Skip to main content
Menu Icon

InfoBytes Blog

Financial Services Law Insights and Observations


Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • FINRA reminds registered firms of continuing education requirements


    On July 12, FINRA reminded registered firms of upcoming continuing education deadlines in an information notice. FINRA noted all registered persons must complete the Regulatory Element of their continuing education as required by FINRA Rule 1240 by December 31. Those failing to do so will be designated as having their continuing education inactive. Firms must develop an annual written training plan to meet the Continuing Education Firm Element requirement. To assist in this, FINRA developed Financial Learning Experience, a content catalog that firms can use to create training programs.

    Monitoring continuing education obligations can be done through FINRA Gateway, as well as setting deadlines, and sending automated notifications to registered individuals. FINRA encourages registered individuals and firms to use available resources to comply with continuing education requirements and enhance professional development.

    Securities FINRA

  • District Court hears whether FINRA’s claims must be litigated in the courts


    On July 10, the U.S. District Court for the Eastern District of Pennsylvania received a complaint from a plaintiff suing FINRA for allegedly putting forth disciplinary hearings that took place “in an improper forum, before an arbitrator whose selection was made in blatant violation and disregard of [the individual’s] Seventh Amendment right to a trial before a jury in an Article III court.” The individual countersued after receiving a 2023 FINRA complaint for allegedly violating FINRA Rules 2010, 2111, and 4511, where FINRA initiated in-house proceedings. The plaintiff averred these allegations were assertions of common law fraud and should have been brought before an Article III court. The 2023 FINRA complaint alleged the plaintiff failed to file certain required documents, failed to ensure clients received benefits, and exercised improper discretion.

    In its complaint, plaintiff noted the recent U.S. Supreme Court decision, SEC v. Jarkesy, that the SEC may no longer pursue legal claims through in-house enforcement proceedings (covered by InfoBytes here). The complaint further noted that to receive Seventh Amendment protection pursuant to the Jarkesy holding, a two-part test from Granfinanciera v. Nordberg case must be applied. According to the plaintiff, this case met both the first and second parts of the Granfinanciera test, arguing that the plaintiff should receive the Seventh Amendment right to a jury trial, and as a second cause of action also request a permanent injunction.

    Courts FINRA Pennsylvania Dodd-Frank Securities Exchange Commission

  • FINRA fines securities firm for failing to use an escrow agent


    Recently, FINRA released its letter of acceptance, waiver, and consent (AWC) against a securities firm for allegedly failing to use an escrow agent to custody customer funds. Among other things, the firm deposited investor funds for both offerings into accounts that its registered representative established and controlled, rather than with a bank. According to FINRA, these actions, discovered during a firm examination, violated the Exchange Act § 15(c)(2), Rule 15c2-4 thereunder, and FINRA Rule 2010. The firm further failed to both “promptly return customer funds” when the contingency was not met and changed material terms in its 2020 offering; violating Exchange Act §10(b), Rule 10b-9 thereunder, and FINRA Rule 2010. The firm consented to receiving a censure and a $20,000 fine.

    Securities FINRA Securities Exchange Act

  • FINRA fines annuity and fund distributor for causing payment of transaction-based compensation to unregistered entity


    On July 8, FINRA accepted a firm’s Letter of Acceptance, Waiver, and Consent imposing a censure and a $300,000 fine. The firm is a wholesale distributor of variable insurance products and mutual funds. Between March 2018 and September 2019, FINRA alleged that the firm caused around $2.9 million in compensation to be paid to an unregistered entity. More specifically, according to the AWC, the Firm had paid around $8.7 million in transaction-based compensation to an unaffiliated selling broker-dealer concerning the sale of variable life insurance, a securities product.  Of that, FINRA alleges that the Firm directed the unaffiliated broker-dealer to direct $2.9 million to an LLC that was not affiliated with the firm and that was not a FINRA member. As a result, FINRA alleged that the firm violated FINRA Rule 2040 which prohibits FINRA members from paying transaction-based compensation to any person not registered as a broker-dealer if receipt of such payment would require such person to register as such.

    Securities FINRA Securities Exchange Commission Insurance

  • FINRA fines firm for excess commission charges


    Recently, FINRA released a Letter of Acceptance, Waiver and Consent (AWC) against a securities firm for two alleged violative conducts from August 2018 to September 2022. First, FINRA alleged that the firm charged an unfair commission of at least $100 on 1,683 equity transactions. FINRA also alleges that the firm failed to maintain a supervisory system designed to monitor for unfair commissions, which engendered the unfair commissions, in violation of FINRA Rules 2121, 3110, and 2010. Second, FINRA alleged that the firm failed to file offering documents with FINRA “in connection with 14 private placements,” in violation of FINRA rules 5123 and 2010. In the AWC, the firm agreed to a censure, a fine of $65,000, and a restitution of $69,898.17 plus interest.

    Securities FINRA AWC Unfair Securities Exchange Commission

  • FINRA fines firm for insufficient ACH monitoring


    Recently, FINRA accepted a letter of acceptance, waiver and consent from a brokerage firm to settle alleged rule violations. The settlement concerns a series of unauthorized Automated Clearing House (ACH) transfers from a senior trust customer's brokerage account. Between December 2019 and April 2020, $332,457.73 was allegedly illegally transferred out of the account through 278 ACH transfers initiated by third parties that illegally obtained information relating to a checking feature attached to the consumer’s account. 

