FIRMA National Risk Management Training
Conference
New Orleans, LA
April 29, 2009
Overview of Key Rules and Regulatory
Developments affecting Broker Dealers,
Investment Advisers etc.
Sean Gray
Senior Vice President
Director of Wealth Management Compliance
PNC Bank
All statements and opinions contained herein are the sole opinion of the speaker – not PNC – and
subject to change without notice.
Agenda
• Refresher/Overview of NASD Rules 3012, 3013, NYSE
Rule 342 etc. (i.e., new FINRA Rule 3130)
• FINRA 2009 Exam Priorities and Enforcement Guidelines
• Other FINRA and B-D Regulatory Developments
• Annual Review Tips for RIA’s
• SEC Compliance “Hot Spots”
— 4 Key Areas to Focus – Lori Richards
— Custody Sweeps etc.
— New SEC Exam Letters and Approaches
• Other RIA “Hot Topics”
2
Regulatory Scheme
Annual Compliance
and Supervision
Certification
NYSE 342.30 & NASD 3013
NEW
CEO
Certification
NEW
Supervisory Control System
NYSE 342.23 & NASD 3012
Key Requirements:
 Establish, maintain, enforce a system of
supervisory control
 Procedures in place to review and
supervise customer activity and
Branch/Sales/Regional/District Managers
 Independent day-to-day supervision of
producing managers
Supervisory Procedures
NYSE 342 & NASD 3010
Key Requirements:
 Written supervisory P&Ps
 Internal inspections
 Supervision of RRs
• Ensures process “owned” by
CEO, senior leadership
• Assures robust reporting
between senior leadership
and compliance leader
• Mandates annual reviews
that drive continuous process
improvement, adjustment for
regulatory, business changes
• Trend spotting, early
warning capability clear
advantages
Processes for
Testing,
Verification, Enforcement
and Reporting
Processes for Monitoring
Supervisory Procedures
(Surveillance,
Corporate Audit Reviews,
Branch Inspections,
Internal Reviews)
Written Supervisory Policies and Procedures
Various impacted business areas
Note: FINRA Rule 3130 (Annual Certification of Compliance and
Supervisory Processes) replaces NASD Rule 3013 and the corresponding
provisions in Incorporated NYSE Rule 342.30 and related NYSE Rule
Interpretations (effective December 15, 2008)
3
• NASD Rule 3013: Annual Certification of Compliance and
Supervisory Processes
Rule 3013 requires:

Designation of a CCO on Schedule A of Form BD

CEO certification that the Member firm has in place processes to:
(a) establish, maintain and review policies and procedures reasonably designed to
achieve compliance with NASD and MSRB rules and applicable federal securities
laws and regulation
(b) modify these policies and procedures as business, regulatory and legislative changes
and events dictate
(c) test the effectiveness of such policies and procedures on a periodic basis, the timing
and extent of which is reasonably designed to ensure continuing compliance with
applicable rules, laws and regulations

At least one annual meeting between CEO and CCO to discuss prescribed compliance
matters

Member’s processes must be evidenced by a report reviewed by the CEO, and Chief
Compliance Officer (and such others as the Member deems necessary) and submitted to
the Member’s Board of Directors and Audit Committee

The CEO certification is a process certification and does not require performance or
completion of any compliance testing or verification
4
NASD Rule 3012: Supervisory Control System
— “Supervisory control policies and procedures” include procedures
reasonably designed to review and supervise customer account activity,
branch office managers, sales managers, regional and district sales
managers and any other person performing a similar supervisory
function
— Rule 3012(a) requires designation of one or more Principals tasked
to establish, maintain and enforce a system of supervisory control
policies and procedures and continually improve such procedures as
required after reviews or testing or in response to business or regulatory
changes
— Rule 3012 also requires procedures for senior or otherwise
“independent” day-to-day supervision of “Producing Managers”
account activity and “heightened supervision” of producing managers
with 20% or more revenues generated from units supervised by the
producing manager’s supervisor
— Requires annual testing and verification of WSP’s by January 31st
of each year to demonstrate that they are reasonably designed with
respect to the member’s activities (and those of its RR’s and Assoc
Persons) to achieve compliance with NASD rules and applicable securities
laws and regulations, and the creation of additional policies and
procedures where the need is identified by such testing and verification
5
NASD Rule 3012: Supervisory Control System
— COMMON EXAM FINDINGS – Rule 3012
• Failure to recognize that Supervisory Control Procedures
(SCP’s) differ from WSP’s
 Need WSP’s plus control process for insuring such procedures
are adequate and current, i.e., fundamental purpose of 3012
 A firm that does not have SCP’s, frequently fails to:
o Designate the Principal(s) responsible for
establishing, maintaining and enforcing the firm’s
system of supv control pol & proc;
o Annually test and verify supv procedures and
amend them, when needed;
o Adequately supervise customer account activity of
“producing managers”;
o Adequately supervise “producing managers” subject
to HS; and
o Review, monitor and confirm transmittal of
funds/securities from customers to 3rd parties,
changes of address and changes of inv obj’s
6
NASD Rule 3012: Supervisory Control System
— COMMON EXAM FINDINGS – Rule 3012
• Testing and Verification
 FINRA has noted that some firms failed to test and verify on annual basis
that supv procedures are sufficient and reasonably designed with respect
to activities of the member firm and its RR’s and Assoc Persons
o Each firm must have written testing and verification
procedures that detail steps to be taken by firm to conduct
testing and verification to identify any gaps in supv process
o Procedures must also detail steps to be taken by firm for
drafting and approving new procedures, including
identification of responsible Principal and implementation
process.
