Last week the compliance and legal community gathered in sunny Orlando for the SIFMA Compliance and Legal Society’s 46th Annual Seminar. At the seminar, compliance and legal professionals come together to discuss the significant challenges faced by the financial services community and to explore ways to address ongoing regulatory changes.
The event program was packed with over 65 topical panels and three general sessions including presentations from SEC Chair Mary Jo White, FINRA CEO and Chairman Richard Ketchum, and U.S. Attorney from the Southern District of New York Preet Bharara.
Here we’ve assembled the three main takeaways as they relate to social business and compliance.
Enforcement and data security on the rise
I enjoyed hearing from SEC Chair Mary Jo White and FINRA CEO and Chairman Richard Ketchum, and was happy to hear that both groups are working together more, especially by enforcing actions and being proactive to address those that are operating outside of securities rules and regulations. Regulators at all levels are sending the industry a strong message by enforcing rules and regulations, deterring others to overstep those rules.
U.S. Attorney Preet Bharara may have joked that infractions may not be to the extremes depicted in Martin Scorcese’s “The Wolf of Wall Street.” Infractions do need to be taken seriously, however, as regulators now mine big data for patterns and behaviors that could indicate criminal behavior. Regulators want to be more proactive about identifying risks that could lead to infractions, and now technology allows them to monitor activity and possible threats to data.
Bhara questioned the audience in his presentation by asking, if we hold institutions (and not just individuals) accountable for misconduct, does the enforcement action against a similarly situated company make a difference to their approach to security? I think it does, and I think it will.
At the “Core Compliance Programs and Practices” session, Kevin Goodman, National Associate Director of the Broker-Dealer Examination Program of the SEC, warned that conversations with executives of firms will be deeper than they have been in the past. Executives will need to know about their policies and training and be better prepared to discuss with the SEC the top five risks of the company and what they are doing to address them.
To address these risks, the panel emphasized maintaining, updating, and providing training on policies and procedures. Given the 200+ rules in place and a constant stream of guidance and notices, compliance has a challenging task to keep track of it all. To stay ahead, firms will need to have the right tools and ensure they are documenting and keeping up with the new rules and regulations.
Technology is part of the problem and the solution
One of the biggest challenges I observed? The industry is struggling to keep up with advances in technology to monitor and control activity.
Ironically, technology seems to be both the issue and the solution when it comes to addressing these new challenges and risks. With the proliferation of employee-owned mobile devices in the past few years, risks have only increased. Firms today need to have “bring your own device” (BYOD) policies and procedures to address the growing use of smartphones and tablets for both personal and business applications. Mobile adoption introduces additional threats including insecure Wi-Fi access, bluetooth discovery and risks of cloud storage. How prepared is the industry to address these new risks?
Business is moving much faster now and technology is providing individual investors with easier access to information. As a result of the increased volume of information and speed to market, it’s becoming a bigger challenge to supervise and provide oversight.
At the “Ask FINRA” panel on Tuesday morning, Susan Axelrod, EVP of Regulatory Operations at FINRA, shared that the industry is addressing this concern by hiring more people with tech backgrounds that understand the technology and risk analytics. Carlo DiFlorio, EVP of Risk and Strategy at FINRA, added that technology allows them to be more focused with the types of searches and surveillance that they can and need to do. Similar to the SEC, FINRA is now proactively scanning to identify new risks, new threats, and new ways to protect the market and consumers.
Also on the panel was Ben Indek, Partner at Morgan, Lewis, & Bockus, LLP, who shared the unfortunate truth that the industry perception continues to be this: if something goes wrong, everyone asks, “Where was compliance?” Often it is not compliance at fault, but instead a lack of surveillance tools to keep up with the quickly moving technology.
Time to revisit social media guidelines
At the “Social Media Emerging Issues, Innovation and Ongoing Challenges” session, industry compliance experts from Charles Schwab, Wells Fargo Advisors, and Fidelity Investments joined representatives from SIFMA and FINRA to discuss the current state of social adoption and challenges.
For FINRA, social networking continues to be in “retrospective review.” The sweeps conducted last year were light on data to provide a full picture of social use and adoption in the industry. According to Tom Selman, EVP of Regulatory Policy at FINRA, of the the 23 firms they contacted, only 15 said they allowed registered representatives to use social media. Those firms that had allowed social were taking a very conservative approach towards adoption with very limited use of social platforms (mainly LinkedIn) and sharing of content. Of the 15 firms using social media, only one had any interactive activity to share. The relative sample was quite small with little interaction to comment on or regulate. All firms were using a third-party middleware provider to protect, monitor and supervise usage and to scrape social content for any infractions or red flags.
The biggest concern uncovered during the sweeps, according to FINRA, had to do with records maintenance and the ability of firms to reproduce easy-to-interpret records of social activity. For example, they described a submission from one firm that provided data in multiple different folders, including one folder with posts, one folder with images and a third that included the post with comments and responses. FINRA was challenged to tie these activities together for a complete picture of the social activity. In my opinion, the sweeps were unlikely to cover many gaps because firms under review were being very conservative in their approach towards social media.
To their credit, FINRA is considering reconvening the Social Networking Task Force that was instrumental back in 2009 in helping develop Regulatory Notice 10-06. According to Selman, the task force could help revisit the agency guidelines. I find this very encouraging, especially now that social has been available to the industry for nearly four years and the needle has only moved slightly in adoption, at least at the wirehouse level. Regulations do need to be updated and rewritten to reflect the current state of financial services and not an interpretation of existing rules that date back to the early part of the 20th century.
In conclusion, I am hopeful that FINRA, the SEC and SIFMA will continue to focus on technical advancements and take a proactive approach to address the needs of member firms and their clients. What is encouraging is that there is an understanding of both the threats and opportunities that technological advances present and that the industry is collaborating to address them.