Transcripts for the Hearing Impaired
2020 Exam Priorities Letters – Part 2
Buddy Doyle: Hi everybody. This is Buddy Doyle. I’m the Chief Executive Officer of Oyster Consulting, and welcome to this latest version of Oyster Stew, our podcast that we use to talk about the financial services industry. I’m fortunate enough today to be joined by Evan Rosser and Joe Turner, both of whom are former regulators, have worked in the broker-dealer and investment advisor business for quite a while, and have transitioned to consulting as they go through their career, and have been with Oyster Consulting for some time. So thank you, Evan. Thank you, Joe, for joining us. What we’re talking about today is the examination priorities, the SEC and FINRA. If you’re wondering what’s on their mind, it’s fortunate that they tell you every year. So moving on to market integrity, which is another major component of the Letter, what particularly jumps out to me when I think about market integrity is really down to the controls that came out of 15c3-5, the Market Access Rule.
Buddy Doyle: And Evan, I know you’ve done an awful lot of work related to algorithmic trading and controls and been involved in a lot of the regulatory dust ups that have occurred in the industry. Can you give us a little bit of an overview of what firms should be thinking about when it comes to direct market access controls?
Evan Rosser: This is an issue that affects the marketplace itself. It affects the financial health of firms and it is a customer protection issue. So it really touches all aspects of what FINRA and the SEC are meant to regulate. And it really brings the technology now of current trading practices into the compliance world. One of the most important aspects of the Direct Market Access Rule 15c3-5 is really controls. It’s very much a control rule, and one of the things that FINRA is going to look at is, what are your controls? How do you control orders entering the system? Are they in regulatory compliance? Do they, are they within preset capital and credit controls? And then are you reviewing post-trade surveillance? That’s another huge part of 15c3-5. And the issues that FINRA has and they have found it, as does the SEC, is you don’t have those controls. You don’t have a process to set adequate capital control for the firm’s trading and credit controls for the customers’ trading. Do you have a process for intra-day changes because they will happen during the course of the day for active trading firms enact high frequency traders. So you need to have that process for creating those credit and capital controls, enforcing them, being aware when they’re being breached or nearly breached and resetting them during the course of a day for legitimate reasons. Another thing required by 15c3-5 is CEO certification.
Evan Rosser: The C CEO certification really needs to be documented. Most firms do a series of sub-certifications from technology, from credit and finance, from technology and compliance. There are a number of aspects of the program that need to be reviewed, and they need to be demonstrated that the firm is in compliance with all the provisions of 15c3-5. You need to be aware of your controls, who sets the parameters, how the parameters are set. Many firms take the parameters provided by their service agencies, but they need to set them that are appropriate for their firm and based on the experience that they have. They need to have control of the controls so they can set them and monitor them and amend them as necessary. Post-trade controls and surveillance are very important. The rule requires you to surveille all activity post-trade.
Evan Rosser: And that is where firms need to look at unusual trading for hot, perhaps manipulative trading, spoofing, layering. And it’s important that firms not only capture that, have parameters to capture possible exceptions, possible red flags of activity. And they do that in a timely manner that those are reviewed and escalate it when necessary, and they can document the escalation and documentation of the disposition of those escalations. So there are a lot of different pieces. If you do provide clients with the ability to directly access ECNs, market makers ATSs or exchanges, you will need to have a robust the market access policy and both the FINRA and the SEC will be looking it when they examine you.
Buddy Doyle: And I would encourage you, if you’re in the direct market access business, to also look at the controls around overrides. Most of these training platforms and controls have a way to override those controls for purposes of fulfilling legitimate business.
Buddy Doyle: But when people override those controls, are they doing it for the right reasons or not? Is there an approval process around that and a review process around that? That’s something to keep a close eye on as well. Really that’s the part that can get you in a lot of trouble.
Evan Rosser: Yeah, there are hard blocks and there are soft blocks. Blocks can be overwritten and it’s important to know under what circumstances you can override a soft block. Another thing that I think failed to mention was the testing of your program. You can have all the controls in place, but you must test them to make sure they’re reasonably designed to do what they’re meant to do. And in fact they are working.
Buddy Doyle: And Evan, I guess it would be inappropriate to talk about trading without talking about best execution, which is sort of at the core and heart of what the industry does. Any learning on best execution from the Letter?
Evan Rosser: I think there is a little bit. One of the things that it brings out, I don’t think there are any new developments or rules pertaining to best execution, but FINRA will continue to look at the diligence firms use to direct order flow where it goes and isn’t going to the best market given the size and the type of the order. They will also be considering what does best execution mean now, and order routing decisions mean, in this increasing environment of zero commission brokerage activity. They’ll be looking at odd lots. FINRA has seen a significant increase in odd lot activity and where is that going to the right market? I think another thing that maybe firms might not always focus on, is they’re going to be looking at the reasonableness of policies and procedures for best execution in US Treasury Securities as well as option orders.
Evan Rosser: I think it’s important that if you haven’t done so, that you make sure your best execution procedures cover those two products: fixed income securities and options. One other thing, going back to direct market access for a moment. Fixed income also falls under direct market access 15C3-5. So if you’re directing fixed income or your clients are directing fixed income orders directly to an ECN or an ATS, the trades fix income, you are subject to 15c3-5. Fixed income obviously doesn’t trade the way high frequency equity trading does, but it’s still subject to the rule.
Buddy Doyle: Well, with that, I would like to thank you all for your time. Joe. Evan, thank you so much. If you were looking for any guidance or thought on your regulatory compliance program or the focus of the regulators, feel free to reach out to us and uh, we will get back to you right away.
Oyster: Thanks again for listening to the Oyster Stew podcast. Don’t forget to subscribe so we can continue to bring you resources to help you make the best decisions for your firm. If you’re struggling with the topic and you’d like us to do a podcast on it, or you’d like a free consultation, feel free to reach out to us at (804) 965-5400 or by visiting our website at oysterllc.com.
2020 Exam Priorities Letters – Part 1
Oyster: Welcome to this week’s serving of Oyster Stew a mix of financial services, commentary and insights. Each week we’ll discuss what is happening in the industry based on what we see as we work with regulators and clients. We hope you come away with the knowledge and tools to help you make the best decisions for your firm’s future. Today’s episode is part one of a series of podcasts discussing the SEC’s 2020 Exam Priorities.
Buddy Doyle: Hi everybody. This is Buddy Doyle. I’m Chief Executive Officer of Oyster Consulting, and welcome to this latest version of Oyster Stew, our podcast that we use to talk about the financial services industry. I’m fortunate enough today to be joined by Evan Rosser and Joe Turner, both of whom are former regulators, have worked in the broker-dealer and investment advisor business for quite a while, and have transitioned to consulting as they go through their career. They have been with Oyster Consulting for some time. So thank you Evan, thank you, Joe, for joining us. What we’re talking about today is the examination priorities, from the SEC and FINRA. If you’re wondering what’s on their mind, it’s fortunate that they tell you every year. So Evan, I think what I’d like to do is maybe get some observations about the Letter and sort of some overarching thoughts about how FINRA is a approaching this.
Evan Rosser: Thank you, Buddy. The Exam Priority letter starts with a cover letter, and I just wanted to mention a few items that appear in the cover letter. One, they talk about the new five categories of firms: retail capital markets, carrying and clearing, trading and execution, and diversified. And they talk a little bit about the efficiencies they hope to realize with this new categorization. But I think it’s still up in the air and they don’t go into much detail on how that’s going to affect the exam process. Another thing about this year’s letter, which I think is very helpful, it includes a list of practical considerations for firms that they can use an invalid evaluating their compliance programs, as well as links to additional resources. So I think that’s a very helpful tool that is in this year’s letter. Finally, I just wanted to make one observation that some of the initiatives in this letter are the result of new regulations and new rules, particularly Reg BI, which we’ll talk about in a minute, but many others are areas where FINRA has concerns with compliance and about compliance with existing longstanding rules. So not everything in the letter is a new area. In fact, there are many repeat areas, but it’s important to realize that this is not all new regulations, but it’s reviewing existing as well.
Buddy Doyle: And Joe, as I haven’t mentioned, there are certainly a lot of areas of focus for the regulators that are not new. Maybe you could give us a quick rundown of some of the things that we see consistently brought out by the regulators and examiners and maybe some thoughts on those topics.
Joe Turner: There are certainly some items on the list that we’ve seen before, and we want to emphasize the fact that just because they’ve been there before doesn’t mean they’re just as important now as they were previously. Okay. We’ve got some items such as communications with the public, always an important topic. Always one that FINRA is concerned with and wants to be sure that you’ve got your policies and procedures in order, and that you are in fact doing surveillance and follow up to make sure that you’re in compliance with those. Sometimes the challenging part of the program, for a lot of firms, we want you to know that there are some alternatives out there for third parties to assist you in that, and we think that the communications with the public is something that you certainly are going to want to spend some time on. Trading authorization, is another area.
Joe Turner: Certainly trading without written authorization is a problem. That’s always been a focus of theirs. We think that going forward that will continue to be an issue that they’re going to be focused on – any unauthorized trading. It is something they want you to have policies and procedures around. They want, “Do you look for any patterns that might suggest that that type of activity is ongoing and that you’ve got your policies and procedures in line to address that when it happens?” These again are items that have been around for a long time. I think they are certainly items worth spending more time on again this year.
Buddy Doyle: Okay. Well thank you for that. And yes, certainly the communication with the public continues to be a really important because it is how you describe generally what you do for your clients is through communication. And so, the regulators like to make sure that you’re fully describing your services in a fair and balanced way, and sometimes their judgment and your judgment might be a little bit different on that. Trading authorization again and having a focus on that. I don’t think you’ll be considering that a waste of time when you get your exit interview from an examiner. Evan, you mentioned Reg BI earlier. Maybe you can kind of roll into that topic and give us a little insight into the state of mind on Reg BI.
Evan Rosser: Yes. I think Reg BI is kind of one of the highlights of the letter. It’s also a highlight of the SEC’s exam priority letter back in June of 2019. The SEC adopted Regulation Best Interest, which establishes a best interest standard of conduct for broker-dealers and registered reps. When they make a recommendation to a retail customer, their recommendation can be a recommendation of a security. It can be a recommendation of an investment strategy involving securities or it can be the recommendation of a type of account in the 1300 pages of Reg BI. Best interest is not really defined; however it, can be met through meeting four obligations: a disclosure obligation, which means you disclose your conflict, your any relationship you have with the product or the issuer of that product; a care obligation, which is for the most part similar to the suitability standard in FINRA Rule, 2111.
Evan Rosser: Conflict obligation is where you must disclose your conflicts, anything that might impair the firm’s or the registered reps’ objectivity in that recommendation, and a compliance obligation where you need to have procedures to make sure that these obligations are met. The is effective June 30, 2020. Up until that time, FINRA will be reviewing firms and their preparedness for Reg BI compliance. After that, after June 30, after the effective date, my hunch is, they will be reviewing your programs and while much is up in the air, I think though, and this is not in the letter, but they will be looking to see if you’ve made a good faith effort to comply with the rule. This year’s letter has a number of considerations for firms. When they start to develop and implement their Reg BI policies.
