Email Us 1-866-251-6920


October 6, 2021

Regulatory Update

Mississippi Sends IARs Back to School; IARD and CRD Renewal Season Starts; Regulators Provide Tips on Vendor Due Diligence, and Scary Stories from SEC on Conflicts of Interest

For Investment Advisors

Mississippi Adopts Model Rule for investment advisor representative (IAR) Continuing Education.  In November 2020, the North American Securities Administrators Association (NASAA) members approved a model rule to implement continuing education programs for investment advisor representatives (IARs). The model rule requires IARs to complete 12 hours of continuing education (CE) annually, including six hours on ethics and professional responsibility and six hours focused on products and practice.  NASAA’s objective was to keep IARs up to speed on regulatory requirements and best practices.  Mississippi is the first state to adopt this model rule, and Michigan, Nevada, Vermont, and Wisconsin are not far behind. In addition, IARs who are also registered with as broker-dealer representatives that take required FINRA CE courses may apply six credits of Products and Practices toward IAR CE, provided that the FINRA CE content meets specific baseline criteria. Contributed by Cari Hopfensperger, Senior Director

For Broker-Dealers and Investment Advisors and For Private Funds (NFA Member Firms including CPOs/CTAs)

Mark Your Calendars: The IARD and CRD Renewal Programs Have Begun; Renewal Payments Due December 13, 2021:  To get detailed information about the 2022 Annual Renewal Programs, including the complete timeline, payment methods, helpful tips, and FAQs, click the following links:

FINRA Annual Renewal Overview

IARD Renewal Program Overview

  • 11/08/2021 – Preliminary Statements will be available.
  • 12/13/2021 – Full payment must be available in the Renewal or Flex-Funding Account.
  • 12/26/2021 – Web CRD/IARD System Shutdown.

FINRA also included a feature on the Annual Renewal Page that enables you to add the renewal dates to your calendar with a couple of clicks!  Contributed by Rochelle Truzzi, Senior Director.

Required Reading:  FINRA’s and NFA Notices on Vendor Oversight and Due Diligence.  FINRA has joined a couple of other regulators on the vendor oversight bandwagon in its Regulatory Notice 21-29.   The NFA issued its Interpretive Notice in February on NFA Rules 2-9 and 2-36: Members Use of Third-Party Service Providers; and the Federal Reserve, FDIC, and the Office of the Comptroller of the Currency jointly issued their guidance in July.  FINRA’s notice provides the regulator’s expectations on vendor supervision, provide examples from examinations about common failures, and tips on how to fulfill supervisory obligations.

The NFA’s Interpretative Notice goes into effect September 30, 2021.  Private fund managers that operate as commodity trading advisors and commodity pool operators should read the interpretation to make sure their policies and procedures for third-party vendors include an initial risk assessment, onboarding due diligence, and ongoing monitoring.  The NFA provided this resource page so firms can understand their obligations.  Contributed by Jaqueline Hummel, Managing Director.

Lessons Learned 

The SEC Finds Advisors Response to Phishing Attacks, a Day Late and a Dollar Short.  The SEC recently cracked down on three advisory firms for failing to protect customer records and information in violation of Regulation S-P, Rule 30(a), the “Safeguards Rule,” even though there was no evidence that clients suffered any losses as a result of the hacks.   The advisors, Cetera, Cambridge Investment Research, Inc., and KMS Financial Services, Inc., learned that an unauthorized third party had hacked into their cloud-based email systems and gained access to clients’ personally identifiable information (PII).  After discovering the initial hack, the advisors all took action by notifying the affected clients of the breach and offering them identity theft protection services.  The firms also took security measures, such as recommending that employees and independent contractors use multi-factor authentication (MFA) to access email accounts. Additional hacking attempts followed, and eventually, all of the firms required MFA for email accounts.  For more details on these cases, check out our related blog post.

With the benefit of 20/20 hindsight, the SEC found that the firms failed to act quickly enough after the subsequent breaches to implement MFA across their entire organizations.  They also singled out the Cetera entities for “misinforming” clients about when the breaches occurred and for not notifying them earlier.  The fines ranged from $200,000 to $300,000.

The obvious lesson is that advisors should strongly consider implementing MFA to systems containing clients’ PII.  Moreover, firms need, and must follow, policies and procedures for protecting clients’ PII.   This includes a process for responding to cybersecurity incidents and providing notification to affected clients promptly.

