Securities Industry Commentator by Bill Singer Esq

August 24, 2020

SEC Proposes Data Security Enhancements to the CAT NMS Plan (SEC Release)

Update on the Consolidated Audit Trail: Data Security and Implementation Progress (SEC Release)

http://www.brokeandbroker.com/5389/edward-jones-ameriprise-tro/
Most games have rules. Even if a rule is carved in stone, however, it's usually open to some interpretation, which is why we got umpires, referees, judges, and scorers, who see what we see but make a call that half of us think is right, half of us think is wrong -- and even when we go to the video, the tape shows a play that's too close to call. Then you have professional sports where there is a whole mess of so-called unwritten rules. All of which seems to come into play in a recent effort by Edward Jones to enjoin one of its former employees who joined Ameriprise.

SEC Proposes Data Security Enhancements to the CAT NMS Plan (SEC Release)
https://www.sec.gov/news/press-release/2020-189
The SEC proposed amendments to the national market system plan governing the Consolidated Audit Trail
https://www.sec.gov/rules/proposed/2020/34-89632.pdf to bolster the CAT data security that purport to limit the scope of sensitive information required to be collected by CAT and enhance the security of the CAT and the protections afforded to CAT data. 

Update on the Consolidated Audit Trail: Data Security and Implementation Progress (SEC Release by Chair Jay Clayton, Division of Trading and Markets Director Brett Redfearn, and Senior Policy Advisor/Regulatory Reporting Manisha Kimmel)
https://www.sec.gov/news/public-statement/clayton-kimmel-redfearn-nms-cat-2020-08-21
As alleged in part in the SEC Release [Ed: footnotes omitted]:

Today's proposal seeks to accomplish a number of security-enhancing goals including: (1) providing greater oversight, consistency and transparency regarding the appropriate use of CAT data, (2) requiring use of secure analytic workspaces (SAWs) for the analysis of large data sets permitting exceptions only when non-SAW environments are subject to third party security assessments and monitoring, (3) incorporating specific restrictions for the access and analysis of customer and account information including required use of the SAW and a defined workflow, (4) removing sensitive PII from CAT reporting requirements in accordance with the March 2020 PII Exemption Order in order to bring greater certainty to market participants that CAT reporting requirements do not include social security numbers, account numbers and dates of birth, and (5) preserving and enhancing existing security requirements.

Statement on Proposed Amendments to the National Market System Plan Governing the Consolidated Audit Trail to Enhance Data Security (SEC Commissioner Peirce)
https://www.sec.gov/news/public-statement/peirce-nms-cat-2020-08-21
In part, SEC Commissioner Peirce notes that:

As I have said elsewhere,[1] the CAT treats every American as a presumptive wrongdoer.  The CAT will watch everything you do in the securities marketplace, record it for employees of the SEC and self-regulators to monitor, and store it in databases that hackers undoubtedly will attack.  The discomfort we feel about similar monitoring in other marketplaces is something we should also feel when the government watches our every move in the financial markets. 

For the purpose of proposing a settlement of rule violations alleged by the Financial Industry Regulatory Authority ("FINRA"), without admitting or denying the findings, prior to a regulatory hearing, and without an adjudication of any issue, Christopher T. Hildebrandt submitted a Letter of Acceptance, Waiver and Consent ("AWC"), which FINRA accepted. The AWC alleges that Christopher T. Hildebrandt was first registered in 1998 and by 2003, he was registered with FINRA member firm Principal Securities, Inc. The AWC alleges that Christopher T. Hildebrandt "does not have any disciplinary history with the Securities and Exchange Commission, any state securities regulators, FINRA, or any other self-regulatory organization." In accordance with the terms of the AWC, FINRA found that Hildebrandt had violated FINRA Rule 2010; and the self regulator imposed upon him a $5,000 fine and an four-month suspension from association with any FINRA member in all capacities. As alleged in part in the AWC: 

Between 2009 and 2017, Hildebrandt altered approximately 90 documents, including new account forms, ACH transfer requests, and distribution forms. He then submitted those forms to the Firm. Hildebrandt falsified the documents by reusing signatures and using correction fluid to conceal information already entered, like signature dates. He also altered dollar amounts on distribution forms, and corrected or added information (e.g., account numbers and misspelled names) by use of correction fluid and/or ink. He did so as an accommodation to approximately 30 customers. The underlying transactions were all authorized. 

For the purpose of proposing a settlement of rule violations alleged by the Financial Industry Regulatory Authority ("FINRA"), without admitting or denying the findings, prior to a regulatory hearing, and without an adjudication of any issue, Joseph P. Woitkoski submitted a Letter of Acceptance, Waiver and Consent ("AWC"), which FINRA accepted. The AWC alleges that Joseph P. Woitkoski was first registered in 1998 and by 2010, he was registered with FINRA member firm Raymond James & Associates, Inc. The AWC alleges that Joseph P. Woitkoski "does not have any disciplinary history with the Securities and Exchange Commission, any state securities regulators, FINRA, or any other self-regulatory organization." In accordance with the terms of the AWC, FINRA found that Woitkoski had violated NASD Rule 2510(b), and FINRA Rules 2010 and 4511; and the self regulator imposed upon him a $7,500 fine and an 30-business-day suspension from association with any FINRA member in any capacity. As alleged in part in the AWC: 

From January 1, 2017 to August 17, 2018, Woitkoski placed approximately 900 discretionary trades in 17 separate customer accounts. Over the course of longstanding relationships, the customers gave authorization to Woitkoski to exercise discretion in their accounts. However, Woitkoski did not have written authority from the customers to exercise discretion in their accounts. Additionally, Woitkoski never requested or obtained approval from Raymond James to exercise discretion in the customers' accounts.

In May 2017, Woitkoski also completed a compliance questionnaire in which he inaccurately stated that he did not exercise discretion in any non-fee based accounts. 

. . .

From January 1, 2017 to August 17, 2018, Woitkoski mismarked order tickets for approximately 120 trades as "unsolicited" when the trades were his idea. Woitkoski had no communication with the customer for at least a week prior to entering the subject trade orders.