SEC Knows Best: Exam Highlights Deficiencies in Broker-Dealer Reg BI Compliance
The SEC's Division of Examinations (Exam) published a Risk Alert on Jan. 30, 2023, summarizing alleged deficiencies its staff observed since Exam started conducting broker-dealer examinations to assess compliance with Regulation Best Interest (Reg BI). The Risk Alert "is intended to assist broker-dealers in reviewing and enhancing their compliance programs related to" Reg BI and serves as a likely harbinger of future enforcement actions.
In this post, we provide a brief refresher on the history and requirements of Reg BI, a breakdown of Exam's observations and guidance, and a preview of what this may mean for future enforcement actions.
The Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 mandated that the SEC study the effectiveness of standards of care within the broker and advisory space.1 Following years of analysis, debate and legal challenges, the SEC on June 5, 2019, adopted Reg BI (codified as Exchange Act Rule 15l-1).
Reg BI established a new standard of care for broker-dealers and their associated persons (the financial professionals who work directly with customers) in connection with their recommendations to retail customers. Generally speaking, Reg BI provides that, when making a recommendation of any securities transaction or investment strategy involving securities (including account recommendations) to a retail customer, a broker-dealer and its associated persons must act in the (you guessed it) "best interest" of the customer at the time the recommendation is made.
Clearly, assessing what is in a customer's best interest is critically important in assessing compliance with Reg BI. Although the SEC declined to define that term in its 770-page adopting release, Rule 151-1(a)(2) includes four standards broker-dealers and their associated persons must satisfy (Obligations):
- Disclosure Obligation: Before or at the time of the recommendations, they must disclose of "all material facts" related to the scope and terms of the relationship and all material conflicts of interests associated with the recommendation.
- Care Obligation: They must exercise reasonable diligence, care and skill in making the recommendation, to a) understand potential risks, rewards and costs associated with the recommendation; b) have a reasonable basis to believe the recommendation – or series of recommended transactions – is in the best interest of the retail customer based on, among other things, the retail customer's investment profile; and c) not place the financial interests of the broker-dealer/its associated person ahead of the retail customer.
- Conflict of Interest Obligation: They must establish, maintain and enforce written policies and procedures reasonably designed to: a) identify and disclose (or otherwise eliminate) all material conflicts of interest; b) identify and disclose material limitations created by certain investment strategies and prevent such limitations from placing a broker-dealer's interests ahead of those of the retail customer; and c) identify and eliminate any sales contests, sales quotas, bonuses and non-cash compensation that are based on the sales of specific securities or specific types of securities within a limited period of time.
- Compliance Obligation: In addition to their required Conflicts of Interest policies and procedures, they must establish, maintain and enforce written policies and procedures reasonably designed to achieve compliance with Reg BI.
Although these Obligations include sizeable overlap with fiduciary duty principles applicable to investment advisers, the SEC was clear in its adopting release that Reg BI does not impose a fiduciary duty on broker-dealers or their associated persons.2 In the same breath, however, the SEC also noted that "[a]t the time a recommendation is made, key elements of the [Reg BI] standard of conduct that applies to broker-dealers will be similar to key elements of the fiduciary standard for investment advisers."3 The differences are largely attributable to the "ongoing nature of the advisory relationship" where the adviser's fiduciary duty "generally applies to the entire relationship" compared to the "generally transactional and episodic" nature of the broker-client relationship and the imposition of best interest obligations at the time of the recommendation.4
Exam's Reg BI Risk Alert
On Jan. 30, 2023, roughly two and a half years after firms were required to begin complying with Reg BI, Exam issued a Risk Alert highlighting the most commonly observed (purported) compliance failures and deficiencies.5 Below, we highlight some of the Risk Alert's key takeaways, organized by each of the four Obligations:
Disclosure Obligation Observations
- Website Postings: Exam noted that some firms failed to deliver their disclosures in writing and instead merely posted to their websites or referenced the disclosures in other documents.6 Exam noted that mere references to online postings do not satisfy the obligation to "deliver" disclosures.7
- Acting in Multiple Roles: Exam repeatedly observed instances in which 1) broker dealers provided insufficient disclosure to retail customers concerning the capacity in which dually licensed professionals (broker-dealer registered representative and investment adviser representative) were performing services at different points in the relationship; 2) insufficient policies and procedures existed to ensure appropriate and accurate disclosure around dual roles and the potential conflicts at play; and 3) verbal-only disclosures led to a lack of documentation that necessary disclosures were made.
Care Obligation Observations
- Exam observed instances where broker-dealers or their associated financial professionals 1) failed to understand the recommended product; 2) failed to obtain or consider the customer's investment profile; and 3) failed to understand the potential risks and costs associated with the recommendation.
