Welcome to the latest issue of Bracewell’s FINRA Facts and Trends, a monthly newsletter devoted to condensing and digesting recent FINRA developments in the areas of enforcement, regulation and dispute resolution. This month, we report on a significant proposed rule change that would permit firms to make performance projections when marketing to institutional investors, the latest on the challenge to FINRA’s constitutionality in the DC Circuit, updates on FINRA’s prosecution of Reg BI violations, and more.
FINRA Proposal Would Allow Investment Performance Projections in Marketing to Institutional Investors
On November 13, 2023, FINRA filed a proposed rule change that would amend FINRA Rule 2210 (Communications with the Public). Rule 2210 generally prohibits projections of performance or targeted returns in member communications, subject to certain specified exceptions. For the first time, the proposed amendment would allow member firms to provide projected performance or targeted returns in institutional communications and in communications distributed solely to qualified purchasers. The current prohibition against targeted projections is intended to protect those members of the investing public that may lack the sophistication to appreciate the risks of projected performance in making investment decisions.
In promoting this proposal, FINRA notes that the proposed changes are consistent with the SEC’s investment adviser marketing rule. The SEC rule also permits advisers to present hypothetical performance, including “targeted or projected performance returns with respect to any portfolio or to the investment advisory services with regard to the securities offered” in an advertisement if the investment advisor meets specified conditions and does not violate the marketing rule’s other requirements.
The 230-page proposal (SR-FINRA-2023-016) would permit broker-dealers to offer projections on investments or investment strategies and use those in communicating with institutional investors with at least $25 million in assets under management. Broker-dealers would be permitted to do the same for qualified purchasers with at least $5 million in investments for private placements only. The proposal reflects FINRA’s view that there is “no additional risk” in permitting broker-dealers to provide projected performance and targeted returns to customers that could already have access to that information through other sources, including investment advisors and capital acquisition brokers.
The proposal does include certain safeguards for investors, including requiring that member firms have: (1) appropriate policies and procedures; (2) a reasonable basis for the criteria and assumptions underlying the projected performance; and (3) disclosures to investors that meet the requirements of the proposal.
There will be a public comment period before the SEC decides on its approval. If the proposal is approved, it will dramatically change the marketing methods of private funds.
FINRA Fines Another Broker-Dealer and Permanently Bans a Registered Representative for Reg BI-Related Violations
FINRA fined and censured a US subsidiary of a Vancouver-based financial firm for violating Regulation Best Interest (Reg BI) requirements by recommending 134 sales totaling $11 million in private placements to US customers for more than nine years. According to the AWC, the firm recommended sales of a certain type of Canadian private placement offering referred to as “non-brokered private placements (NBPPS)” without reasonable due diligence of the offerings or issuers. The firm conducted a superficial analysis of the offerings and “sought minimal information and relied mostly on the issuer with little to no independent verification,” according to FINRA. “Generally, the firm did not conduct any independent investigation, such as inquiring about past or pending litigation or disciplinary problems, reviewing the issuer’s key contracts, exploring the issuer’s business plan, or conducting a site visit.”
In a separate enforcement action, FINRA has decided to permanently bar a registered representative for allegedly churning and excessively trading in clients’ accounts for his own benefit between July 2020 and July 2021. Without admitting or denying the claims, the broker agreed to the sanction, which alleged that he violated Reg BI, lied to clients and provided false testimony to FINRA. According to the complaint, the broker allegedly made an average of 102 trades per account or approximately thirteen times the average account value. The brokers’ actions affected customers whose primary investment objective was income or growth and whose risk tolerance was moderate. As a result of the excessive trading, his clients lost more than $2.3 million in value from their accounts and paid more than $715,000 in total trading costs and margin interest, including over $595,000 in commissions. In concluding that the broker had violated Reg BI, FINRA further noted that he generated fake account statements to hide the results of his trading and “repeatedly lied” to FINRA during its investigation.
Appellate Briefs Filed in Challenge to Constitutionality of FINRA Enforcement Powers
As we have reported previously, an ongoing case brought in the DC Circuit by Alpine Securities Corporation has the potential to significantly curtail FINRA’s enforcement powers. Alpine, a firm that had been expelled from FINRA membership by an extended FINRA hearing panel following a 19-day hearing, challenged the constitutionality of FINRA’s enforcement powers, and successfully obtained a preliminary injunction against its expulsion in the DC Circuit back in July.
More recently, in November, FINRA filed its own appellate brief in the DC Circuit, and Alpine filed its reply brief.
FINRA, in its brief, framed the constitutional challenge as an “existential threat” to FINRA and its regulatory framework. Alpine argued in its reply brief that FINRA in effect exercises governmental powers and “must be bound” by constitutional constraints on those powers.
