are Not ‘Willful’ Under Advisers Act

On April 30, the U.S. Circuit Court of Appeals for the District of Columbia Circuit vacated a Securities and Exchange Commission order imposing sanctions. The court held that an investment advisory firm and its owners did not violate Section 207 of the Investment Advisers Act of 1930, 15 U.S.C. § 80b-7, by negligently omitting material facts from the firm’s Form ADV. (See Robare Group, Ltd., et al. v. SEC, No. 16-1453.)

In September 2014, SEC Enforcement charged the petitioners, The Robare Group and its two principals, with violations of Sections 206(1), 206(2) and 207 of the Advisers Act, alleging that they willfully failed to disclose a revenue-sharing arrangement through which the firm received compensation when its clients invested in certain mutual funds. After an administrative law judge dismissed all charges, the SEC reviewed the case de novo and determined that, while the record did not support a finding of scienter, the petitioners violated: (i) Section 206(2) of the Advisers Act by negligently failing to disclose the revenue-sharing arrangement adequately to customers and (ii) Section 207 of the Advisers Act by failing to disclose the revenue-sharing arrangement to the SEC on the firm’s Form ADVs. As a result, the SEC imposed a $50,000 civil monetary penalty on each of the petitioners.

The petitioners appealed the decision to the D.C. Circuit, arguing, inter alia, that “the Commission erred in ruling that [the petitioners] violated Section 207 of the Advisers Act by willfully omitting material information about the [revenue-sharing arrangement]” despite the lack of substantial evidence to establish that they willfully omitted material facts.

Section 207 of the Advisers Act provides the following: “It shall be unlawful for any person willfully to make any untrue statement of a material fact in any registration application or report filed with the Commission under Section 203 or 204 of the Advisers Act, or willfully to omit to state in any such application or report any material fact which is required to be stated therein” (emphasis added).

While the parties agreed that the term “willfully” in Section 207 required the petitioners to have “intentionally commit[ed] the act which constitutes the violation,” they disagreed over what constituted “the act.” Specifically, the petitioners took the position that a violation of Section 207 requires an intentional misrepresentation or omission of a material fact, whereas the SEC asserted that an adviser violates Section 207 by intentionally completing or filing a Form ADV that turns out to contain a material misrepresentation or omission.

The D.C. Circuit held that, while substantial evidence supported the SEC’s negligence-based findings with respect to the Section 206(2) violation, “the Commission’s findings of willful violations under Section 207 based on the same negligent conduct are erroneous as a matter of law.”

In agreeing with the petitioners’ reading of Section 207’s willfulness requirement, the Court stated, “Intent and negligence are regarded as mutually exclusive grounds for liability. Any given act may be intentional or it may be negligent, but it cannot be both” (with internal quotations and citations omitted). Accordingly, the Court held that, in order to violate Section 207, at least one individual must have subjectively intended to omit the material information from the Form ADV.

Thus, the D.C. Circuit found that, because the SEC found there to be no scienter, the SEC could not support a Section 207 violation by the petitioners based on the finding that they negligently omitted the revenue-sharing arrangement from the Form ADV, which did not amount to willful conduct. As a result, the Court remanded the case to the SEC to determine a suitable fine for just The Robare Group’s negligent violation of Section 206(2).

Lessons Learned

The SEC staff is likely evaluating what this opinion means for its enforcement program. Specifically, there is now a significant question about whether this decision upends the long-standing SEC position that administrative proceedings can brought under Exchange Act Sections 15(b)(4) and (b)(6) and Advisers Act Sections 203(e) and (f), which also require a “willfulness” finding, based on just the barest minimum of understanding, as many have said, “not sleepwalking.” In the ubiquitous footnote included in every proceeding instituted under those sections, the SEC states:

A willful violation of the securities laws means merely “’that the person charged with the duty knows what he is doing.’” Wonsover v. SEC, 205 F.3d 408, 414 (D.C. Cir. 2000) (quoting Hughes v. SEC, 174 F.2d 969, 977 (D.C. Cir. 1949)). There is no requirement that the actor “‘also be aware that he is violating one of the Rules or Acts.’” Id. (quoting Gearhart & Otis, Inc. v. SEC, 348 F.2d 798, 803 (D.C. Cir. 1965)).

How the SEC comes out on the question of whether this is still a valid position for them to take in future settlements and litigated administrative proceedings may have a profound impact going forward.

