Archive for September, 2012

FINRA Seeks to Require Members to Link to BrokerCheck

Tuesday, September 25th, 2012

According to an article in AdvisorOne magazine, FINRA is asking the SEC to approve further amendments to BrokerCheck, which includes requiring firms to include a reference and a link to BrokerCheck on their websites.

The proposed changes were announced in a letter, dated September 14, from FINRA CEO Richard Ketchum.  The amendments affect FINRA’s Investor Education and Protection Rule 2267.  Amendments have also been proposed to the BrokerCheck Disclosure Rule 8312, making information easier to access regarding investment-related civil actions brought against associated persons by a state or foreign regulatory authority that have been dismissed pursuant to a settlement agreement.

The recent proposals follow additional changes FINRA made to BrokerCheck in May, which included aiding investors access broker-dealer and investment advisor registration information by providing:

  • centralized access to licensing and registration information on current and former brokers and brokerage firms, and investment advisor representatives and investment advisor firms;
  • the ability to search for and locate a financial services professional based on main office and branch locations, and the ability to conduct ZIP code radius searches (in increments of 5, 15 or 25 miles); and
  • access to expanded educational content available on BrokerCheck, including new help icons that clarify commonly referenced terms throughout the system and within BrokerCheck reports.

Focus Financial VC backer says IPO still on the table after private auction yields no sale

Monday, September 10th, 2012

According to an article in RIA Biz, Goldman Sachs recently held an auction to try to bring in new private equity firms to purchase shares in Focus Financial (“Focus”).

Currently, Focus Financial is backed by Summit Financial (“Summit”) and Polaris Venture Partners (“Polaris”).  It was reported a few months ago that Summit was shopping its stake in Focus and that Polaris was thinking of pulling out as well.  It is unclear how much of their respective stakes Summit Financial and Polaris were looking to sell.

The auction did not yield any new investors for Focus.

California Passes Social Media Password Protection Law

Thursday, September 6th, 2012

According to a privacy blog posted by Littler Mendelson (and as reported by multiple other news sources),  California’s legislature has passed a new social media “password protection” law.  It has been sent to the Governor for his signature.

California has become the third state to pass this type of legislation (following Illinois and Maryland), and according to the blog, takes a more balanced approach than the other two laws.  The California legislation goes a step further than the other states when taking into account employer’s business interests.

The bill prohibits employers from requiring employees and applicants:

  1. to disclose a username/password so the employer can access their personal information on a social media site;
  2. to allow “shoulder surfing” (where the employer watches the individual access personal information in the employer’s presence); or
  3. to require the employee/applicant disclose information about a co-worker who is a “friend” on a social media site.”

In a more employer-friendly provision, the law permits employers to request that “an employee divulge personal social media reasonably believed to be relevant to an investigation of allegations of employee misconduct or employee violation of applicable laws and regulations.” This exception would also allow an employer to ask a co-worker to provide content from an employee’s social media site.  This exception, however, does not apply to applicants.

The law, according to the blog, contains provisions that may present a problem for employees if there is a violation of the law.  The bill does not require California’s Labor Commission to investigate complaints that the law has been violated, and also does not create a private right of action.  As such, it is unclear what remedy an employee would have if there is a violation of the law where the Labor Commission declines to investigate.

Massachusetts Report: Encryption a Key Component of Information Security

Thursday, September 6th, 2012

The Massachusetts Office of Consumer Affairs and Business Regulation (“OCABR”) published a report based on data collected from breach notifications over the past 4 years.  Not surprisingly, the report found that “encryption is a key – but often lacking – component in information security”.

Massachusetts adopted stringent data security requirements for businesses located in Massachusetts and for any business that collects non-public information of a Massachusetts resident.  Since October 31, 2007, any entity that had personal information of a Massachusetts resident lost or stolen has been required to notify OCABR of a breach.  As a result of this new requirement, OCABR received 1,833 breach notifications affecting just over 3.1 million people. Of the 1,833 reported breaches, 1,336 were for electronic breaches, accounting for 97% of all people affected by a reported data breach.