• Failure to prepare and timely submit the Rule 3012 annual report to firm’s
senior management.
• Limited Size and Resource Exception
 One of most common 3012 finds is inaccurate understanding and
application of this exception.
 It only provides alternative method for who may perform a producing
manager’s review
• Failure to supervise Producing Managers
 Must correctly identify any and all “producing managers”
7
NASD Rule 3012: Supervisory Control System
— COMMON EXAM FINDINGS – Rule 3012
• Failure to confirm, verify or follow-up with customers in the event of a:
 change of address;
 transmittal of funds; or
 transmittal of customer funds or securities.
8
Responsibility Matrix
Employees
All employees must
understand:
• -their job
responsibilities
• -the rules and
regulations, and the
related policies and
procedures,
applicable to their
duties
All employees are
responsible for:
• - carrying out
control activities
• - communicating
identified control
weaknesses,
deviations from
established
standards, and
violations of policy
or law
Management and Supervisors
Managers are responsible
for establishing and
maintaining effective
control systems by:
-maintaining a control
environment that
encourages control
activities. Setting the
“tone”.
• -identifying risks, and
establishing objectives,
goals, and standards in
accordance with risk
assessments
• - ensuring through
information &
communication and
monitoring procedures,
that internal controls are
established and
functioning effectively to
achieve objectives
Compliance
Compliance:
- Works with Legal in
interpreting rules and
regulations
- Provides consultation
and advice on
compliance controls
- Independently
Reviews/Tests the
adequacy of internal
controls and reports the
results to Management
- Makes
recommendations on
how to mitigate risks
and remediate
weaknesses identified
9
Rule Comparison Chart
Comparison of NASD Rules 3013, 3012 and NYSE Rule 342
Rule
NASD 3013 (New) / NYSE 342.30
(New)
NASD 3012 (New)
NYSE 342 (Expanded)
Timing
4/1/2006 and annually
thereafter
4/1/2006 and annually thereafter
Annually by 4/1
Requirements
1) CEO certification that member
firm has “processes in place” to
establish, maintain, review, modify
and test the effectiveness of
policies and procedures
reasonably designed to achieve
compliance with NASD, MSRB
rules and applicable federal
securities laws and regulations;
2) At least one annual meeting
between CEO and CCO to
discuss prescribed compliance
matters
1) Designation by member firms of a
principal to establish, maintain and
enforce a supervisory control system
and test and verify that the
supervisory procedures are reasonably
designed to comply with applicable
rules;
2) Heightened supervision of producing
managers
Establishment and maintenance of a
compliance and supervisory
framework, including supervision of
registered representatives, foreign
branch offices, supervisor
qualification, supervision of
producing managers, information
requests, trade review and
investigations and internal controls
Deliverables
Report reviewed by CEO, CCO
documenting the processes in
place to comply with Rule 3012
and submitted to the member
firms board of directors and
Audit Committee
Annual report to senior management
describing the supervisory controls
system, test results and resulting
changes implemented
• Annual report to senior
management on the member’s
supervision and compliance
efforts
• Annual report to be filed with the
Exchange
Comments
• No testing or verification
required for certification; NASD
expecting member firms to
begin “work plans” to comply
with Rule 3012
• CEO is certifying to processes
not substantive compliance
• Certification intended to raise
stature of CCOs to compare
with CFOs and get senior
leadership actively engaged in
compliance dialogue
• Dual NASD/NYSE member firms can
elect to comply with NASD Rule 3012
or NYSE Rule 342
• Dual NASD/NYSE members can use
either the NASD or NYSE standard for
defining who is a producing manager
(either standard acceptable to both
NASD & NYSE)
• NYSE member firms must comply
with NYSE Rule 342
10
FINRA 2009 Exam Priorities
• 3 General Categories – Sales Practice Issues, Enterprise Control
Functions, and Financial/Operational Controls
• Sales Practice Issues:
— Cash Alternatives
 Focus is result of ARS Issues, i.e., representing certain
securities as cash alt’s or equiv.'s
 1 - Need to have reasonable basis for characterizing inv as
cash alternative
 2 – Need to have Proc’s in place to monitor developments to
ensure inv retains characterization as cash alternative
 3 – Need to perform “suitability” analysis before
recommending same to customer
— Bank Sweeps
 Increase in recent use of bank deposit programs as sweep
vehicles for free credit balances
 Focus on disclosures re: terms and conditions
 Differentiation of SIPC vs. FDIC coverage
 Methodology for calculating interest on sweep balances
 Disclosure of comp earned by B-D’s and banks operating
sweep programs as well as RR’s who offer these programs
 Add’l exam focus on reconciliation issues relating to the
bank where account is held.
