Securities Compliance & Arbitration

Two US Senators recently demanded that FINRA explain how it plans to minimize the high rate of brokers who are involved in criminal activity or have been the subject of customer complaints.

Clearly Senators Warren and Cotton are not familiar with how the FINRA U-4 and U-5 process works. In addition, they are probably not overly familiar with the history of federal securities laws. As a brief background, the federal securities laws have been built on and continue to operate on the theory that “sunlight is the greatest disinfectant.” The laws have been built and we continue to operate under a fair market where people are free to make their own informed decisions. Senators Warren and Cotton should look past this misleading data and understand some common realities.

Continue Reading Senators Warren and Cotton Misled by Misleading Report on Broker Check

Investment advisers should take note, as there has been an announcement of a new rule which might affect them. More specifically, any investment advisers that: (1) act solely as advisers to one or more venture capital funds; (2) are exempt from the registration requirements under the Investment Advisers Act of 1940; and (3) comply with SEC Rule 203(1)-1 (regarding venture capital advisers), are excluded from the District of Columbia Securities Act’s investment adviser definition, according to a new order issued on February 8, 2016. Exempt venture capital advisers excluded from the investment adviser definition must now comply with SEC Rule 204-4 reporting requirements.

To comply with Rule 204-4, an adviser must subject itself to the Exempt Reporting Adviser regime by gaining entitlement through the IARD, prepare a Form ADV as an Exempt Reporting Adviser, and submit it to the SEC and the DC Department of Insurance, Securities and Banking. The IARD will require a $250 fee that will be paid directly to the District of Columbia and a $150 fee that will be paid to the SEC.

Continue Reading Washington DC Issues New Exempt Reporting Adviser Rule for Venture Capital Funds

Martin Shkreli, the controversial CEO of Turning Pharmaceuticals, and his attorney were indicted in an alleged securities fraud scheme. On December 14, 2015, a grand jury paneled in Brooklyn, New York, returned a seven-count indictment against Martin Shkreli. Mr. Shkreli is charged with seven counts of securities fraud and conspiracy. His attorney, Evan L. Greebel is charged with a single count of wire fraud conspiracy. Greebel and Shkreli also face a United States Securities and Exchange Commission (“SEC”) civil complaint. The SEC commenced an eight-count civil suit against Shkreli, and contains a single aiding and abetting count against Greebel. Shkreli is accused of running a Ponzi scheme that allegedly funneled money from Retrophin, Inc. to deceived investors in a series of ailing hedge funds. Attorney Greebel is charged with aiding the alleged scam. Continue Reading Martin Shkreli Arrested for Alleged Securities Fraud Scheme


On December 30, 2014, the Securities and Exchange Commission (“SEC”) approved a new Financial Industry Regulatory Authority (“FINRA”) rule governing transaction-based payments to unregistered persons. The new FINRA rule—Rule 2040—became effective on August 24, 2015. If you are a FINRA-registered broker-dealer that currently pays an unregistered person, now is a perfect time to examine the relationship and make sure that these payments are proper. In addition, if you are an unregistered or unlicensed person, then you may want to make sure that you can receive or continue receiving these payments. Lastly, if your firm permits “selling groups” of registered representatives for expense paying and marketing purposes, it is also a good time to reassess these practices.

More specifically, this new rule addresses many situations that can arise in a broker-dealer’s regular course of business. These situations include, but are not limited to:

  • Asset purchase arrangements between current representatives;
  • The receipt of continuing compensation by retiring representatives, their beneficiaries, or estates; and,
  • Referral arrangements.

As a result of these new changes, the current FINRA rules addressing payments to non-registered persons, as well as related New York Stock Exchange rules have been deleted from the FINRA rulebook. The rest of this article deals specifically with the requirements and implications of Rule 2040 and Section 15(a) of the Securities Exchange Act (the “Exchange Act”).

Continue Reading Payments of Transaction-Based Compensation by FINRA Members – A Changing Game for Asset Purchases, Selling Groups and Retiring Representatives

Shareholder Thomas D. Giachetti, Chair of the Securities Practice Group, authored the article SEC Clarifies RIAs’ Cybersecurity Obligations, which was published in the November issue of Investment Advisor. The article explains how the Securities and Exchange Commission’s (SEC) recent cybersecurity focus will affect RIAs. The SEC’s Office of Compliance Inspections & Examinations (OCIE) released a Risk Alert in the spring of 2014, which announced that it would “conduct examinations of more than 50 financial institutions, including RIAs, focused on: cybersecurity governance; identification and assessment of cybersecurity risks; protection of networks and information; risks associated with remote customer access and funds transfer requests; risks associated with vendors and other third parties; detection of unauthorized activity; and experiences with certain cybersecurity threats.” Most recently, in September 2015, OCIE released a follow-up Risk Alert which better elaborated on the “areas of focus” that would be examined during the cybersecurity process. Some of these areas would include “an RIA’s governance and risk assessment, access rights and controls, data loss prevention, vendor management, staff training and incident response.” As a result, Mr. Giachetti recommended three steps that RIAs should take immediately in relation to the OCIE’s Risk Alert. This includes consulting with the business’s IT staff or IT vendors to ensure that the highest level of protection is or has been implemented, as well as adopting a proper cybersecurity policy that specifically addresses these recent Risk Alerts. For more information, read the full article.