Evan Rosser: FINRA will be looking to see if your firm has procedures and training in place to assess your recommendations to customers. Does your firm consider reasonably alternative or available alternatives to the recommendation? Do they guard against excessive trading irrespective of whether the broker-dealer or associated person controls the account? Does the firm have procedures to identify and address conflicts of interest? And in the work we’ve done around Reg BI, that’s really the starting point. Does your firm have a process to identify its conflicts and conflicts for the most part are compensation? And you need to look at where you get any revenue from a product you sell. What compensation you receive any trailing revenues from mutual funds, any additional compensation you have. And as I noted, are there reasonably available alternatives to your recommendation? And finally, it’s necessary to have a Form CRS customer relationship summary that explains your role and the transaction. And that’s something that’s required of both broker-dealers and investment advisors.
Buddy Doyle: And I think Evan, as you mentioned, the bulk of the work that plays that we’ve been starting with organizations, it’s really been around that conflict list and whether they can manage those conflicts and mitigate those conflicts, or they have to eliminate those conflicts, or whether they have to disclose those conflicts and how are they going to disclose those conflicts. It’s been interesting going through Reg BI conversations with so many organizations, and it always seems like the focus has been on the Form CRS, the disclosure from the very beginning. And in reality what goes into that Form, CRS disclosure has to come from a thoughtful process and evaluation. Joe, you talked a little bit about communication with the public. To me disclosure is hand in glove with that. But can you give us a little bit of a sense of what firms need to do with respect to the Form? CRS?
Joe Turner: Well, as a Evan mentioned, this is really a relationship summary, and it is in fact a disclosure as required for delivery to all the retail investors. It is a common part of Reg BI between broker-dealers and investment advisors. It is largely made up of the conflicts of interest that Evan was referencing. The good news is that the SEC has given us some very detailed and specific set of instructions, step by step instructions on how to put this document together. And two of the most important parts of it are critical parts of it. Number one, it should be in plain English. This is designed to give to your clients so they can understand exactly what your relationship is all about. It is not to be a bunch of legalese. Number two is, it’s limited in scope. In other words, you don’t want to bury your clients a 30-page document, so they say very specifically, two pages, nothing more. Now, that is slightly tweaked when you start talking about dual registrars. If your firms are in fact a broker-dealer and an RIA, then that two pages becomes four pages and you’ve got four pages to explain all of the items required for both the advisor and the broker-dealer. Now if you’ve got an affiliated investment advisor, separate entity, you go back to two pages for both of broker-dealer and two pages for the IA. The important thing in the end is that this has to make it to the clients. You need policies and procedures around the entire creation of the Form CRS. And, lastly, but not leastly, then those should include how you’re going to get the document in the hands of your clients and establish a possible process that is kind of foolproof so that everybody gets the Form CRS.
Buddy Doyle: And I think that to Joe’s point, it’s, it’s very important to have a documented process for doing that. It’s also very important to have a documented process to prove you did it. Many firms will go through the exercise of delivering this, drafting it, doing a really good job of having blunt disclosures, plain disclosures, which I’m a huge fan of. Okay. And then they give it to them, and we know they won’t read it because history shows that they probably won’t read it, which means write it bluntly, I think, and ask yourself how many times you’ve gotten a question about your Form ADV from a client. The second thing is to, again, make sure that you document that you sent it to them and in some reasonable fashion, so that when they come and examine, the evidence is there to prove that you fulfilled your obligation.
Evan Rosser: When we work with firms on Reg BI and Form CRS, we always start with what the firm did to get ready for the now vacated DOL Fiduciary Rule, because that rule required you to identify those conflicts, identify the compensation streams that might create conflicts, and not just the commission or the compensation from the product perhaps, but also how you incentivize your registered representatives. So firms that had done that work have already taken a huge leap in preparing for Reg BI and the Form CRS. If you look at some of the FAQs for the DOL rule, they’re very similar to the conflicts and issues that are raised by Reg BI and Form CRS.
Buddy Doyle: Well, with that I would like to thank you all for your time. Joe. Evan, thank you so much. If you are looking for any guidance or thought on your regulatory compliance program or the focus of the regulators, feel free to reach out to us and we will get back to you right away.
Oyster: Thanks again for listening to the Oyster Stew podcast. Don’t forget to subscribe so we can continue to bring you resources to help you make the best decisions for your firm. If you’re struggling with a topic and you’d like us to do a podcast on it, or you’d like a free consultation, feel free to reach out to us at (804) 965-5400 or by visiting our website at oysterllc.com.
The NIST Privacy Framework – What It Is and What Your Firm Should Be Doing
Oyster: Welcome to this week’s serving of Oyster Stew, a mix of financial services, commentary and insight. Each week we’ll discuss what is happening in the industry based on what we see as we work with regulators and clients. We hope you come away with the knowledge and tools to help you make the best decisions for your firm’s future. You can learn more about Oyster consulting and the value we can add to your firm by going to our website, www.Oysterllc.com
Elizabeth G: Hi everybody. I’m Elizabeth Gatlin, a business analyst at Oyster Consulting and the host of today’s podcast. Last week, NIST published its Privacy Framework. Today’s podcast explains what the Privacy Framework is, why you should implement it, and what is involved. Today, I’m here with Oyster Consultant, Tim Buckler. Tim’s experience and expertise is focused on cybersecurity, data analysis, GDPR assessments, and project management support for clearing platform conversions. So Tim, let’s get started. Can you provide me with a quick overview of the Privacy Framework?
Tim Buckler: Yes. The Privacy Framework is a set of structures to help a firm build better privacy foundations and bring your privacy risk into parity with your other risk portfolio. Your firm is identifying organizational risk, reputational risk, and trading risk. Privacy risk deserves to have just as much discussion as those. The framework is designed in order to be adapted to your firm, and it’s not a checklist that you’re supposed to run down.
Elizabeth G: So who is NIST and why is it important that they’ve put out this Privacy Framework?
Tim Buckler: NIST stands for the National Institute of Standards and Technology. It’s under the US Department of Commerce. They are tasked to create a set of standards across all industries, and the US economy to facilitate innovation. They are not a regulatory agency, but rather a cooperative agency set to have everyone speaking in the same terms. Importantly, in this Privacy Framework, like all the other standards that they put out, is supposed to be open to use and adapt as appropriate for each firm. One key event that privacy policies has helped mitigate are breaches. Recently, a credit agency in the US had 148 million records breached. This cost them about $584 million in direct costs. Globally, they estimated it cost about $1.4 billion, including Cybersecurity practices they had to put in place and extra infrastructure they have to add. They are actually quite lucky that the breach came just before the European Union’s GDPR came into effect. They were only fined about 500,000 pounds. If GDPR was in effect, they would have easily been fined millions.
Elizabeth G: So what exactly is the Privacy Framework and as a firm, how do we adapt it?
Tim Buckler: Like I said before, the Privacy Framework is not a checklist. It is a broad set of structures that your firm should go through and adapt to your individual situation. The Privacy Framework is broken down into three broad sections: Core, Profiles and Implementation Tiers.
Elizabeth G: Can you explain the Core?
Tim Buckler: The Core is all about communicating your prioritization from your executive level to your operations level. It is broken down into five key functions: identify, govern, control, communicate and protect. Identify starts with a risk assessment to develop the organizational understanding of what your risks are and ways you can manage those risks. The govern function is about developing and implementing a high-level governance structure in order to manage your risks. Control is about developing and implementing controls for individuals to help manage the individual privacy risks. Communicating is all about making sure that each individual in your organization understands their role within the Privacy Framework. Protect is all about establishing the safeguards that at the end of the day protect your data.
Elizabeth G: What are profiles?
Tim Buckler: Profiles enable the prioritization of outcomes and activities that are based on your individual organization’s privacy values, mission needs and risks. They’re all about understanding your firm’s current privacy activities and understanding your desired outcomes. You first develop your Core, and then you determine the most important areas you want to focus on as a business, and then put them in place.
Elizabeth G: And what are the Implementation Tiers?
Tim Buckler: Implementation Tiers help support your decision making and communication about the sufficiency of your process and privacy risk management. They provide a point of reference on how your organization should view privacy risk, and whether all your processes and resources sufficiently manage that risk. Tiers reflect the progression from informal reactive responses to a proactive, agile risk informed response.
Elizabeth G: So how do we start?
Tim Buckler: The first step is a privacy risk assessment. This privacy risk assessment follows many of the guidelines of other risk assessments you probably have done before. The privacy risk assessment is all about identifying and evaluating the individual privacy risks that are part of your firm. In general, it’s about weighing the benefits of undergoing activities, against the potential risks that may come as a consequence of that. Key things you should be focused on are how do you mitigate the risks? Are you able to transfer or share that risk? Can a risk be avoided altogether? And, ultimately, how do you accept risk?
Elizabeth G: Doesn’t NIST also have a Cybersecurity Framework?
Tim Buckler: Yes, NIST has published a well known Cybersecurity Framework. If you’re familiar and comfortable with the Cybersecurity Framework, you’ll be immediately comfortable with the Privacy Framework. They are designed to work together in order to better understand the risks part of your firm. The Cybersecurity Framework has the same Core, Profiles and Implementation Tier structure that the Privacy Framework is established with. One of the key differences between the two is that NIST’s Core is comprised of five functions: identify, protect, detect, respond, recover. While the identify and protect are shared in the Privacy Framework, in the NIST Cybersecurity Framework, detect, respond and cover are different.
Elizabeth G: So if I already have their Cybersecurity Framework, do I also need the Privacy Framework?
Tim Buckler: I believe it’s important to use both. The Privacy Framework goes beyond what the Cybersecurity Framework governs. The Cybersecurity Framework is foremost an organization-first policy. It’s all about understanding how your firm as a whole can identify and mitigate risks. The Privacy Framework is about the individual. First, one key difference is the Privacy Framework attempts to mitigate what NIST calls the “dignity type effects” – things like discrimination, economic loss, and physical harm. Not all of those will be covered by the Cybersecurity Framework.
Elizabeth G: Okay, so how can Oyster help?
Tim Buckler: Oyster can help your firm with both a Privacy Framework and a Cybersecurity Framework implementation. We help with risk assessments, systems management, role based access management, your physical and data security policies, vendor due diligence, disaster recovery and business continuity planning, information security roadmap, prioritization, training, things like that.
Elizabeth G: Thanks Tim. We’re running low on time, but you can find more information about the Privacy and Cybersecurity Frameworks at www.NIST.gov . Thanks to everybody for listening. If you have any questions about your firm’s Cybersecurity or Privacy Framework, or you have a topic you’d like us to discuss in the future, feel free to call us at (804) 965-5400 or visit our website, www.oysterllc.com.
Oyster Solutions Software – Making Your Annual Compliance Calendar and Review More Efficient and Effective
Polly Cordle: Hello and welcome to this week’s Oyster Stew. I’m Polly Cordle, managing director of the Oyster Solutions platform. And this week I’m joined by Gray Houghton, as we take a little look at annual reviews and compliance calendars, and things to think about here in January. We hope this gives you an idea of areas that you can get some attention to as you start off the new year and Happy New Year, everybody.
