The Rick Ketchum Show. Today’s sessions opened with what was likely the highlight of the entire conference, Rick Ketchum’s swan song “conversation” with Ira Hammerman, GC of SIFMA, before he toddles off into retirement. Granted, these interviews never remotely approach Sixty Minutes intensity, but this year’s featured even more coddling than ever:

  • What would you like your legacy to be, Rick? Investor protection and market integrity. (yawn)
  • Firm culture: He acknowledged that folks “out there” have a hard job. FINRA is basically trying to find out how you create an environment where good people make fewer bad decisions (because not everyone is a bad guy, just lots of good guys making bad decisions).
  • He insisted that a good firm culture does not require overreaction to policy violations: you don’t need to shoot everyone, just take it seriously.
  • He tipped his hat to Susan Axelrod about five times. Hmmm. Is she his successor?
  • Lack of communication between regulators is “inexcusable” and one of FINRA’s “highest priorities.” If the SEC comes in and then FINRA immediately follows, firms should “push back,” and FINRA will go to the SEC and “make sure” no duplication. Every year, FINRA management encourages pushing back; yet, when you try it, the results are spotty, at best.
  • Cybersecurity: Big issue. Just not news.
  • Reg S-P: Firms usually handle privacy concerns well at home office, but compliance deteriorates in branches.
  • Big data: FINRA is increasingly using data analytics in its exam program to identify seriously at-risk reps, jump on them immediately, and get them out. Beyond that, FINRA pulls a lot of data before an exam so it can be more “sophisticated.” Firms should be reviewing their own data, too, e.g., trading emails and messages. Soon, regulation will be “fundamentally dependent” on this data.
  • Senior issues: Guess what? Rick said he is a senior now!  Ha ha. So funny.
  • Another hat tip to Axelrod.
  • DOL fiduciary duty, specifically, what are you hoping to see in final rule? (1) best interest standard across industry and a “rigorous” one; (2) discouraged by firms earning commission-based compensation on retirement accounts; (3) get better at identifying and managing conflicts; (4) would love to see compensation “flattened.” But, he cautioned that FINRA is “not in the business of policing DOL.”
  • The final question: What’s in your future?  Something about sleeping in.
  • On a lighter note, Mr. Hammerman asked Mr. Ketchum how can a person who lives in NYC, who spends most of his days in DC, be a Boston Red Sox fan? Mr. Ketchum, with a note of regret in his voice, responded that he has been fortunate to have a professional life where he could do what he really enjoyed, and being a Red Sox fan was his existential angst. Mr. Hammerman then presented him with a Red Sox jersey with “Ketchum #1” on the back as a gift from SIFMA. True to his regulator instincts, Mr. Ketchum queried, “Now how and where am I going to disclose this on the proper form?”

AML. Curiously, there was no FINRA representative on this panel. Anyway, there were a few topics raised. One had to do with potential individual liability of AMLCOs. The panel debated what one should do as AMLCO when a recommendation to management regarding a potentially suspicious circumstance is overruled by management. According to the DOJ, the AMLCO should be willing to battle and should not step back. Everyone seemed to agree that in a worst-case scenario, the AMLCO would have to resign. There was agreement that the AMLCO needs to document the crap out of everything, even if such “CYA” memos will later garner tremendous interest from regulators. Better to have the documentation than not.

There were a couple of seemingly obvious statements made, but, since I agree with them, I shall repeat them:

  • The decision to file a SAR is, relatively speaking, not controversial; whereas, the decision notto file a SAR will absolutely be second-guessed and, absent good documentation, hard to defend. Remember: the point of a SAR is simply to bring a potentially suspicious situation to the attention of the regulators; it is their job, not the BDs’, to decide whether it’s serious or real.
  • It is never too late to file a SAR. A late filing might raise an issue with regulators, but that is still better than never filing one.
  • Your AML review must be tailored to your business model. Changes, for example, in products or people (say, a problem branch) could create need to review your AML review process. The panel acknowledged this could be a problem if you utilize an outside vendor, because then you are stuck with the vendor’s parameters, etc., unless you shell out big time for customization.

More CCO Liability. To say that CCO personal liability is a hot topic at SIFMA this year would be an understatement.  In fact, as my colleagues exited one panel session, they overheard Rick Ketchum tell someone in the hallway, “One too many times talking about CCO liability.  I can’t do it anymore!”

Today’s sessions shed some more light on this topic.  I wrote yesterday about Mr. Ceresney and his comments that CCOs shouldn’t worry unless there is a “wholesale failure to carry out responsibility” on their part.  Today, Kevin Goodman, the SEC’s Associate Director for the Office of Broker-Dealer Examinations, punted when he was asked to define this standard of liability. When asked if it is a negligence standard or a gross negligence standard, he declined to commit to either.  But, he did say that the standard is high enough that “it is ok if you don’t act perfectly.” Take that for what it’s worth.

The rest of that panel quickly pointed out that if there is a “wholesale failure to carry out responsibility,” it is not always clear that the responsibility is the CCO’s.  There is no clear rule, or even really much guidance, as to what the CCO’s responsibilities are.  Accordingly, the best advice given by the panel was that a BD would be wise to clearly define the responsibilities of the CCO – and to make those responsibilities narrow.  Every time a CCO gets involved in a project, there should be some documentation as to who the sponsor of that project is – i.e., who is “responsible” for it.  By assigning “responsibility” to the legal department or business executives, the CCO may be able to avoid personal liability for projects in which she is involved.

Ask FINRA Senior Officials. This panel is always a crowd-pleaser, as you can have fun counting the number of people in the audience visibly biting their tongues to refrain from laughing. Here were our favorites:

  • Just as Rick Ketchum kept telling Senator Warren a couple of weeks ago when she was accusing FINRA of allowing too many reps with disciplinary records to work in the industry, Brad Bennett, EVP of Enforcement, noted proudly that 800 brokers are barred per year.  And it’s non-cyclical, every year.
  • The conduct that gets them in trouble is the same old, same old: outside business activities/private securities transactions; dealing with senior investors; and stealing, i.e., “the kind of stuff you should be surveilling for.”
  • In response to an observation that we are seeing more Enforcement attorneys involved in exams, and the expressed concern that it will “chill the dialogue,” Mike Ruffino, EVP of Member Reg, responded that it’s not that common, “only with high risk firms.” I bet a lot of low risk firms would quibble with this comment.
  • Susan Axelrod – heir apparent to Mr. Ketchum?? – said that FINRA’s current position on CARDs hasn’t changed.  She then joked, “we don’t even use that word.”
  • On FINRA’s obvious increase in its use of Rule 8210 requests, Susan insisted that FINRA is not simply trying to collect five years of your emails. Rather, she maintains that the staff is instructed to only get what it needs, and ask for more later, if needed.  As always, she invited the audience to escalate their concerns to her if the examiner fails to respond to requests to reduce the scope of an 8210 request. GOOD LUCK WITH THAT. Finally, Brad suggested that only “bad” firms (that is, the ones who don’t come to SIFMA) get onerous 8210 requests.  And, he said, it’s a product of those firms not trying or wanting to get it right.  What an odd lens through which to view the world!