As for the SEC’s immediate consideration for this case and other pending matters, while this finding will make it harder for the SEC to bring Section 207 in the absence of a scienter finding, negligently drafted disclosures may still subject advisers to liability under Section 206(2). Furthermore, while, as noted above, the necessary “willful” finding is a jurisdictional requirement to initiate a proceeding pursuant to Advisers Act Section 203(e), the SEC may still initiate cease-and-desist proceedings pursuant to Section 203(k) of the Advisers Act and obtain monetary penalties. Negligence is enough to bring a cease-and-desist proceeding and obtain a penalty.

In addition, the decision makes it clear that relying on industry standards does notnecessarily serve as a defense to negligence where, as the D.C. Circuit found here, The Robare Group’s principals recognized that the payment arrangement “created potential conflicts of interest and that they knew of their obligation to disclose this information to clients.” (See Robare at 12-13.) The Court determined that the numerous violations of the defendants’ fiduciary duty were unreasonable and thus negligent.

One benefit of the D.C. Circuit ruling is that it may be easier to settle a matter without a finding of willfulness, as statutory disqualification will be avoided. (A finding by the SEC that a person or firm acted willfully is a disqualifying event according to Section 3(a)(39) of the Exchange Act.)

Should you wish to discuss the D.C. Circuit’s decision, please contact one of the authors or any of McGuireWoods’ securities enforcement and regulatory attorneys.

Anti-Money Laundering, Enforcement and Prosecution Policy and Trends, Financial Institution Regulation

Suspicious Activity Monitoring and Reporting – FINRA Issues Notice Consolidating Governmental and Regulatory “Red Flag” Guidance

Enforcement actions sanctioning firms and, in a few cases, individuals for failing to investigate and report suspicious activity have been significantly on the rise. SEC, FinCEN, FINRA, and others have been active in this area, particularly with regard to trading at, by, or through the financial institution.  One critical component of a financial institution’s ability to maintain a robust anti-money laundering (“AML”) program and comply with its suspicious activity reporting (“SAR”) obligations is to ensure that the firm actively identifies and timely reviews “red flags” of potentially suspicious activity. What constitutes a “red flag” varies depending on many factors, including the firm’s business, location of the firm and customers, customer activity, and many other factors. Regulators over the years have issued guidance detailing “red flags” for potentially bad activity in an effort to assist firms in developing and enhancing their SAR reporting programs.

Consolidation of “Red Flag” Guidance or One Stop Shopping 

On May 6, FINRA published a Regulatory Notice 19-18 (the “Notice”), which aggregates federal government and other regulatory “red flag” guidance issued over the past 17 years.  Included in the Notice are the “red flags” that FINRA included in its own original notice issued in 2002, Notice to Member 02-21. FINRA issued the Notice to provide “one stop shopping” for firms searching for insights from the government and regulators on what they should monitor.  The Notice lists no fewer than 104 “red flags” compiled in five categories: customer due diligence and interactions with customers, deposits of securities, securities trading, money movements, insurance products, and a catch all (other potential red flags).


  • Never static – not one-and-done. Firms need to review periodically their AML/SAR programs to assess “red flags” employed to ensure they evolve to reflect new concerns in the industry, new methods by the “bad guys” to use the financial system to engage in illegal activity, and changes at the particular firm that implicate new “red flags.”
  • Not one size fits all. Variations of firms in terms of size, business, model, products, etc. means different “red flags” will be at play.
  • Not an exhaustive list. The 104 “red flags” are examples and not a complete list.  As noted, additional “red flags” will arise based on unique facts and circumstances of the activity at issue. If something appears questionable, follow up.
  • As the slogan says: “if you see something, say something.” SAR reports are extremely valuable resources and information to law enforcement to put the investigative pieces together. The reports have led to many successful law enforcement cases, and firms remain obligated to investigate a red flag and where appropriate file a SAR report.
  • Ignore a red flag at your peril. Of course, the bottom line for financial institutions with SAR reporting obligations: failure to investigate and, if appropriate, file SAR reports exposes the firm to significant sanctions and reputational damage when a regulator identifies the “red flags” and no appropriate follow up.
Securities and Commodities

SEC OCIE Highlights Potential Deficiencies in Firm Privacy Policies

On April 16, the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) issued a Risk Alert highlighting Regulation S-P compliance deficiencies and issues it found in recent examinations of broker-dealers and investment advisers. Regulation S-P is the primary SEC rule detailing the safeguards these firms must take to protect customer privacy. The Risk Alert provides an important reminder for firms to assess their supervisory and compliance programs related to Regulation S-P and make any necessary changes to strengthen those systems. Indeed, in light of the substantial fines that can accompany a finding that Regulation S-P has been violated, firms must pay careful attention to the OCIE’s guidance regarding potential pitfalls.