Gray Houghton: So you’re the practice leads with the Oyster Solutions platform. Do you always work in the Solutions platform?
Polly Cordle: I don’t only work in the Solutions platform. I historically, I’ve worked outside of the Solutions platform with our big compliance calendar for an advisory firm, that we keep on a spreadsheet. But about two years ago I put my first client on Solutions and that really kind of changed it for me. And then, once I had a couple of clients on Solutions, I kind of refused to do a whole lot outside of Solutions. So that’s how I ended up platform.
Gray Houghton: Well, that seems reasonable. Can you tell a little bit about the annual review requirements for firms?
Polly Cordle: So whether you are an advisory firm or a broker dealer, you have some sort of annual requirement, and firms will look at their compliance programs, kind of top to bottom, and see how effective they are, whether that’s the IA version of that review or the BD version. That’s really your main goal – to look at your compliance program top to bottom, see if it’s running as you expect it to, and see if it’s effective. On the advisory side, you have a reporting requirement that falls under 206(4)-7 and on the BD side you have a 3120 requirement and a 3130 certification that needs to be done. So when firms are looking at their compliance programs top to bottom, they tend to pull a lot of the work product of their program and look at the work product to make sure, for example, advertisements are being approved the way they should be approved, that they’re getting approval prior to posting, if that’s required, that anything that’s going on in the system from an audit perspective, whether that be an internal audit or a regulatory audit, that those things are getting addressed, that they’re being followed up on.
Polly Cordle: It’s a good time also for firms to look at their risk assessments and kind of take the compliance perspective of the whole firm, top to bottom, every part of it.
Gray Houghton: So before you used Solutions, how did you facilitate that annual review?
Polly Cordle: Well, my annual reviews, prior to having Solutions, I had a checklist. I love a checklist and I went through and I pulled various documents. So in my experience with my firms, I like to run my compliance testing throughout the year and then pull it all during that review and make sure that the testing of the compliance program that we did throughout the year was effective, there were issues identified, those were either addressed or we addressed them in the annual review and determined to remediate them at that point. And then, after that portion is done, I write up my report with an overview of our business, any changes that have happened that year. I look at complaints that have happened that year. I look at complaints – complaints are a big part of everything. So I look at complaints and then I come back and create a remediation plan, and that remediation plan would identify and address any of the recommendations, any recommended changes to our policies, any recommended changes to our processes. And then I’m going to document all of them.
Gray Houghton: Okay. And how that you do it now?
Polly Cordle: So within Solutions, we still have a series of steps; however, they can kick off to multiple people at once. So I could ask the trading manager to send me a report and he would automatically get an email that says, “Hey, attach this report,” and he attaches that report. I can even give him a template to fill out of what information I need. Say “Download this, complete it, give it back to me.” That can be happening with him. At the same time, for example, my registration department is getting one as if “Hey run reports off the CRD system for late filings or any dropped state filings for an individual or the firm,” and then I can confirm whether those need to be addressed. Then all of that would come back in a review step for me and it kind of gives me everything in one place.
Polly Cordle: Now, one of the other things I’d like to do in a Solutions annual review is look at all the workflows in the system. Are they getting done? Are they getting done on time? And if they’re not getting done on time, is that a regulatory issue? Is it a resource issue? And address that. So the system allows me to run some dashboards and some reports about past due work, and work that’s not getting done. I’m not susceptible to someone saying, “Oh yes, I reviewed this report on December 15th,” when in actuality they reviewed it January 1st. I’m going to see in the system exactly what goes down the steps. So it tracks all of that for me and then I don’t fall prey to the “Oh I signed this but didn’t date it. Oh yes, I did that on December 15th. I did that on time even though I didn’t put a date.” So it kind of locks in a lot of my processes to make sure that I don’t have any issues with what actually happened versus what I’m thinking.
Gray Houghton: Right. That seems like a great tool. Well, since it’s January, we should probably talk about the compliance calendars too.
Polly Cordle: As folks are doing their annual review, I recommend that they take a moment and look at their compliance calendars as well. Some of that’ll get picked up just through the recommendations in your annual review. You’ll decide we need to do in a new task or whatever. Don’t forget to add those to your compliance calendar. It’s very easy to get your annual review report out of sync with your compliance program by saying you’re going to remediate something, but then not tracking it on your compliance calendar. So make sure that those get updated as you go through that review. Also, it’s a really good time to look at new regs that have come out over the year. It makes sure those are addressed in your compliance calendar and in particular, this year, looking at Reg BI and making sure that you have the steps in your compliance calendar to make sure you’re in compliance with that reg before it starts.
Polly Cordle: So you’ve got a Form CRS you need to fill out, you’ve got policies that need to be written, you’ve got communications that need to be sent. All of those things should go ahead and be added to your compliance calendar now at the beginning of the year, and then you’ll have that as you go through. Now, in Solutions, when we make a change to a policy, so for example, Reg BI, if we’re going to make a change to a policy, we immediately create the workflow and attach it to the policy (the workflow that will enforce that policy), and then where we can, we schedule it, to kick off automatically so that it doesn’t get dropped. So you don’t forget to look at the big compliance calendar checklist or get something done.
Polly Cordle: The other thing I think I mentioned earlier was risk assessments. And this is really as you’re looking at the full picture of your firm and your compliance calendar. It’s a good time to make sure that you haven’t obtained any new risks during the year – new bonds business, new products that you’re offering, new types of clients that you haven’t had in the past, new employees who may not be as up to speed as your employees who’ve had a longer tenure with the firm. So go ahead and get that stuff into your risk assessment and kind of do the whole thing. It puts a lot into that first quarter of the year, which is generally when we see people doing their annual reviews, particularly on the IA side because you’re going to have your updating amendment that’s due. So it puts a lot in that quarter. But it also gives you a really good start to the year to have everything in line, and, going forward, you’ll know exactly what you need to be doing month to month. In Solutions and in your compliance calendar you want to make sure that you have some means to not forget about that calendar. That was always my biggest issue with the spreadsheet, was I would be caught up in my day to day work, and this going out and actually loving it in the spreadsheet so I might not complete some smaller tasks that wasn’t really on my radar at the time.
Polly Cordle: But, I am doing all the talking here, Gray. So you’ve worked with some of our clients as a compliance analyst. What would you say were your biggest challenges as you worked with them?
Gray Houghton: You know, the biggest challenges that I have with the firms I work with is there are so many things that you have to make sure you stay on top of, but they’re not necessarily a daily task. And what happens is you may forget something like your email review, and first thing you know, you have forgotten it for not one month or two months, but six months and then there’s no way to fit that into your schedule. You have a lot of review that needs to happen and you just don’t have the time to do that. It’s really important that all of the different tasks are in front of you. You cannot forget the things that are not necessarily daily, but there’s some things that just have to be dealt with. State registrations might be another example of that. That’s something that needs to be checked, and if you wait for a year, you may not have picked up on the fact that you have a rep who is doing business you are not aware of, and you didn’t get that done. So that’s something that needs to be examined periodically, systematically, but it’s just not something that’s in front of you.
Polly Cordle: Those are actually really good examples. We have done a lot of cleanup projects as a firm, because it does tend to snowball, and that is one of those things, at least for me, I don’t like to do it daily. I like to have a bunch of stuff to review at once so I can see a big picture of what’s going on, rather than just a fear of what’s going on, rather than just a “What happened today?” kind of picture. So it’s a really good example of something that can snowball, and the state registrations also a good example. We have a monthly review of that in the Solutions system. And I would say, unless your compliance folks are looking at every new account coming in, or unless you have a system that will lock that down state registrations. Particularly on the IA side, where you have the diminimus, and some states will allow you five clients, some States won’t – that can get challenging because you’re watching that number and you’ve got to know when it crosses the line. Now on the BD side, we see a lot more firms that have a system that will work it in. You can’t open the account until that person’s registered in the state, but depending on your system that you’re running, your back office system, that may not be the case. And so you’ve really got to be watching that closely, because for the broker dealer side, it’s a one client rule. So you want to requirements right when that account is.
Polly Cordle: So I know you’ve also done a lot of work outside of Solutions. I know you work with some of our clients in Solutions, but you’ve done a lot of work outside of Solutions. What are some of the projects that you’ve worked on outside of Solutions and some of the challenges that you’ve encountered there?
Gray Houghton: Well, another one of the big projects that I do is Trade Reviews. You know, the trade reviews have to be timely, and so this is another thing that some firms require the weekly trade reviews, some firms require monthly trade review. Most firms have some sort of daily trade review and, I’ve worked in all three of those sorts of situations, but it’s an outside system, usually. So it’s somewhere where you have to go into another system or you’ve got to remember to go to that older system. You kind of have that information in front of you and then you have to transfer that information from whatever trade review system you’re working on to the system of your firm so that they can maintain whatever documentation is necessary. So it’s a multi-step process. It can be a taxing, it can be time consuming.
Gray Houghton: And again, it’s something that you have to keep in front of you. Just like email review – if you have it set up monthly, and then once it gets away from you, then you’ve got another month in front of you, then again, you have too much work, you don’t have enough time to get to it. So that’s something that’s really good to have a reminder in front of you that has to be processed. You have to have it in front of your face. You’d have to do it and move it to the (inaudible)…
Polly Cordle: So we’ve worked with a lot of trade monitoring systems at Oyster and we actually are getting ready to launch our own trade monitoring system. I’m very excited about it. As a chief compliance officer for a regional firm that was on multiple platforms, trade review was a big, big challenge. We had one platform, no problem. It had an alert system and would alert you when there was a trade that needed to be addressed. But then, for the other four platforms, I had no real alert system. So, I had to either look at trade blotters or run exception reports or review statements or take samplings of accounts and that can get challenging. So what we’re doing with Solutions is, we’re bringing in multiple custodians to one place. And for most of your trade review experience, are you looking trade by trade and account by account? Maybe like on a monthly basis?
Gray Houghton: It’s a mix of that. Some of the platforms do a daily trade alert system, as you’ve talked about, and some of them just do a monthly spreadsheet. Uh, so it’s, a the mixture of those, it’s, it’s difficult to keep up with.
Polly Cordle: When we are seeing one client or one household across multiple custodians has always been a trial for me. So what we’re doing, hopefully to resolve that issue for folks, is bring in the multiple custodians, let you look across multiple custodians at one household. So even if Gray has his IRA at one firm and Gray and his wife have an advisory account at another firm platform, I could still bring both of them in and look at the whole picture of that household, which gives me a better view, particularly when it comes to things like concentration on the advisory side. We see a lot of clients who may hold as long as they worked for a company and so they’ll tend to segregate that over in a non billable account and then keep their other assets in the billable account. But being able to see concentration across that whole picture is important, I think. And there are a number of boards that work that way. It’s not just concentration. So what we’re doing is we’re allowing firms to choose, even look at the account level, the client level, meaning Gray’s IRA and Gray’s individual account combined, or, are you going to look at household level, which would then bring other household members – so Gray’s IRA, his individual account and his joint account. So you can look at the household level. You can look at the client level, you can look at the account level, and we hope that’s going to take a little bit different approach than we’ve seen in most trade review systems. There’s still a daily trade blotter if people want the daily trade blotter, but we liked the idea of bringing in multiple custodians and having it all in one place.