Conflict of Interest Obligation Observations8
- Written Procedures: Exam identified firms that lacked or had insufficient policies and procedures documenting a reasonable process for identifying and addressing conflicts, such as identifying responsible parties within the organization (such as the compliance department, a conflicts officer or a conflicts committee). Exam also made particular note that certain policies and procedures did not expressly prohibit sales quotes, bonuses and non-cash compensation.
- Identification of Conflicts: Exam identified some firms taking a too-narrow and prescriptive view of conflicts by considering only strictly prohibited activity and not addressing conflicts that can arise from how a firm and its professionals make investment recommendations.
- Failure to Mitigate: Exam emphasized that disclosure of a conflict is not the same as mitigation and that actual mitigation measures should be reasonably designed and implemented, noting that firms must have policies and procedures designed mitigate – including "modif[ying] practices to reasonably reduce" – conflicts of interest at the financial professional level that might consciously or unconsciously incline a professional to make a not-disinterested recommendation.
Compliance Obligation Observations
- Generic Policy Issues: Exam observed multiple instances of generic written policies and procedures that were not tailored to the firm's business model or otherwise were limited to restating the rule's requirements.
- Policies and Procedures Concerning Disclosure Obligation: Firms purportedly did not specify when disclosures should be created or updated (i.e., when the disclosures contain materially outdated, incomplete or inaccurate information), did not identify parties responsible for updates, did not identify when material changes should result in new or updated disclosures, and did not have processes to demonstrate that disclosures had been provided to retail customers.
- Policies and Procedures Concerning Care Obligation: Exam staff identified several purported deficiencies, including 1) no guidance for professionals on how to consider reasonably available investment alternatives; 2) no guidance for professionals on how exactly to consider cost; 3) a lack of mandated use for firm systems that evaluated costs and alternatives; and 4) when mandating documentation of bases for recommendations, a lack of instruction as to specific information to be gathered.
- Policies and Procedures Concerning Training and Periodic Reviews and Testing: Exam noted several areas where firms purportedly fell short of expectations, including 1) firm use of surveillance systems that predated Reg BI without consideration of whether the regulation limited their effectiveness; 2) use of surveillance systems that captured only executed transactions but did not include recommendations not accepted by customers; and 3) maintaining documentation locally, thereby limiting compliance assessment to branch examinations.
The Look Ahead: Enforcement Around the Corner
Exam noted that many of the firms whose alleged deficiencies are summarized in the Risk Alert addressed the issues through modified and improved practices, policies and procedures. More important, perhaps, the Risk Alert highlights important risks all broker-dealer firms face – and that some are struggling to address – in achieving full compliance with Reg BI. And as is often the case, the Risk Alert may provide a peek around the corner at future enforcement actions.
Frequently, when the Division of Enforcement (Enforcement) considers new regulations or market trends, initial enforcement matters tend to be more focused on fraudulent misconduct or blatant policies and procedures violations. For example, when Enforcement first began enforcing Rule 30(a) Regulation S-P (Safeguards Rule) in connection with obligations to adopt and enforce policies and procedures to safeguard customer information, it first focused on companies that purportedly had no policies at all or obvious blanks in their policies. As detailed above, Exam's Risk Alert spilled much of its ink over purported deficiencies in the underlying broker-dealers' policies and procedures – a potential sign of where the first round of enforcement activity may lie.
Next, we expect that Enforcement will begin to test the contours of Reg BI. For example, SEC Chair Gary Gensler has already posited that certain digital engagement practices or features offered by online trading firms may rise to the level of a "recommendation," which could trigger Reg BI obligations. Additionally, Exam has reportedly targeted broker-dealers with deficiency letters for, among other things, failing to properly consider reasonable alternatives for retail investors. With Exam highlighting Reg BI as a priority area for Fiscal Year 2023, we expect these type of matters will result in enforcement referrals and corresponding enforcement actions.
The SECond Opinions Blog will continue to monitor the agency's activity in this space and provide further updates. If you need any additional information on this topic – or anything related to SEC enforcement – please contact the authors or another member of Holland & Knight's Securities Enforcement Defense Team.
1 Section 913 of Title IX of the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010.
2 Regulation Best Interest: The Broker Dealer Standard of Conduct, Exchange Act Release No. 34-86031 (June 5, 2019), at 58, 68.
3 Id. at 17. The agency highlighted some differences between the two standards, including an investment adviser's fiduciary duty generally includes a duty to provide ongoing advice and monitoring, while Regulation Best Interest focuses on acting in the retail customer's best interest at the time a recommendation is made.
4 Id. at 60.
7 See Adopting Release, at p. 226.