Transcripts for the Hearing Impaired
The NIST Privacy Framework – What It Is and What Your Firm Should Be Doing
Oyster: Welcome to this week’s serving of Oyster Stew, a mix of financial services, commentary and insight. Each week we’ll discuss what is happening in the industry based on what we see as we work with regulators and clients. We hope you come away with the knowledge and tools to help you make the best decisions for your firm’s future. You can learn more about Oyster consulting and the value we can add to your firm by going to our website, www.Oysterllc.com
Elizabeth G: Hi everybody. I’m Elizabeth Gatlin, a business analyst at Oyster Consulting and the host of today’s podcast. Last week, NIST published its Privacy Framework. Today’s podcast explains what the Privacy Framework is, why you should implement it, and what is involved. Today, I’m here with Oyster Consultant, Tim Buckler. Tim’s experience and expertise is focused on cybersecurity, data analysis, GDPR assessments, and project management support for clearing platform conversions. So Tim, let’s get started. Can you provide me with a quick overview of the Privacy Framework?
Tim Buckler: Yes. The Privacy Framework is a set of structures to help a firm build better privacy foundations and bring your privacy risk into parity with your other risk portfolio. Your firm is identifying organizational risk, reputational risk, and trading risk. Privacy risk deserves to have just as much discussion as those. The framework is designed in order to be adapted to your firm, and it’s not a checklist that you’re supposed to run down.
Elizabeth G: So who is NIST and why is it important that they’ve put out this Privacy Framework?
Tim Buckler: NIST stands for the National Institute of Standards and Technology. It’s under the US Department of Commerce. They are tasked to create a set of standards across all industries, and the US economy to facilitate innovation. They are not a regulatory agency, but rather a cooperative agency set to have everyone speaking in the same terms. Importantly, in this Privacy Framework, like all the other standards that they put out, is supposed to be open to use and adapt as appropriate for each firm. One key event that privacy policies has helped mitigate are breaches. Recently, a credit agency in the US had 148 million records breached. This cost them about $584 million in direct costs. Globally, they estimated it cost about $1.4 billion, including Cybersecurity practices they had to put in place and extra infrastructure they have to add. They are actually quite lucky that the breach came just before the European Union’s GDPR came into effect. They were only fined about 500,000 pounds. If GDPR was in effect, they would have easily been fined millions.
Elizabeth G: So what exactly is the Privacy Framework and as a firm, how do we adapt it?
Tim Buckler: Like I said before, the Privacy Framework is not a checklist. It is a broad set of structures that your firm should go through and adapt to your individual situation. The Privacy Framework is broken down into three broad sections: Core, Profiles and Implementation Tiers.
Elizabeth G: Can you explain the Core?
Tim Buckler: The Core is all about communicating your prioritization from your executive level to your operations level. It is broken down into five key functions: identify, govern, control, communicate and protect. Identify starts with a risk assessment to develop the organizational understanding of what your risks are and ways you can manage those risks. The govern function is about developing and implementing a high-level governance structure in order to manage your risks. Control is about developing and implementing controls for individuals to help manage the individual privacy risks. Communicating is all about making sure that each individual in your organization understands their role within the Privacy Framework. Protect is all about establishing the safeguards that at the end of the day protect your data.
Elizabeth G: What are profiles?
Tim Buckler: Profiles enable the prioritization of outcomes and activities that are based on your individual organization’s privacy values, mission needs and risks. They’re all about understanding your firm’s current privacy activities and understanding your desired outcomes. You first develop your Core, and then you determine the most important areas you want to focus on as a business, and then put them in place.
Elizabeth G: And what are the Implementation Tiers?
Tim Buckler: Implementation Tiers help support your decision making and communication about the sufficiency of your process and privacy risk management. They provide a point of reference on how your organization should view privacy risk, and whether all your processes and resources sufficiently manage that risk. Tiers reflect the progression from informal reactive responses to a proactive, agile risk informed response.
Elizabeth G: So how do we start?
Tim Buckler: The first step is a privacy risk assessment. This privacy risk assessment follows many of the guidelines of other risk assessments you probably have done before. The privacy risk assessment is all about identifying and evaluating the individual privacy risks that are part of your firm. In general, it’s about weighing the benefits of undergoing activities, against the potential risks that may come as a consequence of that. Key things you should be focused on are how do you mitigate the risks? Are you able to transfer or share that risk? Can a risk be avoided altogether? And, ultimately, how do you accept risk?
Elizabeth G: Doesn’t NIST also have a Cybersecurity Framework?
Tim Buckler: Yes, NIST has published a well known Cybersecurity Framework. If you’re familiar and comfortable with the Cybersecurity Framework, you’ll be immediately comfortable with the Privacy Framework. They are designed to work together in order to better understand the risks part of your firm. The Cybersecurity Framework has the same Core, Profiles and Implementation Tier structure that the Privacy Framework is established with. One of the key differences between the two is that NIST’s Core is comprised of five functions: identify, protect, detect, respond, recover. While the identify and protect are shared in the Privacy Framework, in the NIST Cybersecurity Framework, detect, respond and cover are different.
Elizabeth G: So if I already have their Cybersecurity Framework, do I also need the Privacy Framework?
Tim Buckler: I believe it’s important to use both. The Privacy Framework goes beyond what the Cybersecurity Framework governs. The Cybersecurity Framework is foremost an organization-first policy. It’s all about understanding how your firm as a whole can identify and mitigate risks. The Privacy Framework is about the individual. First, one key difference is the Privacy Framework attempts to mitigate what NIST calls the “dignity type effects” – things like discrimination, economic loss, and physical harm. Not all of those will be covered by the Cybersecurity Framework.
Elizabeth G: Okay, so how can Oyster help?
Tim Buckler: Oyster can help your firm with both a Privacy Framework and a Cybersecurity Framework implementation. We help with risk assessments, systems management, role based access management, your physical and data security policies, vendor due diligence, disaster recovery and business continuity planning, information security roadmap, prioritization, training, things like that.
Elizabeth G: Thanks Tim. We’re running low on time, but you can find more information about the Privacy and Cybersecurity Frameworks at www.NIST.gov . Thanks to everybody for listening. If you have any questions about your firm’s Cybersecurity or Privacy Framework, or you have a topic you’d like us to discuss in the future, feel free to call us at (804) 965-5400 or visit our website, www.oysterllc.com.
Oyster Solutions Software – Making Your Annual Compliance Calendar and Review More Efficient and Effective
Polly Cordle: Hello and welcome to this week’s Oyster Stew. I’m Polly Cordle, managing director of the Oyster Solutions platform. And this week I’m joined by Gray Houghton, as we take a little look at annual reviews and compliance calendars, and things to think about here in January. We hope this gives you an idea of areas that you can get some attention to as you start off the new year and Happy New Year, everybody.
Gray Houghton: So you’re the practice leads with the Oyster Solutions platform. Do you always work in the Solutions platform?
Polly Cordle: I don’t only work in the Solutions platform. I historically, I’ve worked outside of the Solutions platform with our big compliance calendar for an advisory firm, that we keep on a spreadsheet. But about two years ago I put my first client on Solutions and that really kind of changed it for me. And then, once I had a couple of clients on Solutions, I kind of refused to do a whole lot outside of Solutions. So that’s how I ended up platform.
Gray Houghton: Well, that seems reasonable. Can you tell a little bit about the annual review requirements for firms?
Polly Cordle: So whether you are an advisory firm or a broker dealer, you have some sort of annual requirement, and firms will look at their compliance programs, kind of top to bottom, and see how effective they are, whether that’s the IA version of that review or the BD version. That’s really your main goal – to look at your compliance program top to bottom, see if it’s running as you expect it to, and see if it’s effective. On the advisory side, you have a reporting requirement that falls under 206(4)-7 and on the BD side you have a 3120 requirement and a 3130 certification that needs to be done. So when firms are looking at their compliance programs top to bottom, they tend to pull a lot of the work product of their program and look at the work product to make sure, for example, advertisements are being approved the way they should be approved, that they’re getting approval prior to posting, if that’s required, that anything that’s going on in the system from an audit perspective, whether that be an internal audit or a regulatory audit, that those things are getting addressed, that they’re being followed up on.
Polly Cordle: It’s a good time also for firms to look at their risk assessments and kind of take the compliance perspective of the whole firm, top to bottom, every part of it.
Gray Houghton: So before you used Solutions, how did you facilitate that annual review?
Polly Cordle: Well, my annual reviews, prior to having Solutions, I had a checklist. I love a checklist and I went through and I pulled various documents. So in my experience with my firms, I like to run my compliance testing throughout the year and then pull it all during that review and make sure that the testing of the compliance program that we did throughout the year was effective, there were issues identified, those were either addressed or we addressed them in the annual review and determined to remediate them at that point. And then, after that portion is done, I write up my report with an overview of our business, any changes that have happened that year. I look at complaints that have happened that year. I look at complaints – complaints are a big part of everything. So I look at complaints and then I come back and create a remediation plan, and that remediation plan would identify and address any of the recommendations, any recommended changes to our policies, any recommended changes to our processes. And then I’m going to document all of them.
Gray Houghton: Okay. And how that you do it now?
Polly Cordle: So within Solutions, we still have a series of steps; however, they can kick off to multiple people at once. So I could ask the trading manager to send me a report and he would automatically get an email that says, “Hey, attach this report,” and he attaches that report. I can even give him a template to fill out of what information I need. Say “Download this, complete it, give it back to me.” That can be happening with him. At the same time, for example, my registration department is getting one as if “Hey run reports off the CRD system for late filings or any dropped state filings for an individual or the firm,” and then I can confirm whether those need to be addressed. Then all of that would come back in a review step for me and it kind of gives me everything in one place.
Polly Cordle: Now, one of the other things I’d like to do in a Solutions annual review is look at all the workflows in the system. Are they getting done? Are they getting done on time? And if they’re not getting done on time, is that a regulatory issue? Is it a resource issue? And address that. So the system allows me to run some dashboards and some reports about past due work, and work that’s not getting done. I’m not susceptible to someone saying, “Oh yes, I reviewed this report on December 15th,” when in actuality they reviewed it January 1st. I’m going to see in the system exactly what goes down the steps. So it tracks all of that for me and then I don’t fall prey to the “Oh I signed this but didn’t date it. Oh yes, I did that on December 15th. I did that on time even though I didn’t put a date.” So it kind of locks in a lot of my processes to make sure that I don’t have any issues with what actually happened versus what I’m thinking.