Polly Cordle: We really liked the idea of being able to pick and choose how your alerts are going to run, and being able to do that yourself without having to go back to a programmer and say, “Hey, turn on this and make it this way.” We’ve made it simple enough that our firms can customize that for themselves. So I think that, hopefully, will be a big difference for some of our firms. Certainly our Solutions firms that are going on to Monitor will have a different way of looking at things.
Polly Cordle: Okay. Well, I think we have run out of time. It’s a podcast. We’re supposed to keep it short, but I think we could talk about what needs to be done for a year, for a very, very long time. We will wrap it up and thank everybody for listening. If you want to learn more about Oyster Consulting and Oyster Solutions, you can go to Oysterllc.com or you can reach out to us at (804) 965-5400.
When Does Outsourcing Your CCO Role Make Sense?
Molly Bryson: Hello everyone. I’m Molly Bryson, one of Oyster Consulting’s Relationship Managers and the host of today’s podcast. Our topic today is the contemplation of the benefits of outsourcing the Chief Compliance Officer position for broker-dealers and registered investment advisors. Oyster’s consultants have served as Chief Compliance Officers for broker-dealers and registered investment advisors of all shapes and sizes. Today I’m here with two of Oyster’s Outsource CCO consultants, Nicky Brinckerhoff and Dean Pelos, and we’ll be discussing some of the important points firms may want to take into consideration when making this decision. You can learn much more about Nikki and Dan’s experience and about Oyster’s Outsource CCO services by visiting our firstname.lastname@example.org. Nikki, let me ask you, what would you, in your opinion, what would you say are some of the common mistakes that some of the inexperienced Chief Compliance Officers out there might make?
Nikki B. : In my experience and interactions with folks that don’t have a lot of experience in these roles, they have a tendency to procrastinate making decisions, overthink, over-analyze, almost become stagnant or have paralysis because they don’t know the right answer. They don’t know which way to go, so they will delay and not act or support the business as they should.
Molly Bryson: How about you Dean? What are some of the things you’ve come across?
Dean Pelos: Yeah, I would agree with a lot of the things that Nikki said, but in addition, I think that there’s a lot of things that, from a resource issue, it really depends on the size of your firm, on some of the budgetary constraints that you might have where, I might be the CEO and the CCO. So I’m running my company and I have an issue with running my business, and the business side of things might take over and the procrastination begins on the compliance side of things where there’s not as much thought going into it or using the proper resources that might not be available to you to be able to make the right compliance choices to create a culture of compliance within your organization. So those are things that I think kind of get overlooked and causes some CCOs to be inexperienced from that standpoint. I also believe that not keeping up with the rules of the business and what regulators expect of you or other things that also could be of concern.
Nikki B. : So Dean, you bring up some really good points there and makes me think about some other items that you can run into. A lot of time in smaller or mid-sized, there’s not enough resources to go around. So now you have somebody doing operations and compliance, or strategic leadership and compliance, and compliance becomes an afterthought. That or hot potato, yes. And that may not just be inexperience. That may be lack of resources. You don’t have enough time to dedicate to it to keep up on the rules or to know how to make the decision, and that causes the firm itself to actually have inefficiencies and run at a lag.
Molly Bryson: So firms are considering outsourcing their, their Chief Compliance Officer role, and usually that comes from either the president or the CEO of a company. And oftentimes, we hear from folks who are actually in that role and also trying to take on the role of CCO, same time. What are the risks associated with that?
Dean Pelos: So it’s primarily the intermediate firms, mid-sized firms, the smaller firms, that maybe don’t have the resources necessary to be able to carry out both roles. Because what they’re trying to do is they’re trying to grow their business, they’re thinking about reaching out to their clients, they’re thinking about trying, performance-wise, to be there for their client, making sure that whatever the business is, that the business is performing exceptionally well. So their clients are satisfied and they’re not focusing and worried about the regulatory issues that may be involved with making sure that their compliance program is properly supervised, whether or not they’re thinking about conflicts, appropriate conflicts, disclosing those clients, conflicts to their clients so they’re fully aware of things that are happening between what one part of your business might be versus another. So those are things that they don’t think about and to me, being able to be an outsourced, CCO, being able to be aware of those issues because of my experience, being able to then assist the CEO with allowing them to grow their business and worrying about compliance in general – just compliance and supervision and risk – those are the things that I always think about. Maybe when you’re the CEO of a company, you’re thinking about how the business is developing, first and foremost in your mind.
Molly Bryson: We talked a little bit about being the Chief Compliance Officer in addition to taking on the CEO role. Doesn’t that really apply to really anyone in a firm who’s handling dual roles and also trying to run the compliance program?
Dean Pelos: The reason all of this occurs is because there are things that, if you’re a CEO of your company, you’re trying to grow your business, you’re trying to perform to your client’s expectations, you’re trying to make sure that you are looking at investment objectives of your client and you want to make sure that you have proper suitability in the investments you’re making for your clients. You have that fiduciary duty that’s taking place. But you’re not thinking about some of the compliance aspects that a compliance officer might be thinking about. You’re not maybe in tune with new regulations that come on the table. We can look at Reg BI as an example. That’s a huge risk right now that’s coming up because a lot of people don’t even understand what Reg BI is. They’re not going to read 400 pages of material that the SEC put together and try to interpret what they can and cannot have to be able to properly comply with Reg BI.
Dean Pelos: So to me, those are things that are potentially risks. There are new exam priorities that come out every year. Maybe the CEO is really not focused on those types of priorities and is not going to adapt their compliance program to properly supervise a risk that’s out there that they’re not even aware of. Those are things that happen all the time and those are things that we can help with because we’re experienced enough, and we’ve been doing this enough to be able to identify those things and be able to communicate that to our client.
Molly Bryson: So Nikki, do you have some thoughts as well?
Nikki B. : Well, one of the really unique and interesting things about an outsource model is it allows you to tap into some knowledge, resource experience that a mid-size or smaller firm may not be able to afford. It also allows you to have perspective of what other people are doing in the industry, how things are changing, what different exposure and a lot of those insights you can’t get from a conference or from training. You, as Dean said, get it from somebody that comes with a bunch of experience. Clients in this space, really have a consideration about bang for the buck. How can I get somebody that can support my operation, my growth and myself, and protect the firm? And that’s what compliance ultimately does – protect the investors, protect the firm. It has to be baked into the operation. It has to help you be more efficient, because you don’t have the unlimited resources in an oversight role or a compliance role.
Molly Bryson: What would you say, is there a certain size of firm where this makes more sense rather than not so much? Or is it based on size of firm or lines of business? Would you say, Nikki?
Nikki B. : I think lines of business and complexity in the delivery of their services. If they have a lot of diverse, complex, different items, it makes it harder to get one person that has all that knowledge, especially if you have a limited staff. Conversely, you could have a ginormous firm with a very great repeatable process, and it still fits in an outsourcing model because you don’t have the time constraints required in that repeatable process.
Molly Bryson: What are some of the reasons you’ve heard, both of you, what are some of the ways in which we’ve worked with firms where we haven’t necessarily had the title and what are the risks involved with that, if any? Nikki, you want to take that first?
Nikki B. : Sure. I think first and foremost, getting somebody, a partner, a firm that doesn’t appreciate what your firm needs or have the ability to support your firm. So picking the right partner makes a huge difference for the firm. And if they’re new to this kind of model, if they haven’t had a lot of experience or they’re aware of somebody else that had a bad experience, keeping the title, being more controlling of it is very important to them. I agree with them wholeheartedly. Finding the right partner, building the trust. It truly is an ongoing relationship. It’s not a “one month you can do it one month you can’t,” because it’s an ongoing, learn your business, know it, help it grow and support it. So I think that’s the biggest fear. Dean, do you see others? And that’s a good point. From Dean’s side and from mine.
Nikki B. : You have to have the trust, you have to be part of the executive team. You have, they have to value you, you have to value them. There’s gotta be communication. So not all firms can do that. Firms have to really look at their culture, their ability to have an Outsource CCO compliance support may be a great solution for them. If what their CCO needs is the experience, the knowledge, the person that keeps up on the rules and can help them implement. In reality, if you look at what the regulators ask for, it is integrated compliance with your service and product delivery and the only way you do that is by having your compliance controls involved and a CCO that’s engaged – and you can get that. I think it’s very interesting for folks who decide to take the risk and start their own firm so they know what they’re good at, they know what their business model should be, they know what their goals are and what their objectives are. What they don’t know is how to do it in a compliant fashion, how to make themselves more efficient and more effective, and that is a really great fit for at least me and Dean and some of our folks around here, because we’ve done it over and over again.
Molly Bryson: So Nikki, you mentioned people starting their own firms. What would you say are some of the advantages to having an Outsourced CCO in place as you launch your firm?
Nikki B. : So when you start a firm, there’s all these things you have to do and comply with and ensure you can demonstrate compliance, but that you’ve now tapped into people that have done it multiple times, have learned and grown over the time with the industry, and bring such valuable benefit to somebody launching their new firm, and being able to hit the ground running and focus really on business development. Because we have stepped in either in an interim case or when new products come out – let’s talk about robo advising or let’s talk about cryptocurrency, or let’s talk about any of the new complex products – a s we step in and work with multiple firms, we have a basic ability to get information of how that product works or how the industry is working at a much quicker speed. That is something you’re not going to get at a conference or in training because you can actually sit down and discuss how the other side works. So you make sure your side picks up all the compliance parts. It also helps the business development because now you have a compliance officer or compliance support person that actually can get you the details of how that product works operationally. So it’s a multilayered type of benefit to go to some sort of outsourcing model.
Molly Bryson: Well, and in that scenario makes it easier for your CCO to be able to support your business instead of saying, no, it might not be a no, but it’ll be, “Here’s a way we can do it,” instead of maybe going down that path.
Nikki B. : And being able to say, I’ve done the research, I’ve gotten comfortable. We can have controls put in place without delaying the ability to make some business decisions. You know, one of the things that makes an outsourcing model so much more beneficial to firms – you don’t have a key man type of risk that your CCO could jump ship or change jobs, because you now have a deep bench of resources at Oyster. We all work together and if something was to happen to one of us, there’s a deep bench that any company can pull from, and there’s never going to be a time that you would be overburdened or overwhelmed, regardless, because you have so many resources at your disposal.
Molly Bryson: So understanding that it would allow me to focus on my business and understanding that I, as a business owner or a business associate, may not be able to keep up with the ongoing changes in the industry and the compliance requirements, is there any risk to me as a firm and outsourcing these roles, that it should be taken into consideration? Because I can see the benefits – that makes sense. But if I’m a business owner, I’m going to say, “But what are the risks? What am I losing control of?”
Nikki B. : I don’t know that you lose control. If you do your due diligence and you pick the right partner that fits your business and the culture of your firm, I don’t see an increase in risk or a change in risk. Yes, you shift some risk around and you actually get more people in your boat per se, to share the risk with, but you don’t have an increase or a change to your risk profile.
Molly Bryson: So a lot of times when clients are talking with me on the business development side, I think when things they worry about is what happens if one of our consultants is the CCO for too many firms? How do you all maintain your ability to focus on the firms that you are holding the title for?
