For employers in the securities industry, disciplinary actions and fines from the Financial Industry Regulatory Authority (FINRA) can be costly. FINRA disciplinary actions in the first half of 2024 highlight three areas of significant regulatory focus: (1) electronic communications platforms; (2) outside business activities; and (3) social media influencer programs. These disciplinary actions, described below with reference to FINRA’s allegations, offer lessons for employers in the industry.

Electronic communication platforms

FINRA reprimanded and fined four member firms for deficiencies in their regulatory systems for electronic communications platforms:

1. $600,000 fine for failure to establish and maintain a monitoring system reasonably designed to ensure compliance with the Company’s obligation to review correspondence and internal communications. The Company repeatedly failed to include new employees’ email accounts in its electronic email verification queue. Written procedures did not detail the steps required to add accounts to the verification queue, nor did they identify the departments or employees responsible for those steps, and did not specify requirements for when the steps should be performed. The lack of adequate written procedures led to miscommunication among multiple departments about whether email accounts were being added to the queue and miscommunication about which department was responsible for performing specific steps required to add an account to the queue. As a result, the Company did not verify approximately 3.5 million emails related to 691 employees’ email accounts.
2. $250,000 fine for failing to retain and review more than 1.25 million business-related electronic messages, including internal and external emails, instant messages, mass marketing materials, and documents requiring customer electronic signatures. These communications were sent or received by individuals associated with the Company through platforms that the Company made available to them. During a compliance audit, the Company discovered that it had not established data feeds from the platforms to the system the Company used to store and maintain electronic communications.
3. $75,000 fine for inadequately monitoring the use of external email for business-related communications and failing to retain such communications. The Company’s registered representatives used personal email for business-related communications. Although the Company sent automatic alerts when inbound emails to the Company’s system were sent from the registered representatives’ personal email addresses, the Company did not review the emails unless they met other regulatory email review criteria. Some private email communications were not retained and stored by the Company.
4. $25,000 fine for failing to establish, maintain, and enforce an adequate oversight system, including written oversight procedures (WSPs), to monitor the electronic communications of registered agents. The company’s WSPs did not designate company employees responsible for reviewing emails or specify how often the review should occur. The WSPs did not provide reasonable guidelines on how electronic communications should be reviewed or how to address issues identified during the review. They also did not require that reviews be conducted or overseen by a registered principal. In addition, the WSPs did not include criteria for identifying potentially problematic emails, did not describe what issues or red flags reviewers should look for, and did not explain whether and how potentially problematic emails should be escalated for further review.

External business activities

FINRA fined a member firm $30,000 for deficiencies related to investment professionals’ outside business activities (OBAs). FINRA alleged that the firm failed to establish, maintain, and enforce a supervisory system reasonably designed to ensure compliance with the OBA rules. The member firm knew that registered representatives of the firm were involved in an OBA involving an investment advisory firm and that another registered representative was involved in an OBA seeking to solicit investments in a hedge fund. In approving these OBAs, the firm did not evaluate whether they:

• Should be restricted or prohibited;
• Would impair or otherwise jeopardise the registered representatives’ responsibilities to the Company or its clients or should be considered part of the Company’s business; and
• Should have been treated as external securities activities, with all transactions recorded in the company’s books and records.

Social media influencer programs

In FINRA’s first formal disciplinary action related to a firm’s oversight of social media influencers, a member firm was fined $850,000. FINRA said social media posts made by influencers on behalf of the firm were not fair or balanced or contained exaggerated, unjustified or misleading claims.

The matter arose from a targeted investigation into FINRA’s corporate practices related to customer acquisition through social media channels. The firm paid influencers who participated in a program to promote the firm. They received a flat fee for each new account the customer opened and funded through a customized link provided by the firm. The firm did not limit influencers’ compensation. During the period under investigation, more than 39,400 new accounts were opened and funded with the help of approximately 1,700 influencers working on behalf of the firm. According to FINRA, influencers published social media posts promoting the firm that were not fair and balanced and violated FINRA Rules 2210 (Communications with the Public) and 2010 (Standards of Commercial Honor and Principles of Trading).

Findings

FINRA member firms should review their WPSs to ensure they are adequately designed to meet the firm’s obligations to collect, retain and review internal and external communications sent or received through electronic communications platforms. Firms’ review of their registered personnel’s OBAs should be detailed, evaluative and well-documented. To the extent firms or registered firm personnel conduct marketing using social media influencers, they must be careful to review and pre-approve influencer content to ensure it complies with the firm’s regulatory obligations.