Gray Houghton: Right. That seems like a great tool. Well, since it’s January, we should probably talk about the compliance calendars too.
Polly Cordle: As folks are doing their annual review, I recommend that they take a moment and look at their compliance calendars as well. Some of that’ll get picked up just through the recommendations in your annual review. You’ll decide we need to do in a new task or whatever. Don’t forget to add those to your compliance calendar. It’s very easy to get your annual review report out of sync with your compliance program by saying you’re going to remediate something, but then not tracking it on your compliance calendar. So make sure that those get updated as you go through that review. Also, it’s a really good time to look at new regs that have come out over the year. It makes sure those are addressed in your compliance calendar and in particular, this year, looking at Reg BI and making sure that you have the steps in your compliance calendar to make sure you’re in compliance with that reg before it starts.
Polly Cordle: So you’ve got a Form CRS you need to fill out, you’ve got policies that need to be written, you’ve got communications that need to be sent. All of those things should go ahead and be added to your compliance calendar now at the beginning of the year, and then you’ll have that as you go through. Now, in Solutions, when we make a change to a policy, so for example, Reg BI, if we’re going to make a change to a policy, we immediately create the workflow and attach it to the policy (the workflow that will enforce that policy), and then where we can, we schedule it, to kick off automatically so that it doesn’t get dropped. So you don’t forget to look at the big compliance calendar checklist or get something done.
Polly Cordle: The other thing I think I mentioned earlier was risk assessments. And this is really as you’re looking at the full picture of your firm and your compliance calendar. It’s a good time to make sure that you haven’t obtained any new risks during the year – new bonds business, new products that you’re offering, new types of clients that you haven’t had in the past, new employees who may not be as up to speed as your employees who’ve had a longer tenure with the firm. So go ahead and get that stuff into your risk assessment and kind of do the whole thing. It puts a lot into that first quarter of the year, which is generally when we see people doing their annual reviews, particularly on the IA side because you’re going to have your updating amendment that’s due. So it puts a lot in that quarter. But it also gives you a really good start to the year to have everything in line, and, going forward, you’ll know exactly what you need to be doing month to month. In Solutions and in your compliance calendar you want to make sure that you have some means to not forget about that calendar. That was always my biggest issue with the spreadsheet, was I would be caught up in my day to day work, and this going out and actually loving it in the spreadsheet so I might not complete some smaller tasks that wasn’t really on my radar at the time.
Polly Cordle: But, I am doing all the talking here, Gray. So you’ve worked with some of our clients as a compliance analyst. What would you say were your biggest challenges as you worked with them?
Gray Houghton: You know, the biggest challenges that I have with the firms I work with is there are so many things that you have to make sure you stay on top of, but they’re not necessarily a daily task. And what happens is you may forget something like your email review, and first thing you know, you have forgotten it for not one month or two months, but six months and then there’s no way to fit that into your schedule. You have a lot of review that needs to happen and you just don’t have the time to do that. It’s really important that all of the different tasks are in front of you. You cannot forget the things that are not necessarily daily, but there’s some things that just have to be dealt with. State registrations might be another example of that. That’s something that needs to be checked, and if you wait for a year, you may not have picked up on the fact that you have a rep who is doing business you are not aware of, and you didn’t get that done. So that’s something that needs to be examined periodically, systematically, but it’s just not something that’s in front of you.
Polly Cordle: Those are actually really good examples. We have done a lot of cleanup projects as a firm, because it does tend to snowball, and that is one of those things, at least for me, I don’t like to do it daily. I like to have a bunch of stuff to review at once so I can see a big picture of what’s going on, rather than just a fear of what’s going on, rather than just a “What happened today?” kind of picture. So it’s a really good example of something that can snowball, and the state registrations also a good example. We have a monthly review of that in the Solutions system. And I would say, unless your compliance folks are looking at every new account coming in, or unless you have a system that will lock that down state registrations. Particularly on the IA side, where you have the diminimus, and some states will allow you five clients, some States won’t – that can get challenging because you’re watching that number and you’ve got to know when it crosses the line. Now on the BD side, we see a lot more firms that have a system that will work it in. You can’t open the account until that person’s registered in the state, but depending on your system that you’re running, your back office system, that may not be the case. And so you’ve really got to be watching that closely, because for the broker dealer side, it’s a one client rule. So you want to requirements right when that account is.
Polly Cordle: So I know you’ve also done a lot of work outside of Solutions. I know you work with some of our clients in Solutions, but you’ve done a lot of work outside of Solutions. What are some of the projects that you’ve worked on outside of Solutions and some of the challenges that you’ve encountered there?
Gray Houghton: Well, another one of the big projects that I do is Trade Reviews. You know, the trade reviews have to be timely, and so this is another thing that some firms require the weekly trade reviews, some firms require monthly trade review. Most firms have some sort of daily trade review and, I’ve worked in all three of those sorts of situations, but it’s an outside system, usually. So it’s somewhere where you have to go into another system or you’ve got to remember to go to that older system. You kind of have that information in front of you and then you have to transfer that information from whatever trade review system you’re working on to the system of your firm so that they can maintain whatever documentation is necessary. So it’s a multi-step process. It can be a taxing, it can be time consuming.
Gray Houghton: And again, it’s something that you have to keep in front of you. Just like email review – if you have it set up monthly, and then once it gets away from you, then you’ve got another month in front of you, then again, you have too much work, you don’t have enough time to get to it. So that’s something that’s really good to have a reminder in front of you that has to be processed. You have to have it in front of your face. You’d have to do it and move it to the (inaudible)…
Polly Cordle: So we’ve worked with a lot of trade monitoring systems at Oyster and we actually are getting ready to launch our own trade monitoring system. I’m very excited about it. As a chief compliance officer for a regional firm that was on multiple platforms, trade review was a big, big challenge. We had one platform, no problem. It had an alert system and would alert you when there was a trade that needed to be addressed. But then, for the other four platforms, I had no real alert system. So, I had to either look at trade blotters or run exception reports or review statements or take samplings of accounts and that can get challenging. So what we’re doing with Solutions is, we’re bringing in multiple custodians to one place. And for most of your trade review experience, are you looking trade by trade and account by account? Maybe like on a monthly basis?
Gray Houghton: It’s a mix of that. Some of the platforms do a daily trade alert system, as you’ve talked about, and some of them just do a monthly spreadsheet. Uh, so it’s, a the mixture of those, it’s, it’s difficult to keep up with.
Polly Cordle: When we are seeing one client or one household across multiple custodians has always been a trial for me. So what we’re doing, hopefully to resolve that issue for folks, is bring in the multiple custodians, let you look across multiple custodians at one household. So even if Gray has his IRA at one firm and Gray and his wife have an advisory account at another firm platform, I could still bring both of them in and look at the whole picture of that household, which gives me a better view, particularly when it comes to things like concentration on the advisory side. We see a lot of clients who may hold as long as they worked for a company and so they’ll tend to segregate that over in a non billable account and then keep their other assets in the billable account. But being able to see concentration across that whole picture is important, I think. And there are a number of boards that work that way. It’s not just concentration. So what we’re doing is we’re allowing firms to choose, even look at the account level, the client level, meaning Gray’s IRA and Gray’s individual account combined, or, are you going to look at household level, which would then bring other household members – so Gray’s IRA, his individual account and his joint account. So you can look at the household level. You can look at the client level, you can look at the account level, and we hope that’s going to take a little bit different approach than we’ve seen in most trade review systems. There’s still a daily trade blotter if people want the daily trade blotter, but we liked the idea of bringing in multiple custodians and having it all in one place.
Polly Cordle: We really liked the idea of being able to pick and choose how your alerts are going to run, and being able to do that yourself without having to go back to a programmer and say, “Hey, turn on this and make it this way.” We’ve made it simple enough that our firms can customize that for themselves. So I think that, hopefully, will be a big difference for some of our firms. Certainly our Solutions firms that are going on to Monitor will have a different way of looking at things.
Polly Cordle: Okay. Well, I think we have run out of time. It’s a podcast. We’re supposed to keep it short, but I think we could talk about what needs to be done for a year, for a very, very long time. We will wrap it up and thank everybody for listening. If you want to learn more about Oyster Consulting and Oyster Solutions, you can go to Oysterllc.com or you can reach out to us at (804) 965-5400.
When Does Outsourcing Your CCO Role Make Sense?
Molly Bryson: Hello everyone. I’m Molly Bryson, one of Oyster Consulting’s Relationship Managers and the host of today’s podcast. Our topic today is the contemplation of the benefits of outsourcing the Chief Compliance Officer position for broker-dealers and registered investment advisors. Oyster’s consultants have served as Chief Compliance Officers for broker-dealers and registered investment advisors of all shapes and sizes. Today I’m here with two of Oyster’s Outsource CCO consultants, Nicky Brinckerhoff and Dean Pelos, and we’ll be discussing some of the important points firms may want to take into consideration when making this decision. You can learn much more about Nikki and Dan’s experience and about Oyster’s Outsource CCO services by visiting our firstname.lastname@example.org. Nikki, let me ask you, what would you, in your opinion, what would you say are some of the common mistakes that some of the inexperienced Chief Compliance Officers out there might make?
Nikki B. : In my experience and interactions with folks that don’t have a lot of experience in these roles, they have a tendency to procrastinate making decisions, overthink, over-analyze, almost become stagnant or have paralysis because they don’t know the right answer. They don’t know which way to go, so they will delay and not act or support the business as they should.
Molly Bryson: How about you Dean? What are some of the things you’ve come across?
Dean Pelos: Yeah, I would agree with a lot of the things that Nikki said, but in addition, I think that there’s a lot of things that, from a resource issue, it really depends on the size of your firm, on some of the budgetary constraints that you might have where, I might be the CEO and the CCO. So I’m running my company and I have an issue with running my business, and the business side of things might take over and the procrastination begins on the compliance side of things where there’s not as much thought going into it or using the proper resources that might not be available to you to be able to make the right compliance choices to create a culture of compliance within your organization. So those are things that I think kind of get overlooked and causes some CCOs to be inexperienced from that standpoint. I also believe that not keeping up with the rules of the business and what regulators expect of you or other things that also could be of concern.