Some interesting facts:

  • The report found that 365 devices were reported lost or stolen, only 13 were encrypted (despite an encryption requirement contained within the law).  This led to exposure for 409,572 people.
  • The report finds that of the 75 lost or misplaced portable devices reported; only one was encrypted, compromising 1.2 million pieces of information.
  • Of the 290 stolen portable devices stolen, 12 were encrypted, protecting 4,110 pieces of information. The 277 unencrypted devices exposed 220,000 pieces of information.
  • The report also found that the financial services industry reported the most breaches over the last four years, with 955 breaches affecting 901,156 people. However, the vast majority of these breaches were the result of credit and debit card transactions that occurred at processing centers and retail establishments.

According to OCABR, “Over the last four years, about half of Massachusetts residents have had their information exposed to loss or theft, we have found that information on laptops, thumb drives, storage discs and tapes, and other electronic platforms are most vulnerable.”

These statistics, while useful, may not provide the full picture of how widespread data breaches (or at least loss of electronic devices) are.  Although Massachusetts requires firms to notify OCABR, it’s likely that not all firms made the notification upon the loss or theft of a portable device.

California Adopts Social Media Password Protection Law

Thursday, September 6th, 2012

According to a privacy blog posted by Littler Mendelson (and as reported by multiple other news sources),  California has adopted a new social medial “password protection” law.

California has become the third state to pass this type of legislation (following Illinois and Maryland), and according to the blog, takes a more balanced approach than the other two laws.  The California legislation goes a step further than the other states when taking into account employer’s business interests.

The bill prohibits employers from requiring employees and applicants:

  1. to disclose a username/password so the employer can access their personal information on a social media site;
  2. to allow “shoulder surfing” (where the employer watches the individual access personal information in the employer’s presence); or
  3. to require the employee/applicant disclose information about a co-worker who is a “friend” on a social media site.”

In a more employer-friendly provision, the law permits employers to request that “an employee divulge personal social media reasonably believed to be relevant to an investigation of allegations of employee misconduct or employee violation of applicable laws and regulations.” This exception would also allow an employer to ask a co-worker to provide content from an employee’s social media site.  This exception, however, does not apply to applicants.

The law, according to the blog, contains provisions that may present a problem for employees if there is a violation of the law.  The bill does not require California’s Labor Commission to investigate complaints that the law has been violated, and also does not create a private right of action.  As such, it is unclear what remedy an employee would have if there is a violation of the law where the Labor Commission declines to investigate.

Ruling could help reps get rid of BrokerCheck blemishes

Thursday, September 6th, 2012

According to an article in Investment News, the California Court of Appeals for the First Appellate District in San Francisco issued a ruling that brokers may expunge customer complaints and disciplinary actions from their records under a principle of basic fairness and equity.  The court ruling directly challenges FINRA rules that require certain thresholds to be met before a complaint can be expunged.

The case was originally brought in April 2011 by Edwin “Mike” Lickiss, who was seeking to expunge 17 customer complaints and a regulatory action.  Mr. Lickiss argued that 13 of the 17 complaints involved the same REIT and that because his record since 1997 was unblemished, the incidents should be removed. Mr. Lickiss argued that since investors are increasingly using FINRA’s BrokerCheck reporting system, having these complaints on his record caused professional harm.

FINRA objected on the grounds that the removal of complaints is strictly determined by their rules, and a trial court originally sided with FINRA.  The appeals court disagreed.  According to the appeal’s court, “The choice of a very narrow, rigid legal rule to assess the legal sufficiency of [Mr. Lickiss’ expungement] petition — a choice that closed off all avenues to the court’s conscience in formulating a decree and disregarded basic principles of equity — was nothing short of an end run around equity.”  The case has been remanded to the trial court for another hearing.