Numerous amicus briefs have also been filed by concerned third parties. In addition to those filed in September by an organization backed by former Attorney General William Barr (arguing against FINRA) and by the Municipal Securities Rulemaking Board (arguing for FINRA), several amicus briefs were filed this month in support of FINRA’s position. Notably, the Public Investor Advocate Bar Association (PIABA) submitted a brief warning that a ruling in favor of Alpine would “create market chaos and eviscerate meaningful protections for the investing public.” The US Department of Justice has intervened in the case too—as it did in the district court—offering its own brief arguing that FINRA’s self-regulatory framework passes constitutional muster.
Members of the industry are watching this case closely as they await a decision from the DC Circuit. While the DC Circuit’s decision may not be the final word—the parties may seek en banc review or petition for certiorari in the Supreme Court—it certainly has important implications for the future of FINRA.
Notably, the Alpine case is not the only present challenge to the authority of a financial industry regulator. In late November, the Supreme Court heard oral argument in SEC v. Jarkesy, a case that tests the constitutionality of the SEC’s in-house enforcement proceedings. And the previous month, in October, the Supreme Court heard oral argument in a separate case, CFPB v. Consumer Financial Services Association of America, a case that raises constitutionality questions about the funding of the Consumer Financial Protection Bureau (CFPB). Together, these cases have the potential to reshape the future of regulation and enforcement in the financial industry.
FINRA Arbitration Panel Issues Ruling Following Complex 160-Day Hearing
On November 1, a panel of three FINRA arbitrators issued a ruling in a complex, long-running arbitration matter, filed back in August 2018 by a group of more than 130 individual Claimants, seeking nearly $30 million in alleged damages from a FINRA broker-dealer. The panel’s ruling followed a staggeringly long hearing held over 160 days, over a nearly three-year period beginning in October 2020 and ending in August 2023.
The case itself involved Claimants’ investments in a series of distressed real estate projects in Florida, which were proprietary products of a non-SEC and non-FINRA registered, offshore broker-dealer, Biscayne Capital BVI, Ltd., a British Virgin Islands entity. The Claimants themselves were primarily individual citizens of the Republic of Ecuador and Ecuadorian business entities, and the investments were made through an Ecuadorian company called B.S. Corp. The Claimants alleged they were victims of a massive fraud perpetrated by B.S. Corp. and its brokers.
The claims against the FINRA broker-dealer were apparently premised on the fact that the investments, although not traded through the broker-dealer, were cleared and custodied in clearing accounts maintained by each of the Claimants with the broker-dealer.
In its lengthy, reasoned decision, the three-arbitrator panel ultimately denied the claims in their entirety, without awarding any damages. The panel expressly found that Claimants introduced no evidence that the investments were products of the FINRA broker-dealer, or that anyone at the broker-dealer had knowledge that the Ecuadorian company had made false representations to the Claimants.
Notable Enforcement Matters and Disciplinary Actions
- Spoofing. FINRA fined a multinational investment bank $24 million for engaging in more than 700 instances of “spoofing” in the US Treasury markets, and for alleged supervisory failures related to these spoofing activities.
Spoofing is a type of fraudulent trading that involves creating a false appearance of market demand through the placement of fake orders in an effort to move security prices. Spoofing may deceive other market participants into trading at a time, price or quantity that they otherwise would not have. FINRA specifically discussed spoofing and other manipulative trading practices in its 2023 Examination and Risk Monitoring Program Report.
FINRA alleged that from October 2014 through February 2021, two of the bank’s former traders engaged in 717 instances of spoofing in a US Treasury security. One of the traders was also a supervisor and desk head.
FINRA also alleged supervisory failures by the bank in detecting this spoofing activity. FINRA stated that the bank: did not conduct any surveillance or reviews for spoofing in the Treasury markets until 2015; only surveilled for spoofing by algorithms—not manual spoofing by traders—until mid-2019; did not conduct surveillance of orders entered by its traders into certain external trading systems until December 2020; and did not supervise for potential cross-product spoofing in the Treasury markets throughout the relevant period.
In a press release accompanying the AWC, FINRA’s Executive Vice President and Head of Enforcement Bill St. Louis said, “Spoofing is especially detrimental in the US Treasury securities market, given its status as a benchmark for countless financial instruments and transactions. This action sends a strong message that FINRA will aggressively pursue firms that engage in spoofing, including cross-product spoofing.”
- Cybersecurity. A financial services firm was censured by FINRA and agreed to a $350,000 fine after a hacker successfully stole more than $6.6 million from a customer account.