Nikki B. : So Dean, you bring up some really good points there and makes me think about some other items that you can run into. A lot of time in smaller or mid-sized, there’s not enough resources to go around. So now you have somebody doing operations and compliance, or strategic leadership and compliance, and compliance becomes an afterthought. That or hot potato, yes. And that may not just be inexperience. That may be lack of resources. You don’t have enough time to dedicate to it to keep up on the rules or to know how to make the decision, and that causes the firm itself to actually have inefficiencies and run at a lag.
Molly Bryson: So firms are considering outsourcing their, their Chief Compliance Officer role, and usually that comes from either the president or the CEO of a company. And oftentimes, we hear from folks who are actually in that role and also trying to take on the role of CCO, same time. What are the risks associated with that?
Dean Pelos: So it’s primarily the intermediate firms, mid-sized firms, the smaller firms, that maybe don’t have the resources necessary to be able to carry out both roles. Because what they’re trying to do is they’re trying to grow their business, they’re thinking about reaching out to their clients, they’re thinking about trying, performance-wise, to be there for their client, making sure that whatever the business is, that the business is performing exceptionally well. So their clients are satisfied and they’re not focusing and worried about the regulatory issues that may be involved with making sure that their compliance program is properly supervised, whether or not they’re thinking about conflicts, appropriate conflicts, disclosing those clients, conflicts to their clients so they’re fully aware of things that are happening between what one part of your business might be versus another. So those are things that they don’t think about and to me, being able to be an outsourced, CCO, being able to be aware of those issues because of my experience, being able to then assist the CEO with allowing them to grow their business and worrying about compliance in general – just compliance and supervision and risk – those are the things that I always think about. Maybe when you’re the CEO of a company, you’re thinking about how the business is developing, first and foremost in your mind.
Molly Bryson: We talked a little bit about being the Chief Compliance Officer in addition to taking on the CEO role. Doesn’t that really apply to really anyone in a firm who’s handling dual roles and also trying to run the compliance program?
Dean Pelos: The reason all of this occurs is because there are things that, if you’re a CEO of your company, you’re trying to grow your business, you’re trying to perform to your client’s expectations, you’re trying to make sure that you are looking at investment objectives of your client and you want to make sure that you have proper suitability in the investments you’re making for your clients. You have that fiduciary duty that’s taking place. But you’re not thinking about some of the compliance aspects that a compliance officer might be thinking about. You’re not maybe in tune with new regulations that come on the table. We can look at Reg BI as an example. That’s a huge risk right now that’s coming up because a lot of people don’t even understand what Reg BI is. They’re not going to read 400 pages of material that the SEC put together and try to interpret what they can and cannot have to be able to properly comply with Reg BI.
Dean Pelos: So to me, those are things that are potentially risks. There are new exam priorities that come out every year. Maybe the CEO is really not focused on those types of priorities and is not going to adapt their compliance program to properly supervise a risk that’s out there that they’re not even aware of. Those are things that happen all the time and those are things that we can help with because we’re experienced enough, and we’ve been doing this enough to be able to identify those things and be able to communicate that to our client.
Molly Bryson: So Nikki, do you have some thoughts as well?
Nikki B. : Well, one of the really unique and interesting things about an outsource model is it allows you to tap into some knowledge, resource experience that a mid-size or smaller firm may not be able to afford. It also allows you to have perspective of what other people are doing in the industry, how things are changing, what different exposure and a lot of those insights you can’t get from a conference or from training. You, as Dean said, get it from somebody that comes with a bunch of experience. Clients in this space, really have a consideration about bang for the buck. How can I get somebody that can support my operation, my growth and myself, and protect the firm? And that’s what compliance ultimately does – protect the investors, protect the firm. It has to be baked into the operation. It has to help you be more efficient, because you don’t have the unlimited resources in an oversight role or a compliance role.
Molly Bryson: What would you say, is there a certain size of firm where this makes more sense rather than not so much? Or is it based on size of firm or lines of business? Would you say, Nikki?
Nikki B. : I think lines of business and complexity in the delivery of their services. If they have a lot of diverse, complex, different items, it makes it harder to get one person that has all that knowledge, especially if you have a limited staff. Conversely, you could have a ginormous firm with a very great repeatable process, and it still fits in an outsourcing model because you don’t have the time constraints required in that repeatable process.
Molly Bryson: What are some of the reasons you’ve heard, both of you, what are some of the ways in which we’ve worked with firms where we haven’t necessarily had the title and what are the risks involved with that, if any? Nikki, you want to take that first?
Nikki B. : Sure. I think first and foremost, getting somebody, a partner, a firm that doesn’t appreciate what your firm needs or have the ability to support your firm. So picking the right partner makes a huge difference for the firm. And if they’re new to this kind of model, if they haven’t had a lot of experience or they’re aware of somebody else that had a bad experience, keeping the title, being more controlling of it is very important to them. I agree with them wholeheartedly. Finding the right partner, building the trust. It truly is an ongoing relationship. It’s not a “one month you can do it one month you can’t,” because it’s an ongoing, learn your business, know it, help it grow and support it. So I think that’s the biggest fear. Dean, do you see others? And that’s a good point. From Dean’s side and from mine.
Nikki B. : You have to have the trust, you have to be part of the executive team. You have, they have to value you, you have to value them. There’s gotta be communication. So not all firms can do that. Firms have to really look at their culture, their ability to have an Outsource CCO compliance support may be a great solution for them. If what their CCO needs is the experience, the knowledge, the person that keeps up on the rules and can help them implement. In reality, if you look at what the regulators ask for, it is integrated compliance with your service and product delivery and the only way you do that is by having your compliance controls involved and a CCO that’s engaged – and you can get that. I think it’s very interesting for folks who decide to take the risk and start their own firm so they know what they’re good at, they know what their business model should be, they know what their goals are and what their objectives are. What they don’t know is how to do it in a compliant fashion, how to make themselves more efficient and more effective, and that is a really great fit for at least me and Dean and some of our folks around here, because we’ve done it over and over again.
Molly Bryson: So Nikki, you mentioned people starting their own firms. What would you say are some of the advantages to having an Outsourced CCO in place as you launch your firm?
Nikki B. : So when you start a firm, there’s all these things you have to do and comply with and ensure you can demonstrate compliance, but that you’ve now tapped into people that have done it multiple times, have learned and grown over the time with the industry, and bring such valuable benefit to somebody launching their new firm, and being able to hit the ground running and focus really on business development. Because we have stepped in either in an interim case or when new products come out – let’s talk about robo advising or let’s talk about cryptocurrency, or let’s talk about any of the new complex products – a s we step in and work with multiple firms, we have a basic ability to get information of how that product works or how the industry is working at a much quicker speed. That is something you’re not going to get at a conference or in training because you can actually sit down and discuss how the other side works. So you make sure your side picks up all the compliance parts. It also helps the business development because now you have a compliance officer or compliance support person that actually can get you the details of how that product works operationally. So it’s a multilayered type of benefit to go to some sort of outsourcing model.
Molly Bryson: Well, and in that scenario makes it easier for your CCO to be able to support your business instead of saying, no, it might not be a no, but it’ll be, “Here’s a way we can do it,” instead of maybe going down that path.
Nikki B. : And being able to say, I’ve done the research, I’ve gotten comfortable. We can have controls put in place without delaying the ability to make some business decisions. You know, one of the things that makes an outsourcing model so much more beneficial to firms – you don’t have a key man type of risk that your CCO could jump ship or change jobs, because you now have a deep bench of resources at Oyster. We all work together and if something was to happen to one of us, there’s a deep bench that any company can pull from, and there’s never going to be a time that you would be overburdened or overwhelmed, regardless, because you have so many resources at your disposal.
Molly Bryson: So understanding that it would allow me to focus on my business and understanding that I, as a business owner or a business associate, may not be able to keep up with the ongoing changes in the industry and the compliance requirements, is there any risk to me as a firm and outsourcing these roles, that it should be taken into consideration? Because I can see the benefits – that makes sense. But if I’m a business owner, I’m going to say, “But what are the risks? What am I losing control of?”
Nikki B. : I don’t know that you lose control. If you do your due diligence and you pick the right partner that fits your business and the culture of your firm, I don’t see an increase in risk or a change in risk. Yes, you shift some risk around and you actually get more people in your boat per se, to share the risk with, but you don’t have an increase or a change to your risk profile.
Molly Bryson: So a lot of times when clients are talking with me on the business development side, I think when things they worry about is what happens if one of our consultants is the CCO for too many firms? How do you all maintain your ability to focus on the firms that you are holding the title for?
Nikki B. : Well, I think we do a good job and again, it comes back to what I said earlier about finding the right partner that fits your business and can dedicate the time to be part of the executive team and support the strategy of your business. But we do a very good job of limiting that. We also have personal liability, so we don’t want to take on more than we can handle and we don’t want to do a disservice to any client or to ourselves. That’s a personal accountability and responsibility we have. What do you think Dean?
Dean Pelos: No, I agree with everything you said in terms of the risk that’s involved in operating as a CCO for a firm. There’s a personal stake here in each of us as individuals to understand what’s happening and what kind of capacity we have to be able to accommodate and help that firm succeed from a compliance standpoint and a supervisory standpoint.
Molly Bryson: So people who are in the Chief Compliance Officer role within their firm at times may just have limited time or industry knowledge. How can we, as a consulting firm, help that CCO navigate those waters? Or would it be better for them to consider outsourcing the role?
Dean Pelos: So, primarily, it really depends on what your resources are, what you may have, what you may not have. What’s your company size? Are you limited in what compliance is to your company? From my perspective, sure you can. You can continue to assume the role of CCO for your company, but you know, if you want to continue to have that role as CCO, we also offer a lot of compliance support functions that would be assisting the CCO at that company. Let’s say there’s an issue that comes up where they’re confused about how we can assist with that. If a CCO has an issue and they want to pick up the phone and call and say, “Listen, I’m a little confused about this regulatory issue that just came up. Does that apply to our business or does it not apply to is? Is there something that we need to do? Do we need to change our policies and procedures? Do we need to change our controls around how we supervise this particular thing?” We can understand what your business is. We can then provide or solutions for you to assist with your compliance program. And that’s compliance support in a nutshell.