Nikki B. : Well, I think we do a good job and again, it comes back to what I said earlier about finding the right partner that fits your business and can dedicate the time to be part of the executive team and support the strategy of your business. But we do a very good job of limiting that. We also have personal liability, so we don’t want to take on more than we can handle and we don’t want to do a disservice to any client or to ourselves. That’s a personal accountability and responsibility we have. What do you think Dean?
Dean Pelos: No, I agree with everything you said in terms of the risk that’s involved in operating as a CCO for a firm. There’s a personal stake here in each of us as individuals to understand what’s happening and what kind of capacity we have to be able to accommodate and help that firm succeed from a compliance standpoint and a supervisory standpoint.
Molly Bryson: So people who are in the Chief Compliance Officer role within their firm at times may just have limited time or industry knowledge. How can we, as a consulting firm, help that CCO navigate those waters? Or would it be better for them to consider outsourcing the role?
Dean Pelos: So, primarily, it really depends on what your resources are, what you may have, what you may not have. What’s your company size? Are you limited in what compliance is to your company? From my perspective, sure you can. You can continue to assume the role of CCO for your company, but you know, if you want to continue to have that role as CCO, we also offer a lot of compliance support functions that would be assisting the CCO at that company. Let’s say there’s an issue that comes up where they’re confused about how we can assist with that. If a CCO has an issue and they want to pick up the phone and call and say, “Listen, I’m a little confused about this regulatory issue that just came up. Does that apply to our business or does it not apply to is? Is there something that we need to do? Do we need to change our policies and procedures? Do we need to change our controls around how we supervise this particular thing?” We can understand what your business is. We can then provide or solutions for you to assist with your compliance program. And that’s compliance support in a nutshell.
Molly Bryson: So if you wanted to retain the Chief Compliance Officer title within your firm, which many firms do simply for the fact that they rather have ownership of that title, you’re saying Oyster can help in various capacities, anywhere from responding to a phone call every now and then, all the way up to helping them run their entire program.
Dean Pelos: Right, right. And we’ve done that many, many times. I’ve got plenty of clients who have called me, and they’ll call me as needed. They’ll reach out to me via email and they’ll say, “Dean, I need your help with something. Can you assist with this issue that I’m having?” And I’ll be able to, based on my 20-plus years experience in the business. I’ll be able to respond to my client in a fashion, which would assist them with whatever the issue is that comes up.
Molly Bryson: So Dean, firms may be reluctant to let go of that Chief Compliance Officer title, but they do so in the sense that they understand exactly what we’ve referenced here today, which is that any one person can’t necessarily do that role and other tasks they may be responsible for within their own firm. So as you, as you outsource the Chief Compliance Officer role to Oyster, what are some of the efficiencies that we can offer our clients so that they will know where we’re working and what we’re working on, and how can we create that environment for them?
Dean Pelos: We can use plenty of tools that are available to us that we’ve used over the years. One of the things that we’ve recently developed is a product called Oyster Solutions to assist with developing compliance and supervisory programs, helping them with their workflows. For example, we would take your entire compliance program and we would load it into Oyster Solutions, and then be able to provide efficiencies by being able to monitor when we need to perform certain compliance tasks. Those workflows would be developed within Solutions. So we would take, for example, your policies and procedures. We would load those policies and procedures within Oyster Solutions and then be able to put controls and workflows around those processes that you have, in order to be able to better monitor the program from a supervisory aspect, from a compliance aspect. If there is a rule change that takes place and it affects your business based upon how we’ve identified your business, that rule change would be incorporated within Oyster Solutions and it would updated as needed, as necessary, so that you’re fully compliant with any regulatory order that is taking place, whether you’re an investment advisor or a broker-dealer.
Molly Bryson: So that sounds like that would certainly make things easier when a regulator comes to visit. It sounds like things will be contained in one place. Is that right?
Dean Pelos: Yeah, it would be contained within one place and it would be a lot easier to retrieve that information for a regulator when requested.
Molly Bryson: And I would say one of the things that I hear on the business development side about people’s concerns around acting as the CCO is that they don’t have regular interaction with the regulators, so they are unsure of what to say or how they should be interacting with them. What are the advantages that some experienced CCOs could bring to that concern?
Dean Pelos: One thing we do have in Oyster – we’re practitioners here. We’ve been doing this for, many of us have been doing this for 20-plus years. So we’ve run our own businesses. We’ve run our own broker-dealers, our own investment advisors. We’ve worked at the SEC or at FINRA. I’ve been dealing with regulators for the last 30 years, whether it’s the SEC or FINRA or whoever, whether it’s a state regulator. We’ve had the opportunity to sit down with these individuals and run through audits, run through requests. We have that experience in interacting with those regulators. An example would be coordinating effectively with regulators by being responsive, by finding solutions to satisfy requests effectively, knowing what to say or not to say in certain instances when you’re being requested of an item or you’re asked a question and how you respond to a regulator in response to those requests or demands.
Molly Bryson: So at the end of the day, the regulators really care about the health of the firm, and then of course, in turn, the health of the client’s relationship and business. And so as long as you’ve got the right resource in place, whether they be an outsource resource or a permanent resource, the regulators are happy. We never really say what a regular does or doesn’t think. But I know for a fact that our teams have been through multiple exams over the past several years, and from those exams, we share information about what the regulators are asking for. We share information about our approach to exams and how we were successful.
Molly Bryson: Anything else either of you think should be mentioned as a consideration to a firm when they’re thinking about outsourcing this role?
Nikki B. : Personally, I think it has to be the firm’s ability to embrace and grow and develop with somebody with a whole lot of experience. And knowledge. Sometimes firms get in a rut or in their own way, basically because they’ve always done it this way and they want a CCO to come in and do it the way they’ve always done it. And really that’s not the best way or most efficient way. So they have to ask themselves if they’re ready to grow and develop their compliance program.
Molly Bryson: Well, it looks like we’re out of time. So Nikki and Dean, thank you very much for your thoughts and your comments. Whether you’re acting in multiple roles for your organization or you’re looking for compliance support, or even starting your own firm, we hope you found Nikki and Dean’s insights about when it makes sense to outsource your CCO role helpful. Some highlights from our discussion today: Here’s some things to keep in mind when you’re making this decision. Consider your resource availability. Consider the advantages of having a compliance professional who knows how to interact with regulators, and consider a compliance professional who has the knowledge to help you stay ahead of new regulations and who can worry about risk and supervision, so you and your team can concentrate on running your business.
Molly Bryson: If you have any questions about what we’ve discussed today, or if you have a topic you’d like us to discuss in a future Oyster Stew podcast, please feel free to call us at (804) 965-5400 or you can visit us on our website at www.oysterllc.com.
Should You Outsource Your FINOP Position?
Rob Hall: Hi everyone. I’m Rob Hall. I’m the CFO of Oyster Consulting and the host of today’s podcast. Are you trying to decide whether you should outsource your FINOP position? Today’s podcast might be able to help you with that. Today I’m here with Oyster’s FINOP Consultants, Jeff Harpel and Clark Tucker, and we’ll discuss why it’s a good idea. Jeff and Clark both have extensive experience as Outsourced FINOPs, as well as having held CFO and FINOP positions in the securities industry prior to working for Oyster. Clark, why don’t you give me a brief overview of what a FINOP is and how Oyster can help?
Clark Tucker: Well, FINOP is one of the three required functions for a broker dealer, and you have to have a CEO Executive Rep, you have to have a Chief Compliance Officer, and you must have a Financial Operations Principal. And, obviously, the roles and the duties associated with them are segregated. But to focus on the FINOP role, it’s the overseeing, the supervision of all of the financial and operational aspects of the broker dealer. I think we focus primarily on the financial and regulatory reporting aspects of that role. So in doing that, we work with local teams, with the staff, with the accountants or bookkeepers at firms. We try to review everything that’s taken place to make sure that it’s compliant, and then take from that to prepare financial reports and regulatory reports. We then ensure that the firm is compliant and remains compliant in its filing, and its contact and interaction with its regulators. So, we can help you fill that gap when that gap exists, and the experience may not be resident already in a broker dealer.
Rob Hall: Well, Jeff, what do you think makes a good CFO or a FINOP?
Jeff Harpel: Well, I think there’s a couple of ways to look at that. I mean, first, is to be a good FINOP. In my mind, you need the background and experience working in a broker dealer. It’s a very specialized industry with very specialized rules like the net capital rules, and the other financial responsibility rules that Clark was talking about. And if you’ve never been exposed to them at all, they’re going to seem like they’re from out of left field; you’re really not going to know what’s going on. So you really need to have had experience in the business, in the industry. You also need to be able to see the big picture of things. The financial responsibility roles require a lot of information about the firm in total. And if you really don’t understand an entire firm or the entire business, it’s very difficult to be sure.
Jeff Harpel: We always have to be sure that you really are in compliance, that you’ve asked every question you need to ask, that you’ve got all the documentation you need to really ensure you’re compliant with all the rules. So I think those are very important. And with those go all the things you might typically think of as a good accountant or controller ,or CFO, as far as being very detail oriented, very cognizant of deadlines, tasks that need to be completed. The order of those tasks and all of those kinds of things you might typically think of as, and I’m an accountant, so I guess I can say this, as an accounting mentality or an accountant’s mentality. So I mean, I think all those are necessary to be a very good set up.
Rob Hall: Your comment, Jeff was good in that, you can’t turn an accountant into a FINOP unless they they know the firm,. You can’t just hire an accountant and then expect them to take the series 27 and be the FINOP unless they have the experience with the firm.
Clark Tucker: That’s a hard and fast requirement from FINRA, that someone doesn’t just take the test and then get anointed the responsibility, because they can’t possibly know it. And yet there is usually the one-year rule, or guideline, where you have to have the credentials plus the appropriate experience. And that’s where, periodically, you see where someone thinks, “Oh, well I passed the test. Now I’m as good as you are.”
Rob Hall: And we’ve run into that in our experience. I know, Clark, you worked on a number of engagements where they’re trying to find somebody to sort of fill a full time position and you’re filling in until they find that person.
Clark Tucker: Beyond that is that once they find that person, while that person is gaining experience, we contend to transition the roles. So, for some period of time I would work with that person while I’m still the FINOP, but then, at a point in time, six months or a year out, we transition that, and that person becomes the main FINOP. Yet, we’re still there behind the scenes in a support role to help them with any odd questions that come up, so that even once we’ve made that transition, we’re still a support for them.
Jeff Harpel: I’ve had that experience too, where, in my case, the person who was going to take over was actually already identified, but they needed to pass the exam, and they also needed to get the experience. So, we act as the FINOP for that year. Typically, after that year we became support. They become the Main FINOP, and we gave them support, answered questions, built on their experience, filled in the gaps. It works real well, actually, for the client.
Clark Tucker: It’s important that potential clients understand that that’s actually a normal part of what we’re doing. It’s not as if we came in on a temporary basis, and then there’s some concern about ending the relationship, because this is a smooth off-ramp to the relationship. We can come in when they need immediate help and give them that help, and work with their people and get everyone trained up, and build the new norm of what needs to happen. And then, at the time when it’s appropriate to hand it off and reverse the roles, it’s not like we’re going to just walk away and they don’t have to feel like we have walked away. We just transition the role and continue to support them until that new person really is fully up and running. And that’s a very normal part of what we do.
