Oyster Consulting Blog

At Oyster Consulting, we help clients address a variety of regulatory compliance and operational requirements — and the laws often differ depending on whether we’re serving broker dealers, Registered Investment Advisors, hedge funds, private equity firms or mutual funds. Sometimes legislation impacts all of our clients. The new law out of Massachusetts is about to impact every financial institution that has customers living in the Bay State.

For the past few years, anyone with customers in Massachusetts has had to follow their state’s information security laws regarding confidential customer information, data in motion, data encryption and more — regardless of where the company is based. Starting March 1, however, a new law will require any third parties with confidential customer data to comply with the information security rules, too.

In other words, if you have customers in Massachusetts, you’d better be certain all of your third-party vendors — including offsite storage, outsourced operations, statement vendors, backup data, etc. — understand these regulatory compliance requirements. Whether you’re offshoring processes or outsourcing services, you and your organization could be legally liable for any potential information security breaches if you do not certify your vendors’ regulatory compliance.

As a third-party vendor, Oyster Consulting fully meets the Massachusetts standards, and we are working to help our clients ensure that their other relationships understand and abide by the information security laws, as well. If you’re unsure whether you and your vendors are in compliance, or you have questions on what they need to certify, don’t hesitate to call me at 804.965.5403. I may not always be by my phone, but I will always call you back.

After years of waiting, Registered Investment Advisers no longer have to guess how the SEC views social media compliance. On January 4, the SEC released new guidelines designed to help RIAs adhere to the Advisers Act Rule 206(4) – 7 and federal securities laws, including the antifraud, compliance and recordkeeping provisions.

During their analysis, the SEC found that many firms had social media policies and procedures — but a number of them did not specifically outline permitted and prohibited social networking activities. Rather than providing hard-and-fast rules for effectively creating these guidelines — like FINRA has — the SEC offers 13 “non-exhaustive factors” RIAs may want to consider when creating their social media policies and procedures. After reviewing these topics, I’ve boiled each one down to the questions you should ask yourself to ensure your policies and procedures are sufficient.

Social Media Compliance Questions

1. Usage Guidelines: What sites and functions are approved? Which social media channels are firm representatives prohibited from using?
2. Content Standards: Will you provide content guidelines, prohibit certain types of content or enforce other restrictions?
3. Monitoring: How will you effectively monitor social media usage?
4. Frequency of Monitoring: After analyzing risks, how often will you monitor posted social media?
5. Approval of Content: Should you approve content before an employee posts it, rather than after the fact?
6. Firm Resources: Should you outsource social media monitoring? Or do you have adequate, informed resources in-house who can handle these responsibilities?
7. Criteria for Approving Participation: How will you determine which social media tools to allow?
8. Training: How will you train employees on your firm’s social media compliance?
9. Certifications: Will you require firm representatives to sign a pledge certifying they understand and will comply with your firm’s rules?
10. Functionality: How do each tool’s functions and policies affect users — and potentially open you and your clients to risk?
11. Personal/Professional Sites: On what sites may firm representatives conduct business? What information can they share?
12. Information Security: How will you protect sensitive data from hacking and other risks?
13. Enterprise-Wide Sites: If you are part of a larger organization, how can you ensure firm-wide social media complies with the Advisers Act?

In addition to answering these questions, you also need to ensure you are up to speed on third-party content and recordkeeping responsibilities.

If you’re unsure whether you are in compliance with social media requirements, or you don’t want to lose out on the potential value social networking can provide, call me at 804.965.5403 and we can talk about your questions and concerns. The Oyster team and I are here to provide sound advice and help make sure you — and your company — remain protected in your social media conversations.

This year, the SEC has a new Valentine’s Day gift for Private Fund Advisors: Your Form ADV Parts 1 and 2 are due. Thanks to Dodd-Frank [and Madoff fallout], many firms that previously could avoid registering with the SEC through the Investment Advisers Act of 1940’s “private adviser” exemption will no longer enjoy this immunity. Now, most private fund advisors with at least $150 million assets under management must register by March 30, 2012 — and file their Form ADV by February 14 to allow proper processing time. 

With only a few weeks before this due date, we know a lot of private fund advisors are scrambling to complete this process for the first time, but it’s not too late to find help. If you aren’t finished — or are concerned about mistakes and omissions — Oyster Consulting can work with you to:

• Interview your leaders. 
• Craft your responses to ADV part 1.
• Create your ADV part 2.  
• Draft policies, procedures and a code of ethics.
• Complete the registration process.
• Prepare for a visit from the SEC.

Oyster’s consultants are diligent, experienced guides who can help you comply with this new regulatory change for private fund advisors — but we aren’t miracle workers. So, we ask that any interested firms contact us by January 31, to allow adequate time to thoroughly support you. 