Molly Bryson: So if you wanted to retain the Chief Compliance Officer title within your firm, which many firms do simply for the fact that they rather have ownership of that title, you’re saying Oyster can help in various capacities, anywhere from responding to a phone call every now and then, all the way up to helping them run their entire program.
Dean Pelos: Right, right. And we’ve done that many, many times. I’ve got plenty of clients who have called me, and they’ll call me as needed. They’ll reach out to me via email and they’ll say, “Dean, I need your help with something. Can you assist with this issue that I’m having?” And I’ll be able to, based on my 20-plus years experience in the business. I’ll be able to respond to my client in a fashion, which would assist them with whatever the issue is that comes up.
Molly Bryson: So Dean, firms may be reluctant to let go of that Chief Compliance Officer title, but they do so in the sense that they understand exactly what we’ve referenced here today, which is that any one person can’t necessarily do that role and other tasks they may be responsible for within their own firm. So as you, as you outsource the Chief Compliance Officer role to Oyster, what are some of the efficiencies that we can offer our clients so that they will know where we’re working and what we’re working on, and how can we create that environment for them?
Dean Pelos: We can use plenty of tools that are available to us that we’ve used over the years. One of the things that we’ve recently developed is a product called Oyster Solutions to assist with developing compliance and supervisory programs, helping them with their workflows. For example, we would take your entire compliance program and we would load it into Oyster Solutions, and then be able to provide efficiencies by being able to monitor when we need to perform certain compliance tasks. Those workflows would be developed within Solutions. So we would take, for example, your policies and procedures. We would load those policies and procedures within Oyster Solutions and then be able to put controls and workflows around those processes that you have, in order to be able to better monitor the program from a supervisory aspect, from a compliance aspect. If there is a rule change that takes place and it affects your business based upon how we’ve identified your business, that rule change would be incorporated within Oyster Solutions and it would updated as needed, as necessary, so that you’re fully compliant with any regulatory order that is taking place, whether you’re an investment advisor or a broker-dealer.
Molly Bryson: So that sounds like that would certainly make things easier when a regulator comes to visit. It sounds like things will be contained in one place. Is that right?
Dean Pelos: Yeah, it would be contained within one place and it would be a lot easier to retrieve that information for a regulator when requested.
Molly Bryson: And I would say one of the things that I hear on the business development side about people’s concerns around acting as the CCO is that they don’t have regular interaction with the regulators, so they are unsure of what to say or how they should be interacting with them. What are the advantages that some experienced CCOs could bring to that concern?
Dean Pelos: One thing we do have in Oyster – we’re practitioners here. We’ve been doing this for, many of us have been doing this for 20-plus years. So we’ve run our own businesses. We’ve run our own broker-dealers, our own investment advisors. We’ve worked at the SEC or at FINRA. I’ve been dealing with regulators for the last 30 years, whether it’s the SEC or FINRA or whoever, whether it’s a state regulator. We’ve had the opportunity to sit down with these individuals and run through audits, run through requests. We have that experience in interacting with those regulators. An example would be coordinating effectively with regulators by being responsive, by finding solutions to satisfy requests effectively, knowing what to say or not to say in certain instances when you’re being requested of an item or you’re asked a question and how you respond to a regulator in response to those requests or demands.
Molly Bryson: So at the end of the day, the regulators really care about the health of the firm, and then of course, in turn, the health of the client’s relationship and business. And so as long as you’ve got the right resource in place, whether they be an outsource resource or a permanent resource, the regulators are happy. We never really say what a regular does or doesn’t think. But I know for a fact that our teams have been through multiple exams over the past several years, and from those exams, we share information about what the regulators are asking for. We share information about our approach to exams and how we were successful.
Molly Bryson: Anything else either of you think should be mentioned as a consideration to a firm when they’re thinking about outsourcing this role?
Nikki B. : Personally, I think it has to be the firm’s ability to embrace and grow and develop with somebody with a whole lot of experience. And knowledge. Sometimes firms get in a rut or in their own way, basically because they’ve always done it this way and they want a CCO to come in and do it the way they’ve always done it. And really that’s not the best way or most efficient way. So they have to ask themselves if they’re ready to grow and develop their compliance program.
Molly Bryson: Well, it looks like we’re out of time. So Nikki and Dean, thank you very much for your thoughts and your comments. Whether you’re acting in multiple roles for your organization or you’re looking for compliance support, or even starting your own firm, we hope you found Nikki and Dean’s insights about when it makes sense to outsource your CCO role helpful. Some highlights from our discussion today: Here’s some things to keep in mind when you’re making this decision. Consider your resource availability. Consider the advantages of having a compliance professional who knows how to interact with regulators, and consider a compliance professional who has the knowledge to help you stay ahead of new regulations and who can worry about risk and supervision, so you and your team can concentrate on running your business.
Molly Bryson: If you have any questions about what we’ve discussed today, or if you have a topic you’d like us to discuss in a future Oyster Stew podcast, please feel free to call us at (804) 965-5400 or you can visit us on our website at www.oysterllc.com.
Should You Outsource Your FINOP Position?
Rob Hall: Hi everyone. I’m Rob Hall. I’m the CFO of Oyster Consulting and the host of today’s podcast. Are you trying to decide whether you should outsource your FINOP position? Today’s podcast might be able to help you with that. Today I’m here with Oyster’s FINOP Consultants, Jeff Harpel and Clark Tucker, and we’ll discuss why it’s a good idea. Jeff and Clark both have extensive experience as Outsourced FINOPs, as well as having held CFO and FINOP positions in the securities industry prior to working for Oyster. Clark, why don’t you give me a brief overview of what a FINOP is and how Oyster can help?
Clark Tucker: Well, FINOP is one of the three required functions for a broker dealer, and you have to have a CEO Executive Rep, you have to have a Chief Compliance Officer, and you must have a Financial Operations Principal. And, obviously, the roles and the duties associated with them are segregated. But to focus on the FINOP role, it’s the overseeing, the supervision of all of the financial and operational aspects of the broker dealer. I think we focus primarily on the financial and regulatory reporting aspects of that role. So in doing that, we work with local teams, with the staff, with the accountants or bookkeepers at firms. We try to review everything that’s taken place to make sure that it’s compliant, and then take from that to prepare financial reports and regulatory reports. We then ensure that the firm is compliant and remains compliant in its filing, and its contact and interaction with its regulators. So, we can help you fill that gap when that gap exists, and the experience may not be resident already in a broker dealer.
Rob Hall: Well, Jeff, what do you think makes a good CFO or a FINOP?
Jeff Harpel: Well, I think there’s a couple of ways to look at that. I mean, first, is to be a good FINOP. In my mind, you need the background and experience working in a broker dealer. It’s a very specialized industry with very specialized rules like the net capital rules, and the other financial responsibility rules that Clark was talking about. And if you’ve never been exposed to them at all, they’re going to seem like they’re from out of left field; you’re really not going to know what’s going on. So you really need to have had experience in the business, in the industry. You also need to be able to see the big picture of things. The financial responsibility roles require a lot of information about the firm in total. And if you really don’t understand an entire firm or the entire business, it’s very difficult to be sure.
Jeff Harpel: We always have to be sure that you really are in compliance, that you’ve asked every question you need to ask, that you’ve got all the documentation you need to really ensure you’re compliant with all the rules. So I think those are very important. And with those go all the things you might typically think of as a good accountant or controller ,or CFO, as far as being very detail oriented, very cognizant of deadlines, tasks that need to be completed. The order of those tasks and all of those kinds of things you might typically think of as, and I’m an accountant, so I guess I can say this, as an accounting mentality or an accountant’s mentality. So I mean, I think all those are necessary to be a very good set up.
Rob Hall: Your comment, Jeff was good in that, you can’t turn an accountant into a FINOP unless they they know the firm,. You can’t just hire an accountant and then expect them to take the series 27 and be the FINOP unless they have the experience with the firm.
Clark Tucker: That’s a hard and fast requirement from FINRA, that someone doesn’t just take the test and then get anointed the responsibility, because they can’t possibly know it. And yet there is usually the one-year rule, or guideline, where you have to have the credentials plus the appropriate experience. And that’s where, periodically, you see where someone thinks, “Oh, well I passed the test. Now I’m as good as you are.”
Rob Hall: And we’ve run into that in our experience. I know, Clark, you worked on a number of engagements where they’re trying to find somebody to sort of fill a full time position and you’re filling in until they find that person.
Clark Tucker: Beyond that is that once they find that person, while that person is gaining experience, we contend to transition the roles. So, for some period of time I would work with that person while I’m still the FINOP, but then, at a point in time, six months or a year out, we transition that, and that person becomes the main FINOP. Yet, we’re still there behind the scenes in a support role to help them with any odd questions that come up, so that even once we’ve made that transition, we’re still a support for them.
Jeff Harpel: I’ve had that experience too, where, in my case, the person who was going to take over was actually already identified, but they needed to pass the exam, and they also needed to get the experience. So, we act as the FINOP for that year. Typically, after that year we became support. They become the Main FINOP, and we gave them support, answered questions, built on their experience, filled in the gaps. It works real well, actually, for the client.
Clark Tucker: It’s important that potential clients understand that that’s actually a normal part of what we’re doing. It’s not as if we came in on a temporary basis, and then there’s some concern about ending the relationship, because this is a smooth off-ramp to the relationship. We can come in when they need immediate help and give them that help, and work with their people and get everyone trained up, and build the new norm of what needs to happen. And then, at the time when it’s appropriate to hand it off and reverse the roles, it’s not like we’re going to just walk away and they don’t have to feel like we have walked away. We just transition the role and continue to support them until that new person really is fully up and running. And that’s a very normal part of what we do.
Rob Hall: So that actually goes right into my next question. What are the common mistakes that an inexperienced FINOP might be making? Jeff, did you have to want to handle that one?
Jeff Harpel: I mean, to me the most common mistake, and I don’t know if I want to call it a mistake exactly, but it’s really that lack of knowledge or experience. It’s easy to read the rule book and think, “Okay, I got it. I’m going to go do this.” And you might not realize there are certain nuances or interpretations that regulators have that you have to take into account. I was younger once. I can say this: I think it’s kind of easy to be young and cocky and overconfident, and you gotta be careful. Don’t be afraid to ask a question, be afraid to say, “Hey, I need a little help on this.” I know all this. But there’s this one thing and it’s a very common mistake, is to not do that. You can end up in nice deep water if you do that.
