Enforcement Actions
Financial Industry Regulatory Authority (FINRA)
CASES OF NOTE
2011
NOTE: Stipulations of Fact and Consent to Penalty (SFC); Offers of Settlement (OS); and Letters of Acceptance Waiver, and Consent (AWC) are entered into by Respondents without admitting or denying the allegations, but consent is given to the described sanctions & to the entry of findings. Additionally, for AWCs, if FINRA has reason to believe a violation has occurred and the member or associated person does not dispute the violation, FINRA may prepare and request that the member or associated person execute a letter accepting a finding of violation, consenting to the imposition of sanctions, and agreeing to waive such member's or associated person's right to a hearing before a hearing panel, and any right of appeal to the National Adjudicatory Council, the SEC, and the courts, or to otherwise challenge the validity of the letter, if the letter is accepted. The letter shall describe the act or practice engaged in or omitted, the rule, regulation, or statutory provision violated, and the sanction or sanctions to be imposed.
September 2011
Nanes, Delorme Capital Management LLC
AWC/2009016349601/September 2011

The Firm failed to preserve, for a period of not less than three years, the first two years in an easily accessible form, all email correspondence relating to the firm’s business.

The emails involving research and emails viewed by the firm as administrative or technical were deleted, emails were not indexed and were not easily located; consequently, the firm was not able to locate various emails sent or received in one year in response to FINRA requests. The firm failed to preserve all emails relating to the firm’s securities business exclusively in a non-rewritable, non-erasable format as required by SEC 13 September 2011 Rule 17a-4(f)(2)(ii)(A). Not only were individual emails users able to delete emails, in which case, they would not be stored, the medium that the firm used to back-up and store emails was rewritable and erasable. FINRA found that the electronic storage media the firm used did not automatically verify the quality and accuracy of the storage media process, and the firm did not have in place an audit system providing for accountability regarding inputting of records required to be maintained and preserved by electronic storage media. FINRA also found that the firm failed to engage at least one third party who has access to, and the ability to, download information from the firm’s electronic storage media to another acceptable medium, and who undertakes to promptly furnish to FINRA information necessary for downloading information from the firm’s electronic storage system and provide access to information contained on its storage system. In addition, FINRA determined that the firm failed to retain records evidencing supervisory review of email correspondence of registered representatives relating to the firm’s securities business. Moreover, FINRA found that the firm failed to report transactions in TRACE-eligible securities to TRACE that it was required to report, and failed to report the correct price for transactions in TRACE-eligible securities to TRACE. Furthermore, FINRA found that in connection with corporate bond transactions, the firm failed to prepare brokerage order memoranda, in that order memoranda did not show the account for which the order was entered, the time the order was received, the order entry time, the execution time and the identity of each associated person responsible for the account. (FINRA Case #)

Nanes, Delorme Capital Management LLC : Censured; Fined $15,000 (FINRA imposed a lower fine in this case after it considered, among other things, the firm’s revenues and financial resources)
Tags:  Electronic Storage    Email     |    In: Cases of Note : FINRA
Bill Singer's Comment
Two major no-no's.  One, you can't allow individuals to delete emails from the archival system.  Two, using rewritable/erasable formats defeats the purpose of a compliance-based protocol.
Nicholas C. Dito
AWC/2009020432101/September 2011

Dito obtained possession of a computer flash drive that contained non-public customer account information and mined out selected excerpts for his own use by emailing the information, on separate occasions, to his member firm email address. Among other things, the flash drive contained approximately 350 account statements of customers from a FINRA member firm -- each of the customer account statements contained in the flash drive displayed non-public financial information including customer names, addresses, account numbers, financial positions, broker identification numbers and account values. Subsequent to reviewing the contents of the flash drive, Dito copied customer account information from the non-public customer account information contained in the flash drive.

The first email he sent to his firm email address contained the names and addresses of approximately 300 customers, which Dito had copied directly from FINRA member firm customer account statements contained in the flash drive. Dito intended to use the customer account information contained on the first email to cold-call prospective customers.

The second email Dito sent to his firm email address consisted of a listing of financial positions on the flash drive that were for a FINRA member firm securities account a customer owned that showed the customer’s equity stock holdings and their total net value. 

Dito failed to fully cooperate with FINRA and answer all of FINRA’s questions at an on-the-record examination.