On June 19, 2015, real estate developers have a new avenue for raising funds. They no longer have to knock on banks doors and pay interest and provide personal guarantees, sign commercial documents pledging their homes, real estate or their business equipment, comply with Regulation D and Rule 506, or use their own finances. They can issue stock or partnership interests directly to the public without every investor having to be “accredited.”

The JOBS Act directed the SEC to adopt rules adding a class of securities exempt from the registration requirements of the Securities Act for offerings of up to $50 million of securities within a 12-month period. In March of 2015, the SEC finally released its final rules to comply with the JOBS Act.

The new rule is commonly referred to as Regulation A+ and divides offerings into two tiers: Tier 1, for securities offerings up to $20 million; and Tier 2, for offerings up to $50 million. Tier 1 offerings are not fully exempt offerings and they still remain subject to registration under state securities laws. Therefore, Tier 2 offerings are the subject of this article.

Continue Reading Real Estate Developers Interested in Offering Equity or Debt for New Projects under Regulation A+

Whether intentionally or not, in drafting certain provisions of settlement and severance agreements with employees, many employers have used language that violates the anti-retaliation protections for individuals who report violations of the securities laws and Foreign Corrupt Practices Act (“FCPA”). The Securities and Exchange Committee (“SEC”) promulgated Rule 21F-17(a) making it unlawful “to impede the efforts of individuals from communicating directly with the Commission staff… including enforcing, or threatening to enforce, a confidentiality agreement…” (17 C.F.R. §240.21F-17(a)). 

Continue Reading Employers Must Comply with SEC when Drafting Settlement Agreements

Brian A. Carlis, Shareholder and member of Stark & Stark’s Securities Arbitration Group, was featured in the article, “Few RIAs Accept Finra Invitation,” published in the Wall Street Journal on May 29, 2013.

The article discusses the meager RIA response to Financial Industry Regulatory Authority (“Finra”) expanding its arbitration forum to include registered investment advisors.  Traditionally the Finra arbitration process was used solely by broker-dealers.  This attempt to take over the role of overseer from the Securities and Exchange Commission (SEC) would mean lower arbitration fees for brokerages who would otherwise turn to the American Arbitration Association (“AAA”) to resolve issues with customers or employees. 

Mr. Carlis, who represents RIAs in securities arbitration proceedings, explains that the higher AAA fees deter investors with small financial claims who are seeking a quick or cheap settlement.  However, Finra is better equipped to handle securities disputes and ultimately clients would save money in the long run, even if it meant having to amend pre-dispute agreements in their contracts with clients to reflect this change in plan.

Mr. Carlis believes that many RIAs are reluctant to commit to Finra’s system until they see how others fare in the program.  He said that as the first few cases are handled by Finra, he expects the number of RIAs who switch over to Finra to grow.  Mr. Carlis “routinely discusses the pros and cons of both forums with his RIA clients, who might have to foot a hefty bill for an AAA hearing.”

Joint Announcement

On April 10, 2013, the Securities and Exchange Commission (“SEC”) and Commodity Futures Trading Commission jointly adopted and announced new identity regulations, which are being imposed pursuant to their respective authority under Dodd-Frank Act and the Fair Credit Reporting Act (“FCRA”). 

In this context, a “Red Flag” is a “pattern, practice, or specific activity that indicates the possible existence of identity theft.” [1]

Who is Affected?

Generally speaking, the SEC’s updated regulations (“Regulation S-ID”) will apply to investment advisory firms deemed to have custody of client funds or securities for the purposes of ADV Part 1, Item 9 and ADV Part 2A, Item 15, who are subject to annual surprise examinations.

More specifically, Regulation S-ID will affect broker dealers, investment companies, and investment advisory firms that are required to be registered under the Investment Advisers Act of 1940, which also meet the definition of: “financial institution” or “creditor” [2] under the FCRA, and which maintain or offers “covered accounts.” (each, an “Affected Entity,” and collectively, the “Affected Entities”).