11
FINRA 2009 Exam Priorities
• Enterprise Control Functions:
— AML
 E-Trade enforcement action
 Focus broadly on suspicious activities related to securities
transactions vs. solely on money movements
 One size does not fit all relative to AML Program!
 Each firm needs to tailor program to own business model,
risk profile, volume of transactions etc.
— FCPA
 Recent & significant ($$) SEC settlements
 Add’l recent focus by NYSBD
 Reminder to members of obligation to comply, maintain
accurate books and records, implement internal controls etc.
— Protection of Customer Info and IT Security
 Several recent SEC enforcement actions arising from online
account intrusions
 e.g., LPL Financial – alleged failure to implement safeguards
despite awareness that it had insufficient controls to protect
customer info
 Members offering online customer access need to assess
internal surveillance and implement measures for dealing
with account “intrusions”
12
FINRA 2009 Exam Priorities
— Protection of Customer Info and IT Security (Cont’d)
 Need to regularly monitor account activity to monitor for any
note of suspicious activity
 FINRA reminding firms to develop and implement written ID
Theft Program pursuant to FTC’s Red Flag Rules which the
FTC will begin to enforce May 1st – See FINRA Reg Notice
08-69
— Outsourcing
 NTM 05-48 states that BD’s may outsource certain functions,
but may not outsource supervision and oversight.
 FINRA provides suggestions on how members can satisfy
supervision/due diligence on vendors by:
o Requiring vendors to meet measurable performance
standards
o Meeting frequently with vendor personnel; and
o Assigning qualified personnel to monitor review and
supervise the service provider’s activities
 Need to assess risk of vendors operating in foreign
jurisdictions and business continuity issues related
therewith
 FINRA will be looking for Written Proc’s in all of this space!
13
FINRA 2009 Exam Priorities
— Information Barriers
 Ongoing FINRA enforcement sweep relative to the control of
the flow of nonpublic material info within member firms.
 Firms need to have info barrier Proc’s tailored to business
activities and org structures, and Proc’s to address use of
restricted/watch lists, monitoring systems, supervision,
review of proprietary and empee trading, review of
questionable activities and recordkeeping requirements
— Rumors
 SEC and FINRA sweeps re: “Circulation of Rumors”
 Recent SEC Sweep Letter to B-D’s asking about controls
relating to prevention of rumors, e.g., monitoring elec
commun such as empee internet access, chat rooms and
other websites.
 Refer to FINRA Proposed New Rule on this topic – Regulatory
Notice 08-68 – questions re: distinguishing “rumors” from
mkt commentary
14
FINRA 2009 Exam Priorities
• Financial and Operational Controls:
— Customer Protection Rule
 The Failure and/or Merger of several large firms in ’08 reinforces
significance of CP Rule – 15c3-3
 Reminder to properly compute reserve formula – numerous
recommendations provided
 Reminder to reduce customer fully paid and excess margin securities
to possession or control
— Excess SIPC Protection
 In light of recent financial events, FINRA will review disclosures
provided to customers regarding excess SIPC insurance.
 Firms that have not replaced excess SIP surety bond coverage
offered thru CAPCO are expected to notify customers of reduction of
coverage.
 Also, if “new” arrangement have been made regarding excess SIPC
coverage, they should be clearly disclosed to customers – including
dollar amount of protection available to each customer.
— Other Financial and Operation Control areas of focus – Inventory and
Collateral Valuations, Funding and Liquidity, Counterparty Credit
Risk, and Intercompany& Suspense Account Reconciliations
15
Other FINRA and B-D Regulatory Developments
• FINRA Guidance on its Enforcement Process
— Regulatory Notice – 09-17
• Intended to assist firms and assoc persons with
understanding how investigative process works and to
highlight procedure safeguards in this process, including:
 Enforcement Procedures and Managerial Oversight
 Conducting of Investigations
 Sufficiency of Evidence Reviews
 Wells Process
 Disciplinary Advisory Committee Review
 Indep Office of Disciplinary Affairs
 Indep Office of Hearing Officers
16
Other FINRA and B-D Regulatory Developments
• FINRA's proposed new rule - FINRA Rule 3210, Personal Securities
Transactions for or by Associated Persons - is out for comment. See
Regulatory Notice 09-22, April 21, 2009 - Response is requested by 6/5
• It addresses oversight for personal trading activities of associated
persons. FINRA used NASD Rule 3050 and Incorp'd NYSE Rule 407, and
adopted additional requirements.