Rob Hall: So that actually goes right into my next question. What are the common mistakes that an inexperienced FINOP might be making? Jeff, did you have to want to handle that one?
Jeff Harpel: I mean, to me the most common mistake, and I don’t know if I want to call it a mistake exactly, but it’s really that lack of knowledge or experience. It’s easy to read the rule book and think, “Okay, I got it. I’m going to go do this.” And you might not realize there are certain nuances or interpretations that regulators have that you have to take into account. I was younger once. I can say this: I think it’s kind of easy to be young and cocky and overconfident, and you gotta be careful. Don’t be afraid to ask a question, be afraid to say, “Hey, I need a little help on this.” I know all this. But there’s this one thing and it’s a very common mistake, is to not do that. You can end up in nice deep water if you do that.
Rob Hall: I know that I’ve called and asked you questions a number of times.
Jeff Harpel: Everybody, I mean everybody, pretty much I know or worked with in the FINOP world – people who have done the role and you call them and you ask questions. The field, in my estimation, and I think Oyster is a terrific example of how we help each other out. You know, the five minute question? We can save you millions of dollars down the road. So don’t be afraid to do that. Don’t be afraid to pick up the phone. And if it turns into a bigger question, well then we can help you in other ways. But ask questions. I think that’s advice to anybody starting out. You might call me and I have a whole bunch of other people I can also call, so it’s not just us. We’re leveraging that out. You get the best answers we can possibly get; if we don’t know, we find it.
Clark Tucker: I agree with that. To build on what Jeff just said, I think that if you’ve been in this business long enough, you realize that there are enough odd nuances to different things that makes you then understand you probably don’t know all of the questions. And if you have someone with different experience or more experience, that’s always a good thing because that person may see the unknown to you, and may know the question that should be asked, and then ask it and get the answer to it, or know whom to pull in a given a certain topic that someone based on limited experience might not register as a point of focus. But someone with experience and a team of people might be able to help in those peripheral ways that are not as obvious to a brand new person with a shiny license.
Jeff Harpel: Another mistake: You learn something and you think you got it. But if you’re not keeping up to date and current with anything that might change, what you learned five years ago, it might be wrong today. And if you’re not reading or attending conferences or talking to other people, it’s really easy to get into the trap of, “Well, that’s what I did before and it was always right and acceptable;” but it might not be today. So you’ve got to keep up, you’ve got to keep current, you’ve got to keep in touch with regulators, other industry leaders, and things like that.
Rob Hall: That’s a good point. Okay, so last year they came out with a new Principal Financial Officer versus Principal Operations Officer rule. What are your thoughts on that?
Clark Tucker: I think that this is an example of the industry finally recognizing the realities of the situation. A lot of funds and small firms with limited purpose – one line of business or what have you – the roles could be easily combined, etc. But in larger firms with different avenues of business and different functions, I think it is probably safely stated that it’s largely untrue that a single person actually had effective control of all of the many functions that were taking place. In my experience, at least the person that was really over the financial operations of the firm, had much less to do with the day-to-day operations of different departments, and this division of titles allowed for responsibility to be assigned at a more local level with yes, granted, still one single senior point of focus. But still, this allowed for different people to be responsible for their areas of expertise in their areas of responsibility at a more local level. I think this was a long overdue correction, that instead of having everything go to a single person, in allowing for a more accurate reflection of the business and how it’s being run. I celebrate it.
Jeff Harpel: I agree with that. For many years, especially if you were in a large, say clearing firm, you had to be very careful how you defined your roles or responsibilities in your job descriptions, and things like that. Because if you were the Principal Financial Officer or the Principal Operations Officer, you both had series 27 licenses and it was very easy for a regulator to say you crossed the lines. And this, I think, clarifies that greatly. So now you have a Principal Financial and the Principal Operations Officer, and they have their own set of expectations. I think it’s great. I agree with Clark.
Rob Hall: Now for small firms, though, it’s possible for the same person to fill both roles, correct?
Clark Tucker: It is. And it’s not a conflict either, because with a small firm, you typically have, obviously, much lower activity, but you also have different kinds of activity. You tend to focus the activity. It might be a private placement firm or an advisory firm, but they have very narrowly focused lines of business. Where I think it has become and did become an enormous problem was when you had larger firms or retail-oriented firms or clearing firms, where you had a cashiering function that would be on the operational side, but critically important, as opposed to financial accounting on the other side. Typically, the person that’s responsible for the financial accounting and the real books and the reporting doesn’t have as much to do with the day-to-day functioning of say, a cashiering unit. And that’s an example of where this allows each group to really be held to this level of responsibility and experience. And we’re not so blurring the lines by grouping all of this under one thing. That’s a good example there. But yes, in a small firm, the activity’s very different. The volume is very different. And generally speaking, I think that the specific day-to-day functions that are being processed are much more narrowly focused and much more easily supervised.
Rob Hall: Okay. Jeff, anything to add there?
Jeff Harpel: Not really. I think that’s exactly right.
Rob Hall: Well, what are the regulators looking for when they come in and do an audit of the financial responsibilities and net capital?
Jeff Harpel: Well, let me answer the first part of that. Going back to a previous question about mistakes, this can be a common mistake, and it also is a very easy area for regulators to pick up or pick out and pick on – the whole notion of documentation. It’s the old adage: if you didn’t document it, it didn’t happen. So we’re all used to that, be it compliance, auditing or whatever. But it’s very true for any of the finance functions, too. If you’re going to comply with the capital rules, you’ve got to be able to document that you’ve done the proper procedures and that, things you’re calling allowable are, and you’ve got to be able to prove it. And a lot of times you might have done it right, but you can’t document it. Particularly smaller firms might not be used to that level of documentation. So a common mistake, and also something regulators pick on is, have you documented everything that you say you’re going to do, is it there in the work papers? So one that’s common mistake, and examiners will look for it.
Speaker 6: Thank you. Make sure you initial the things that you have reviewed.
Clark Tucker: If you’re the FINOP, you’re the custodian of the firm’s books and records, and that’s clearly a numerated in the rules and you are, as Jeff said, responsible for ensuring that the firm is maintaining the right books and records in the correct manner for the appropriate amount of time, and that they’re easily accessible when they need to be. And that is certainly a responsible to you.
Rob Hall: Any other questions or comments that either of you guys think are pertinent?
Jeff Harpel: No, nothing’s that’s coming to mind.
Rob Hall: Then thanks to you both for sharing your experiences. Also, thanks to everybody for listening. If you have any questions about what we’ve discussed or other FINOP questions, or if you have any topics that you’d like us to discuss in the future, feel free to call us at 804-965=5400, or visit our website at www.oysterllc.com.
Effective Expert Witnesses – December 4, 2019
Libby Hall: Hi everybody. I’m Libby Hall, your host for today’s podcast. Selecting the right expert witness can affect the duration and outcome of your case. Today, I’m joined by Oyster Consulting’s General Counsel Patrick Dennis and Consultant Andy Favret, who will be discussing the typical industry cases they’ve been a part of and how to be an effective expert witness.
Libby Hall: Patrick is one of Oyster Consulting’s founders and he frequently acts as an expert witness on a variety of financial services industry topics. Patrick has been in the securities industry for 30 years. He previously worked for the SEC’s Division of Enforcement, and was also General Counsel for Wachovia Securities and Banc One Securities. Andy also has over 30 years of experience in the industry. Prior to working at Oyster, Andy served as Regional Chief Counsel in the FINRA South Region, and Andy has provided expert witness services in FINRA and JAMS arbitrations and civil and criminal court proceedings. With that, Patrick, I’ll hand it over to you.
Patrick Dennis: Thanks. Andy, I know you and I testified about a number of different things, somewhat different. Tell me a little bit about some of the areas that you’ve testified about.
Andy Favret: I’ve primarily been hired as an expert in FINRA rules and regulations and, to some extent, on SEC rules and even some state rules. Typically the most common things I’ve been asked to opine on have been interpretations of federal rules on suitability and supervision. Those are sort of the bread and butter topics that I’ve seen in securities litigation and arbitration. But I’ve been surprised at how many other somewhat more obscure rules are called into play and those have been included FINRA rules involving membership agreements, obligations of firms to disclose accurately on forms U4 and U5, debt security markups – anything typically that would enable a fact finder to gain information that might not otherwise be available to them.
Patrick Dennis: Before we move on, I know you’ve done a lot of work on the variable annuity stuff, and that was one of the areas of expertise you had when you were at FINRA. Have you testified about variable annuity issues? I know we’ve talked to a number of firms about that, but I don’t know whether you’ve testified about that yet.
Andy Favret: I have had an opportunity to testify in one case about that. I’ve actually been retained in two others. One, which is still pending, to talk about the evolution of the variable annuity suitability rule, and because that’s a more complex type of instrument, it has been the type of area that both lawyers and arbitration panels do need expert testimony. And so you’re right, that has been one that I’ve found that I’ve been able to add some benefit to.
Patrick Dennis: I know I’ve testified about a number of the similar things that you have – suitability and supervision, and things like that. But I’ve also ended up testifying a lot about investment advisory issues: both requirements, the obligations, due diligence required of an investment advisor, and recommending hedge fund investments, and some things like that. I’ve also done a lot of work on the role of investment advisors versus clearing firms, and testified a lot about margin and margin issues that seem to pop up a lot, both on the clearing firm side of course, and then on the investment advisory side. But I’ve had some pretty obscure, investment advisory issues as well, including one in which the guy wanted to do principal trades in an investment advisory account, which created some issues. You can do it, but you have to do a bunch of work in advance. And they have testified about (Form) U5 and issues and concerns about that, and firms’ obligations, and things like that. But Andy, tell me a little bit about your thoughts on the role, on your role as an expert when you’re retained. What are they looking for and what do you think you provide?
Andy Favret: Well, at the outset, what you’re looking at primarily are documents, and typically there’s sort of a document dump, but the beginning of an engagement, where you’re reviewing statement of claim and the answers and exhibits that are going to go into the case, you typically are gonna look at a firm’s written supervisory procedures or aspects of it. So, at the outset and most commonly, you’re reviewing a lot of documents. But I’ve been surprised at how far beyond just document review the scope of engagement may go very often. We’re called upon to provide assistance to the lawyers litigating the case for purposes of trial preparation. They want to bounce ideas off you, they want you to review copies of pre-hearing submissions briefs. They want to talk about witnesses and ways to approach their examination of witnesses, both your own and witnesses from the other side. So, a lot of the role goes beyond just document review and providing the actual expert opinion and includes as well, assistance in trial preparation, which is very rewarding and often extends into the hearing itself. Where during the conduct of the hearing, you’re huddling with the lawyers and really discussing strategy on a day-by-day basis.
