LPL may be the biggest BD in the country, with 21,500 reps operating out of almost 13,000 branch offices. Heaven knows how much money it brings in every year, but, goodness, it must be a lot. And good thing, too, given how much the firm keeps paying to FINRA in fines for its serial, repeated, and egregious supervisory failures.

A week or so week ago, LPL kept its string of massive supervisory fines intact with a $6.5 million AWC. I will get to the details, of course, but, for starters, let’s take note of the following:

• In the “Relevant Disciplinary History” section of the AWC, FINRA identified three prior AWCs, dating back only five years, with fines totaling almost $12 million
• For some reason, however, FINRA left out of that section another supervisory AWC, from 2013, in which LPL paid a $7.5 million fine for its failure to retain (and review) emails…which sort of sounds like the very problem that is the subject of the latest AWC
• According to the firm’s BrokerCheck report, and as I pointed out in a blog post from a year ago, LPL “has 253 total disclosures, of which 175 are regulatory events, perhaps 20 or more of which involved a supervisory violation”
• No individuals were named in this AWC, or in any of the three prior AWCs that FINRA mentions in the new AWC, or in the 2013 AWC that FINRA omitted (and without going through all of the 20 or so other supervisory cases, I would venture to speculate that no individual was named in them, either, although I am happy to be proven wrong by anyone with the inclination to review all those cases).

I am guessing that given these initial observations (well, and, perhaps, the title of this piece), you can deduce what I am thinking: if you happen to be a firm that is big enough, with enough money, to pay FINRA millions and millions of dollars, year after year, for repeated supervisory violations, a firm whose CEO maybe sat on the FINRA Board of Governors not too long ago, you can happily remain in business no matter how pervasive the problems seem to be, and no one in management will be held personally accountable. This is not conjecture. This is fact. All you have to do is read LPL’s BrokerCheck report, read the AWCs, and you will see for yourself the kinds of violations the firm has committed, the amount of fines it has paid, and who has NOT been named as respondents.

Can it be any wonder that small firms see this AWC and gnash their collective teeth in anger over the disparate treatment they receive? Just look at my most recent blog post, about a FINRA AWC for Worden Capital Management for supervisory failures. Guess who was also named as a respondent, as a result of the conclusion that he was personally responsible for the unreasonable WSPs? That’s right, Jaime Worden, the firm’s owner and CEO. Neither Mr. Worden or his firm had any relevant disciplinary history leading up to that AWC, quite unlike LPL, yet FINRA was comfortable naming him along with the BD. And that is just one example. The list goes on, and on, and on.[1]

Well, with that off my chest, let’s talk a look at LPL’s latest supervisory cluster. There are actually three components to the firm’s failure to meet its regulatory obligations: record retention, fingerprinting and screening of associated persons, and supervision of consolidated reports. I will take them one at a time.

Regarding record retention, for over five years – a time period that, incidentally, overlaps with prior AWCs – from January 2014 to September 2019, LPL failed “to retain electronic records in the required format, preserve certain electronic records, and notify FINRA prior to employing electronic storage media.” That failure “affected at least 87 million records and led to the permanent deletion of over 1.5 million customer communications maintained by a third-party data vendor,” including “mutual fund switch letters, 36-Month Letters, and wire transfer confirmations.” This bit about the third-party vendor is my favorite part of the AWC:

In August 2017, after FINRA requested certain customer letters that LPL could not locate, LPL contacted Vendor A in an attempt to locate them. Vendor A informed LPL that about 500,000 customer communications, including the letters, had been deleted because Vendor A placed them in a temporary storage location from which records were automatically deleted after one year. Subsequently, LPL did not take reasonable steps to verify that Vendor A migrated the other documents remaining in the temporary storage location to an appropriate location. Therefore, on October 26, 2018, Vendor A discovered that the migration did not occur and that approximately one million additional LPL customer communications had been deleted.

Whoops. In addition, LPL also “failed to send account notices that are required to be sent to customers at 36-month intervals for each account in which a suitability determination had been made.” This one impacted over one million customers.