Even if you prefer to prepare for these new requirements alone, don’t hesitate to call me at 804.965.5403 with any questions or concerns. I might not always be by my phone, but I will always call you back.

As the regulations keep on rolling in, I have a great New Years resolution suggestion for all broker dealers, registered investment advisers and financial professionals: Make sure your cost basis reporting systems are in line now — thanks to new IRS requirements, this tax season could be a doozy. 

The Regulatory Compliance Situation

Last year, provisions from the Emergency Economic Stabilization Act of 2008 (aka “the bailout bill”) went live, requiring broker dealers to provide cost basis reporting for all equities. Additional changes began on January 1, 2012, expanding the IRS’ cost basis reporting requirements to include:

• Mutual funds
• DRIPs
• Most ETFs 
• RIAs 

The Risks

Discrepancies between your firm’s data and your clients’ 1099-Bs could create unwelcome issues, including client audits (which would certainly not be good for client relationships) and IRS penalties. While accidentally incorrect 1099-B cost basis reporting comes with fines up to $350,000, the penalties are unlimited for purposefully disregarding the new requirements. 

What You Need to Do

To ensure regulatory compliance, you must engineer your systems to accurately track and report cost basis. If you are not absolutely certain about your data, we can help you prepare for reporting by:

• Connecting you to the right data vendor. 
• Managing your costs basis projects.
• Providing staff to help maintain and update correct cost basis information.

Accurate cost basis reporting is crucial — and can be much simpler with the right support. As you work to prepare for these new requirements, don’t hesitate to call me at 804.965.5403 with any questions or concerns. I might not always be by my phone, but I will always call you back.

Earlier this year, I wrote a four-part series on social media compliance, because few topics seem to generate as much uncertainty and confusion for financial professionals — and regulators — these days. FINRA presented notice 10-06 last January, but just as social media tools change rapidly, so does the guidance controlling them. Consequently, FINRA released regulatory notice 11-39 in August, with additional information on how firms must supervise and record their social media activities. 

The new notice does not alter 10-06; instead, it gives direct responses to user questions regarding recordkeeping, supervision, links to third-party sites, data feeds and personal devices. Some of the further clarification includes:

• FINRA supervision requirements differ for static and interactive communications, but the recordkeeping requirements do not.
• Interactive content can become static depending on how you use it.
• Firms must train and educate their employees regarding their specific social media policies and procedures.
• Firms that “co-brand” a third-party site — including prominent placement of their logo — are responsible for all site content.
• Firms must ensure social media compliance in all business communications — regardless of whether they occur on company- or employee-owned equipment.

Notice 11-39 offers brief explanations and 14 Q&As, but many firms still have questions about how to best protect themselves from social media risks. If you have any questions or concerns about your firm’s social media compliance before, give me a call at 804.965.5403. Ultimately, education, training and firm policies are the foundation of a healthy social media presence — and I’d be happy to help ensure you are protected.

 

By Donald L. Horwitz, Contributing Editor

Managing Director, Oyster Consulting, LLC

Email: Donald.horwitz@oysterllc.com

Featured Commentary on Markets Reform Wiki, November 2011

 

Not to be too blunt, but the collapse of MF Global is a disaster for the futures industry. This is the same industry that has been able to stand before Congress every time there has been a market crash (1987, 1994, 2008, to mention a few) and say proudly that the customer segregation system works well. Now, however, that is not necessarily the case. And, more importantly, this turn of events is happening just as the regulatory agencies, Congress and the industry are trying to implement the final set of rule changes mandated by the Dodd-Frank Act of 2010.

 

Why is this collapse such a problem, you may ask? After all this was not the kind of systemic event that the country and the financial system faced in 2008 when Lehman, Bear Stearns, and AIG failed, and Merrill Lynch was rescued by Bank of America. While a nice sized and respectable firm, MF Global was not a Morgan Stanley or Goldman Sachs.

 

The real issue facing the industry is not what happened to the customer funds that were required to be set aside in a segregated account at a bank, (although clearly that detail is critical to the innocent clients affected by the shortfall) but how did it happen?

 

The segregation provisions of the Commodity Exchange Act and the regulations promulgated thereunder by the CFTC, govern the holding, investing and use of these funds so that if a futures commission merchant (FCM) does run into a solvency issue, at least the customer funds are safe. Moreover, the CFTC and the self-regulator for the firm (in this case the CME Group) are required to periodically audit firms for compliance with these rules. If the segregation computation is incorrect, alarm bells go off and the firm must immediately come back into compliance. The firm could also be tagged with fines and penalties.

