I have been busy the last month getting ready for a big arbitration, and attending the first week of what looks like is going to be a four- or five-week slog when all is said and done. So, I am just catching up on some recent developments, and mulling over what might be of interest to readers of this blog. I debated discussing the arbitration itself, and some of its more surreal moments, but I will wait for it to conclude before doing that. Ultimately, I came across an SEC settlement that was the subject of a nice article by an old friend, Jeff Ziesman, another former FINRA Enforcement lawyer who’s also on the defense side of the table, and shared his view that the case contains some really helpful guidance on what it actually means to respond to “red flags.”

The case was against Wedbush Securities, and resulted in a $250,000 civil penalty against the firm. According to the SEC, while Wedbush “was aware of certain aspects of” the suspicious activities of one its RRs as far back as 2012 and 2013 – in other words, although Wedbush managed to spot the red flags – “its supervisory policies and implementation systems failed reasonably to guide staff on how to investigate” them. And here is where the case provides its utility in describing what NOT to do when confronted with red flags.

But, first, let’s talk about the RR. Not a good employee. For six years, from in or around 2008 to 2014, the RR “was involved in a manipulative trading scheme” along with someone not associated with Wedbush. (That guy, you will be pleased to learn, is currently serving a 151-month sentence after pleading guilty to securities fraud, among other things). The scheme involved penny stocks controlled by the guy now in prison. The RR would buy those “stocks in her customers’ accounts, or encouraged her customers to buy the stocks, in exchange for undisclosed compensation in the form of shares and cash.” In addition, she “engaged in manipulative trading designed to create a false appearance of volume and increase or stabilize the price of securities.”

Ok, so what did Wedbush know, and when? A lot, it seems, and pretty early on, too. The first red flag was an email that revealed the RR’s role in the scheme. It was discovered by the RR’s supervisor, who actually seems pretty on-the-ball. Consider that the SEC found that when he became the RR’s supervisor in April 2009, he “conducted a review of the trading and customer portfolios of each representative he supervised,” including the “bad” RR. “Based on his experience in the industry, he had general concerns about the quantity of penny stocks in [the RR’s] customers’ accounts.” So far, so good, right? He even “took measures to restrict [the RR’s] trading activity by limiting her trading in the last hour of the day and restricting all customer trading in certain penny stock securities.” More good stuff. But, because the RR “had been at the firm for 30 years and her business partner was a partial owner of the firm,” the supervisor “felt he had to ‘be gentle’ in terms of restricting [the RR’s] activities and could not take more ‘draconian action’” (even though, personally, he called the email “the smoking gun . . . whatever suspicions or worries I had, this confirmed a lot of the worst of them.”).

Well, it seems he (or Wedbush, more accurately) was too gentle. In late 2012, the supervisor reviewed the email in question, which was from the RR to one of her customers “who was substantively involved” in the penny stock scheme. It outlined the customer’s “efforts to assist in inflating the price of penny stocks, many of which were held in Wedbush accounts by [the RR] and her customers.” Moreover, the email “noted that one of the deals had to be handled through a different broker-dealer because [the RR] was restricted from any purchases through Wedbush during the last hour of trading,” i.e., the very restrictions the supervisor had placed on the RR.

Faced with this pretty glaring evidence, the supervisor “escalated” the matter up to Wedbush’s president, who “reviewed and initialed the email,” but that’s about it. In addition, the SEC determined that “[l]egal and compliance personnel also were aware of the email,” but did nothing.

Next red flag – or flags – were two FINRA arbitrations against Wedbush filed by customers of the RR around the same time as the customer email. As with the email, the president, legal and compliance were all aware of these filings. The customers in the first case alleged that the RR (1) solicited their investments in certain penny stock issuers, (2) guaranteed no losses, and (3) was involved in manipulating the securities in their accounts in order to guarantee them profits. The second arbitration contained allegations describing “similar transactions involving [the RR] in similar securities.” Both cases settled, and because Wedbush determined that the RR was “culpable,” she paid half.

Finally, besides the email and the two arbitrations, Wedbush also learned of two FINRA inquiries regarding the RR, one into her personal trading in one of the penny stock issuers, and the other into the allegations underlying the customer arbitrations. The SEC was troubled by the fact that Wedbush let the RR draft her own responses to FINRA’s requests for information, and even though she sent them to compliance for review, compliance “did not take any steps to investigate or confirm the veracity of [her] responses,” or follow-up at all when certain responses the RR gave to FINRA at an interview “were inconsistent and contradicted what the firm had already learned from” the customer email and the two arbitrations.

It’s not like Wedbush did nothing. Both legal and compliance conducted investigations into the RR, but, as the SEC put it mildly, both were “flawed,” for a variety of reasons:

  • Wedbush did not document or otherwise clarify the scope of each investigation;
  • There was no process as to how the results of the investigations were to be documented or reported;
  • The lack of documentation or other reporting mechanism resulted in no coherent response to the red flags. Indeed, it was “unclear what, if anything, was reported from legal or compliance to Wedbush’s management”;
  • Although Wedbush placed the RR on heightened supervision for a year, this was done “to resolve the ongoing FINRA matter, rather than in response to any misconduct by [the RR] related to the red flags”;
  • Despite the fact the FBI interviewed the RR about her role in the penny stock scheme, and she reported this promptly to her supervisor, who, in turn, brought it to the attention of legal and compliance, no one in compliance interviewed the RR about the FBI interview, no internal investigation was done in response to the FBI’s interview or the topics that RR discussed, and no old investigations were reopened or revisited.

Given all this, it is easy to see why the SEC concluded that

Wedbush’s policies and supervisory systems lacked any reasonable coherent structure to provide guidance to supervisors and other staff for investigating possible facilitation of market manipulation by registered representatives. . . . There was substantial confusion as to whose responsibility it is to conduct investigations related to red flags of potential market manipulation by [the RR].

In short, “Wedbush had no clear process for how to handle red flags of potential market manipulation.” The real lesson of the case can be found in the sanctions that the SEC meted out. In addition to the hefty civil penalty I mentioned earlier, Wedbush had to update “its policies and procedures relating to internal investigations to address the allegations in the Division’s OIP,” adding the following specific provisions in order to document:

  • when internal investigations will occur,
  • who shall conduct the investigations,
  • how the results should be escalated, and
  • how the investigation should be documented and, as appropriate, reported to regulatory or other authorities.

It really comes down to this: it is clearly not enough simply to spot red flags; when spotted, they must be investigated in a clear, logical manner, with the results shared among appropriate decision-makers, and, of course, well documented. There is no such thing as getting partial credit; I mean, sure Wedbush found that customer email, which must mean its email surveillance system worked. But, armed with that knowledge, it then proceeded to whiff when given the chance to do something about it before customers were harmed. The only happy story here belongs to the RR’s supervisor, who appears to have done as much has he could reasonably be expected under the circumstances. He saw the red flags. He reported them promptly. He took action by restricting the RR. Do what he did, and you’ll be sitting pretty even when the SEC goes after your firm, and its legal and compliance personnel.