Regarding the fingerprint problem, from January 2014 through the present, LPL failed to obtain fingerprints for more than 7,000 non-registered associated persons. Because these associated persons were not fingerprinted, LPL did not screen them to determine whether any individual was subject to a statutory disqualification. As part of the remediation efforts that the firm commenced, it determined that approximately 5,000 of the individuals were no longer associated with LPL, so it could not obtain their fingerprints or determine if they were subject to statutory disqualification. 5,000!

Of course, the AWC also provides that LPL actually did get the fingerprints for one guy, properly sent them to FINRA for review, and received a notice back that he was SD’d, which should have resulted in either (1) him being terminated, (2) the firm filing a BDW, or (3) the firm filing an MC-400. LPL, however, boldly chose a fourth option: do nothing, and let the guy continue to work there for 2 ½ years. I wish my small firm clients got that choice!

The final aspect of LPL’s supervisory failures relates to consolidated reports, “a document that combines information about most or all of a customer’s financial holdings, including assets held away from the firm.” FINRA has previously expressed its concerns about the use of consolidated reports in Reg Notice 10-19. I don’t want to get into the weeds here, but the concern was, basically, that consolidated reports create “the potential for communicating inaccurate, confusing, or misleading information to customers” because a BD may not “test or otherwise validate data” for assets that appear on such reports that are held away from the BD.

LPL got in trouble with FINRA in 2015 for not reasonably supervising consolidated reports, and so it told its RRs who wanted to use such reports that they could use only “LPL proprietary systems or specific, approved third-party vendors.” Good move…but not good enough. For five years, LPL still messed up in a number of ways:

• While a copy of a finalized consolidated report was sent automatically to LPL to review and validate the information, RRs could also generate draft reports, which were not sent to LPL or reviewed by the firm. LPL does not know how many draft consolidated reports – including drafts containing manually-added values – its RRs sent to customers.
• Although LPL’s WSPs required the firm to “review and validate” all manually entered valuations for “securities-related assets,” including retirement or brokerage accounts held away from LPL, private placements, or variable annuities, in practice, LPL only reviewed manually-entered assets if the RRs specifically characterized the assets as “securities-related.” If the RR said the manually-added assets was not a security, LPL didn’t review it.
• Two of LPL’s vendors gave customers direct access to their consolidated reports without LPL’s knowledge or review. Although LPL could not quantify the problem, the AWC states that “at least 9,000 customers accessed one of the third-party vendors’ portals in one year alone.”
• Three of LPL’s approved third-party vendors provided RRs the option of receiving consolidated reports directly, which the firm failed to supervise entirely.
• Two of the approved vendors allowed RRs to export consolidated reports to Microsoft Excel files, after which the RRs could manually alter the reports. LPL was unaware of this, and therefore did not receive, much less review, those reports or any exported Excel files.
• Finally, one approved third-party vendor enabled RRs to direct that emails be sent to customers that contained hyperlinks to consolidated reports. LPL was unaware that the vendor provided this service and therefore did not review any consolidated reports that its representatives disseminated in this manner.

I don’t mean to single LPL out here, but when confronted with this AWC, the big firm vs. small firm problem was too much to ignore. LPL’s supervisory issues are serious. Despite repeated representations to FINRA that the firm was prepared to do whatever it takes to remedy the problem and avoid a recurrence, that seems simply not to be true. Either LPL is, in fact, not taking its supervisory obligations seriously (because it knows it can afford to write the next multi-million-dollar check to FINRA), or it is simply too big, with too many RRs, to reasonably supervise them all despite its best efforts. Either way, one needs to ask whether this should be permitted to continue as it has for all these years.

[1] It is worth contrasting this, at least in a footnote, to other regulators. I read just last week that the OCC, the Office of the Comptroller of the Currency, fined the former GC of Wells Fargo $3.5 million “for his role in Wells Fargo Bank, N.A.’s systemic sales practices misconduct.” Mr. Strother was the SIXTH individual manager named by the OCC for some responsibility for the scandal involving the creation of millions of fake bank accounts.