The Securities and Exchange Commission has dinged a broker-dealer firm in New York $250,000 for putting an untrained compliance associate in charge of gathering data about stocks the firm offered to clients, and letting traders do business in those stocks without any real sense of how accurate their information was.
The firm, Canaccord Genuity Corp., with about $50.7 billion in assets under management, agreed to the penalty and a cease-and-desist order Wednesday. It’s not the largest case of inept compliance we’ve seen, but it is a good example of compliance done wrong, so let’s take a look.
As a dealer in over-the-counter stocks (read: lots of quack businesses you’d see on Wolf of Wall Street), Canaccord is subject to Rule 15c2-11 of the Exchange Act. That rule requires a broker-dealer to obtain, review, and keep basic information about those OTC stocks before the firm starts hawking them to investors: prospectus, financial statements, the offering circular, names of executive officers, and so forth.
Rule 15c2-11 also requires firms to certify their compliance with the rule to FINRA (the regulator for broker-dealers) before they start said hawking of OTC stocks, in what’s known as a Form 211 filing. You need to file a Form 211 for every OTC stock you offer, signed by a principal member of the firm.
So from October 2017 to September 2018, Canaccord put an untrained compliance associate in charge of all that, and had the associate sign the Form 211 filings on the principal’s behalf. That’s bad.
On paper, Canaccord’s written policies looked great. (Then again, don’t they always?) A trader wanting to start business in an OTC stock had to perform the due diligence (business unit owning the risk), and then transmit that information to the compliance department for review and recordkeeping (compliance as Second Line of Defense). A “designated principal” would sign the Form 211 filings.
In reality, that didn’t happen. The compliance associate was in charge of gathering that information about OTC stocks when, as the SEC litigation order put it, this associate “had no trading experience and no formal training to conduct the review required by the rule,” such as how to analyze a financial statement.
So Canaccord didn’t have the business unit own the risk. It saddled the compliance function with the risk, and then left unqualified personnel within the compliance function to do it. Which violates the most basic best practices of effective compliance and risk management. In fact, here’s a nifty excerpt from the Justice Department’s guidance on evaluating effective compliance programs.
The facts speak no better for the Form 211 business, either. The compliance associate placed the designated principal’s electronic signature on the filings, first without knowing whether the information was accurate, and “the compliance associate generally understood that the firm’s designated principal had not actually examined the form prior to its submission.” Ugh.
There’s more. Yes, Canaccord’s compliance department did maintain all that information (which the compliance associate couldn’t understand); but if a trader wanted to review those records before he started pushing a certain OTC stock to investors, he had to submit a request to the compliance department. Therefore, brokers rarely bothered to seek that information.
I’m not quite sure how to describe this failure. In one way it’s a failure of recordkeeping, since the compliance department didn’t provide easy access to that information. And as we all know, when the compliance function makes a procedure hard to do, employees will either ignore it or find some way to evade it, so they can do their “real” jobs unimpeded. That’s exactly what happened here.
In another way, this lack of access was also a failure of training, since those traders should have complained that they couldn’t review the records they needed. Instead, they went full Leonardo DiCaprio and started selling to investors with no idea how reliable their information was. And that was the failure for Canaccord Genuity overall: it had no reasonable basis for believing that the information coming from those OTC stocks was accurate.
The Broker Remediates
In November 2018, Canaccord revised its policies and procedures to fix all this. (We don’t know why, but my guess is a FINRA or SEC examination that brought these poor practices into the sunlight.)
First, traders must submit a request to compliance for help in obtaining information about a new OTC security, “including the structure and nature of the product and risks related thereto.” So the business unit has to do at least some of the legwork. Good.
Second, the compliance associate prepares that Form 211 filing, and then sends it to the trader and the designated principal for review. The principal completes a separate certification that he has actually, ya know, read it; and only then does the Form 211 go to FINRA.
Third, traders now have direct access to all those files; no requests to compliance necessary.
The lessons here are clear. Put qualified personnel in charge of compliance tasks. Take compliance obligations, such as signing and filing of forms, seriously.
And perhaps above all, design procedures so that they help employees do their jobs in a compliant manner; rather than make compliance one more hurdle they need to overcome.