Nicholas C. Dito : Barred
Tags:  Email    Computers    Electronic Storage     |    In: Cases of Note : FINRA
Bill Singer's Comment
I'm sort of understanding this case but only to the extent that FINRA's alleging that Dito apparently intended to misuse confidential customer information.  As to the issue involving his copying of a customer's holdings and valuation, I'm not fully understanding the charge.  Based upon FINRA's monthly report, it appears that Dito simply copied the data on the flash drive and sent it to his email address.  I get that and understand the concerns inherent solely in that act; however, it seems a bit of a double-dip to additionally complain that not only did Dito copy all the data on a flash drive but that he also copied a specific sub-set (here, the customer's positions).
August 2011
Indiana Merchant Banking and Brokerage Co., Inc.
AWC/2009016067901/August 2011

The Firm failed to evidence any review of incoming or outgoing written and electronic correspondence; failed to review the incoming and outgoing electronic correspondence of its CCO’s personal email account that he used to conduct securities related business, and the CCO had business cards with his personal email address included.

The firm failed to maintain its electronic correspondence (email) and electronic internal communications (email) for almost two years, and failed to maintain the incoming and outgoing electronic communications of an individual’s personal email account used to conduct business. The firm failed to notify FINRA prior to employing electronic storage media.

The Firm failed to file an attestation by at least one third party who has access and the ability to download information from its electronic storage media to an acceptable media for such records that are exclusively stored electronically. The firm’s electronic storage media failed to have in place an audit system providing for accountability regarding inputting of records required to be maintained and preserved, and inputting of any changes to every original and duplicate record maintained and preserved.

The firm failed to evidence the disclosure of its privacy notice upon account opening and annually thereafter; although the firm produced a privacy policy and procedures, it failed to provide initial, annual and revised privacy notices.

Indiana Merchant Banking and Brokerage Co., Inc. : Censured; Fined $20,000. FINRA imposed a lower fine after it considered, among other things, the firm’s size, revenues and financial resources.
July 2011
Brown Associates, Inc.
AWC/2009016207701/July 2011

The Firm failed to properly archive its business-related electronic communications for individual users in some of its Offices of Supervisory Jurisdiction (OSJs).

The Firm stored these emails on stand-alone servers or individual machines only, which theoretically permitted individual users to delete incoming or outgoing emails, and thereby failed to properly preserve its business-related electronic correspondence.

The firm failed to

  • review business-related electronic communications for the individuals and an additional user;
  • evidence its review of individuals’ business-related electronic communications as the firm’s WSPs required; and
  • provide notification and third–party attestation to FINRA regarding the use of electronic storage media 90 days prior to employing such media.
Brown Associates, Inc. : Censure; Fined $50,000; Required to certify to FINRA in writing within 90 days of issuance of the AWC that the firm currently has in place systems and procedures reasonably designed to achieve compliance with the laws, regulations and rules concerning the preservation of electronic correspondence.
Tags:  Email    Electronic Storage    Electronic Communications     |    In: Cases of Note : FINRA
Bill Singer's Comment

Nice tight case and well presented by FINRA.  Two separate issues that you should consider. 

First, email archiving is not accomplished in accordance with FINRA's rules if you simply store the data on a standalone server or on some PC/laptop in the office. That's not the back-up and retention contemplated by the rules. Such a protocol does little to deter or prevent someone from simply logging on to a given machine and wiping clean any troubling communications.

Second, you need to undertake prior notice when retaining a third-party storage system.

June 2011
Geoffrey Richards Securities Corp.
AWC/2009015971101/June 2011

The Firm failed to preserve all of its business-related electronic communications. The Firm attempted to preserve such communications by burning them to a non-rewriteable, non-erasable disc on a monthly basis, but the process was deficient because it did not result in all such communications being saved to the disc. The Firm did not identify this deficiency in its audit of its electronic communications preservation system.

In contravention of its written supervisory procedures, permitted registered representatives to use outside or non-firm-sponsored email accounts to send and receive securities business-related emails. The firm’s preservation process did not capture these emails that were sent to or from those accounts; therefore, the firm did not retain and review them.

The firm relied exclusively on electronic storage media to preserve its business-related electronic communications but did not retain a third party who had the access or ability to download information from its electronic storage media.

