Red Oak Compliance Solutions Exhibiting at FINRA Advertising Regulation Conference

Red Oak Compliance Solutions, a full-service compliance consulting firm helping broker-dealers, registered investment advisers, banks, insurance companies, investment companies and hedge funds, will be an exhibitor at the annual FINRA Advertising Regulation conference. The conference will be held in Washington, DC on October 8 - 9, 2015 at the Renaissance Washington, DC Downtown Hotel. The conference provides a forum to hear practical changes and new developments involving communications rules and the opportunity to gain guidance on the advertising standards from industry and FINRA experts.

As exhibitors, we will be available to demo and discuss AdMaster Compliance ™, our easy-to-use, 17(a)-4 compliant and highly configurable advertising review system, which can help your company increase efficiency, reduce costs and minimize risk. In a few short years, AdMaster has taken off with a client base which now serves over $1 Trillion in AUM with global public companies and small advisors alike. The high rate of growth of our client base, breadth of the financial services markets we serve, and the accolades we have received from our clients gives us confidence that AdMaster is, beyond a doubt, the predominant advertising solution in the industry. By listening and responding to clients, emphasizing continued development based on our customers’ needs, and having an unrelenting commitment to superb customer service, we plan to continue our quest to be clear the solution of choice in this industry.

In addition, Red Oak’s team of compliance consulting experts can help fulfill your regulatory requirements by reviewing your advertising, performing audits as well as providing other compliance and supervisory services to help handle your ever-increasing compliance obligations. With our advertising and marketing review consulting service, we partner with you and your team to ensure all advertising and marketing for your company is being reviewed effectively, efficiently and most important, compliantly.

We invite all those attending the FINRA Conference to visit our exhibit and let us show you why we can say with confidence, AdMaster is The Best Advertising Review Solution in the World.

Proactive Cyber-Security Risk Management

A recent comment by the Co-Chief of the SEC Enforcement Division’s Asset Management Unit, Marshall Sprung, should provide a better sense of the urgency and seriousness towards their ongoing push to improve cyber-security within our industry. He said in reference to recent sanctions taken against an RIA that suffered a security breach at a third party-hosted web server where client information was obtained, “As we see an increasing barrage of cyber-attacks on financial firms, it is important to enforce the Safeguards Rule even in cases like this when there is no apparent financial harm to the clients.”

What makes his statement stand out is that in the above case, confidential information was obtained by foreign hackers, but no apparent financial harm was done to any of the clients and sanctions against the RIA were still imposed. Not waiting for damages, the SEC is taking action when firms violate the Safeguards Rule [Rule 30(a) of Regulation S-P] by failing to conduct risk assessments, encrypting data, establishing firewalls and establishing procedures for responding to cyber-security breaches.

Specifically, the SEC stated that R.T. Jones Capital Equities Management, Inc.’s, “failure to adopt written policies and procedures reasonably designed to protect customer records and information in violation of Rule 30(a) of Regulation S-P (17 C.F.R sect. 248.30(a) (the “Safeguards Rule”). From at least September 2009 through July 2013, R.T. Jones stored sensitive personally identifiable information (“PII”) of clients and other persons on its third party-hosted web server without adopting written policies and procedures regarding the security and confidentiality of that information and the protection of that information form anticipated threat or unauthorized access. In July 2013, the firm’s web server was attacked by an unauthorized unknown intruder, who gained access rights and copy rights to the data on the server. As a result of the attack, the PII of more than 100,000 individuals, including thousands of R.T. Jones’s clients, was rendered vulnerable to theft.”

As a result, R.T. Jones has appointed an information security manager to oversee data security and protection of PII, and adopted a written information security policy. The firm also installed a new firewall and logging system to prevent and detect malicious incursions, and no longer stores PII on its webserver and any PII stored on its internal network is now encrypted and they retained a cyber-security firm to provide ongoing reports and advice on the firm’s information technology security.

Even with these steps taken, the SEC issued R.T. Jones a cease and desist from committing or causing any violations and any future violations of Rule 30(a) of Regulation S-P and a civil money penalty of $75,000.

The bottom line is don’t wait until damages are done. The risks are there now and your liability can be managed if you start before you have a problem.

Not sure how to protect your firm and clients from cyber-security risk, let Red Oak Compliance Solutions help you mitigate your risks.

Contract Sales People and Supervision

In the business world it is common practice for companies to hire 1099 contract labor instead of hiring employees of the company. In most cases employers hire 1099 contract labor individuals since they are considered to be self-employed and not “employees” of the company, and this allows the company to fill key positions without being subject to added benefit costs.

In the financial services industry 1099 contract labor is also quite common, most notably to fill the sales representative position. It allows the firm to employ sales representatives without having to pay for office space, benefits, or other costs that come with hiring traditional “employees”.

It is true that 1099 individuals are considered contract labor and not employees of the employer and the labor laws concerning the two differ. However, the biggest difference between the financial services industry and the rest of corporate America is the fact that the financial services industry does not have the ability to maintain an arm’s length separation between itself and 1099 individuals like other employers.

For example, say an individual owns a transportation company, and that person contracts with an independent truck owner as a 1099 contract labor driver to pick up and deliver a load of computer parts. While transporting the computer parts the truck overturns and shuts the freeway down and causes damage or harm to another individuals and their property. That truck will, in most cases, be branded with the driver’s company name, not the company for whom it is carrying the load, and have its own insurance policies, and therefore, that truck driver, not the company that contracted with him or her to haul the computer parts, will be responsible for the incident.

