FINRA Can't Wait Forever Even Though Morgan Stanley Wants It To

December 27, 2022

In 1966, the Outsiders had a hit with "Time Won't Let Me." Here we are, 56 years later, and that Golden Oldie has become the anthem for Wall Street's self-regulatory-organization FINRA. Apparently, when it comes to the misconduct of its Large Member Firms, FINRA is prepared to wait for years but, y'know, time won't let FINRA wait forever, as the song so famously laments. Just as the 60s song is about unrequited love, in the end, after a seven-year wait, FINRA plants a playful Censure of a kiss on Morgan Stanley's cheek and walks away with an $800,000-plus order of restitution. Ahh, young love on Wall Street!

Case in Point

For the purpose of proposing a settlement of rule violations alleged by the Financial Industry Regulatory Authority ("FINRA"), without admitting or denying the findings, prior to a regulatory hearing, and without an adjudication of any issue, Morgan Stanley Smith Barney LLC submitted a Letter of Acceptance, Waiver and Consent ("AWC"), which FINRA accepted. The AWC asserts that Morgan Stanley Smith Barney LLC has been a FINRA Member Firm since 2009 with about 25,400 registered representatives at 880 branches.
In the Matter of Morgan Stanley Smith Barney LLC, Respondent (FINRA AWC 2021069495301)
https://www.finra.org/sites/default/files/fda_documents/2021069495301
%20Morgan%20Stanley%20Smith%20Barney%20LLC%20CRD%20149777%20AWC%20gg.pdf

Over $800,000 in Excessive Charges and Fees

 As alleged in part in the AWC [Ed: footnote omitted]:

During the relevant period, Morgan Stanley's system that provided customers with rights of reinstatement benefits on eligible transactions was not reasonably designed in three respects. First, the system evaluated eligibility for rights of reinstatement benefits from the date of the sale's settlement as opposed to execution. Therefore, certain customers whose trades executed within the settlement window, i.e., a purchase before the sale settlement, did not receive rights of reinstatement benefits to which they were entitled. Second, the system contained an account-coding error that incorrectly excluded four qualified plan account types from receiving rights of reinstatement benefits. Third, between approximately October 2017 through December 2020, the outside vendor that the firm engaged to identify and provide CDSC-waivers on eligible transactions failed to process the rebates it identified for customers. 

As a result of its supervisory deficiencies, Morgan Stanley did not provide over 2,000 accounts with rights of reinstatement benefits to which they were entitled, and customers paid $802,483.47 in excess sales charges and fees. 

Therefore, Morgan Stanley violated FINRA Rules 3110 and 2010. 

Morgan Stanley has since enhanced its procedures. In January 2021, the firm resumed responsibility over the CDSC-waiver process rather than rely on the vendor it had engaged. In September 2021, the firm introduced a logic change to correct the account-coding error described above. In November 2021, as an interim measure, the firm introduced new, daily reports to help it identify transactions impacted by the settlement-window limitation. And in January 2022, the firm shortened the settlement period for all domestic mutual fund transactions from two days after trade date to one day, further limiting the impact of the settlement-window limitation. 

FINRA Sanctions

In accordance with the terms of the AWC, FINRA imposed upon  Morgan Stanley Smith Barney LLC a Censure and ordered the firm to pay $802,483.47 plus interest in restitution. The AWC offers this further context:

CREDIT FOR EXTRAORDINARY COOPERATION 

In resolving this matter, FINRA has recognized Morgan Stanley's extraordinary cooperation for having: (1) conducted an internal review to identify potentially disadvantaged customers and calculate total remediation; (2) engaged an outside consulting firm to expand upon the initial internal review, including voluntarily extending the review period beyond FINRA's requested date; (3) investigated the extent to which the firm did not provide rights of reinstatement benefits; (4) implemented remedial measures in its systems to close gaps identified during the review; (5) agreed to pay restitution to affected customers; (6) established a plan to efficiently identify, notify, and repay customers eligible for restitution; and (7) provided substantial assistance to FINRA in its investigation.

Bill Singer's Comment 

Omigod . . . seriously?  I mean, like, really?? I don't think that I can ever recall a more fawning regulatory settlement than this piece of crapola, and, yes, I know it's still the holiday season, and, no, I don't care -- not when it comes to this form of garbage regulation by FINRA. As if a Small FINRA Member Firm or any associated person would ever get the degree of consideration so generously doled out by FINRA to one of its Large Member Firms Morgan Stanley.