Rob Hall: I know that I’ve called and asked you questions a number of times.
Jeff Harpel: Everybody, I mean everybody, pretty much I know or worked with in the FINOP world – people who have done the role and you call them and you ask questions. The field, in my estimation, and I think Oyster is a terrific example of how we help each other out. You know, the five minute question? We can save you millions of dollars down the road. So don’t be afraid to do that. Don’t be afraid to pick up the phone. And if it turns into a bigger question, well then we can help you in other ways. But ask questions. I think that’s advice to anybody starting out. You might call me and I have a whole bunch of other people I can also call, so it’s not just us. We’re leveraging that out. You get the best answers we can possibly get; if we don’t know, we find it.
Clark Tucker: I agree with that. To build on what Jeff just said, I think that if you’ve been in this business long enough, you realize that there are enough odd nuances to different things that makes you then understand you probably don’t know all of the questions. And if you have someone with different experience or more experience, that’s always a good thing because that person may see the unknown to you, and may know the question that should be asked, and then ask it and get the answer to it, or know whom to pull in a given a certain topic that someone based on limited experience might not register as a point of focus. But someone with experience and a team of people might be able to help in those peripheral ways that are not as obvious to a brand new person with a shiny license.
Jeff Harpel: Another mistake: You learn something and you think you got it. But if you’re not keeping up to date and current with anything that might change, what you learned five years ago, it might be wrong today. And if you’re not reading or attending conferences or talking to other people, it’s really easy to get into the trap of, “Well, that’s what I did before and it was always right and acceptable;” but it might not be today. So you’ve got to keep up, you’ve got to keep current, you’ve got to keep in touch with regulators, other industry leaders, and things like that.
Rob Hall: That’s a good point. Okay, so last year they came out with a new Principal Financial Officer versus Principal Operations Officer rule. What are your thoughts on that?
Clark Tucker: I think that this is an example of the industry finally recognizing the realities of the situation. A lot of funds and small firms with limited purpose – one line of business or what have you – the roles could be easily combined, etc. But in larger firms with different avenues of business and different functions, I think it is probably safely stated that it’s largely untrue that a single person actually had effective control of all of the many functions that were taking place. In my experience, at least the person that was really over the financial operations of the firm, had much less to do with the day-to-day operations of different departments, and this division of titles allowed for responsibility to be assigned at a more local level with yes, granted, still one single senior point of focus. But still, this allowed for different people to be responsible for their areas of expertise in their areas of responsibility at a more local level. I think this was a long overdue correction, that instead of having everything go to a single person, in allowing for a more accurate reflection of the business and how it’s being run. I celebrate it.
Jeff Harpel: I agree with that. For many years, especially if you were in a large, say clearing firm, you had to be very careful how you defined your roles or responsibilities in your job descriptions, and things like that. Because if you were the Principal Financial Officer or the Principal Operations Officer, you both had series 27 licenses and it was very easy for a regulator to say you crossed the lines. And this, I think, clarifies that greatly. So now you have a Principal Financial and the Principal Operations Officer, and they have their own set of expectations. I think it’s great. I agree with Clark.
Rob Hall: Now for small firms, though, it’s possible for the same person to fill both roles, correct?
Clark Tucker: It is. And it’s not a conflict either, because with a small firm, you typically have, obviously, much lower activity, but you also have different kinds of activity. You tend to focus the activity. It might be a private placement firm or an advisory firm, but they have very narrowly focused lines of business. Where I think it has become and did become an enormous problem was when you had larger firms or retail-oriented firms or clearing firms, where you had a cashiering function that would be on the operational side, but critically important, as opposed to financial accounting on the other side. Typically, the person that’s responsible for the financial accounting and the real books and the reporting doesn’t have as much to do with the day-to-day functioning of say, a cashiering unit. And that’s an example of where this allows each group to really be held to this level of responsibility and experience. And we’re not so blurring the lines by grouping all of this under one thing. That’s a good example there. But yes, in a small firm, the activity’s very different. The volume is very different. And generally speaking, I think that the specific day-to-day functions that are being processed are much more narrowly focused and much more easily supervised.
Rob Hall: Okay. Jeff, anything to add there?
Jeff Harpel: Not really. I think that’s exactly right.
Rob Hall: Well, what are the regulators looking for when they come in and do an audit of the financial responsibilities and net capital?
Jeff Harpel: Well, let me answer the first part of that. Going back to a previous question about mistakes, this can be a common mistake, and it also is a very easy area for regulators to pick up or pick out and pick on – the whole notion of documentation. It’s the old adage: if you didn’t document it, it didn’t happen. So we’re all used to that, be it compliance, auditing or whatever. But it’s very true for any of the finance functions, too. If you’re going to comply with the capital rules, you’ve got to be able to document that you’ve done the proper procedures and that, things you’re calling allowable are, and you’ve got to be able to prove it. And a lot of times you might have done it right, but you can’t document it. Particularly smaller firms might not be used to that level of documentation. So a common mistake, and also something regulators pick on is, have you documented everything that you say you’re going to do, is it there in the work papers? So one that’s common mistake, and examiners will look for it.
Speaker 6: Thank you. Make sure you initial the things that you have reviewed.
Clark Tucker: If you’re the FINOP, you’re the custodian of the firm’s books and records, and that’s clearly a numerated in the rules and you are, as Jeff said, responsible for ensuring that the firm is maintaining the right books and records in the correct manner for the appropriate amount of time, and that they’re easily accessible when they need to be. And that is certainly a responsible to you.
Rob Hall: Any other questions or comments that either of you guys think are pertinent?
Jeff Harpel: No, nothing’s that’s coming to mind.
Rob Hall: Then thanks to you both for sharing your experiences. Also, thanks to everybody for listening. If you have any questions about what we’ve discussed or other FINOP questions, or if you have any topics that you’d like us to discuss in the future, feel free to call us at 804-965=5400, or visit our website at www.oysterllc.com.
Effective Expert Witnesses – December 4, 2019
Libby Hall: Hi everybody. I’m Libby Hall, your host for today’s podcast. Selecting the right expert witness can affect the duration and outcome of your case. Today, I’m joined by Oyster Consulting’s General Counsel Patrick Dennis and Consultant Andy Favret, who will be discussing the typical industry cases they’ve been a part of and how to be an effective expert witness.
Libby Hall: Patrick is one of Oyster Consulting’s founders and he frequently acts as an expert witness on a variety of financial services industry topics. Patrick has been in the securities industry for 30 years. He previously worked for the SEC’s Division of Enforcement, and was also General Counsel for Wachovia Securities and Banc One Securities. Andy also has over 30 years of experience in the industry. Prior to working at Oyster, Andy served as Regional Chief Counsel in the FINRA South Region, and Andy has provided expert witness services in FINRA and JAMS arbitrations and civil and criminal court proceedings. With that, Patrick, I’ll hand it over to you.
Patrick Dennis: Thanks. Andy, I know you and I testified about a number of different things, somewhat different. Tell me a little bit about some of the areas that you’ve testified about.
Andy Favret: I’ve primarily been hired as an expert in FINRA rules and regulations and, to some extent, on SEC rules and even some state rules. Typically the most common things I’ve been asked to opine on have been interpretations of federal rules on suitability and supervision. Those are sort of the bread and butter topics that I’ve seen in securities litigation and arbitration. But I’ve been surprised at how many other somewhat more obscure rules are called into play and those have been included FINRA rules involving membership agreements, obligations of firms to disclose accurately on forms U4 and U5, debt security markups – anything typically that would enable a fact finder to gain information that might not otherwise be available to them.
Patrick Dennis: Before we move on, I know you’ve done a lot of work on the variable annuity stuff, and that was one of the areas of expertise you had when you were at FINRA. Have you testified about variable annuity issues? I know we’ve talked to a number of firms about that, but I don’t know whether you’ve testified about that yet.
Andy Favret: I have had an opportunity to testify in one case about that. I’ve actually been retained in two others. One, which is still pending, to talk about the evolution of the variable annuity suitability rule, and because that’s a more complex type of instrument, it has been the type of area that both lawyers and arbitration panels do need expert testimony. And so you’re right, that has been one that I’ve found that I’ve been able to add some benefit to.
Patrick Dennis: I know I’ve testified about a number of the similar things that you have – suitability and supervision, and things like that. But I’ve also ended up testifying a lot about investment advisory issues: both requirements, the obligations, due diligence required of an investment advisor, and recommending hedge fund investments, and some things like that. I’ve also done a lot of work on the role of investment advisors versus clearing firms, and testified a lot about margin and margin issues that seem to pop up a lot, both on the clearing firm side of course, and then on the investment advisory side. But I’ve had some pretty obscure, investment advisory issues as well, including one in which the guy wanted to do principal trades in an investment advisory account, which created some issues. You can do it, but you have to do a bunch of work in advance. And they have testified about (Form) U5 and issues and concerns about that, and firms’ obligations, and things like that. But Andy, tell me a little bit about your thoughts on the role, on your role as an expert when you’re retained. What are they looking for and what do you think you provide?
Andy Favret: Well, at the outset, what you’re looking at primarily are documents, and typically there’s sort of a document dump, but the beginning of an engagement, where you’re reviewing statement of claim and the answers and exhibits that are going to go into the case, you typically are gonna look at a firm’s written supervisory procedures or aspects of it. So, at the outset and most commonly, you’re reviewing a lot of documents. But I’ve been surprised at how far beyond just document review the scope of engagement may go very often. We’re called upon to provide assistance to the lawyers litigating the case for purposes of trial preparation. They want to bounce ideas off you, they want you to review copies of pre-hearing submissions briefs. They want to talk about witnesses and ways to approach their examination of witnesses, both your own and witnesses from the other side. So, a lot of the role goes beyond just document review and providing the actual expert opinion and includes as well, assistance in trial preparation, which is very rewarding and often extends into the hearing itself. Where during the conduct of the hearing, you’re huddling with the lawyers and really discussing strategy on a day-by-day basis.