In the SEC’s view, these firms dragged their feet when faced with a clear cyber threat.  But in their defense, large organizations generally do not move quickly.  All the firms cited took additional steps to determine how the breaches occurred, which accounts were affected, and whether any clients were harmed (no known harm was identified).  This analysis took time to complete, and there were undoubtedly internal discussions and consultations with outside counsel to determine the appropriate response.  Moreover, creating a new process such as MFA requires determining how to implement it across the organization and ensuring that users have the appropriate tools and training to use MFA.  Advisors should take note, however, that the SEC has raised the bar and expects firms to have a plan in place and respond quickly when client data is at risk.  Contributed by Jaqueline Hummel, Managing Director.

Advisor Experiences the Horror of Failure to Supervise Remote IARs. Registered investment advisors that rely on independent contractor investment advisor representatives (IARs), operating their own offices, face unique supervision challenges.  The SEC’s administrative action against Horter Investment Management, LLC (“Horter”) and its principal illustrates the worst-case scenario.  The firm, based in Cincinnati, primarily hired independent contractor IARs with remote offices.  One of those IARs, Kimm Hannan (“Hannan”), was hired despite a red flag on his Form U5.  About the same time, the SEC issued a deficiency letter to Horter, citing that the firm’s supervisory structure was inadequate to supervise its remote IARs.  Long story short, Hannan is serving a 20-year sentence in jail for stealing more than $700,000 from clients, and now the SEC is looking at the firm and its principal.

It’s no mystery why this happened. The day after Hannan was registered with the firm, FINRA sent him a letter stating that it was initiating an inquiry regarding his conduct at his prior firm about “allegations regarding marketing materials and checks made payable to your DBA.”  Horter’s compliance officer reviewed the letter and recommended that Hannan be fired, but the firm failed to follow this advice.  Predictably, Hannan continued the activities that got him fired from his previous firm:  soliciting clients to invest in his outside business activities (OBAs). In addition, the SEC alleges that the firm failed to adopt appropriate policies and procedures to supervise IARs, including those that required closer supervision, failed to follow up on red flags, and inappropriately delegated supervisory authority.  Now the firm and its principal face a public hearing to review the allegations.

The takeaways from this case include (1) establish and follow policies and procedures to supervise the activity of IARs operating remotely, (2) establish and follow heightened-supervision procedures for IARs with black marks, (3) read and follow up on the findings from the annual review of the compliance program, and most importantly, (4) do not ignore the compliance officer’s advice.  Contributed by Cari Hopfensperger, Senior Director.

Firm Principals Pay the Price for Riskless Principal TradesThe SEC settled charges with JW Korth & Company L.P. (Korth), a dually registered investment advisor and broker-dealer, for engaging in riskless principal transactions without prior written disclosure to clients.  Section 206(3) of the Advisers Act prohibits an investment advisor from acting as a principal for its own account by buying securities from, or selling them to, a client, unless the advisor provides disclosure and obtains written consent from the client before the completion of each trade.  According to the SEC’s findings, Korth engaged in 201 fixed-income transactions on a riskless principal basis between March 2015 and October 2018 on behalf of nine clients, without the required written disclosure or client consent required under Section 206(3) of the Advisers Act.

The problem was that Korth’s policies and procedures addressed only principal transactions that were not riskless. Ultimately Korth was ordered to repay clients the amount it made on the transactions ($50,000) and pay a civil penalty of $125,000. In addition, Korth’s managing partner and managing director, both of whom served as Chief Compliance Officer (consecutively) during principal transactions (in addition to their management responsibilities), were ordered to pay civil penalties of $50,000 and $25,000, respectively, for failing to implement written policies and procedures reasonably designed to prevent violations of Section 206(3).

Firm principals should be advised – the SEC can hold you personally liable for not paying attention to securities law requirements. Contributed by Matt Giggey, Associate Director.

New Technology but Same Old Conflicts.  The SEC fined robo-advisor Sofi Wealth LLC (“SoFi”) $300,000 for moving client assets out of third-party managed ETFs and into ETFs sponsored by SoFi.  The SEC cited SoFi for approving the use of its own ETFs for its automated investing program without considering alternatives, failing to tell clients that SoFi would receive a portion of the advisory fees on those ETFs, and not disclosing its vested interest in the success of the ETFs. Additionally, some of SoFi’s clients ended up with capital gains from the move, which SoFi reimbursed after the SEC started its investigation.