    According to the letter, FINRA Rule 3110(a) mandates that member firms must establish systems to supervise associated persons and reasonably ensure compliance with securities laws, regulations, and FINRA rules, including the responsibility to investigate and act on red flags indicating misconduct. The failure to do so also constitutes a violation of FINRA Rule 2010, which “requires a firm to observe high standards of commercial honor and just and equitable principles of trade in the conduct of its business.”

    The respondent firm allegedly failed to maintain an adequate system to review and monitor externally-initiated ACH transfers of consumer funds as their proprietary tool only monitored internally-initiated ACH transfers. As a result, none of the fraudulent transactions were flagged. The respondent firm also failed to identify several red flags in connection with such ACH transfers, including that the transactions were out of character for the customer, the volume of transactions as compared to any other account,  and not identifying five fraudulent transactions that were included on an end-of-year report.

    Despite these oversights, the bank processing the ACH transfers ultimately credited back all the stolen funds to the customer's account, and the respondent provided information to the bank to support the remediation.

    Respondent agreed to a censure and to pay a $225,000 fine.

    Securities FINRA ACH Enforcement Settlement Third-Party

  • FINRA issues regulatory guidance on members using generative AI tools

    Privacy, Cyber Risk & Data Security

    Recently, FINRA reminded member firms that existing rules and guidance apply to the use of artificial intelligence (AI), such as generative AI tools, just as they would with any other technology or other tools. FINRA noted that while generative AI can offer potential benefits, it can also pose risks related to privacy, bias, and misuse. FINRA emphasized that firms must ensure their use of generative AI complies with existing regulations, for example, those governing member supervisory systems for the review of electronic communications and public communications made using a technology tool. The rules applicable will depend on how each firm uses the technology. For example, FINRA noted that if a member firm uses generative AI tools as a part of its supervisory system, “its policies and procedures should address technology governance, including model risk management, data privacy and integrity, reliability and accuracy of the AI model.” FINRA noted it welcomes feedback on how it could update its rules to address the use of generative AI to maintain investor protection and market integrity.

    Privacy, Cyber Risk & Data Security FINRA Artificial Intelligence

  • FINRA publishes alert on critical software vulnerability

    Privacy, Cyber Risk & Data Security

    Recently, FINRA issued a cybersecurity alert bulletin to all member firms regarding a critical vulnerability within a software company’s transfer software, specifically affecting its Secure File Transfer Protocol module. The vulnerability could potentially allow for authentication bypass, FINRA warned. The software developer has released a security bulletin advising firms to upgrade to the latest version of the software to address this issue.

    Additionally, a new risk has been identified in a third-party component within the company’s transfer software, which increases the risk of authentication bypass if not resolved. Firms are instructed to take precautionary measures, including blocking public inbound Remote Desktop Protocol access to the servers running the software and limiting outbound access to trusted endpoints only. The third-party will release a fix, which the software company will make available. The alert follows a similar incident in June 2023 for which FINRA also issued an advisory to member firms.

    FINRA also reminds firms to reference Regulatory Notice 22-29 from December 2022, which provides guidance on ransomware risks and offers considerations for evaluating cybersecurity programs in response to ongoing threats.

    Privacy, Cyber Risk & Data Security FINRA Third-Party Risk Management

  • SEC extends deadline for FINRA SLATE rule decision


    On June 10, the SEC extended the review period for a proposed rule change by FINRA. The proposed FINRA Rule 6500 Series, concerning the Securities Lending and Transparency Engine (SLATE), would require the reporting of securities loans and provide dissemination of related information for the public. Initially published for public comment on May 7, the rule's decision deadline has now been moved to August 5 to allow the SEC adequate time to consider feedback and deliberate on the rule’s changes.

    Securities Agency Rule-Making & Guidance Securities Exchange Commission Federal Issues FINRA

  • FINRA imposes censure and $250,000 fine on “influencer” company for misconduct and privacy notice violations


    On June 10, FINRA agreed to a Letter of Acceptance, Waiver, and Consent (AWC) from a company, addressing various regulatory infractions for improper use of social media influencers in promotional activities. From 2020 to 2022, the firm was found to have compensated influencers for social media content that was not fair and balanced and contained exaggerated claims, violating FINRA Rules 2210(d)(1) and 2010. The firm also failed to review influencer-produced videos prior to their distribution and lacked adequate supervisory procedures to monitor its influencers’ communications, contravening the Securities Exchange Act Section 17(a), Exchange Act Rule 17a-4(b)(4), and additional FINRA rules. Furthermore, the company issued misleading privacy notices to its customers, violating Regulation S-P and FINRA Rule 2010. Specifically, the company stated in its privacy notice that it disclosed nonpublic personal information “only when it is both permitted by law and required for the ordinary course of business,” when in fact it shared such nonpublic personal information with non-affiliated third parties for marketing purposes. To resolve these claims, FINRA imposed a censure and a $250,000 fine. The company concurred.

    Securities FINRA Social Media


Upcoming Events