• Here, in a nutshell, are the primary requirements:
— prior written consent to open or establish, at another financial institution,
an account in which securities transactions can be effected, and in which the
associated person has a personal interest. dupe confirms and account
statements to the employer firm is required.
— written notification to firm that associated person intends to open and, a
specific sentence to the effect that "he/she has a personal financial interest
in the account." [ New requirement]
— executing member must not execute any securities transactions in that
account unless it has been notified that associated person obtained
employer's written consent and he/she has personal financial interest in the
account.
— dupe confirms and account statements from executing firm must be
started ASAP - i.e., "promptly."
— employer must revoke consent if it does not receive in timely manner the
confirms and statements. Employer will notify executing member, and must
receive promptly notification that the account was closed. [New
requirement]
— for pre-existing accounts, associated person has 15 business days to
obtain employer member's consent to maintain the account, and to notify
executing member of his/her new employer's name. Dupe confirms,
statements must also be arranged.
17
Other FINRA and B-D Regulatory Developments – Cont’d
• New “Office of Whistleblower”
— During March FINRA announced establishment of new office
to expedite review of “high risk tips” by Senior Staff and
ensure rapid response to those believed to have merit.
• New Toll Free Number established
• Dedicated Web Page/E-mail Address for reporting
• Not intended to replace normal complaint process
• New Proposal to Tighten Misconduct Reporting
— Proposed U-4 and U-5 Rule Amendments (could be rolled
out in May)
• Change would requre B-D’s to disclose when a reg rep is
in an active arbitration or civil complaint, even if not
named as “party”
• Change would also raise threshold for reporting
misconduct described in settled customer complaints
 $10,000 to $15,000 increase
18
Other FINRA and B-D Regulatory Developments – Cont’d
• Variable Annuities
— Cont’d FINRA focus on VA’s
— Fifth Third Securities fined $1.75 mill by FINRA(4-14-09 News Release)
• Regarding 250 “unsuitable” VA exchanges or transactions
• 197 Customers and 42 individual brokers
• Used lists provided by bank of customers with maturing CD’s and referrals from bank
employees – some elderly and/or unsophisticated with conservative
investment objectives
• One Broker – 74 customers with 118 “unsuitable” exchanges shortly after joining FTS
 Switched customers from “old” firm into VA’s issued by same insurance co’s with
same riders
 Ignored differences in customers’ ages, incomes, inv objec’s, sophistication etc.
 $260k+ in surrender charges also paid
• N.B. – NTM 07-06 – Special Considerations when Supervising Recommendations of
Newly Associated Registered Representatives to Replace Mutual Funds and Variable
Products
• Delivery of Official Statements to Customers in Muni Bond Sales
— Edwards Jones fined $900k by FINRA for failure to deliver official statements to
customers who purchased new-issue munies and related supervisory/recordkeeping
failures
— MSRB Rules require BD’s – selling new-issue munies (sold during initial distribution of
bonds to public) – to deliver copy of official statement to customer on or before
settlement date
— Edward Jones Internal Communications referenced that it was not timely delivering official
statements
• …but failed to take corrective action!
19
Other FINRA and B-D Regulatory Developments – Cont’d
• FINRA Consolidated Rule Proposals to Address Supervisory Rules
— Most significant changes as follows:
• Proposed Rule 3110 – Supervision – would consolidate NASD/NYSE Rules relating
to supervision, and is based on NASD Rule 3010 and NYSE Rule 342, as well as NASD
Rules 3012 and 3040
• Proposed Rule 3110(a)2) would require firm to have appropriately registered
principal to supervise each business activity which it engages, regardless of whether
B-D registration is required for that activity.
 N.B. - existing NASD Rule 3110(2) only requires such principal supervision for
activities for which registration as B-D is required
 Uncertainty at present as to what sort of principal registration/supervision would
be required for “activities not requiring registration”.
• Proposed Rule 3110(b)(3)(B) – address supervision of “dual employees” of banks
and B-D’s.
 Due to adoption of Reg R – which permits bank employees to engage in certain
securities activities – there has been call for FINRA to clarify application of NASD
Rule 3040 to such employees.
 Proposed Rule would exclude from supervision requirement any bank-related
securities activities of dual employees when such activities are included within
exemptions from registration
 Bank will be required to:
o Provide for comprehensive review of dual employees' securities activities
o Employ Pol & Proc reasonably designed to achieve compliance with the antifraud provisions of federal securities laws; and
o Give prompt notice to B-D of any dual employee’s violation of Pol & Proc.