Regulation S-P requires broker-dealers and advisors to adopt written policies and procedures addressing the protection of customer information and records. These policies and procedures must be reasonably designed to ensure the security and confidentiality of customer records and information as well as protect against unauthorized access or threats. Additionally, Regulation S-P requires firms to send customers notices regarding the firm’s privacy policies and practices (at the establishment of the customer relationship and then annually thereafter) as well as an “opt out notice” that explains to customers their right to opt out of some disclosures of their non-public information to third parties. Firms that fail to comply with Regulation S-P can be hit with substantial fines; last year the SEC fined a broker-dealer $1 million for failing to maintain adequate safeguards against identity theft.

The Risk Alert highlights examples of common deficiencies or weaknesses that OCIE staff identified related to Regulation S-P in their examinations, which serve as considerations for firms evaluating their own policies and procedures:

  • Failure to Provide Adequate Notices. Some examined firms failed to provide the notices required by Regulation S-P, whereas others provided notices that did not contain required information, such as information regarding a customer’s opt-out right.
  • Lack of Adequate Policies and Procedures. Some firms did not have adequate written policies and procedures addressing customary privacy. The OCIE noted that policies and procedures that simply restate the rules contained within Regulation S-P are insufficient; rather, these documents must actually address the administrative, technical, and physical safeguards the firm has put in place. Similarly, “off the shelf” policies and procedures—which firms sometimes buy from third party vendors—are insufficient if firms do not include detail as to how they are actually being implemented.
  • Poorly Designed or Unimplemented Policies. The OCIE observed that even where firms had written policies and procedures, in some cases they were either not actually implemented or not reasonably designed to meet the requirements of Regulation S-P. The OCIE identified specific areas where firms’ policies and procedures were either poorly designed or not implemented:
    • Personal devices. The OCIE highlighted firms whose employees regularly stored and maintained customer personally identifying information (“PII”) on their personal laptops, but whose policies and procedures did not address how to safeguard that information.
    • Email. Some firms did not have policies and procedures reasonably designed to prevent employees from regularly sending unencrypted emails containing customer PII. Other firms did have such policies but did not provide adequate training to employees or failed to monitor if their policies were actually being followed.
    • Outside Vendors. Some firms failed to follow their own policies and procedures when dealing with outside vendors. The OCIE noted firms that failed to require outside vendors to contractually agree to keep customer PII confidential, even where their own policies and procedures required such agreements.
    • Failure to Identify Systems with Customer Information. Some firms did not inventory all systems on which they maintained customer PII, which the OCIE stated could limit their ability to safeguard that information.
    • Inadequate Incident Response Plans. Some firms’ incident response plans did not address important areas such as actions required to address a cybersecurity incident and assessments of system vulnerabilities.
    • Unsecure Physical Locations and Unauthorized Access. The OCIE noted firms that stored customer PII in unsecure physical locations (such as unlocked file cabinets) as well as cases where customer login credentials had been sent to employees who were not authorized to receive that information.
    • Departed Employees. Finally, the OCIE noted instances where former employees of firms retained access rights to customer PII after their departure.

The Risk Alert serves as a timely reminder to all broker-dealers and investment advisers to review their written policies and procedures, as well as the implementation of those policies and procedures, to ensure they are compliant with Regulation S-P. The Alert also serves as a complement to FINRA’s 2018 Report on Selected Cybersecurity Practices, which set forth FINRA’s observations regarding effective practices that firms have implemented to address cybersecurity risks, including risks related to identity theft.

McGuireWoods’ experienced broker-dealer/investment adviser team will continue to monitor and report on important issues affecting the broker-dealer industry. For more information, contact the authors of this article or any member of the team.

Financial Institution Regulation, Securities and Commodities

Recent New Jersey Rule Proposal Progresses State Efforts to Impose Fiduciary Duties on Brokers

On April 15, the New Jersey Bureau of Securities (the “Bureau”) issued a rule proposal to establish a uniform fiduciary duty standard applicable to investment advisers, brokers-dealers and their registered representatives and agents.  Specifically, the proposed rule (N.J.A.C. 13:47A-6.4), which could take effect as early as the end of the year, will require all investment professionals registered with the Bureau to provide investment advice, recommend investment strategies, open or transfer assets to any type of account, or make the purchase, sale, or exchange of any security without regard to their company’s (or their own) interest.