Patrick Dennis: Yeah, I think my experience is the same. It’s interesting. It sort of runs the gamut from being very much involved, including strategy and feeding questions when the other side’s expert is testifying to figuring out who the right people are to testify. Other stuff we want to try and get in and stuff we want to leave out. I get involved in a lot of those. And it’s interesting because I’m talking to somebody right now about a case that’s about a year away in federal court in Boston. I have done a bunch of federal court cases. I’ve done some state court cases, a lot of FINRA. And you know, it’s interesting because sometimes you’ll get called a year in advance or so to testify, and there’s a lot that needs to be done. In other cases it seems like you’re getting called at the eve of the 20-day exchange on a FINRA arbitration, or sometimes even after the 20-day exchange because they’ve gotten the witness list for the other side, and they’re thinking about you as a rebuttal witness. So it really kind of varies a lot in terms of how much lead time we get, how quickly we need to be able to review the documents, and things like that. But what’s your experience been?
Andy Favret: My experience is very much the same. I’d like to go back to one thing you said when you talked about our role. I’ve also had a recent experience where the lawyers for the client wanted me to sit down with the client and advise them as to the whether or not they should settle the case. In other words, prior to the hearing, whether they had a good case, whether it made sense to settle, not how strong their case was. So you may have situations where you’re dealing directly with a client and basically providing the advice. But getting back to your discussion about time considerations, there’s a real discrepancy. There’s a lot of hurry up and wait, where you get documents provided, as you said, sometimes 20 days out, when there’s a sudden need for an expert and the retention agreements put into place.
Andy Favret: Other times you might find with a continuance or a postponement that a lot of the work that you’ve done hurriedly before the hearing, then it gets put off three or four months. And you’re really in a situation where you’ve got to keep good notes so that when you go back three months later to readdress particular issues, you’ve got the notes in front of you and it’s relatively easy to refresh yourself. You don’t want to be in a situation where you have to start all over again, so you’ve got to be a quick study in this kind of engagement because documents come in, and suddenly lawyers are frantic to have you take a look at something if they’ve got a deadline approaching. But you’ve also got to recognize the fact that sometimes things are going to be postponed and put off. Neither of those are situations you really have a lot of control over. You just have to be as adaptable as possible.
Patrick Dennis: Right. You know, it sort of reminds me of the fact that you and I aren’t the only ones that do this for Oyster. We’ve got a couple of other folks that do a lot of expert testimony and, and one is Bill Reilly in Florida. Bill was with the state of Florida Financial Services Division for 30 years, and has been with us seven or eight years now. He does a lot of testifying on a lot of state issues and a lot of broker-dealer examination issues, because he ran the training program for broker-dealer examiners for NASSA for a big part of the 30 years he was there, and they still call on him to come in and run that training. So that’s one issue that we get calls on a lot. The other thing is Evan Rosser, who was at FINRA as well.
Patrick Dennis: Evan was there for 20 plus years, and sort of the liaison between the exam staff and the Enforcement Division, and has some unique insights into FINRA and those kinds of issues. One of the things that has come is the rates and what we charge, and what experts charge. I agree with you. I’ve talked about the fact that we think that a lot of times experts are considered a luxury. They’re sort of on top of all the other money that’s getting spent in litigation. So, I know we’re sensitive to costs, we’re sensitive to rates, we try and work with folks and are flexible. What are your thoughts on that?
Andy Favret: Well, we have all sorts of different clients, and some of them are big operations that don’t think twice about hiring an array of experts to litigate an important case. But others are smaller clients, where costs are very much the sensitive issue. And I’m certainly aware in my dealings with these clients that there are instances where the retention of an expert is viewed as something of a luxury. Sometimes it’s one of the costs that are incurred in the weeks leading up to a hearing. They’re sensitive to spending extra money, not withstanding the fact that they recognize the importance of having the expert there. So we do have to be cost conscious, especially with certain of our clients. We’ve got to be efficient because you want to make sure you’re not spending too much time going over documents that may not be important to a hearing.
Andy Favret: I’ve found it’s very helpful to talk to counsel to make sure that the documents and the time that I’m spending is useful for a hearing, and not just sort of make-work, because we don’t want to spend the client’s money unnecessarily. That being said, we recognize the importance of being thoroughly prepared when you go into a hearing because there’s nothing more important to the client than having an expert who is, in fact, up to speed on both the facts of the case and the law involved in the case. So we’re thorough. We try to be very well prepared, but at the same time, we understand that we don’t want to be spinning our wheels reviewing materials that ultimately may not be necessary. It’s interesting you bring up Bill Reilly in your discussion of our experts. There have been at least two instances that I’ve had in the midst of an engagement where an issue of Florida state law has come up either during or hearing or leading up to a hearing.
Andy Favret: I’ve been able to pick up the phone to Bill and get a resolution of that issue quickly. He’s very well rehearsed on Florida state regulations, and it’s great that at Oyster we have a deep bench of other experts that you can call on in the middle of an engagement to get additional advice. I’ll tell the client that – I’ll say, “I’ve got a colleague that can help us out on this. Do you want me to put in a call?” Invariably they say yes, and, as I said, in at least two instances, Bill particularly has really come through.
Patrick Dennis: One of the things that I think we ought to talk about, because I think it’s critically important as an expert, is that you have to come off as being credible. You have to have integrity, meaning you don’t testify about things you don’t know or you don’t get out over your skis as they say, because you’re arguing too far over your skis to help reach some opinion that somebody wants. That’s not our job. Our job is to make sure that we’re solid on the testimony and information we’re providing. I think that that’s critically important, that we maintain our integrity. I’ve been lucky enough that most of the folks that I’ve testified for have said that I am very, very credible, and I think part of that is because if I don’t know something I say, “I don’t know it.” If it’s something I’m not comfortable with, I don’t try and stretch the limits of my knowledge or my experience. I think that’s critically important. And I will say, this has happened a number of times, where folks have called us and we don’t really have the right expert. People have been kind of shocked that I’ve called people back or, sent them an email and say I’m not sure I’m the right person, but you might want to try this person or that person or other folks that I’ve met in my career that I think could testify and could do a good job for you. People appreciate that. I think I’ve gotten a number of calls from folks that they’re surprised that I will do that, but it’s more important that we maintain our reputation and our integrity and help people find somebody. They’ll come back and they’ll talk to us again if they have a need again.
I very much agree, Patrick, on the credibility issue, especially you and I, as former regulators, I think that’s the one thing we have in our favor as an expert testifying before fact-finders. There have been instances where I’ve testified or given an opinion on four items, but not on the fifth. I’ll very candidly say, “No, that’s not something I’m really prepared to testify about.” Or, even in some instances after discussions with counsel, we’ll give testimony that works in some fashion against our client because you want to come out Foursquare in terms of integrity and credibility. I think that very much helps you in front of an arbitration panel or a judge or a jury where you can be 95% in favor of the client. But if 5% say, “Yeah, there was a problem there,” and be skillful enough to sort of talk your way around it without losing credibility and without casting any aspersions on your clients. So I agree and I think especially for us as former regulators, that rings even more true that we want to be in a position where our integrity is unquestioned.
Patrick Dennis: I agree completely. I think that’s critically important both for our own personal reputations as experts, and for the reputation of Oyster. With that, Andy, thanks for your time and I really appreciate your thoughts. Hopefully folks can use this to learn a little bit about Oyster and about what we do as expert witnesses, and about expert witnesses in general, in terms of what folks should be looking for when they’re looking to hire an expert. So with that, thanks very much.
Libby Hall: Thanks again for listening to the Oyster Stew podcast. Don’t forget to subscribe so we can help you make the best decisions for your firm. If you’re struggling with a topic and you’d like us to do a podcast on it, or you’d like a free consultation, please reach out to us at (804) 965-5400 or visit our website at www.oysterllc.com.
Advertising Rule Part 2 – November 15, 2019
Molly Bryson: Welcome back everyone to the second of our two-part podcast series talking about the SEC proposed advertising rule changes. I’m Molly Bryson, and today with me are Bill Reilly and Michelle Craft. We’ll discuss the pertinent SEC enforcement actions and how Reg BI will impact advertising and marketing practices. Bill’s been with Oyster for seven years. Prior to that, Bill was a state of Florida regulator for 30 years. He has deep experience with broker-dealer and investment advisor compliance programs, and frequently acts as an expert witness. Michelle Craft has been with Oyster for eight years, and in the financial services industry for 24 years. She has held various roles from Registration Analyst to Chief Compliance Officer for regional and national broker dealers as well as investment advisors. So let’s get started. Bill, could you start us off?
Bill Reilly: Yes, I’d be glad to. What I did in researching for this presentation, is I went ahead and looked for the last couple of years at SEC enforcement actions and came up with three that I thought were noteworthy of speaking about. The first of the cases I’m going to talk about our robo advisors, and the reason that I chose those is, number one, robo advisors is a type of advisor that has been looked at substantially over the last couple of years by the Commission. The violations that were found for these robo advisors are also going to be found in your more standard type of investment advisor. But the first case I want to talk about is that the SEC found that a robo advisor with over $11 billion in assets under management made false statements about tax loss harvesting strategy, offered to clients. What the firm did was, it disclosed to clients employing it’s tax loss harvesting strategy, and the strategy was the selling of securities at a loss to offset capital gains tax liabilities. And, the firm would monitor all client accounts for any transactions that might trigger a wash sale. And of course, a wash sale occurs when it’s security is sold at a loss, but the same security is also purchased within 30 days before or after the sale. The losses from the wash sales are not recognized for tax purposes. But what the SEC found was that the investment advisor, it’s system failed to monitor for wash sales over a period of more than three years, during the time of this three years, while sales occurred in at least 31% of accounts enrolled in the firm’s tax loss harvesting strategy. The firm said it was going to offer a service and it never held it’s part of the bargain. The SEC also found that the investment advisor improperly retweeted client testimonials without necessary disclosures, paid bloggers for client referrals without the required disclosure and documentation to comply with the Solicitors Rule, and failed to maintain a compliance program reasonably designed to prevent violations of the securities laws. As a result of these issues, the SEC fined the investment advisor $250,000 for violating the anti-fraud advertising compliance and some other provisions of the Investment Advisers Act of 1940. This case that I just talked about, and the case I’m going to talk about, were actions brought in 2018.
Bill Reilly: In the second case, the SEC found that the investment advisor, which had approximately $81 million in assets under management, made a series of misleading statements about it’s investment performance. What the commission found was that from 2016 until mid-2017, the investment advisor posted on its website and social media comparisons of the investment performance of the investment advisor with those of two other robo advisors, or competitors. By doing this, the SEC stated that the performance comparisons were misleading because the advisor included less than 4% of his clients’ accounts, and those 4% had higher-than-average returns; the investment advisor compared this with rates of return that were not based on a competitor’s actual trading models.