20
Other FINRA and B-D Regulatory Developments – Cont’d
• Top Five (5) FINRA Violation Types – March 2009:
— FINRA announced sanctions against 46 individuals.
• (i) Forgeries;
• (ii) Failure to Respond to Requests for Information;
• (iii) Failure to Update Form U-4;
• (iv) Suitability;
• (v) 3-Way Tie: Misappropriations; Unauthorized
Discretion; Insurance Sales and Exchanges.
• Supervise Your Supervisors!
• During March 2009, (13) of the 46 disciplined
individuals, or 28%, were Registered Principals
• Last month it was 20%.
• Important - Maintain checks and balances over
supervisory personnel
 after all, they could be your firm's worst offenders!
21
Other FINRA and B-D Regulatory Developments – Cont’d
• SEC to prohibit Brokers from voting Proxies
— SEC to eliminate NYSE rule allowing brokerage firms to vote proxies of
investor clients
— Shareholder Activists long pushed to end this practice!
• Occurs when clients don’t vote
• Argument is that Brokerage Firms typically vote the way management
suggests
• Under current rule, brokers can vote client proxies on “routine” votes,
e.g., uncontested director elections etc.
• Rule change effective 12/31/09
• FINRA to Propose Expanding BrokerCheck to Permanently Disclose
Disciplinary Histories of Former Brokers
• FINRA proposing a major expansion of its BrokerCheck service — to
make records of final regulatory actions against brokers permanently
available to the public, regardless of whether they continue to be
employed in the securities industry.
• Under current rules, a broker's record generally becomes unavailable to
the public two years after he or she leaves the securities industry and is
therefore no longer under FINRA's jurisdiction.
• FINRA estimates there are more than 15,000 individuals who have left
the securities industry after being the subject of a final regulatory action
and whose disciplinary history is not currently available on BrokerCheck.
• FINRA filed its rule proposal to expand BrokerCheck with the SEC late
last week. The SEC will publish the proposal in the Federal Register and
solicit public comment in the near future.
22
Movement towards consistent “Fiduciary” Standard
• SIFMA recommendation to “Harmonize” IA and BD
Regulation
— 2007 Rand Corp Study (SEC commissioned) that Financial
Service providers duties or standards of care – e.g., “fiduciary”,
“suitability” etc. contributed to investor confusion
— Also, ERISA and IRC (for IRA’s) have different definitions of
fiduciaries and prohibitions on conduct that differ from IA Act and
state fiduciary law concepts
— SIFMA recommends “Universal Standard of Care” – fundamentals
of fair dealing investors can expect from all Financial Service
providers – whether financial planner, investment adviser, brokerdealer, bank, insurance agency or any other type of financial
services provider.
23
Movement towards consistent “Fiduciary” Standard –
Cont’d
• State Farm “CFP” Approach
— During 2008 Certified Financial Planner Board of Standards, Inc. added a “fiduciary”
standard to its Code of Ethics
— Reported that State Farm (which sells annuities, mutual funds, financial advice and slate
of insurance products) instructed approx. 270 Agents who are CFP’s to abandon the
designation
— Other Insurance Companies reportedly exploring same approach
— State Farm has asked CFP Board to exempt insurance sales from definition of “financial
planning”
— Concerns primarily revolves around the imposition of “fiduciary” standard when selling
insurance and legal risk related therewith
• FINRA & SEC - “Consistency in Investor Protections”
— Primary issue regarding investor protection differences between IA and BD
channels is difference between IA “fiduciary” standards and BD’s rule
requirements, e.g., suitability
— Need to explore “whether fiduciary standard can effectively be applied to
broker-dealer selling activities and, if there are problems - make a strong
effort to resolve those problems.“
— IA’s believe Fiduciary Standard is more customer-protective that “suitability”
standard of B-D’s
— B-D’s maintain that “suitability” standard is sufficiently rigorous and that IA’s
are more lightly regulated than brokers
— In any event, IA’s should look forward to more audits; population of RIA’s
increased 30+% since ‘05
24
RIA Annual Review Requirements
•
Rule 206(4)-7 - “Compliance Rule” requires RIA to adopt and
implement written policies and procedures reasonably deigned to
prevent a violation of the feral securities
• “Compliance Rule” also requires Annual Review of Pol & Proc to consider
any compliance matters that arose during prior year, any changes in the
business activities of the adviser of affiliates, and any changes in the
Advisers Act or applicable regs
• Top 10 List for IA Annual Reviews;
—
—
—
—
—
—
—
—
—
—
1. Review any and all past Deficiency Letter & ensure all deficiencies noted were
2. Perform Gap Analysis of existing controls, e.g., list of client complaints over last 12 months,
branch/compliance exam deficiencies, Internal Audit findings and other “red flags” noted on exception
reports
3. Evaluate any changes in business products or services over last year
4. Determine if any new Rule Promulgations, Guidance Statements or No-Action Letters could
impact your Pol, Proc or processes – update, if needed. s
5. Consider “Mock” SEC exam to provide assessment of “tone at the top”, strength of Pol & Proc and
adequacy of compliance testing
6. Define Roles and Responsibilities of all associated persons
• How will you meet requirements?