Geoffrey Richards Securities Corp.: Censured; Fined $25,000
Tags:  Electronic Communications    Email    Electronic Storage     |    In: Cases of Note : FINRA
Bill Singer's Comment
While I appreciate FINRA's concern, $25,000 strikes me as a bit steep for a fine that involves a Firm attempting to archive emails but largely doing so in what turned out to be an incomplete manner.  It's not as if the Firm failed to undertake good-faith efforts here. The use of outside email accounts is an entirely different consideration and must be supervised in a more aggressive manner.
May 2011
Firstrade Securities Inc.
AWC/2009016640101/May 2011

The Firm did not have available, for examination by FINRA staff, facilities for immediate, easily readable projection or production of micrographic media or electronic storage media images and for producing easily readable images, as SEC Rule 17a-4(f)(3) (i) required. The firm maintained certain records in electronic formats but failed to notify its examining authority, FINRA, prior to employing electronic storage media. The firm did not have in place an audit system providing for accountability regarding inputting of records required to be maintained and preserved under SEC Rules 17a-3 and 17a-4 to electronic storage media. The firm was required to have the results of such an audit system available for examination by FINRA staff. The firm failed to provide the required access to allow a third-party vendor to download information from its electronic storage media and file the required undertakings with the proper authorities, including FINRA.

Firstrade Securities Inc. : Censured; Fined $20,000
Tags:  Electronic Storage    Third Party Vendor     |    In: Cases of Note : FINRA
April 2011
Susan Mae Karn
AWC/2010022067901/April 2011

Karn allowed a customer to sign relatives’ names on life insurance applications, and before Karn submitted them for processing, she signed the insurance applications and certified that she had witnessed each of the proposed signatures on the insurance applications. Karn falsely certified on the Representative’s Information Supplement document for each insurance application that she had personally seen each proposed insured at the time the application was completed.

One of Karn’s clients completed an application to purchase a municipal bond fund by signing her name on an electronic signature pad, and later that same day, Karn signed the client’s name on the electronic signature pad and thereby affixed the client’s signature on an application without the client’s authorization, consent or knowledge. The application Karn’s member firm processed and sent to the client reflected the signature Karn had affixed rather than the client’s authentic signature. When the firm questioned Karn about the authenticity of the client’s signature, Karn initially stated it was the client’s original signature, but when questioned further, admitted she had signed the client’s name and in doing so, Karn misled her firm during its internal investigation into a customer complaint.

Susan Mae Karn : Fined $5,000; Suspended 6 months
Tags:  Signature    Electronic Storage    Insurance     |    In: Cases of Note : FINRA
Bill Singer's Comment
Not exactly the clearest of explanations. FINRA says that the client completed an application "by signing her name on an electronic signature pad . . ." However, it then suggests that Karn did something wrong by signing the client's name on the electronic signature pad. I'm lost. Did the client electronically sign her name on the application to purchased the bond fund or not? What happened to the client's signature?  Although I can likely infer some of the answers, it would be preferable if this report took a bit more time to set out the salient facts.
Workman Securities Corporation
AWC/2009018818401/April 2011

The Firm failed to:

  • have reasonable grounds to believe that a private placement an entity offered pursuant to Regulation D was suitable for any customer, after it received red flags that the entity had financial issues and was not timely making interest payments, but continued to sell the offering to customers;
  • enforce a supervisory system reasonably designed to achieve compliance with applicable securities laws and regulations, and NASD and FINRA rules in connection with the sale of private placements;
  • conduct adequate due diligence of the private placements or confirm that its representatives were doing their own due diligence;
  • conduct adequate due diligence of private placements other entities offered; and
  • enforce a supervisory system reasonably designed to achieve compliance with applicable securities laws and regulations, and NASD and FINRA rules in connection with the sale of the private placements the entities offered pursuant to Regulation D.

The Firm reviewed cursory private placement memoranda (PPMs) for the offerings but failed to investigate red flags or analyze third-party sources of information or take affirmative steps to ensure the information in the offering documents was accurate.

The Firm failed to preserve electronic communications in a non-rewritable, non-erasable or “WORM” format that complied with books and records requirements, and the firm used third-party software for storing and retaining electronic communications that did not comply with the requirements of SEC Rule 17a-4(f). Although the Firm was informed that its electronic storage medium was non-compliant but did not take adequate remedial action to retain email properly.

Workman Securities Corporation : Censured; Ordered to pay $700,000 as partial restitution to investors; Ordered to certify in writing to FINRA that it has established and implemented a system and procedures reasonably designed to achieve compliance with recordkeeping requirements related to electronic communications, and provide a written report to FINRA describing the policies, procedures and controls it has established and implemented related to the integrity of the retention and retrieval process for electronic communications, and the supervisory system it has implemented to oversee the preservation of electronic communications.
Bill Singer's Comment
In 2011 we see a continuation of FINRA's enforcement focus on private placements, with an emphasis on members' responses to "red flags" and the sincerity of the firm's due diligence efforts.  The day's of taking a piece of a private placement and sleepwalking through your obligations to your clients is a vestige of the past.  There's no easy money in Reg D. You have to do your homework and put your money where your mouth is.
Enforcement Actions
Tags