While the proposed rule merely codifies the fiduciary duty already owed to customers by investment advisers, it would impose a heightened standard of care on broker-dealers.  Currently, broker-dealers and their representatives are subject to the suitability standard, which requires them to hold a reasonable belief that recommended transactions or investment strategies are suitable for their customers.  If the proposed rule is implemented, brokers will also owe their customers a statutory duty of care and a duty of loyalty, requiring them to make recommendations about securities and provide investment advice “without regard to the financial or any other interest of the broker-dealer, agent, adviser,” or any other third-party.

The Bureau believes the proposed uniform standard will “protect[] investors against abuses that can result when financial professionals place their own interests above those of their customers, will help to reduce confusion, and will work to foster public confidence in the financial profession,” noting that “retail investors do not understand the differences between investment advisers and broker-dealers or the standards of care applicable,” specifically in the context of dual registrants.

Additionally, in an effort to address the Bureau’s concern about incentives (i.e., sales contests), the proposed rule also creates a presumption that the duty of loyalty is breached where an investment professional offers or receives any compensation when recommending or trading in customer accounts securities that are “not the best of the reasonably available options.”

The Bureau’s rule proposal comes as other states, including Connecticut, New York, and Nevada, similarly have proposed new rules and regulations governing the conduct standards of broker-dealers and investment advisers.  The varying state-level approaches have led some financial industry groups to express concerns about “patchwork” state-level regulation and inconsistent conduct standards across state lines.  At the same time, the SEC is expected to finalize its proposed Regulation Best Interest—which would set forth a nationwide standard of conduct—this year.  The interplay between Regulation Best Interest and state-level rules—including New Jersey’s, if codified—could lead to litigation over the preemptive effect of SEC rulemaking in this arena.  Indeed, some industry groups have already argued that state-level laws imposing heightened standards of conduct create implicit or explicit recordkeeping requirements and are thus preempted by the National Securities Markets Improvement Act of 1996, which sets forth recordkeeping requirements for advisers and brokers.  As states codify laws governing brokers and advisers within their jurisdiction, these preemption arguments are likely to come to the forefront.

Practical Considerations

The Bureau is accepting written comments regarding the proposed uniform fiduciary rule through June 14, 2019.  In the meantime, firms conducting securities business in New Jersey should consider reviewing their policies and procedures to assess the need for potential enhancements in anticipation of the heightened standard of care.

Should you wish to discuss (1) the requirements and/or implications of the Bureau’s rule proposal, or (2) submitting comments on the proposal to the Bureau, please contact any of the authors or any of McGuireWoods’ securities enforcement and regulatory attorneys.

Financial Institution Regulation

FINRA Issues New Guidance Regarding Customer Communications Relating to Departing Registered Representatives

As recognized by new guidance from the Financial Industry Regulatory Authority (FINRA), the departure of a registered representative often prompts customer questions about the departing representative and the continued servicing of a customer’s account. In light of the continued frequency of movement of registered representatives from, or among, member firms, FINRA issued guidance on April 5, 2019, regarding what information it expects member firms to communicate to customers upon the departure of a registered representative.

Pursuant to FINRA Regulatory Notice 19-10, FINRA expects member firms to: (1) promptly and clearly communicate to affected customers how their accounts will continue to be serviced; and (2) subject to privacy and other legal requirements, provide customers with timely and complete answers, if known, to questions about a departing representative.

Under this new guidance, FINRA expects member firms to implement policies and procedures that “assure that the customers serviced by that registered representative are aware of how their account will be serviced at the member firm, including how and to whom the customer may direct questions and trade instructions following the representative’s departure and, if and when assigned, the representative to whom the customer is now assigned at the member firm.” As with all customer communications, FINRA expects that the information provided by member firms about a departing registered representative to be fair, balanced and not misleading.

Practical Considerations

As with any new guidance, firms should review their existing policies and procedures in order to assess the need for potential enhancements. With respect to FINRA’s expectation that firms will have policies and procedures designed to promptly provide information to customers related to the continued servicing of their accounts, a firm’s existing communications program should be reviewed to ensure that all of the necessary information listed above is in fact promptly communicated to customers. Furthermore, firms should also review their policies and procedures (as well as their training programs) regarding how to respond to customer inquiries relating to a departed registered representative. In light of this new guidance, as well as a matter of risk management, firms should consider practices and procedures that ensure consistent and timely responses to customer inquiries concerning a departed registered representative and that take into account applicable privacy and other legal requirements.

While FINRA’s recent guidance will likely become a new point of contention in arbitration and litigation involving departing registered representatives, a firm’s implementation of appropriate policies and procedures will help to mitigate litigation risk, as well as related regulatory inquiries and exposure.

Should you wish to discuss the requirements and/or implications of FINRA Regulatory Notice 19-10, please contact any of the authors or any of McGuireWoods’ securities enforcement and regulatory attorneys.