According to FINRA, between January 2021 and February 2021, the firm received and approved four fraudulent wire transfer requests from a hacker without taking reasonable steps to confirm whether the requests were genuine. The hacker had gained access to an email account belonging to a registered representative at a “correspondent” firm, then requested wires totaling over $6.6 million to be sent from a customer account to accounts in foreign countries.
In approving the requests, the firm allegedly failed to reasonably investigate red flags that the requests were fraudulent, including that the wires were for large and increasing amounts within a short time period, and that they were being sent to third parties outside the country without any connection to the customers. Having missed these warning signs, the firm failed to take steps to confirm whether the requests were genuine—such as contacting the correspondent firm by phone—and instead relied only on the hacker’s representations.
After discovering the fraud, the firm reimbursed the affected customers, revised its procedures concerning processing letters of authorization and self-reported to FINRA. Nonetheless, FINRA determined that the firm failed to establish and maintain a supervisory system and written procedures reasonably designed to achieve compliance with the firm’s obligation to monitor transmittals of customer funds to third parties.
The large fine likely stems in part from the firm’s history of misconduct. In 2018, the SEC labeled the firm a recidivist broker-dealer as a result of a broker-driven pump-and-dump scheme. In November 2022, FINRA imposed a $850,000 fine based on allegations that the firm issued inaccurate account statements to its customers. And in January 2023, FINRA fined the firm $975,000 due to inadequate trade monitoring.
- Cybersecurity. A financial services firm agreed to a censure and a $75,000 fine by FINRA for allegedly failing to adequately safeguard customer records and data. The AWC detailing FINRA’s findings on this matter is available here.
According to FINRA, the firm failed to establish and maintain appropriate cybersecurity safeguards in 2020 and 2021, in violation of SEC Regulation S-P Rule 30(a) and FINRA Rule 2010. Specifically, the firm did not require multi-factor authentication for third-party service providers who had access to the firm’s systems. The firm also allegedly failed to monitor third-party access to its network. FINRA had previously put the firm on notice that it needed to strengthen its cybersecurity practices and limit third-party access to its systems, but the firm failed to fully address the issues identified.
These alleged shortcomings were exposed in August 2021, when an unauthorized third party gained access to the firm’s network by compromising a device used by a third-party service provider. The breach exposed private records and nonpublic personal information (NPI) for over 6,000 customers.
Notably, FINRA imposed the censure and fine despite the fact that the firm followed its incident response plan, engaged outside experts, self-reported the breach to FINRA, notified affected customers and took remedial actions to enhance its cybersecurity program. This enforcement action, along with the previous one, serve as reminders that financial services firms must make cybersecurity a priority before any breach—as FINRA recently advised its member firms.
- Form CRS Disclosures. An asset management firm was sanctioned by FINRA for allegedly making material omissions relating to the disciplinary history of its employees in its customer relationship summary (Form CRS).
FINRA adopted Form CRS in June 2019 to provide customers with important information about the broker-dealer, including any legal and disciplinary history.
Between June 2020 and February 2023, the firm allegedly failed to disclose in its Form CRS that four of its registered representatives had reportable events in their legal or disciplinary histories, even though this information was available in FINRA’s Central Registration Depository and BrokerCheck. Additionally, the firm failed to update its Form CRS to disclose that its control affiliate had entered into a cease-and-desist order with the SEC in March 2023, according to FINRA. Finally, the firm allegedly omitted certain required information about potential conflicts of interest.
As a result of these Form CRS violations, FINRA found that the firm willfully violated Section 17(a)(1) of the Securities Exchange Act of 1934 and Rule 17a-14, imposing a censure and a $10,000 fine. This enforcement matter follows on the heels of charges against at least five other registered firms over alleged Form CRS violations this year, and one firm that was barred from the industry as a result of similar alleged misconduct.
- Regulatory Notice 23-17 – FINRA discontinued its collection of data pursuant to Rule 4540. Rule 4540 had required clearing firms to report certain prescribed data to FINRA. The discontinuance of this data collection is apparently based on the recent emergence of alternative sources of data—which, FINRA said, have enhanced its ability to assess risk in this area.
- Regulatory Notice 23-18 – FINRA provided information and key dates concerning its Renewal Program, which supports the collection and disbursement of fees related to the renewal of broker-dealer and investment advisor registrations, exempt reporting, and notice filings with participating self-regulatory organizations and jurisdictions.
- Regulatory Notice 23-19 – FINRA announced the adoption of a short-form membership application process for certain firms. The firms eligible to use the short-form membership application process are those that are required to become FINRA members due to recent amendments to Rule 15b9-1 of the Securities Exchange Act of 1934, with certain additional eligibility criteria set forth in the Notice. FINRA’s announcement included the full text of the rule changes and the short-form application.