First of all, the "related period" so lightly referenced in the AWC is between January 2015 and December 2021, which, by my calculation, covers:

  1. 2015, 
  2. 2016, 
  3. 2017, 
  4. 2018, 
  5. 2019, 
  6. 2020, and 
  7. 12 months of 2021 (which, y'know, is like a full year, right?). 
So, when you enumerate all the years that are the somewhat innocuous term "related period," it looks worse (which is why I did that) and, more to the point, we can see that Morgan Stanley's misconduct spanned seven -- count 'em -- seven years!

And what exactly transpired during the seven years of cited misconduct? 

According to FINRA's allegations in the AWC, 2,000 customer accounts were essentially denied reinstatement of benefits to which they were entitled, and the value of those denied benefits was some $800,000, which works out to about $400 per account in "excess sales charges and fees." According to the AWC, the culprit for this mess was, in part, a Morgan Stanley account-coding error and the ever-popular-scape-goat in the form of an "outside vendor." 

So . . . howsabout we re-visit a previously cited portion of the AWC and see if it still comes off as benign as FINRA likely had hoped:

In January 2021, the firm resumed responsibility over the CDSC-waiver process rather than rely on the vendor it had engaged. In September 2021, the firm introduced a logic change to correct the account-coding error described above. In November 2021, as an interim measure, the firm introduced new, daily reports to help it identify transactions impacted by the settlement-window limitation. And in January 2022, the firm shortened the settlement period for all domestic mutual fund transactions from two days after trade date to one day, further limiting the impact of the settlement-window limitation. 

As asserted in the above-quoted paragraph, all of Morgan Stanley's credited efforts didn't take place until the seventh year of the "relevant period." It was only in January of 2021 when Morgan Stanley "resumed responsibility" over its CDSC-waiver process and stopped relying on its outside vendor. 

How nice that a Large FINRA Member Firm "resumed responsibility;" however, feel free to correct me if I'm wrong here but doesn't FINRA routinely make the point -- particularly with FINRA Small Member Firms -- that a member cannot delegate its compliance responsibilities and always and ultimately retains that obligation? 

Lemme see if I can remember . . . ummm . . . hmmm . . . oh, yeah, funny thing, about six years into Morgan Stanley's seven years of cited misconduct in the AWC, FINRA issued "FINRA Reminds Firms of their Supervisory Obligations Related to Outsourcing to Third-Party Vendors" (FINRA Regulatory Notice 21-29 / August 13, 2021)
https://www.finra.org/sites/default/files/2021-08/Regulatory-Notice-21-29.pdf
As set forth in part under "Summary" in Regulatory Notice 21-29:

Member firms are increasingly using third-party vendors to perform a wide range of core business and regulatory oversight functions. FINRA is publishing this Notice to remind member firms of their obligation to establish and maintain a supervisory system, including written supervisory procedures (WSPs), for any activities or functions performed by third-party vendors, including any sub-vendors (collectively, Vendors) that are reasonably designed to achieve compliance with applicable securities laws and regulations and with applicable FINRA rules. 

This Notice reiterates applicable regulatory obligations; summarizes recent trends in examination findings, observations and disciplinary actions; and provides questions member firms may consider when evaluating their systems, procedures and controls relating to Vendor management. This Notice-including the "Questions for Consideration" below-does not create new legal or regulatory requirements or new interpretations of existing requirements. Many of the reports, tools or methods described herein reflect information firms have told FINRA they find useful in their Vendor management practices. FINRA recognizes that there is no one-size-fits-all approach to Vendor management and related compliance obligations, and that firms use risk-based approaches that may involve different levels of supervisory oversight, depending on the activity or function Vendors perform. Firms may consider the information in this Notice and employ the practices that are reasonably designed to achieve compliance with relevant regulatory obligations based on the firm's size and business model. . . .

FINRA Regulatory Notice 21-29 doesn't merely set out aspirational goals when it comes to supervision third-party vendors but resorts to quite a bit of saber rattling in order to get the industry's attention. For example:

FINRA Disciplined Firms Whose Vendors Did Not Implement Technical Controls

FINRA disciplined certain firms for violations of Regulation S-P Rule 30 and FINRA Rules 3110 and 2010 for failing to maintain adequate procedures and execute supervisory oversight to protect the confidentiality of their customers' nonpublic personal information, including, for example, where:

  • a Vendor exposed to the public internet the firms' purchase and sales blotters, which included customers' nonpublic personal information (e.g., names, account numbers, and social security numbers).
  • a Vendor did not configure its cloud-based server correctly, install antivirus software, and implement encryption for the firm's account applications and other brokerage records containing customers' nonpublic personal information. As a result, foreign hackers successfully accessed the cloud-based server and exposed firm customers' nonpublic personal information.
at Page 6 of Regulatory Notice 21-29