Patrick Dennis: Yeah, I think my experience is the same. It’s interesting. It sort of runs the gamut from being very much involved, including strategy and feeding questions when the other side’s expert is testifying to figuring out who the right people are to testify. Other stuff we want to try and get in and stuff we want to leave out. I get involved in a lot of those. And it’s interesting because I’m talking to somebody right now about a case that’s about a year away in federal court in Boston. I have done a bunch of federal court cases. I’ve done some state court cases, a lot of FINRA. And you know, it’s interesting because sometimes you’ll get called a year in advance or so to testify, and there’s a lot that needs to be done. In other cases it seems like you’re getting called at the eve of the 20-day exchange on a FINRA arbitration, or sometimes even after the 20-day exchange because they’ve gotten the witness list for the other side, and they’re thinking about you as a rebuttal witness. So it really kind of varies a lot in terms of how much lead time we get, how quickly we need to be able to review the documents, and things like that. But what’s your experience been?
Andy Favret: My experience is very much the same. I’d like to go back to one thing you said when you talked about our role. I’ve also had a recent experience where the lawyers for the client wanted me to sit down with the client and advise them as to the whether or not they should settle the case. In other words, prior to the hearing, whether they had a good case, whether it made sense to settle, not how strong their case was. So you may have situations where you’re dealing directly with a client and basically providing the advice. But getting back to your discussion about time considerations, there’s a real discrepancy. There’s a lot of hurry up and wait, where you get documents provided, as you said, sometimes 20 days out, when there’s a sudden need for an expert and the retention agreements put into place.
Andy Favret: Other times you might find with a continuance or a postponement that a lot of the work that you’ve done hurriedly before the hearing, then it gets put off three or four months. And you’re really in a situation where you’ve got to keep good notes so that when you go back three months later to readdress particular issues, you’ve got the notes in front of you and it’s relatively easy to refresh yourself. You don’t want to be in a situation where you have to start all over again, so you’ve got to be a quick study in this kind of engagement because documents come in, and suddenly lawyers are frantic to have you take a look at something if they’ve got a deadline approaching. But you’ve also got to recognize the fact that sometimes things are going to be postponed and put off. Neither of those are situations you really have a lot of control over. You just have to be as adaptable as possible.
Patrick Dennis: Right. You know, it sort of reminds me of the fact that you and I aren’t the only ones that do this for Oyster. We’ve got a couple of other folks that do a lot of expert testimony and, and one is Bill Reilly in Florida. Bill was with the state of Florida Financial Services Division for 30 years, and has been with us seven or eight years now. He does a lot of testifying on a lot of state issues and a lot of broker-dealer examination issues, because he ran the training program for broker-dealer examiners for NASSA for a big part of the 30 years he was there, and they still call on him to come in and run that training. So that’s one issue that we get calls on a lot. The other thing is Evan Rosser, who was at FINRA as well.
Patrick Dennis: Evan was there for 20 plus years, and sort of the liaison between the exam staff and the Enforcement Division, and has some unique insights into FINRA and those kinds of issues. One of the things that has come is the rates and what we charge, and what experts charge. I agree with you. I’ve talked about the fact that we think that a lot of times experts are considered a luxury. They’re sort of on top of all the other money that’s getting spent in litigation. So, I know we’re sensitive to costs, we’re sensitive to rates, we try and work with folks and are flexible. What are your thoughts on that?
Andy Favret: Well, we have all sorts of different clients, and some of them are big operations that don’t think twice about hiring an array of experts to litigate an important case. But others are smaller clients, where costs are very much the sensitive issue. And I’m certainly aware in my dealings with these clients that there are instances where the retention of an expert is viewed as something of a luxury. Sometimes it’s one of the costs that are incurred in the weeks leading up to a hearing. They’re sensitive to spending extra money, not withstanding the fact that they recognize the importance of having the expert there. So we do have to be cost conscious, especially with certain of our clients. We’ve got to be efficient because you want to make sure you’re not spending too much time going over documents that may not be important to a hearing.
Andy Favret: I’ve found it’s very helpful to talk to counsel to make sure that the documents and the time that I’m spending is useful for a hearing, and not just sort of make-work, because we don’t want to spend the client’s money unnecessarily. That being said, we recognize the importance of being thoroughly prepared when you go into a hearing because there’s nothing more important to the client than having an expert who is, in fact, up to speed on both the facts of the case and the law involved in the case. So we’re thorough. We try to be very well prepared, but at the same time, we understand that we don’t want to be spinning our wheels reviewing materials that ultimately may not be necessary. It’s interesting you bring up Bill Reilly in your discussion of our experts. There have been at least two instances that I’ve had in the midst of an engagement where an issue of Florida state law has come up either during or hearing or leading up to a hearing.
Andy Favret: I’ve been able to pick up the phone to Bill and get a resolution of that issue quickly. He’s very well rehearsed on Florida state regulations, and it’s great that at Oyster we have a deep bench of other experts that you can call on in the middle of an engagement to get additional advice. I’ll tell the client that – I’ll say, “I’ve got a colleague that can help us out on this. Do you want me to put in a call?” Invariably they say yes, and, as I said, in at least two instances, Bill particularly has really come through.
Patrick Dennis: One of the things that I think we ought to talk about, because I think it’s critically important as an expert, is that you have to come off as being credible. You have to have integrity, meaning you don’t testify about things you don’t know or you don’t get out over your skis as they say, because you’re arguing too far over your skis to help reach some opinion that somebody wants. That’s not our job. Our job is to make sure that we’re solid on the testimony and information we’re providing. I think that that’s critically important, that we maintain our integrity. I’ve been lucky enough that most of the folks that I’ve testified for have said that I am very, very credible, and I think part of that is because if I don’t know something I say, “I don’t know it.” If it’s something I’m not comfortable with, I don’t try and stretch the limits of my knowledge or my experience. I think that’s critically important. And I will say, this has happened a number of times, where folks have called us and we don’t really have the right expert. People have been kind of shocked that I’ve called people back or, sent them an email and say I’m not sure I’m the right person, but you might want to try this person or that person or other folks that I’ve met in my career that I think could testify and could do a good job for you. People appreciate that. I think I’ve gotten a number of calls from folks that they’re surprised that I will do that, but it’s more important that we maintain our reputation and our integrity and help people find somebody. They’ll come back and they’ll talk to us again if they have a need again.
I very much agree, Patrick, on the credibility issue, especially you and I, as former regulators, I think that’s the one thing we have in our favor as an expert testifying before fact-finders. There have been instances where I’ve testified or given an opinion on four items, but not on the fifth. I’ll very candidly say, “No, that’s not something I’m really prepared to testify about.” Or, even in some instances after discussions with counsel, we’ll give testimony that works in some fashion against our client because you want to come out Foursquare in terms of integrity and credibility. I think that very much helps you in front of an arbitration panel or a judge or a jury where you can be 95% in favor of the client. But if 5% say, “Yeah, there was a problem there,” and be skillful enough to sort of talk your way around it without losing credibility and without casting any aspersions on your clients. So I agree and I think especially for us as former regulators, that rings even more true that we want to be in a position where our integrity is unquestioned.
Patrick Dennis: I agree completely. I think that’s critically important both for our own personal reputations as experts, and for the reputation of Oyster. With that, Andy, thanks for your time and I really appreciate your thoughts. Hopefully folks can use this to learn a little bit about Oyster and about what we do as expert witnesses, and about expert witnesses in general, in terms of what folks should be looking for when they’re looking to hire an expert. So with that, thanks very much.
Libby Hall: Thanks again for listening to the Oyster Stew podcast. Don’t forget to subscribe so we can help you make the best decisions for your firm. If you’re struggling with a topic and you’d like us to do a podcast on it, or you’d like a free consultation, please reach out to us at (804) 965-5400 or visit our website at www.oysterllc.com.
Advertising Rule Part 1 – November 20. 2019
Molly Bryson: Hello everyone. I’m Molly Bryson, your host for today’s podcast, Part 1 of a two-part series talking about the SEC’s proposed advertising rule changes. Today we’re discussing the difference between the current rule and proposed changes. Next week, in Part 2, we will talk about pertinent enforcement cases and the impact of Reg BI on marketing and advertising. I’m joined today by Oyster Associate Director, Bill Rielly and Senior Consultant Michelle Craft. Bill’s been with Oyster for seven years. Prior to that, Bill was a state of Florida regulator for 30 years. He has deep experience with broker dealer and investment advisor compliance programs and frequently acts as an expert witness. Michelle Craft has been with Oyster for eight years and in the financial services industry for 24 years. She has held various roles from Registration Analyst to Chief Compliance Officer for regional and national broker dealers as well as investment advisors. So let’s get started. Bill, could you start us off?
Bill Reilly: The current SEC Rule 206 of the Investment Adviser Act defines an advertisement as: any notice, circular, letter or written communication addressed to more than one person; or any notice or other announcement in any publication by radio or television, which offers any analysis, report, publication, concerning securities or which is to be used in making any determination as to whether or not to buy/sell any security, or what security to buy or sell; any graph, chart, formula, or other device to be used in making any determination as to when to buy or sell a security; or which security to buy or sell. And lastly, any other investment advisory services with regard to securities. Now, one of the things that’s important to point out here is that there is an industry standard for advertisements. And that standard is that an advertisement may not contain any untrue statement of material fact or which is otherwise false or misleading. In essence, all advertisements must be fair and balanced.
Michelle Craft: That’s correct. So on November 4th of 2019 the SEC did publish, the proposed changes to the advertising rule. This is going to be the largest change in the advertising rules, or any change to the advertising roles since 1961. We discussed here internally that many of the people who are currently in the financial securities industry weren’t even born when this rule was originally written. So this is a big change. It helps to address the technology advances that we’ve had over the years and how the industry as a whole has evolved since 1961. So one of the biggest changes is the actual definition of advertisement. So it’s now going to be more broadly defined as any communication that’s disseminated by any means, by or on behalf of an investment advisor, that offers or promotes investment advisory services or that seeks to obtain or retain advisory clients or investors, in a pooled investment vehicle that’s advised by the advisor. Now, there are a couple exclusions to the definition when we talk about any communication disseminated by any means. They do specifically exclude from the definition of advertisement oral communications that are not broadcasted, responses to certain unsolicited requests for specified information, any other sales material, that may be within the scope of another commission rule and any information that is contained in a statutory or regulatory notice or filing or other communication. And that would include things like the ADV Part 2 brochure because that’s a regulatory filing, well, required filing or notice that would not fall under the definition of an advertisement.
Michelle Craft: Now, under the proposed rules, the general prohibitions do remain the same. So you can’t make any false or misleading statements, omissions of material fact. You can’t have any unsubstantiated claims. You have to provide a balanced presentation. You can’t talk about the benefits and not also talk about the risks, including or excluding any performance results or other performance information or time periods in a manner that is not, again, balanced or fair; and any other information that they would otherwise deem to be materially misleading. It seems like basic common sense, but ultimately those are the general prohibitions. I think something that we’d like to do is kind of look at the risk alert that was issued back in 2017 by the SEC that really targeted what were the areas of advertising that were most frequently identified as advisers violating the advertising rules and kind of comparing contrast how the proposed rules are being addressed. So when we look at what the violations were in the past and what the issues were that were as a result of the former advertising rule, and then kind of looking forward at how the proposed rule is intending to address some of those areas. So I’m going to toss it back to Bill to kind of kick us off on some of the different areas that we want to address: current role versus proposed role.
