Overview
Consolidated financial account reports can offer a broad – all-encompassing — view of customers’ investments regardless of where the assets are held and may even include non-securities assets. Customers often demand them and firms and financial advisers provide them. FINRA has had these types of communications to customers on its radar screen for years.
Equally, on FINRA’s radar screen for years has been the need to supervise regulatory functions outsourced to third party vendors. FINRA has frequently reminded firms that outsourcing regulatory functions does not relieve the firm of its compliance obligations and that firms must supervise the outsourced activity.
Given the information management and communication challenges with issuing consolidated reports to customers, firms often turn to vendors to get the job done. Being aware of recent regulatory focus on issues that may arise when firms rely on vendors to prepare consolidated reports can help firms avoid finding themselves in the regulators’ cross hairs. These issues include, among others: (1) the ability of financial advisors (“FA”) to send clients “draft” reports that may not have been reviewed by the firm; (2) supervision and control risks when an FA improperly characterizes certain assets on the report as “non-securities,” which then may not be subject to the firm’s supervision; and (3) the vendor providing direct access to consolidated reports by customers or FAs, which have not been reviewed by the firm or which allow the FA to make changes to reports that were then sent to customers without firm review.
Prior Regulatory Guidance – Consolidated Reports and Vendor Management
In April 2010, FINRA issued Regulatory Notice (RN) 10-19 to remind firms of their responsibilities when providing customers with consolidated reports. RN 10-19 cautioned firms that unless “rigorously supervised,” consolidated reports “can raise a number of regulatory concerns,” including false or inaccurate information sent to customers. They also may create “a misconception that the firm produced or verified all of the data” in the reports.
In Notice to Members 05-48, FINRA reminded firms that outsourcing regulatory functions does not relieve the firm of its compliance obligations and that the firms must supervise the outsourced activity. FINRA stated: “The [firm’s] procedures should include, without limitation, a due diligence analysis of all of its current or prospective third-party service providers to determine whether they are capable of performing the outsourced activities… After the member has selected a third-party service provider, the member has a continuing responsibility to oversee, supervise, and monitor the service provider’s performance of covered activities.” It goes without saying that the firms should understand how the vendor will carry out the outsourced function.
Prior Enforcement Actions
FINRA’s disciplinary actions involving consolidated reports focused on firms’ failures to supervise financial advisers’ use of such reports. Among other things, firms permitted FAs to use consolidated reporting systems that allowed the FAs to enter customized values for assets and accounts held away from the firm without supervising to ensure accuracy of the reports provided to customers.[1] In certain cases, the firms also failed to retain the consolidated reports in accordance with recordkeeping requirements.[2]
Recent FINRA Focus on Potential Gaps when Vendors Employed to Create Consolidated Reports
In order to meet their regulatory obligations when outsourcing functions, firms remain responsible for compliance with those obligations. To meet their obligations, firms must understand their vendors’ processes for carrying out those functions. Failure to do so creates risk of unintended gaps in compliance.
This is illustrated by a recent FINRA case involving a firm’s reliance on vendors for preparation of consolidated reports.[3] Among other things, FINRA found that:
- FAs had the ability, through the vendors’ systems, to generate “non-finalized” or draft consolidated reports, which were intended for internal use only and therefore not reviewed by the firm. Furthermore, the firm did not have a system to identify when its representatives sent customers draft consolidated reports that were intended to be for “internal use only.”
- The firm’s written supervisory procedures required it to “review and validate” all manually entered valuations for “securities-related” assets. However, in practice, the firm only reviewed manually-entered assets if the FAs characterized the assets as “securities-related.” If assets were characterized as “non-securities-related,” but were in fact securities, they were not reviewed.
- The firm used multiple vendors and failed to understand the functionalities of its vendors’ consolidated reporting systems. FINRA detailed how each vendor provided FAs and/or clients different ways to access and alter the reports that were provided to customers.
Take-Aways
As noted above, in an effort to create and disseminate consolidated reports, many firms have turned to the use of specific, approved third-party vendors. Firms must ensure that they are meeting supervisory obligations when relying on third-party vendors.
Methods to monitor and assess a third-party vendor’s performance of the outsourced function may include: (1) using programmatic checks through business operations; (2) including the specific procedural requirements and expectations in the vendor contracts; (3) requiring status reports and periodic meetings; and (4) testing and reviewing the third parties’ procedures. Firms need to understand how the vendor will carry out the outsourced function. Understanding the functionalities of their vendors’ consolidated report systems allows the firms to assess any possible regulatory gaps.
FINRA’s ongoing monitoring of consolidated reports should serve as a reminder to firms that this topic is still very much on the regulator’s radar, especially for those firms that made prior representations about correcting their consolidated reporting problems.
1. See Triad Advisors, Inc. (FINRA AWC 2011025792001) (March 12, 2014), Securities America, Inc. (FINRA AWC 2010025742201) (March 12, 2014), LaSalle Street Securities, LLC (FINRA AWC 2013035055101) (Nov. 10, 2014), H. Beck, Inc. (FINRA AWC 2012031552601) (March 30, 2015), J.P. Turner & Company, LLC (FINRA AWC 2013036404301) (March 27, 2015), and LPL Financial LLC (FINRA AWC 20130351 09701) (May 6, 2015).
2. See Triad Advisors, Inc. (FINRA AWC 2011025792001) (March 12, 2014), Securities America, Inc. (FINRA AWC 2010025742201) (March 12, 2014), and LPL Financial LLC (FINRA AWC 20130351 09701) (May 6, 2015).
3. LPL Financial, LLC (FINRA AWC 2018059192701) (Dec. 31, 2020).