• Who is responsible for same?
• What methods will be followed?
7. Develop and deploy appropriate Training
8. DISCLOSE, DISCLOSE, DISCLOSE!
• Fiduciary duty to disclose all material info to clients
• Review ADV, contracts and other sales/mkt material
9. Develop Annual Review Committee and Compliance Calendar
10. Compliance is “Everyone’s Responsibility”
• Interview personnel to test knowledge of Pol & Proc, sales practices etc.
• Conduct periodic testing to test controls and culture
• Enhance Annual Review where appropriate
25
RIA Annual Review Requirements – Cont’d
• Some Add’l Ideas for “tweaking” Annual Review:
— Revise process for documenting relationships w/
counterparties, e.g., failure of Lehman Bros.
— Scan recent SEC enforcement efforts over last year
which could spotlight areas of concern
— Re-visit your process for identifying new law and regs,
e.g., Regulatory Update Tracking Report
• May want to implement quarterly vs. annual
process in this regard, i.e., in light of volume of
recent changes
26
Review your Compliance Program!
SEC Staff Speech – Lori Richards, March 2009
• Need to maintain “Evergreen" Compliance Program
— State of constant improvement;
— Identify and address new issues and compliance risks;
— Incorporate new forensic tests and new technology; and
— Reasonably deigned to prevent a violation of the federal securities
• RIA should take a fresh look at:
— DISCLOSURE
• Inadequate disclosure amongst Top 5 most common deficiencies that SEC
Examiners found in exams last year and consistently a “most frequent”
exam finding
• Need to review DISCLOSED vs. ACTUAL practices
 Conflicts created by bus. arrangements/affiliations
 Compensation arrangements w/ solicitors, finders or other providers
 Fees paid by clients to IA or affiliates
 Use of client commissions to pay for products/services
• Are you delivering disclosure docs to clients as required and making
approp. filings w/ SEC
• This is an area Examiners will look at!
27
Review your Compliance Program!
SEC Staff Speech – Lori Richards, March 2009 –Cont’d
RIA should take a fresh look at – cont’d:
— CUSTODY
• “Custody Rule” Reminder – client assets must be held by
“qualified custodian” and such custodian must provide advisory
client with at least quarterly statement
 If assets held by RIA itself – annual indep. “Surprise Audit”
required, e.g., verification of client holdings
• In light of recent Ponzi schemes and other frauds, SEC will focus
on controls over custody. According, key steps to take:
 Compliance Staff should obtain (sample or otherwise) client
statements sent out by Custodians
 Compliance Staff should compare client statements with
Advisory records
 Compliance Staff should review Advisor’s reconciliation
process
 Compliance Staff should take add’l steps to confirm assets
when custody is with the adviser or affiliate
 Compliance Staff should review client account statements
sent by Adviser to ensure consistency w/ reports of
custodian
28
Review your Compliance Program!
SEC Staff Speech – Lori Richards, March 2009 –Cont’d
RIA should take a fresh look at – con’d:
— PERFORMANCE CLAIMS
• Performance claims must be accurate
 Conflicts exist – advisory fees may be pegged on performance,
marketing significance of performance claims and natural inclination
to deliver bad news.
• Accordingly, this area will continue to be focus of CCO’s and SEC
Examiners
• Recent SEC Exam Findings:
 Overstating firm’s performance returns, AUM, or length of operation
 Not including disclosures necessary to prevent performance claims
from being misleading, e.g., whether results reflect dividends,
differences w/ index used to compare adviser’s performance etc.)
 Inappropriately incl/excl info or data in composites, e.g., advertising
past specific recommendations
• “Best Practices”:
 Retain outside firm to verify performance claims
 Conduct special tests to ensure complete records re:
marketing/performance advertisements
 Periodic review of marketing materials to ensure info is truthful and
not misleading
29
Review your Compliance Program!
SEC Staff Speech – Lori Richards, March 2009 –Cont’d
RIA should take a fresh look at – con’d:
— RESOURCES
• Under “Compliance Rule” , Compliance Pol & Proc should be designed to
prevent violations from occurring, to detect violations that have occurred,
and to correct promptly any such violations.
 Accordingly, SEC has cautioned against making resource reductions
to Compliance Programs
• When conducting Annual Review of Pol & Proc adequacy, CCO should
consider adequacy of resources and SEC Examiners
 If lack of resources undercuts CCO’s ability to perform effective
review or undercuts ability to implement, CCO should include this in
CCO Annual Report or other indication of Annual Review.