FINRA Disciplined Firms for Books and Records Violations Resulting from
Vendor Deficiencies

FINRA disciplined firms for violations of Books and Records rules and related
supervisory obligations involving Vendors, including, but not limited to, failing to
preserve and produce business-related electronic communications (including emails,
social media, texts, instant messages, app-based messages and video content) due to:

  • Vendors' system malfunctions;
  • Vendors' data purges after termination of their relationship with firms;
  • Vendors failing to correctly configure default retention periods resulting in inadvertent deletions of firm electronic communication for certain time periods;
  • Vendors' system configurations making deleted emails unrecoverable after 30 days;
  • Vendors failing to provide non-rewriteable, non-erasable storage; and
  • Firms failing to establish an audit system to account for Vendors' preservation of emails
at Page 13 of Regulatory Notice 21-29

FINRA Disciplined Firms for Failure to Supervise Vendors 

FINRA disciplined certain firms that violated FINRA Rules 2010 and 3110, among other rules, when they failed to establish and maintain supervisory procedures for their Vendor arrangements reasonably designed to: 

  • Review, verify or correct vendor-provided expense ratio and historical performance information for numerous investment options in defined contribution plans (i.e., retirement plans), causing firms' customer communications to violate FINRA Rule 2210; 

  • Oversee, monitor and evaluate changes and upgrades to automated rebalancing and fee allocation functions outsourced to a Vendor for wealth management accounts custodied at the firm, causing errors and imposing additional fees to customer accounts; 

  • Review, test or verify the accuracy and completeness of data feeds from Vendors that failed to identify the firm's prior role in transactions for issuers covered by firm research reports, resulting in violations of then NASD Rule 2711(h) and 2241(c) when the firm failed to make required disclosures in its equity research reports regarding its status as a manager or a co-manager of a public offering of the issuer's equity securities; and 

  • Confirm the accuracy and completeness of information provided by Vendors to regulators, including FINRA, both in response to specific requests and as part of regular trade and other reporting obligations, causing inaccurate responses and misreported transactions, order reports, route reports and reportable order events.
at Page 13 of Regulatory Notice 21-29

"FINRA Reminds Firms of their Supervisory Obligations Related to Outsourcing to Third-Party Vendors" (FINRA Regulatory Notice 21-29 / August 13, 2021) is soooooo 2021 and this is 2022 -- almost 2023, and, y'know, what's some seven years of failed supervision of an outside vendor when it comes to Morgan Stanley and that whole esoteric issue of excessive sales charges and fees? As to why a firm with over 25,000 reps and nearly 900 branches is outsourcing any aspect of its compliance obligations to a third-party vendor, well, sure, that's a whole other issue for another day and another debate. 

Today's AWC places FINRA in the somewhat odd role of assembling the troops on its parade ground, and, with much pomp and ceremony, decorating Morgan Stanley with the Self Regulatory Medal of Honor. Here is FINRA's absurd proclamation for Morgan Stanley's valor:

CREDIT FOR EXTRAORDINARY COOPERATION 

In resolving this matter, FINRA has recognized Morgan Stanley's extraordinary cooperation for having: (1) conducted an internal review to identify potentially disadvantaged customers and calculate total remediation; (2) engaged an outside consulting firm to expand upon the initial internal review, including voluntarily extending the review period beyond FINRA's requested date; (3) investigated the extent to which the firm did not provide rights of reinstatement benefits; (4) implemented remedial measures in its systems to close gaps identified during the review; (5) agreed to pay restitution to affected customers; (6) established a plan to efficiently identify, notify, and repay customers eligible for restitution; and (7) provided substantial assistance to FINRA in its investigation.

I'm sorry. Truly, I'm sorry. But this AWC comes off as a cynical piece of crap that would never, ever be afforded to a lesser Respondent, be that a smaller member firm or a human being who works in the industry. 

FINRA's over-the-top concessions to Morgan Stanley for that member's belated and tepid oversight of an outside vendor are misplaced and only undermine the self-regulatory-organization's integrity. Among the more inane aspects of this AWC is that FINRA is apparently clueless to the absurdity of giving Morgan Stanley "Credit for Extraordinary Cooperation" because, in part, the Large Member Firm engaged an outside consultant to review the failures of an outside vendor. 

What's next?  Will FINRA's lackluster Board of Governors hire an outside law firm to review the credit given by FINRA to Morgan Stanley for engaging an outside consultant to review an outside vendor?