 

It’s because this regime has worked well since it was adopted in the 1930s, that the industry has avoided the imposition of a government-authorized insurance fund similar to that of the Securities Investors Protection Corporation (SIPC). The industry's claim had merit that this additional protection on top of segregation was unnecessary. Recently, CFTC chairman Gary Gensler said segregation is the “heart of our regulatory regime.” Nevertheless, he also said in remarks prepared for a speech at the University of Chicago on Nov. 16, 2011, that “it is “critical that the CFTC finish a rule that will enhance customer protections regarding where clearinghouses and futures commission merchants can invest customer funds.”

 

Now, however, there may be a gaping hole in the system that apparently has been overlooked for years. What happens if the FCM does not properly segregate customer funds or uses the funds improperly or for its own account? This is not an issue for the clearinghouse as its obligations are to protect the other members of the clearing fund if one member defaults on its payments as a result of a customer failure. Clearing funds are not available to cover the improper use of customer funds by the firm or for that matter any other type of fraud or malfeasance on the part of the clearing firm. The only asset that may be available to customers in such a situation is a Directors and Officers Liability Insurance policy and even then it is probably not enough to cover this loss.

 

Catalyst for change

So, why not rethink the possibility of a SIPC-type insurance and claims process for FCMs? We understand that this concept has been resisted for years for very sound and just reasons including the fact that the segregation system works well. For the most part, there has been no pressing need to fix it.

 

The MF Global liquidation may be the catalyst. We now find that we have an on-the-run hybrid “SIPC" system imposed upon the futures industry without any rules and no customer protection fund. After more than two weeks into the crisis, the trustee crafted partial relief where some customers funds will be released. The trustee was able to do this only because the CME Group essentially offered to back up over-payments. Perhaps this process could be codified in the event of future situations.

 

Back in 1986, this writer was appointed a SIPC trustee for the liquidation of a broker/dealer in New York. During that proceeding, we learned the details of the operation, how customer claims were processed and how efficient the SIPC backed system worked. Customers either received their securities or replacements, or cash, as the case warranted. We also investigated the matter and determined that the cause of the firm’s failure was that the owner of the broker/dealer used customer segregated funds to help fund another venture. Because this was deemed fraud, we filed a claim against the insurance carrier, and when it was denied, we sued the insurance company and ultimately prevailed.

 

In this and other SIPC liquidation cases, the customers received their securities or cash as promised. There were no questions whether this would happen; it was only a matter of time. Because this process works, broker-dealer customers are assured that their funds are protected. SIPC is not the Federal Deposit Insurance Corporation that guarantees bank deposits nor does SIPC protect the customer from losses because of a stock's poor performance. What SIPC provides is assurance that investors will get their property back if the firm blows up. As it says on the organization's website:

 

“SIPC does not cover individuals who are sold worthless stocks and other securities. SIPC helps individuals whose money, stocks and other securities are stolen by a broker or put at risk when a brokerage fails for other reasons."

 

That type of comfort might be necessary to protect the integrity of the futures markets and restore customer faith in the system.

 

CONTACT:

        Ellen G. Resnick
        Crystal Clear Communications
        773/929-9292; 312/399-9295 (cell)
        eresnick@crystalclearPR.com

FOR IMMEDIATE RELEASE

Chicago-based Donald Horwitz Consulting Joins Forces with Oyster Consulting
Combined firms expand regulatory/compliance consulting practice with nationwide resources

RICHMOND, Va. and CHICAGO, Nov. 15, 2011: As financial services firms increasingly seek assistance to navigate a complex regulatory and business environment, Richmond-based Oyster Consulting, LLC and Chicago-based Donald Horwitz Consulting, LLC (DHC) announced today that they have joined forces to increase the depth and breadth of their individual service offerings. Led by Donald Horwitz, DHC’s addition to Oyster Consulting enhances the firm’s expertise in commodities, futures and options. Their combined forces also enable DHC clients to benefit from Oyster Consulting’s depth of resources and more than 40 consultants in seven cities nationwide.

Donald Horwitz opened DHC this fall, applying nearly four decades of expertise in senior regulatory, compliance and legal counsel roles in financial services and derivatives.

“We’re ecstatic about bringing someone of Don’s caliber and experience in the commodities, futures and options industries into the practice,” said Patrick Dennis, an Oyster Consulting Founding Principal and Managing Director.

Established in 2008, Oyster Consulting announced last month the opening of its Chicago office at 200 S. Wacker Drive. Horwitz will operate out of the new location, joining more recent firm additions, Mike Nolan and Pat Blackburn, former leaders at Terra Nova, The Chicago Corporation and Merrill Lynch.

 
Horwitz said: “Oyster Consulting has built an outstanding practice, and I’m thrilled to be able to offer clients the breadth of resources and related top-quality expertise that can augment the services I provide. In the short time since I opened my firm, I have seen significant demand for these services.”