While the definition of “creditor” generally does not apply to most investment advisory firms, the term “financial institution” may apply to firms that report having custody on form ADV because under the FRCA, a “financial institution” is:

a State or National bank, a State or Federal savings and loan association, a mutual savings bank, a State or Federal credit union, or any other person that, directly or indirectly, holds a transaction account belonging to a consumer. [3]

A “transaction account” is:    

a deposit or account on which the depositor or account holder is permitted to make withdrawals by negotiable or transferable instrument, payment orders of withdrawal, telephone transfers, or other similar items for the purpose of making payments or transfers to third persons or others. Such term includes demand deposits, negotiable order of withdrawal accounts, savings deposits subject to automatic transfers, and share draft accounts. [4]

The term “covered account,” is intentionally flexible, which basically describes any account: designed to permit multiple payments or transactions” and “for which there is a reasonably foreseeable risk to customers or to the safety and soundness of the financial institution or creditor from identity theft, including financial, operational, compliance, reputation, or litigation risks.” [5]

In short, if an investment advisory firm has the capacity to withdraw funds from client accounts and transfer those funds to unrelated third parties, (commonly defined as having custody [6]) that firm generally has a “transaction account” and therefore meets the definition of a “financial institution” for the purposes of the updated Red Flag Requirements.

When Will Regulation S-ID Take Effect?

The final rules will become effective thirty days after publication in the Federal Register, and the compliance date will be six months after the effective date.  Affected Entities should therefore anticipate the compliance deadline to take effect approximately between November and December 2013.

How Should Affected Investment Advisory Firms Comply with Regulation S-ID?

Step 1: Develop Policies and Procedures to Identify and Respond to Identity Theft Red Flags

Affected Entities are required to adopt policies and procedures designed to detect and address “reasonably foreseeable risks” from identity theft.”[7] (the “Red Flag Policies”).  

The Red Flag Policies should be tailored to an Affected Entity’s business model, the type of accounts maintained for its clients; its methods to open or access the affected accounts; and its prior experiences with identity theft.

Affected Entities are also required to consider inclusion of the following in the Red Flag Policies, as appropriate:

  1. Alerts, notifications, or other warnings received from consumer reporting agencies or service providers;
  2. Presentation of suspicious documents, such as documents that appear to have been altered or forged;
  3. Presentation of suspicious personal identifying information, such as a suspicious address change;
  4. Unusual use of, or other suspicious activity related to, a covered account; and
  5. Notice from customers, victims of identity theft, law enforcement authorities, or others persons regarding possible identity theft.

Step 2. Develop Oversight Plan

Next, Affected Entities should involve and obtain approval of the Red Flag Policies from either its board of directors, an appropriate committee of the board of directors, or from a designated senior management employee, as appropriate.

Those parties should develop and approve an oversight plan, which:

  1. Assigns specific responsibility for the Red Flag Policies’ implementation, to an individual or committee, who will report to the board of directors or designated senior management employee as appropriate;
  2. Assigns specific responsibility to issue reports prepared by staff [generally, the Chief Compliance Officer] about the Affected Entity’s compliance with Regulation S-ID;
  3. Provides for the approval of material changes to the Red Flag Policies as necessary to address changing identity theft risks;
  4. Ensures that outside service providers comply with the developed Red Flag Policies;
  5. Provides for periodic reviews and updates to the Red Flag Policies with respect to:
  6. a.       The experiences of the Affected Entity with identity theft;

    b.      Changes in methods of identity theft;

    c.       Changes in methods to detect, prevent, and mitigate identity theft;

    d.      Changes in the types of accounts that the Affected Entity offers or maintains;

    e.       Changes in the business arrangements of the Affected Entity, including mergers, acquisitions, alliances, joint ventures, and service provider arrangements; and

  7. Provides for staff training to detect and respond to identity theft red flags as they arise.

Step 3. Implement Red Flag Policies

As part of its Red Flag Policy program, the Affected Entity will be required to appropriately respond to identity theft red flags, which could but do not necessarily include the following:

  1. Monitoring a covered account for evidence of identity theft;
  2. Contacting the customer;
  3. Changing any passwords, security codes, or other security devices that permit access to a covered account;
  4. Reopening a covered account with a new account number;
  5. Not opening a new covered account;
  6. Closing an existing covered account;
  7. Not attempting to collect on a covered account or not selling a covered account to a debt collector;
  8. Notifying law enforcement; or
  9. Determining that no response is warranted under the particular circumstances.

Step 4.  Update Red Flag Policies as Necessary

Finally, in conformity with its oversight plan, the Affected Entity is required to periodically review and update the Red Flag Policies with respect to:

  1. The experiences of the Affected Entity with identity theft;
  2. Changes in methods of identity theft;
  3. Changes in methods to detect, prevent, and mitigate identity theft;
  4. Changes in the types of accounts that the Affected Entity offers or maintains; and
  5. Changes in the business arrangements of the Affected Entity, including mergers, acquisitions, alliances, joint ventures, and service provider arrangements.