 When conducting Annual Review of Pol & Proc adequacy, CCO should
consider adequacy of resources and SEC Examiners
• Other considerations:
 Leverage work by other Functional Groups, e.g., Internal Audit
and/or Risk Management
 Leverage and/or invest in technology to provide “front-end”
compliance monitoring
30
Increased Focus on Custody
• March 9, 2009 SEC OCIE Letter to IA Assoc. and Managed Funds Assoc
requesting that they inform membership of recent IA Exam focus which
requires “independent confirmation of investor assets”.
— Letters state:
• SEC May contact various 3rd parties –
 Including custodians, administrators, auditors, hedge fund investors
and advisory client TO CONFIRM CLIENT ASSET LEVELS.
• New SEC Exam Letters
— Two Sweeps – unusual to have 2 sweeps going on at same time!
• Custody
 Generally, similar to past Custody Letters, but also asks for extensive
info relative to all services providers (not just custody service
providers)
 May want to ask the SEC for clarification in this regard
• Rumors
 Started last fall
— New Exam Document Request Letter
• Shorter than past Letters (7 Pages)
• Similar to past exam requests
• Will seek to speak with Compliance Officer, plus staff responsible for risk
management, port mgt, trade execution, research, back office/admin, IT,
AML and marketing.
31
Other RIA “Hot Topics” - Potpourri
• 2008 RIA Exam Stats
— SEC Examined 1,521 IA Firms in 2008; 15% of total number of RIA’s and
30% of all AUM
— Increase of 140 over 2007
— Includes 400 “quick hit” exams of new RIA’s
— 68% = Deficiency Letters
— 4% = Enforcement Referrals
— 28% (approx.)= No further action
• This number spiked likely due to 400 “quick” visits
— TOP 5 DEFICIENCIES NOTED (relatively consistent year – to- year):
• Disclosures and Filings
• Compliance Rule
• Personal Trading
• Performance Advertising and Marketing (i.e., related to Disclosure)
• Portfolio Management
• New approaches to IA Exams and Enforcement
— Exploring ways to “leverage” 3rd parties in oversight of IA’s, i.e., without SEC
abdication of responsibility
— 400 SEC Staff to examine approx. 11,000 RIA’s
— RIA numbers – 50% increase since 2001
— Note – Madoff’s brokerage operations reviewed regulatory, but IA Business
never reviewed after 2006 registration
32
Other RIA “Hot Topics” - Potpourri
• “No Excuses” Attitude from Examiners
— “Clear Expectation” that firms should be prepared to be examined
— Examiners will be “less tolerant” of delays in document production
— Delays could result in enforcement
• New RAVE Exams
— Surprise SEC Exam whereby examiners show up in the morning
and request to speak with several people at the firm and leave
within a few hours
— RAVE – Amounts to short, focused SEC exam of a new Adviser
that takes a day or less
• “Outsourcing” Compliance
— Remember – you need to indentify CCO on form ADV!
• Recent IA Week Investigation reflected approx. 40 firms who
failed to identify CCO on ADV (potential SEC Violation)
• CCO needs to be “an Individual” who is a “supervised person”
• Outsourcing Compliance is generally acceptable to SEC
33
Other RIA “Hot Topics” – Potpourri – Cont’d
• Code of Ethics – Interns, Temps, Consultants etc.
— Generally agreed that temps, interns and consultants are not
“required” (by SEC) to be subject to Firm’s Personal Trading Rules
— Best Practice – include anyone “who has access to material, nonpublic info that could be misused for insider trading
— Caveat – once covered by Polices, be sure to monitor them!
• Getting dup trade confirms from temps can be a challenge
— Alternative – do not place them under your Policy but reinforce
(training etc.) the need to be careful with proprietary info etc.
— Be careful of “temps” that are around for months and months……….
— Possibilities:
• Have temps sign confidentiality agreement warranting not to
trade on any material NPI they come across;
• Have them agree to “black-out period” on trading that is in sync
with your firm’s Policy; or
• Have agreement with flat out prohibition against buying or
selling securities /derivatives while supporting your Firm
NB – FINRA rules on BD side are clearer in this regard so if your Firm is Dually
Registered, you should subject temp staff to all your Pol & Proc.