The takeaways from SoFi’s mistakes start with a recommendation to do a global search on the Form ADV Part 2A for the word “may.”  Like all those 12b-1 cases from prior years, SoFi disclosed that it “may” invest client assets in shares of SoFI’s ETFs, when that decision had already been made.  Second, firms that use proprietary products should address them in their policies and procedures and make sure that there is a ton of disclosure addressing potential conflicts that using such products can raise. Finally, as fiduciaries, firms should consider whether their own products compete with others on the market based on costs, performance, and suitability.  Contributed by Doug MacKinnon, Director.

“Keeping it in the Family” is a Bad Compliance Strategy.  Using a private fund as the family piggy bank is never a good idea.  In another involving failure to disclose conflicts of interest, the SEC brought an action against investment advisor Diastole Wealth Management, Inc. (“Diastole”), and its principal, Elizabeth Eden. Eden’s son had worked for Diastole and later left to form his own company.  Diastole managed a private fund that loaned funds to Eden’s son’s company, which the company failed to repay. Making matters worse, some of the proceeds from the loan were used to pay off loans Diastole had previously made to the son’s company.  The firm failed to adequately disclose the conflicts in its ADV Part 2A Brochure, financial statements, and investor letters.  Diastole also failed to comply the Advisers Act Custody Rule by failing to deliver the fund’s audited financial statements to investors within 180 days of its fiscal year-end for three years.

A key contributor to the breakdown in this case was the fact that Eden was not only a principal owner of the RIA but also served as its President, CEO and …. CCO.  Her punishment?  Being banned from acting as CCO for any securities firm for a year and a $60,000 fine.  Contributed by Rochelle Truzzi, Senior Director.

The First of Many Cases on Breach of Duty – IAR Fined and Suspended, and RIA is Punished for Failing to Perform Suitability Analysis.  In 2019, the SEC came out with the Commission Interpretation Regarding Standard of Conduct for Investment Advisors (the “Interpretation”) that discussed how advisors should meet their fiduciary obligations, defining the duty of care as an obligation to provide investment advice that is (i) in the best interest of the client and (ii) suitable for the client.  The SEC’s case against investment advisor Frontier Wealth Management and one of its investment advisor representatives (IAR) indicates the consequences of failing to meet those duties, including fines, disgorgement, and suspension from the industry.

Frontier and its IAR invested client money in a feeder fund (the “Feeder Fund”) that invested all of its assets in a private equity fund (“Fund A”).  Fund A was managed by a third-party manager and used complex options strategies and synthetic futures positions to generate returns.  Fund A’s private placement memorandum warned investors about its volatile nature, the possibility of losing all their capital, and imposed a $1 million minimum investment. Frontier wanted to give retail clients access to Fund A and established the Feeder Fund to invest.  The minimum investment for the Feeder Fund was $100,000. Frontier received a management fee from the Feeder Fund, which was shared with Frontier’s IARs.

Predictably, Fund A lost about 35% of its value in February 2018 because of highly volatile markets, and subsequently Frontier’s investors in the Feeder Fund lost around $16 million. The SEC found that Frontier gave its IARs great latitude in selecting investments for their clients.  Although the firm used an Investor Profile, a 15-question, multiple-choice questionnaire to determine a client’s investment objectives, net worth, employment status, and other information, about 40% of clients invested in the Feeder Fund did not complete this form.

Significant flaws found by the SEC included:

  • Failure to assign a supervisor responsible for reviewing, monitoring, or approving IARs investment recommendations for suitability
  • Failure to provide training for IARs and supervisors on the suitability of the Feeder Fund
  • Failure by IARs to assess the suitability of an investment in the Feeder Fund for their clients

The SEC singled out one IAR for recommending 50 clients invest in the Feeder Fund.  According to the SEC, this IAR did not understand Fund A’s strategy, underlying investments, or associated risks and had no experience with complex products.  Moreover, he could not adequately explain Fund A’s investments and risks to his clients. As a result, some of his clients were invested in the Feeder Funds despite their conservative risk profiles and investment objectives.  The IAR was personally fined $100,000 and banned from the industry for 12 months.  Frontier was also fined $350,000 and required to disgorge profits due to its violations.