ABOUT OYSTER CONSULTING

Focusing on creating simplicity in a complex environment, Oyster Consulting supports wealth management and asset-servicing firms with audit, regulatory, compliance, financial, strategic management, operational and technology consulting services. Its team of consultants brings over six centuries of combined experience as senior executives, program managers, developers, department managers, business analysts and subject matter experts. Oyster Consulting’s practical solutions help broker/dealers, investment advisors, hedge funds, mutual funds, ETFs and private equity firms protect and grow their businesses.

ABOUT DHC

Donald Horwitz Consulting was established in 2011 to provide regulatory, compliance and legal services to firms in the securities, futures and derivatives industries. Managing Director Donald L. Horwitz, formerly General Counsel and Chief Compliance Officer for some of the world’s most recognized financial institutions, is also Contributing Editor to MarketsReformWiki.

 

We are pleased to welcome industry veterans Michael Nolan and Patrick Blackburn to Oyster Consulting, LLC as we open a new office in Chicago, IL. Michael and Patrick will focus on operation and management consulting for trading and markets in Chicago.

 

Press Release

As of October 17, FINRA’s new requirements for the Order Audit Trail System (OATS) are live — is your firm ready for these regulatory compliance changes? 

 

Prior to the updates, the OATS recordkeeping and reporting requirements in FINRA Rules 7410 through 7470 only applied to orders for equity securities listed on the NASDAQ Stock Market and OTC equity securities. But now, FINRA is phasing in an expansion so that OATS Rules apply to orders for NMS stocks, as defined in Regulation NMS Rule 600(b)(47), including those listed on markets other than NASDAQ. 

 

To date, FINRA is implementing the OATS Rule expansion to all NMS stocks in three phases based on the security’s symbol. Key changes include:

• Creating standard values for Receiving and Originating Department ID fields. 
• Adding a new Order Origination Code. 

• Eliminating the Received By Desk ID. 
• Aligning the OATS Account Type Code with the NYSE Account Type Indicators. 
• Creating a new Exchange Participant ID field on all Route Reports identifying routes to a national securities exchange. 
• Generally requiring each reporting MPID to use unique Routed Order IDs and Branch/ Sequence Numbers each day. 
• Reducing the allowable clock drift from three seconds to one second, and requiring timestamps to be reported to OATS in milliseconds if the firm captures the time in milliseconds. 

 

Many of our clients have been working closely with their technology partners to test the regulatory compliance changes prior to implementation, but this initial work is not enough. Without a consolidated industry testing process, testing every possible scenario before implementation was impossible, so firms should carefully review their OATS reports over the next six weeks to ensure they are complete and accurate. Pay special attention to the new destination codes and account type code fields to make sure you report them accurately. 

 

As you work to ensure a smooth OATS implementation, now is the time to review your written procedures related to trade reporting to make sure they are in synch with regulatory requirements and your business practices. Oyster is fortunate to have key resources to help firms evaluate their trade reporting platforms and practices — if you have any questions about trade reporting or Oyster Consulting, call me at 804.965.5403. I might not always be by my phone, but I will always call you back. 

 

I hate to be the bad news monger, but summer is over. The calendar (and thermometer!) might say we have a few more days before fall begins, but for financial professionals, Labor Day is the unofficial end of summer vacation season and beginning of annual requirement season. Of course, most people would rather be beach lounging than conducting an AML review or worrying about regulatory compliance. But, addressing these tasks now can help ensure you complete them thoroughly and on time — with as little pain and frustration as possible.

With less than four months left in the year, now is the time to finish required annual tasks and plan for 2012, including:

Broker/Dealer Annual Requirements

• Deliver annual training/annual compliance meeting.
• Conduct independent Anti-Money Laundering reviews.
• Begin supervisory control testing, including FINRA Rule 3012 and Rule 3130.
• Complete annual branch audits.

 

RIA Annual Requirement

 

• Review Policies and Procedures against business practices and regulatory requirements.

Firm Responsibilities

On top of regulatory requirements, both broker/dealers and RIAs must:

• Complete the annual renewal process. Annual renewals take time and effort, but they can be a great way to save money by removing unnecessary state registrations.  
  

• Finalize their annual budget and plans for 2012. A massive number of proposed regulation and legislative changes could affect your business in the near future, so you must make sure you are up to speed with what may come and adequately budget your resource needs.

If you’re wondering how you can possibly complete these tasks in time, Oyster Consulting is here to help. Unlike most people, we love analyzing minutiae and wading through regulatory compliance language to ensure we address each requirement efficiently and effectively. (How could that not sound fun?!) Whether you have a quick question or need complete advice and planning, call me at 804.965.5403 — I’m happy to help. I might not always be by my phone, but I will always call you back.