Bill Reilly: The SEC also found that the advisor failed to maintain required documentation, and failed to maintain a compliance program reasonably designed to prevent violations of the securities laws. They also found that the advisor violated the anti-fraud advertising compliance and books and records provision of the Adviser’s Act. These are somewhat fairly common types of violations that we find on the in the advisor area.
Bill Reilly: The last case I want to talk about is an action brought by the Commission against 13 investment advisors. Now, this action was brought in 2016, but I still think it’s very appropriate, based upon the number of advisors named and some of the violations. In this case, the SEC brought action against 13 investment advisory firms, found they violated securities laws by spreading the false claims made by an investment management firm about its flagship product. As a result of an investment sweep, the Commission found the 13 firms accepted and negligently relied upon claims by the registered investment advisor, that one of its strategies for investing in exchange traded funds had outperformed the S&P Index for several years. The firms repeated many of the investment advisors’ claims, while recommending the investment to their own clients. This is the important part of the action: recommending the investment to their own clients without obtaining sufficient documentation to substantiate information being advertised. And basically, through this enforcement process, the advisor admitted in an SEC enforcement case that what was purportedly it’s real historical track record was only back tested performance that turned out to be substantially inflated. As a result of this, I thought that there was a quote that was provided by the commission relating to this activity. Let me go ahead and read the quote:
“When an investment advisor echos another firm’s performance claims in its own advertisements, it must verify the information first, rather than merely accept it as fact. These advisors negligently pass many of the investment advisors’ claims onto their own clients, who were consequently relying on false and misleading information when making investment decisions. I think the point to be gained here is that you cannot take information provided to you – you must actually take the steps to verify to the best of your ability, and confirm data that you are publishing and providing to your own clients.
Molly Bryson: In addition to the proposed Advertising Rule changes, the June 30th, 2020 Reg BI implementation date is looming. CCOs and marketing and compliance teams will be extremely busy reviewing the potentially thousands of marketing and advertising pieces which may be produced against these new requirements. Michelle, what will the Reg BI implementation mean for firms with regard to advertising?
Michelle Craft: So, when we think about the Reg BI impact to firms, we see that there’s going to be potentially a larger impact to our broker-dealer firms. And specifically, as we talk about advertising here today, the titles that are being used by registered representatives of broker-dealers. So it’s important to note that if an individual is referring to themselves as a Financial Advisor currently, and they are only registered with a broker-dealer, they do not maintain any kind of license with a registered investment advisor. They are going to be prohibited from using the word “Advisor” in their title. So, no longer can they be referred to as a Financial Advisor. And there’s probably, I would say, 80% or more of the individuals in the industry using that term even if they are only broker-dealer registered. So that’s going to require firms to take a look at their approved titles that can be used by individuals, and potentially come up with new titles.
Michelle Craft: There’s nothing in the rule that states that you can only call yourself a registered representative if you are solely broker-dealer licensed. But, the rule is really intended to target the clients’ understanding of the services that they’re being provided. So if you’re calling yourself a Financial Advisor, there’s an assumption that you could be providing those services as a registered investment advisor, or a representative of an investment advisory firm. Again, people are going to need to start taking a look at business cards, stationary, email signatures. If your firm website has bio bio pages where you’ve listed an individual and their title, that could potentially need to be updated. A social media page where you’re listing your name and title; or any flyer, brochure, seminar material. Basically, any kind of advertising or communication that’s personalized to the representative themselves, if it includes the words Financial Advisor and they are solely registered with a FINRA firm as a registered representative, they cannot represent themselves as a Financial Advisor.
Michelle Craft: Now I will mention that if you’re a dually registered individuals, so you are registered with FINRA as well as being registered with a registered investment advisory firm, then you can still use the Financial Advisor title. Similarly, if you are registered solely with a registered investment advisory firm, you can still use the title Financial Advisor. Dually registered firms and or individuals, and solely registered investment advisor representatives, can still use Financial Advisor. If you are broker-dealer licensed only – so Series 7 licensed only as an agent through FINRA, you may no longer use the Financial Advisor title. They may choose to use “wealth advisor” or “financial consultant.” There’s a variety of different titles that those individuals can still use. Certainly there’s registered representative, which is the term that’s typically used as reference from a regulatory standpoint to delineate the difference between a broker-dealer representative and an IA representative.
Michelle Craft: But it’s up to firms to make a decision as to what titles they will allow moving forward. We recommend that once you’ve determined what titles would be allowed for individuals that are solely-registered within with a broker-dealer, communicate that information to your supervisory principals, to those individuals that are reviewing materials to look for instances where individuals are still using Financial Advisor. And remember, this role does go into effect in June of 2020. So for firms that have mass amounts of advertising materials (I have worked myself with firms that have issued 4,000 pieces of advertising in a year), it may be a piece of advertising that is then approved, but then it’s tailored to fit the individual that’s issuing the material. You need to clearly make sure that you’ve communicated with your associates the changes in titles. Make sure that your supervisors are looking for it so it doesn’t sneak through. Update your policies and procedures to make sure that you have specifically addressed what titles can be used depending on the types of registrations held. So, I see that as one of the biggest impacts from an advertising perspective, as it relates to the Reg BI rule, which again goes into effect in June of 2020.
Molly Bryson: Okay, thanks Michelle and Bill. There’ll be a lot for folks to do in the upcoming months and, of course, Oyster is ready to help. Oysters experts can assess your firm’s marketing and advertising materials against the Reg BI requirements and the proposed rule changes. Our team is also well-prepared to assist with other aspects of your Reg BI implementation. If you have any questions about anything we’ve discussed today, or if you have a topic you’d like to hear in future Oysters Stew podcasts, please feel free to call us at (804) 965-5400 or visit our website at www.oysterllc.com.
Advertising Rule Part 1 – November 20. 2019
Molly Bryson: Hello everyone. I’m Molly Bryson, your host for today’s podcast, Part 1 of a two-part series talking about the SEC’s proposed advertising rule changes. Today we’re discussing the difference between the current rule and proposed changes. Next week, in Part 2, we will talk about pertinent enforcement cases and the impact of Reg BI on marketing and advertising. I’m joined today by Oyster Associate Director, Bill Rielly and Senior Consultant Michelle Craft. Bill’s been with Oyster for seven years. Prior to that, Bill was a state of Florida regulator for 30 years. He has deep experience with broker dealer and investment advisor compliance programs and frequently acts as an expert witness. Michelle Craft has been with Oyster for eight years and in the financial services industry for 24 years. She has held various roles from Registration Analyst to Chief Compliance Officer for regional and national broker dealers as well as investment advisors. So let’s get started. Bill, could you start us off?
Bill Reilly: The current SEC Rule 206 of the Investment Adviser Act defines an advertisement as: any notice, circular, letter or written communication addressed to more than one person; or any notice or other announcement in any publication by radio or television, which offers any analysis, report, publication, concerning securities or which is to be used in making any determination as to whether or not to buy/sell any security, or what security to buy or sell; any graph, chart, formula, or other device to be used in making any determination as to when to buy or sell a security; or which security to buy or sell. And lastly, any other investment advisory services with regard to securities. Now, one of the things that’s important to point out here is that there is an industry standard for advertisements. And that standard is that an advertisement may not contain any untrue statement of material fact or which is otherwise false or misleading. In essence, all advertisements must be fair and balanced.
Michelle Craft: That’s correct. So on November 4th of 2019 the SEC did publish, the proposed changes to the advertising rule. This is going to be the largest change in the advertising rules, or any change to the advertising roles since 1961. We discussed here internally that many of the people who are currently in the financial securities industry weren’t even born when this rule was originally written. So this is a big change. It helps to address the technology advances that we’ve had over the years and how the industry as a whole has evolved since 1961. So one of the biggest changes is the actual definition of advertisement. So it’s now going to be more broadly defined as any communication that’s disseminated by any means, by or on behalf of an investment advisor, that offers or promotes investment advisory services or that seeks to obtain or retain advisory clients or investors, in a pooled investment vehicle that’s advised by the advisor. Now, there are a couple exclusions to the definition when we talk about any communication disseminated by any means. They do specifically exclude from the definition of advertisement oral communications that are not broadcasted, responses to certain unsolicited requests for specified information, any other sales material, that may be within the scope of another commission rule and any information that is contained in a statutory or regulatory notice or filing or other communication. And that would include things like the ADV Part 2 brochure because that’s a regulatory filing, well, required filing or notice that would not fall under the definition of an advertisement.
Michelle Craft: Now, under the proposed rules, the general prohibitions do remain the same. So you can’t make any false or misleading statements, omissions of material fact. You can’t have any unsubstantiated claims. You have to provide a balanced presentation. You can’t talk about the benefits and not also talk about the risks, including or excluding any performance results or other performance information or time periods in a manner that is not, again, balanced or fair; and any other information that they would otherwise deem to be materially misleading. It seems like basic common sense, but ultimately those are the general prohibitions. I think something that we’d like to do is kind of look at the risk alert that was issued back in 2017 by the SEC that really targeted what were the areas of advertising that were most frequently identified as advisers violating the advertising rules and kind of comparing contrast how the proposed rules are being addressed. So when we look at what the violations were in the past and what the issues were that were as a result of the former advertising rule, and then kind of looking forward at how the proposed rule is intending to address some of those areas. So I’m going to toss it back to Bill to kind of kick us off on some of the different areas that we want to address: current role versus proposed role.
Bill Reilly: Yes. Thank you Michelle. And one of the things that, again, I’m going to talk about is the current rule, and we’ll talk about their proposals and we’ll move forward from there. But one of the first areas that was discussed in the 2017 risk alert, was advertising concerns that the Commission had regarding Registered Investment Advisors presenting performance results without deducting advisory fees. And, of course, the regulation requires that the performance results must be net of fees. Another area that the SEC talked about was that the Registered Investment Advisors compared results for a benchmark but did not include disclosures regarding the limitations of such comparisons. An example of that is the advertised strategy material different from that of the benchmark. It’s very important to make sure that all of that information is included and analyzed. And one other, one last area under the current rules for a misleading performance results is that the advisor included hypothetical and backtested performance results without explaining how these returns were derived. Again, one of the things that we’ve talked about are full and fair disclosure – disclosure of the good, disclosure of positive and disclosure of the risks. In many of these situations, these performance results did not present both sides of the equation.