Advisors offering complex investment products need to ensure their IARs understand them and put guardrails around the sales activity.  The SEC wants to see that firms are supervising and providing training and support to ensure IARs understand complex products and explain their risks to clients.  There should be documentation to demonstrate the supervision, training, and support.   Contributed by Jaqueline Hummel, Managing Director.

Worth Reading, Watching, and Hearing

Filing Deadlines and To-Do List for October 2021


  • Form 13H: Amendment to Form 13H due promptly for advisors that already have a Form 13H filing obligation and have changes to any information reported. Recommended due date: October 13, 2021. (Note: Neither the SEC nor its staff has provided written guidance defining “promptly” for Form 13H.)


  • Form PF for Large Liquidity Fund Advisors: Large liquidity fund advisors must file Form PF with the SEC on the IARD system within 15 days of each fiscal quarter-end. Filing for Q3 2021 is due October 15, 2021.
  • Blue Sky Filings (Form D). Advisors to private funds should review fund blue sky filings and determine whether any amended or new filings are necessary.  Generally, most states require a notice filing (“blue sky filing”) within 15 days of the first sale of interests in a fund, but state laws vary. Due October 15, 2021.


  • FINRA Accounting Support Fee: Quarterly invoice to support the GASB budget. Based on the municipal securities the firm reported to the MSRB. De Minimis firms (that owe less than $25) will not receive an invoice. Invoices are sent to the firm via WebCRD’s E-Bill. Due date to be determined.
  • Customer Complaint Quarterly Statistical Summary: For complaints received during the third quarter. FINRA Rule 4530 requires member Firms to submit statistical and summary information regarding complaints received during the quarter by the 15th day of the month following the calendar quarter. Due October 15, 2021.
  • Quarterly FOCUS Part II/IIA Filings: For the quarter ending September 30, 2021. FINRA requires member firms to file a FOCUS (Financial and Operational Combined Uniform Single) Report Part II or IIA quarterly. Clearing firms and firms that carry customer accounts file Part II and introducing firms file Part IIA.  Due Date October 26, 2021.
  • Quarterly Form Custody: SEC requires that all broker-dealers file Form Custody under Securities Exchange Act Rule 17a-5(a)(5) for the quarter ending September 30, 2021.  Due Date October 26, 2021.
  • Supplemental Statement of Income (“SSOI”): For the quarter ending September 30, 2021. FINRA requires member firms to submit additional, detailed information regarding the categories of revenues and expenses reported on the Statement of Income (Loss) page of the FOCUS Report Part II/IIA. Due October 29, 2021.
  • Supplemental Inventory Schedule (“SIS”):  For the month ending September 30, 2021. The SIS must be filed by a firm that is required to file FOCUS Report Part II, FOCUS Report Part IIA or FOGS Report Part I, with inventory positions as of the end of the FOCUS or FOGS reporting period, unless the firm has (1) a minimum dollar net capital or liquid capital requirement of less than $100,000; or (2) inventory positions consisting only of money market mutual funds. A firm with inventory positions consisting only of money market mutual funds must affirmatively indicate through the eFOCUS system that no SIS filing is required for the reporting period.  Due October 29, 2021.
  • SIPC-3 Certification of Exclusion from Membership: For firms with a Fiscal Year-End of September 30 AND claiming an exclusion from SIPC Membership under Section 78ccc(a)(2)(A) of the Securities Investor Protection Act of 1970. This annual filing is due within 30 days of the beginning of each fiscal year. Due October 30, 2021
  • SIPC-6 Assessment: For firms with a Fiscal Year-End of March 31. SIPC members must file for the first half of the fiscal year a SIPC-6 General Assessment Payment Form together with the assessment owed within 30 days after the period covered. Due October 30, 2021.
  • SIPC-7 Assessment: For firms with a Fiscal Year-End of August 31. SIPC members are required to file the SIPC-7 General Assessment Reconciliation Form together with the assessment owed (less any assessment paid with the SIPC-6) within 60 days after the FYE. Due October 30, 2021.


  • Form N-MFP.  Form N-MFP (Monthly Schedule of Portfolio Holdings of Money Market Funds) reports information about the fund’s holdings as of the last business day of the prior calendar month and must be filed no later than the fifth business day of each calendar month.  The due date is October 7, 2021.



This article is not a solicitation of any investment product or service to any person or entity. The content contained in this article is for informational use only and is not intended to be and is not a substitute for professional financial, tax or legal advice.