Enforcement and Prosecution Policy and Trends, Fraud, Deception and False Claims

Key Lessons for Colleges and Universities from Operation Varsity Blues

On March 12, 2019, the United States Attorney’s Office for the District of Massachusetts announced federal criminal charges in “Operation Varsity Blues,” the largest college admissions case ever prosecuted by the Department of Justice. Fifty people have been charged for their involvement in what prosecutors describe as a nationwide conspiracy to get the children of wealthy parents into elite colleges around the country. As alleged, wealthy parents paid tens of thousands of dollars to facilitate cheating on college entrance exams to increase their children’s test scores. Additionally, many of the parents are accused of paying hundreds of thousands of dollars in bribes to college officials to secure their children’s acceptance into colleges as athletic recruits using fabricated athletic credentials.

The defendants accused of facilitating these schemes, including the university officials, and college entrance exam proctors and examiners, have been charged with racketeering conspiracy under the federal RICO statute. The parents accused of paying the bribes have been charged with conspiracy to commit mail fraud and wire fraud. Other charges levied against various defendants include money laundering and tax fraud.

Potential Vulnerabilities for Colleges and Universities

Beyond the individuals implicated in the criminal investigation, certain allegations made by prosecutors create risk for colleges and universities. For example, prosecutors have alleged that certain bribe payments were used for the benefit of college athletics programs or were wired directly into college accounts.

Within days of the operation being made public, lawsuits were filed against many of the figures involved, including the colleges. A class-action lawsuit filed in the U.S. District Court for the Northern District of California against some of the colleges referenced in the charging documents should be of particular concern to schools around the country. That lawsuit alleges that the colleges at issue fraudulently represented that their admissions processes were neutral and merit-based, when they knew or should have known that some students were admitted through corruption.

Although DOJ has stated that the schools involved in Operation Varsity Blues are not the targets of their current investigation “right now,” plaintiffs’ lawyers throughout the country as well as state Attorneys General, and other state and federal prosecutors, could seek to pursue similar theories against schools throughout the country.

Recommendations In the Wake of Operation Varsity Blues

As the FBI put it when it announced these charges, these allegations “strike at the core of the college admissions process at universities across the country.” Based on the potential risks, colleges should consider a proactive approach. This should begin with having an outside assessment of all aspects of admissions policies and procedures to identify any processes in need of revision, as well as implementation of robust compliance procedures. Admission preferences, particularly related to athletics, should be a focus. Identifying and eliminating weaknesses and vulnerabilities in the admissions process may be critical in protecting colleges from regulatory and private civil action. Having this done strategically by outside legal counsel and within the confidentiality protections of attorney-client privilege is imperative.

In addition to thoroughly vetting their admissions processes, colleges and universities should also examine the controls and level of due diligence that they impose over the application process and consider requiring verification by parents and students of the accuracy of the information in the application and attestation by parents and students that no payments, contributions to third parties, gifts or favors have been made to anyone in connection with the admission process.

Conducting an internal review is particularly important in light of the potential for federal enforcement action. As we have previously commented, recent changes to DOJ’s enforcement policy favor those who self-investigate, make prompt voluntary self-disclosure of violations, fully cooperate with DOJ investigations, remediate swiftly and meaningfully, and implement effective compliance programs.

In view of the unprecedented focus on the integrity of the admission process by federal prosecutors, it should be expected that future related action will follow. Regulators, accrediting agencies, other state or federal prosecutors, alumni and aggrieved private parties may be contemplating whether to address the perceived inequities. Executive management of all educational institutions should take immediate steps to assess their vulnerabilities and implement prudent policies to regulate the admissions processes. Governing boards and the public will likely demand no less.

Finally, educational institutions should assess whether their insurance policies may provide coverage for “Varsity Blues” related investigations or litigation. Many institutions are ensured under the higher education equivalent of directors & officers’ liability policies. These policies go by different names, such as a “higher education non-profit liability policy,” and typically provide coverage for loss incurred on account of a “claim” arising out of a “wrongful act.” Policy definitions of “claim” vary, but may include civil litigation and governmental investigations. Many policies define “wrongful act” broadly to include any actual or alleged act, error, omission, misstatement, misleading statement, neglect or breach of duty, by an insured. Educational institutions may also have other types of insurance policies that may also provide coverage for these types of claims. Institutions should understand what coverage is available and be prepared to give notice promptly if a claim is asserted.

We use cookies to enhance your experience of our website. By continuing to use this website, you agree to the use of these cookies. For more information and to learn how you can change your cookie settings, please see our policy.