34
Other RIA “Hot Topics” – Potpourri – Cont’d
• Recent SEC “Rumors” Sweep
— 2nd Sweep of late – in addition to Custody focus
— Began last Fall, around time of short-selling concerns
— Generally, give IA’s 2 weeks to send in plethora of docs covering August 08 –
end of 08
— SEC is requesting:
• Whether Firm “initiated, conducted or concluded any reviews” or
investigations into “the malicious creation, spread, or use of false or
misleading rumors” related to securities
• Types of training material offered to staff about “rumor mongering”
• Changes Firm has undertaken in how it monitors use of “Internal chat
rooms, message boards and/or websites”
— Should develop “Rumor” Policy
• Look to FINRA’s Proposed Rule on “Rumors” for guidance
• Should remind staff that it is rumor mongering is illegal an can result in
allegations of market manipulation
• Staff should be cautioned against spreading info outside the Firm unless
based on public releases by an issuer or reliable source
• Staff should be instructed to contact CCO or Supvr if they may have
received false info from outside the Firm
• Risk Based Policy – e.g., smaller advisers trading in Mutual Funds may
require abbreviated or no Policy at all
35
Other RIA “Hot Topics” – Potpourri – Cont’d
• ADV “Recordkeeping” Enforcement Case
— Merrill Lynch gave clients a Disclosure Statement
considered an “Alternative to its Form ADV, Part II”
• 204-3 allows for a Copy of Part II or “ a written
document containing at least the information then so
required by Part II of Form ADV”
• However, there was no recordation of dates when
clients received such Statements
• Violation of Rule 204-2
 Demands “record of the dates that each written
statement, and each amendment………………was given,
or offered to be given, to any client or prospective
client who subsequently becomes a client”.
— Expensive Lesson - $1 Million Fine imposed!
36
Other RIA “Hot Topics” – Potpourri – Cont’d
• Penalties for Adviser Act Violations to Increase
— CMP’s hiked for 1st time in 4 Years
— e.g., Insider Trading penalty increased to $1.42 million
• Hedge Fund Registration
— Bill Introduced in Congress – Hedge Fund Transparency Act of 2009
— Will close loophole previously used by hedge funds to escape
definition of “investment company” under ’40 Act
— New Legislation will mandate that hedge funds:
• Register with SEC;
• Maintain books and records that the SEC may require;
• Cooperate with any request by the SEC for information or
examination; and
• File information form with the SEC electronically, at least once a
year.
• N.B. – Bill would also mandate AML Programs for
Investment Companies
37
Other RIA “Hot Topics” – Potpourri – Cont’d
• Potential Books and Records Changes
— Rule 204-2 created in early ’60’s
— Potential changes:
• Require IA’s to maintain some
 Only an option today!
• May have to create and produce “searchable and sortable
electronic records” of trading data for managed accounts, client
lists, code of ethic breach logs etc.
• Update proposed communications retention requirements
• Keep more categories of correspondence
 Re: “clients, advice, performance, compliance, commission”,
as well as audits, regulatory etc .
• SEC “Imposters”
— Reports of bogus Examiners
— Attempt to trick IA’s and others into “revealing private information”
— Using tricks such a purporting to be conducting an “emergency
exam” or the like
— Make sure your IA personnel do not share info with “suspicious”
callers
— Validate with SEC’s personnel locator 202 551-6000
38
Other RIA “Hot Topics” – Potpourri – Cont’d
• Reg S-P – Recent Enforcement Actions
— S-P requires that firms implement reasonably adequate policies and
procedures to safeguard customer information.
— LPL alleged failed to safeguard customer information
• PI of 10,000 customers vulnerable to identity theft, "following a
series of hacking incidents involving LPL's online trading
platform."
• LPL settled the SEC's charges without admitting or denying
anything, and agreed to pay a fine of $275,000.
• The SEC noted that the firm conducted an internal audit in mid2006.
 That audit identified inadequate controls relating to guarding
customer information and noted, according to the SEC, that
there was a risk of hacking.
 The hacking incidents began around July 2007, and, at that
time, the SEC alleges that LPL had not implemented
increased security measures despite actual awareness of the
risks.”
39
Other RIA “Hot Topics” – Potpourri – Cont’d
• Reg S-P – Recent Enforcement Actions- Cont’d
Recruiting Issues
— Woodbury Financial - allegedly misused clients’ personal
info related to the firm’s recruitment of RR’s and Advisers
• Woodbury allegedly allowed recruits to provide client
NPPI (e.g., SS #’s, account numbers, DOB’s) before
becoming associates with Woodbury so that Woodbury
(on recruit’s behalf) could pre-populate account transfer
and new account forms with certain client info.
— Next Financial Group - $125k Penalty (June 2008) re:
Reg S-P and “recruiting”-type infractions
40
Other RIA “Hot Topics” – Potpourri – Cont’d
• Enforcer Role for CFP Board?
— Proposal to make CFP Board the Rule Setter and
Enforcer for nations hundreds of thousands of
“unregulated” planners
• Attempt to reverse growing impetus of FINRA to expand
domain to planners and advisers.
• FPA, NAPFA etc. argue FINRA not suited to regulate
services (often fee-based) that financial planners provide
— CFP Board employs approx. 55 people vs. 3,000 at FINRA
— CFP Board – limited powers, e.g., decertify a certificate
holder vs. FINRA’s power to impose penalties, suspensions,
expulsions etc.
41
THE END!
Sean Gray
Senior Vice President and Director of Wealth Management
Compliance
PNC Bank
Sean.Gray@pnc.com
(215) 585-5545
42