Michelle Craft: Okay. So again, when we think about what the proposed rule states, they’ve kind of broken it down into a couple of categories. You have some performance information in general – they have defined there are certain prohibitions or would be certain prohibitions. Number one, gross performance results. Unless it is provided with a schedule of fees and expenses deducted to calculate net performance, you cannot use gross performance, unless you are providing that schedule of fees and expenses deducted to calculate net performance. Where before you basically were told that you could only do net performance, now they’re saying that you can potentially provide gross performance, but only if it isn’t accompanied by that schedule of fees and expenses that would allow someone to calculate the net performance. In addition, no statement that the calculation or presentation of performance results have been approved or reviewed by the Commission.
Michelle Craft: We keep in mind that there are many places where the Commission does not, not allow us to make a statement that it has been reviewed, approved, or endorsed by the commission. Think about your Form ADV Part 2 disclosures. That is a statement that you have to make in your ADV. If you state that you are a Registered Investment Advisor, you must make the statement that the Commission has not reviewed or approved, and is not endorsing your Registered Investment Advisor. In addition, performance results with fewer then all of your portfolios was substantially different investment policies, objectives or strategies as those being offered or promoted in the advertisement, with a limited number of exceptions, would also be prohibited. Performance results of a subset of investments that were extracted from a portfolio, unless it provides or offers to provide, promptly the performance reviews of all investments in that portfolio would also be prohibited.
Michelle Craft: When we think about hypothetical performance, unless the advisor has adopted and implemented policies and procedures that are designed to ensure that the performance is relevant to the financial situation and the investment objective of the recipient, and the advisor provided certain information underlying the hypothetical performance. So again, the hypothetical performance has to be relevant and it has to describe why it is relevant to the information that you’re providing. If it’s an advertisement that’s targeted towards a retail audience, additional protections would also be provided. They wouldn’t require that the presentation, the net of fees alongside any growth performance. So again, we talked about the general prohibitions that gross performance would not be allowed, unless you provided a schedule of fees and expenses that would give you the ability to deduct and calculate the net performance. If it’s targeted towards a retail audience, you would be required to present net of fees along with any presentation, gross of performance. Requiring that the presentation of any performance results in any portfolio or certain composition aggregations for the one-year, five-year and 10-year period. So they’ve gotten very specific in that you have to provide it for specific time periods as well. And again, that is for advertisements targeted to retail investors.
Bill Reilly: Okay, well let’s, let’s talk for a few minutes about some other provisions that were, that are in these release. And one of them is cherry picking of profitable stocks elections under the proposal. Now, one of the things that all of us are familiar with are cherry picking. It’s the generally used in review of client accounts, and it’s placing favorable transactions into certain preferred accounts. So that itself is a general definition cherry picking. But in the definition of cherry picking of their profitable selections under the proposed rule, in a lot of situations the RIAs included only profitable stock selections in their recommendations and presentations, client newsletters, on their website. And the advisor failed to furnish a list of all recommendations made by such investment advisors during the proceeding year. In essence, what we’re talking about here is taking the good information, highlighting that and not presenting a balanced approach by providing the not so favorable recommendation.
Bill Reilly: So a very, very serious problem there. The next section we want to talk about is misleading selection or recommendations. And what the Commission found is that advisors disclose past specific recommendations that may have been misleading because they included only certain and not all recommendations in order to illustrate an investment strategy. Again, one of the things is that all advertisements must be fair and balanced and when you’re not providing the positive information and either not providing or downplaying the “not so positive” or negative aspect of the recommendations, the Commission is going to come in and question those activities. And also the OCIE staff observed that advertisements may not have been consistent with these representations. A good example of this is disclosing that specific recommendations did not represent all securities purchased, sold or recommended to clients during that period, and discussing an advertisement to profits realized by specific recommendations.
Bill Reilly: Again, fair and balanced advertisement disclosed the positive information, but also it’s necessary to provide the downside and the risks associated with any type of recommendations. The next area that we want to talk about, is compliance policies and procedures. Just like a lot of other areas, the Commission requires firms to have policies and procedures relating to advertisements. One of the things that the Commission found is that advisors did not have or did not implement policies and procedures concerning the following issues. First issue: the process for reviewing and approving advertising materials prior to their publication or dissemination. Many firms will have a pre-approval policy in place. The next one was, when using composites determined in the parameters for which accounts were included or excluded from performance calculations. I think in many situations there was positive information presented at the expense of some negative information. And the last is confirming the accuracy of performance results in compliance with the advertising rules. Now, we’re going to turn it back to Michelle. She’s going to address a little bit about the policies and procedures under the proposed regulation.
Michelle Craft: Thanks Bill. So under the proposed rule, similar for those of you that are FINRA registered firms or dual-registered firms, FINRA has said for a long time that you had to have pre-review and approval of communications with the public or advertising; that they had to be reviewed by a designated principal prior to the distribution or dissemination of any advertising material. The proposed rule follows suit with that and is going to require Registered Investment Advisors to have an internal pre-use review and approval process. All communications, all advertisements would have to be previously reviewed and approved by the designated employee. So, unlike on the FINRA side, you would have a series 24, Series 910 principal that would be responsible for reviewing and approving advertisements or communications with the public prior to dissemination. They don’t have that same designation of the individual on the Registered Investment Advisory side, but nonetheless the firm will need to designate an individual that is responsible for reviewing and approving prior to dissemination of any advertisement.
Michelle Craft: Now, there are a couple of exceptions to when it will not be subject to that prior review and approval standard. That is for communications that are disseminated solely to one individual or household, or single investor in a pooled investment vehicle, or in the case that it’s a live oral communication, that’s broadcasted on the radio, television, the internet or, or some other similar medium. And obviously, because it’s broadcasted live, it can’t be reviewed and approved prior to dissemination. So those would be the only two instances. Moving forward, if the proposed rule was approved as currently written, you would not need prior review and approval of an advertisement.
Bill Reilly: Okay. Let’s go back and talk about the current rule and the misleading use of third party rankings or awards. A Couple of things that the Commission found during their reviews was that advisers advertised accolades that have been obtained by submitting potentially false or misleading information. The applications for such accolades that advisors published were marketing materials that referenced outdated rankings, advertisements that refer to the IRAs’ high rankings, and various publications were issued several years prior where the rankings were no longer applicable. It’s very important that information that is provided to clients is current as opposed to, in some situations, it’s indicated from information that may have been several years old. Also, advisers published potentially misleading advertisements that did not disclose irrelevant selection criteria for the awards or rankings, or who conducted the survey. Again, fair, balanced, and transparent are general observations that are made about advertising.
Bill Reilly: And lastly, the Commission found that IAs failed to disclose the fact that they had paid a fee to participate. The Commission found that investment advisors failed to disclose the fact that they had paid a fee to participate in or distribute the results of the survey. Anytime we’re talking about monies or services being paid or exchanged, it’s important for that information to be, to be disclosed. And in many situations, the payment of these monies and so forth might actually even be discouraged from being utilized in this use of their party rankings. Michelle….
Michelle Craft: So under the proposed rules, they will allow the use of third party rankings. They are going to require that there be specified disclosures and there has to be certain criteria included in those disclosures when pertaining to the preparation of the rating or ranking or accolade. So, similar to what Bill was just mentioning, all of those little highlighted areas that the SEC picked apart, those are the specific disclosures that you’re going to need to include. So they’re going to allow them, you need to state whether or not you were paid a fee or that you paid a fee to circulate the survey. You need to substantiate what was the criteria for earning the accolade, what is the calculation and or methodology for the rating being granted. So now all of that information is clearly spelled out in the proposed rule – that you have to clearly define how did you obtain it, what was the criteria for obtaining it? What is the methodology of any rating that’s being used? And if you’ve earned an award or you have paid any money to circulate the results of that survey, all of that information has to be there.
Bill Reilly: And the last area that we’re going to talk about under the 2017 release is dealing with testimonials. One of the things that the Commission found is that Registered Investment Advisors presented statements of clients attesting to the RIA’s services or endorsing the RIA, that may be prohibited under the testimonials. And what we’re talking about here are client endorsements published on websites, social media pages, reprints or third party articles, or pitch books. I think this is one area that is going to be a major change on the proposed rules that Michelle’s going to talk about in a second, that will allow certain types of testimonials to be provided by Registered Investment Advisors. So Michelle, why don’t you talk about that?
Michelle Craft: Yes, that is correct. So again, this is another one of those areas where the SEC has looked at FINRA rules. So FINRA would allow a broker-dealer to post a testimonial or to have an endorsement posted on a public website or on a social media page. The one caveat to the FINRA rule is that if you paid the individual for the testimonial for it to make any kind of endorsement, that information has to be disclosed. So under the proposed SEC advertising rules, this will follow suit. They are going to allow testimonials; however, it is going to be subject to those specified disclosures, including whether the person that is giving the testimonial or the endorsement is a client and whether or not compensation had been provided by or on behalf of the advisor for that testimonial and or endorsement.
Michelle Craft: And again, I think as Bill mentioned, one of the biggest areas we expect this to be impacted on is… as we know, advisors are using LinkedIn. LinkedIn has that section out there where you can endorse and/or provide some sort of recommendation, based on the services that you’ve received from that advisor. That’s an area that many firms have just completely said, “You need to turn that off on your LinkedIn account so that someone can’t inadvertently put information out there that would be in violation of the rule.” So that is an area I think that will have a potentially large impact for some firms if they allow people to turn that function back on. They can have their clients now provide a testimony, a testimonial, and or endorsement out on LinkedIn. They’ll still want to monitor, obviously, what is being posted there, and they may choose to still not allow it. But certainly under the proposed rule, if it is approved as written, it would allow for testimonials.
Molly Bryson: Thanks Michelle and Bill. Well, I think we covered a great deal about the differences between the current advertising rule and the proposed changes. Be sure to tune in next week as we talk about SEC enforcement actions and how Reg BI will impact marketing and advertising. I think a lot of people are going to be very busy in the upcoming months. If you have any questions about anything we’ve discussed today or if you have a topic you’d like to hear in a future Oyster Stew podcast, please feel free to call us at (804) 965-5400 or visit us at www.oysterllc.com
All content © 2019