With the financial services industry this is not true. As an example in this case, say ABC Securities (“Firm”) hires John Smith to sell products offered through the Firm. The Firm is going to bring John on as a 1099 contract labor sales person. John operates under the doing business name of John Smith Advisers (“JSA”). In order to sell the products offered through the Firm, John is going to have to register with the appropriate jurisdictions as a representative of the Firm. John’s registration is approved and he has an office in a separate city and state from that of the Firm. His office window reads John Smith Advisers. However, the sign on John’s office window also states securities are offered through the Firm. John comes across a product being offered by a group of individuals which pays a nice commission. He decides to participate in the selling of the offering. Sometime later the Firm comes to visit John’s office and sees that he is selling this product. Nothing is said because the product is being sold through JSA and not the Firm. Sometime after that it is found that the product that John has been selling was fraudulent and all of his investors have been harmed. In this case both John and the Firm are going to be the subject of an investigation by one or more regulatory bodies, which will in most cases result in administrative actions and civil suits being filed against both the Firm and John.

Many readers may be questioning the facts outlined in this blog posting. Please click here to read all the details relating to these facts.

In addition, readers should refer to the United States Department of Labor’s factors in determining what actually constitutes contract labor. Please click here to read a more about Independent Contractors. Red Oak is here to help you with all your questions regarding supervision and your compliance responsibilities.

The Texas Department of Insurance has Reduced the Insurance CE Requirements

The Texas Department of Insurance has been busy making insurance agents lives a little easier. Effective 9-1-15, the CE hours for insurance licenses have been reduced to 24 hours per license period (down from 30 hours). In addition, effective January 1, 2016, the expiration date for all individually held insurance licenses will be changed so that they occur on the license holder’s birthday. Additional information regarding this change, the new requirements, and your responsibilities as a license holder can be found on the TDI website. Please click here to be taken directly to the TDI website which has more complete information.

Need help with your insurance appointments. Red Oak is here to help you navigate the state filing requirements.

SEC Testimonials

We have received numerous questions recently regarding the SEC’s guidance on testimonials. Everyone wants to know how to take advantage of the ability to publish comments about themselves and their firm that are available on independent third-party sites.

SEC Rule 206(4)-1(a)(1) prohibits Registered Investment Advisers and Investment Adviser Representatives (“IAR”) from using client endorsements in their advertising. However, the SEC’s guidance has laid out how for advisors to share, on their own social media and websites, public comments about their services that are posted on independent websites (such as Yelp, Angie’s List, etc.).

The following is an overview of the rules to follow in order to post third party content:

• All Content. The advisor must publish all reviews, both positive and negative; The adviser cannot edit or highlight anything; The adviser cannot suppress any or all of the publication, or to organize or prioritize the order in which the commentary is presented.
• Independence. The independent social media site must provide content that is independent of the investment adviser or IAR; There can be no material connection between the independent social media site and the investment adviser or IAR that would call into question the independence of the independent social media site or commentary; The adviser may not make a subjective analysis of the testimonial that was published on the third-party site.
• Mathematical Averages. Investment advisers or IARs may publish testimonials from an independent social media site that include a mathematical average of the commentary provided that commenters themselves rate the investment advisers or IARs based on a ratings system that is not designed to elicit any pre-determined results that could benefit any investment adviser or IAR.
• Advertising on Third Party Site. Investment advisers may advertise on the social media site displaying the testimonial as long as it would be readily apparent to a reader that the investment adviser or IAR’s advertisement is separate from the public commentary featured on the independent social media site and the receipt or non-receipt of advertising revenue did not in any way influence which public commentary is included or excluded from the independent social media site
• Print Advertising. An IAR could state in a newspaper ad “see us on [independent social media site],”; An investment adviser or IAR may not publish the actual testimonials from the independent social media site on the newspaper ad.
• Linking. Advisers may post the logo and a link to the page where the third-party reviews live; Adviser should monitor these sites to make sure they remain comfortable linking to these commentaries.

Remember advisers cannot do anything that looks like they are encouraging positive comments, so advisers must refrain from posting “Thank you” on third party sites. Thank you’ s should be done privately. In addition advisers may see negative comments on third party sites and should avoid reacting defensively. Advisers should do nothing more than post a comment to ask the individual to give them a call to discuss. Social media sites are very public forums and require the utmost discretion.

If advisers of IARs have any questions about how to use third party posts and not violate the testimonial rules, please give us a call. Red Oak is here to help.

New Owners are Liable for Misconduct Prior to Acquisition

I have seen this happen several times now so it is definitely worth discussing. MacKensen & Company, Inc, a registered investment adviser, and the former owner of the firm, Warren MacKensen, were both fined and censured for the conduct of Warren MacKensen relating to misleading advertising. From 2010-2012, Warren MacKensen used hypothetical back-tested performance to claim that the firm's investment models would have outperformed. He never disclosed that the models did not exist during the time periods displayed or include any of the required disclosures when illustrating back-tested performance. The firm was fined $100,000 and required to send the enforcement order to its clients, even though this violation occurred prior to their acquisition of the firm in 2012. It should be noted however, that Warren MacKensen continued to the firm’s Chief Compliance Officer until July 2014 and continued to be an employee until 2015.

It is interesting to note that no violations were mentioned except for those that occurred from 2010-2012, so it appears the new owners cleaned up the issues after they took over. It would be interesting to see the purchase contract to see if only the firm’s assets were purchased or if it was a full transfer and assets and liabilities. The moral of the story is, spend the time to look at more than the AUM when you acquire a firm.

To read the complete order, please click here.