Bill Reilly: Yes. Thank you Michelle. And one of the things that, again, I’m going to talk about is the current rule, and we’ll talk about their proposals and we’ll move forward from there. But one of the first areas that was discussed in the 2017 risk alert, was advertising concerns that the Commission had regarding Registered Investment Advisors presenting performance results without deducting advisory fees. And, of course, the regulation requires that the performance results must be net of fees. Another area that the SEC talked about was that the Registered Investment Advisors compared results for a benchmark but did not include disclosures regarding the limitations of such comparisons. An example of that is the advertised strategy material different from that of the benchmark. It’s very important to make sure that all of that information is included and analyzed. And one other, one last area under the current rules for a misleading performance results is that the advisor included hypothetical and backtested performance results without explaining how these returns were derived. Again, one of the things that we’ve talked about are full and fair disclosure – disclosure of the good, disclosure of positive and disclosure of the risks. In many of these situations, these performance results did not present both sides of the equation.
Michelle Craft: Okay. So again, when we think about what the proposed rule states, they’ve kind of broken it down into a couple of categories. You have some performance information in general – they have defined there are certain prohibitions or would be certain prohibitions. Number one, gross performance results. Unless it is provided with a schedule of fees and expenses deducted to calculate net performance, you cannot use gross performance, unless you are providing that schedule of fees and expenses deducted to calculate net performance. Where before you basically were told that you could only do net performance, now they’re saying that you can potentially provide gross performance, but only if it isn’t accompanied by that schedule of fees and expenses that would allow someone to calculate the net performance. In addition, no statement that the calculation or presentation of performance results have been approved or reviewed by the Commission.
Michelle Craft: We keep in mind that there are many places where the Commission does not, not allow us to make a statement that it has been reviewed, approved, or endorsed by the commission. Think about your Form ADV Part 2 disclosures. That is a statement that you have to make in your ADV. If you state that you are a Registered Investment Advisor, you must make the statement that the Commission has not reviewed or approved, and is not endorsing your Registered Investment Advisor. In addition, performance results with fewer then all of your portfolios was substantially different investment policies, objectives or strategies as those being offered or promoted in the advertisement, with a limited number of exceptions, would also be prohibited. Performance results of a subset of investments that were extracted from a portfolio, unless it provides or offers to provide, promptly the performance reviews of all investments in that portfolio would also be prohibited.
Michelle Craft: When we think about hypothetical performance, unless the advisor has adopted and implemented policies and procedures that are designed to ensure that the performance is relevant to the financial situation and the investment objective of the recipient, and the advisor provided certain information underlying the hypothetical performance. So again, the hypothetical performance has to be relevant and it has to describe why it is relevant to the information that you’re providing. If it’s an advertisement that’s targeted towards a retail audience, additional protections would also be provided. They wouldn’t require that the presentation, the net of fees alongside any growth performance. So again, we talked about the general prohibitions that gross performance would not be allowed, unless you provided a schedule of fees and expenses that would give you the ability to deduct and calculate the net performance. If it’s targeted towards a retail audience, you would be required to present net of fees along with any presentation, gross of performance. Requiring that the presentation of any performance results in any portfolio or certain composition aggregations for the one-year, five-year and 10-year period. So they’ve gotten very specific in that you have to provide it for specific time periods as well. And again, that is for advertisements targeted to retail investors.
Bill Reilly: Okay, well let’s, let’s talk for a few minutes about some other provisions that were, that are in these release. And one of them is cherry picking of profitable stocks elections under the proposal. Now, one of the things that all of us are familiar with are cherry picking. It’s the generally used in review of client accounts, and it’s placing favorable transactions into certain preferred accounts. So that itself is a general definition cherry picking. But in the definition of cherry picking of their profitable selections under the proposed rule, in a lot of situations the RIAs included only profitable stock selections in their recommendations and presentations, client newsletters, on their website. And the advisor failed to furnish a list of all recommendations made by such investment advisors during the proceeding year. In essence, what we’re talking about here is taking the good information, highlighting that and not presenting a balanced approach by providing the not so favorable recommendation.
Bill Reilly: So a very, very serious problem there. The next section we want to talk about is misleading selection or recommendations. And what the Commission found is that advisors disclose past specific recommendations that may have been misleading because they included only certain and not all recommendations in order to illustrate an investment strategy. Again, one of the things is that all advertisements must be fair and balanced and when you’re not providing the positive information and either not providing or downplaying the “not so positive” or negative aspect of the recommendations, the Commission is going to come in and question those activities. And also the OCIE staff observed that advertisements may not have been consistent with these representations. A good example of this is disclosing that specific recommendations did not represent all securities purchased, sold or recommended to clients during that period, and discussing an advertisement to profits realized by specific recommendations.
Bill Reilly: Again, fair and balanced advertisement disclosed the positive information, but also it’s necessary to provide the downside and the risks associated with any type of recommendations. The next area that we want to talk about, is compliance policies and procedures. Just like a lot of other areas, the Commission requires firms to have policies and procedures relating to advertisements. One of the things that the Commission found is that advisors did not have or did not implement policies and procedures concerning the following issues. First issue: the process for reviewing and approving advertising materials prior to their publication or dissemination. Many firms will have a pre-approval policy in place. The next one was, when using composites determined in the parameters for which accounts were included or excluded from performance calculations. I think in many situations there was positive information presented at the expense of some negative information. And the last is confirming the accuracy of performance results in compliance with the advertising rules. Now, we’re going to turn it back to Michelle. She’s going to address a little bit about the policies and procedures under the proposed regulation.
Michelle Craft: Thanks Bill. So under the proposed rule, similar for those of you that are FINRA registered firms or dual-registered firms, FINRA has said for a long time that you had to have pre-review and approval of communications with the public or advertising; that they had to be reviewed by a designated principal prior to the distribution or dissemination of any advertising material. The proposed rule follows suit with that and is going to require Registered Investment Advisors to have an internal pre-use review and approval process. All communications, all advertisements would have to be previously reviewed and approved by the designated employee. So, unlike on the FINRA side, you would have a series 24, Series 910 principal that would be responsible for reviewing and approving advertisements or communications with the public prior to dissemination. They don’t have that same designation of the individual on the Registered Investment Advisory side, but nonetheless the firm will need to designate an individual that is responsible for reviewing and approving prior to dissemination of any advertisement.
Michelle Craft: Now, there are a couple of exceptions to when it will not be subject to that prior review and approval standard. That is for communications that are disseminated solely to one individual or household, or single investor in a pooled investment vehicle, or in the case that it’s a live oral communication, that’s broadcasted on the radio, television, the internet or, or some other similar medium. And obviously, because it’s broadcasted live, it can’t be reviewed and approved prior to dissemination. So those would be the only two instances. Moving forward, if the proposed rule was approved as currently written, you would not need prior review and approval of an advertisement.
Bill Reilly: Okay. Let’s go back and talk about the current rule and the misleading use of third party rankings or awards. A Couple of things that the Commission found during their reviews was that advisers advertised accolades that have been obtained by submitting potentially false or misleading information. The applications for such accolades that advisors published were marketing materials that referenced outdated rankings, advertisements that refer to the IRAs’ high rankings, and various publications were issued several years prior where the rankings were no longer applicable. It’s very important that information that is provided to clients is current as opposed to, in some situations, it’s indicated from information that may have been several years old. Also, advisers published potentially misleading advertisements that did not disclose irrelevant selection criteria for the awards or rankings, or who conducted the survey. Again, fair, balanced, and transparent are general observations that are made about advertising.
Bill Reilly: And lastly, the Commission found that IAs failed to disclose the fact that they had paid a fee to participate. The Commission found that investment advisors failed to disclose the fact that they had paid a fee to participate in or distribute the results of the survey. Anytime we’re talking about monies or services being paid or exchanged, it’s important for that information to be, to be disclosed. And in many situations, the payment of these monies and so forth might actually even be discouraged from being utilized in this use of their party rankings. Michelle….
Michelle Craft: So under the proposed rules, they will allow the use of third party rankings. They are going to require that there be specified disclosures and there has to be certain criteria included in those disclosures when pertaining to the preparation of the rating or ranking or accolade. So, similar to what Bill was just mentioning, all of those little highlighted areas that the SEC picked apart, those are the specific disclosures that you’re going to need to include. So they’re going to allow them, you need to state whether or not you were paid a fee or that you paid a fee to circulate the survey. You need to substantiate what was the criteria for earning the accolade, what is the calculation and or methodology for the rating being granted. So now all of that information is clearly spelled out in the proposed rule – that you have to clearly define how did you obtain it, what was the criteria for obtaining it? What is the methodology of any rating that’s being used? And if you’ve earned an award or you have paid any money to circulate the results of that survey, all of that information has to be there.
Bill Reilly: And the last area that we’re going to talk about under the 2017 release is dealing with testimonials. One of the things that the Commission found is that Registered Investment Advisors presented statements of clients attesting to the RIA’s services or endorsing the RIA, that may be prohibited under the testimonials. And what we’re talking about here are client endorsements published on websites, social media pages, reprints or third party articles, or pitch books. I think this is one area that is going to be a major change on the proposed rules that Michelle’s going to talk about in a second, that will allow certain types of testimonials to be provided by Registered Investment Advisors. So Michelle, why don’t you talk about that?
Michelle Craft: Yes, that is correct. So again, this is another one of those areas where the SEC has looked at FINRA rules. So FINRA would allow a broker-dealer to post a testimonial or to have an endorsement posted on a public website or on a social media page. The one caveat to the FINRA rule is that if you paid the individual for the testimonial for it to make any kind of endorsement, that information has to be disclosed. So under the proposed SEC advertising rules, this will follow suit. They are going to allow testimonials; however, it is going to be subject to those specified disclosures, including whether the person that is giving the testimonial or the endorsement is a client and whether or not compensation had been provided by or on behalf of the advisor for that testimonial and or endorsement.
Michelle Craft: And again, I think as Bill mentioned, one of the biggest areas we expect this to be impacted on is… as we know, advisors are using LinkedIn. LinkedIn has that section out there where you can endorse and/or provide some sort of recommendation, based on the services that you’ve received from that advisor. That’s an area that many firms have just completely said, “You need to turn that off on your LinkedIn account so that someone can’t inadvertently put information out there that would be in violation of the rule.” So that is an area I think that will have a potentially large impact for some firms if they allow people to turn that function back on. They can have their clients now provide a testimony, a testimonial, and or endorsement out on LinkedIn. They’ll still want to monitor, obviously, what is being posted there, and they may choose to still not allow it. But certainly under the proposed rule, if it is approved as written, it would allow for testimonials.
Molly Bryson: Thanks Michelle and Bill. Well, I think we covered a great deal about the differences between the current advertising rule and the proposed changes. Be sure to tune in next week as we talk about SEC enforcement actions and how Reg BI will impact marketing and advertising. I think a lot of people are going to be very busy in the upcoming months. If you have any questions about anything we’ve discussed today or if you have a topic you’d like to hear in a future Oyster Stew podcast, please feel free to call us at (804) 965-5400 or visit us at www.oysterllc.com
All content © 2019