As the prospect of new and more effective means of identity theft develop, investment advisory firms are compelled to react appropriately.  The development and implementation of Red Flag Policies is therefore critical to an Affected Entity’s ongoing compliance program.  

[1] 17 CFR § 248.201(b)(10)

[2] Under the FCRA, a “creditor” is: “any person who regularly extends, renews, or continues credit; any person who regularly arranges for the extension, renewal, or continuation of credit; or any assignee of an original creditor who participates in the decision to extend, renew, or continue credit.”  15 U.S.C. § 1681; 15 U.S.C. §1681A(r)(5).

[3] 15 U.S.C. § 1681A(t)

[4] 12 U.S.C. § 461 C

[5] 17 CFR § 248.201(b)(3)

[6] Among other reasons, an investment advisory firm generally has “custody” under 17 CFR § 275.206(4)-2(d)(2) if: it or a related person has direct or indirect possession of client funds or securities; any arrangement (including a general power of attorney) under which the related person is authorized or permitted to withdraw client funds or securities maintained with a custodian upon the related person’s instruction to the custodian; and any capacity (such as general partner of a limited partnership, managing member of a limited liability company or a comparable position for another type of pooled investment vehicle, or trustee of a trust) that gives the investment advisory firm or its related person legal ownership of or access to client funds or securities.

[7] SEC Release Nos. 34-69359, IA-3582, IC-30456.



In July 2012 Netflix, Inc. (“Netflix”) Chief Executive Officer, Reed Hastings, posted a seemingly innocuous statement to his personal Facebook page:

Congrats to Ted Sarandos, and his amazing content licensing team. Netflix monthly viewing exceeded 1 billion hours for the first time ever in June. When House of Cards and Arrested Development debut, we’ll blow these records away. Keep going, Ted, we need even more!                          

Mr. Hastings did not post that information on Form 8-K, the Netflix website, the Netflix Facebook page, or in any other public medium.  Critically, Netflix’s shareholders were not separately informed of the above information.

As a result of that post, the Securities and Exchange Commission (“SEC”) announced approximately six months later that it was investigating whether to bring an enforcement action against Netflix and Mr. Hastings for potential violation of Regulation FD. 

Regulation FD, which stands for “Fair Disclosure,” became effective in October 2000 and is codified at 17 CFR 243.100-243.103 (“RegFD”).  According to the SEC, RegFD seeks to address:

  1. The selective disclosure by issuers of material nonpublic information;
  2. When insider trading liability arises in connection with a trader’s “use” or “knowing possession” of material nonpublic information; and
  3. When the breach of a family or other non-business relationship may give rise to liability under the misappropriation theory of insider trading. (See: SEC Release Nos. 33-7881; and 34-43154).

At its core, RegFD requires a public company representative who discloses material nonpublic information to certain individuals, (generally, securities market professionals and shareholders who may trade on the basis of the information) to issue either a “prompt” or “simultaneous” disclosure of the same information to the public (depending upon whether the initial disclosure was intentional or accidental).

Luckily for Netflix, on April 2, 2013, the SEC issued a “Report of Investigation Pursuant to Section 21(a) of the Securities Act of 1934: Netflix and Reed Hastings” (the “2013 Report”) in which it stated it would not pursue an enforcement action.  However, the SEC only refrained from an enforcement action because its investigation revealed: “there is uncertainty concerning how Regulation FD and the Commission’s 2008 Guidance apply to disclosures made through social media channels.” 

Now that the SEC has ostensibly removed all uncertainty by releasing the 2013 Report, public companies and its representatives should proceed with caution when releasing company information on a personal social media site.

As stated in the 2013 Report:

Although every case must be evaluated on its own facts, disclosure of material, nonpublic information on the personal social media site of an individual corporate officer, without advance notice to investors that the site may be used for this purpose, is unlikely to qualify as a method ‘reasonably designed to provide broad, non-exclusionary distribution of the information to the public’ within the meaning of Regulation FD.

Accordingly, before posting any such information, public companies and their representatives should consider:

  1. Whether the potential post contains material, nonpublic information;
  2. Whether the company has provided appropriate notice to investors of the specific channels that it will use for the dissemination of material, nonpublic information; and
  3. If the information will be disseminated in such a way reasonably designed to provide broad, non-exclusionary distribution of information to the public.


Cary Kvitka is a member of Stark & Stark’s Securities Group in the Lawrenceville, New Jersey office. For questions, or additional information, please contact Mr. Kvitka.