Warn Your Clients Now: FINRA Does NOT Guarantee Investment Opportunities

The ingenuity of investment scammers has no limits. Now they are invoking the names and logos of regulatory agencies in order to entice their victims—your clients—to part with their hard-earned cash.  To help them stay safe, caution them to watch for solicitations that use a regulatory tie-in to promote an investment’s safety.

In a recent case, fraudsters used FINRA’s name and logo in correspondence, including a phony signature from FINRA’s top executive—to create the false impression it guaranteed the performance of what was actually an advance-fee scam.

“Financial fraudsters go to great lengths to appear legitimate, making it difficult for investors to recognize their ruses,” says Gerri Walsh, FINRA’s Senior Vice President for Investor Education. “That’s why we are telling investors flat out that FINRA does not guarantee investments, and our officers play no role in facilitating investment opportunities. We want people to know that and to understand how they can verify who the real FINRA is.”

According to FINRA, advance-fee scams typically involve criminals enticing consumers into sending in funds to pay for administrative or regulatory charges relating to a stock share buyback, which is either worthless or under-performing. Once investors send their money in, they never see it again or receive any returns from the stock buyback.

One way for your clients to stay safe from such schemes is to carefully examine solicitations for telltale signs of fraud. These include the use of quasi-legal language, repeated use of the word “guarantee,” and failing to correctly identify the regulator or its executives.

In a FINRA Investor Alert on regulator scams, the agency pointed to a recent attempt to defraud an investor. The scammer emailed the person a document supposedly from the FINRA CEO in an effort to build trust. Close inspection of the letter revealed improper use of the FINRA logo, incorrect executive titles, repeated use of the word “guarantee” (something FINRA would never do), and reference to the Financial Securities Rule-Making Board (FSRB), a fake agency.

In another fraud, scammers sent email pitches that purported to come from the office of FINRA President and CEO Robert Cook. They portrayed FINRA as a “recognized financial manager of the IMF” (false) and informed recipients that it has granted the release and payment of outstanding inheritance funds. The catch? The investors needed to fly to another country. But before they could, they needed to send in more personal information and a copy of their passports. Those who did would be at high risk of having their identity stolen, FINRA said.

How to help your clients avoid advance-fee, phishing, or other types of investment frauds? Encourage them to view every solicitation skeptically, watching for typos and other scam tipoffs. And they should be wary of any offer that touts guarantees or otherwise sounds too good to be true. If they’re not sure the offer is legitimate, encourage them to run it by you. Or they can use FINRA’s Scam Meter here.

To help your clients learn more about investment scams, send them to FINRA’s “Avoiding Investment Scams” page here.


For information on affordable E&O insurance for low-risk insurance agents, investment advisors, and real estate broker/owners, please visit EOforLess.com. For information on ethical sales practices, please visit the National Ethics Association’s Ethics Center.

FINRA Shows Regulatory Hand: Brokers, Pay Heed or Watch Out!

One of the benefits of working in financial services is that regulatory agencies are usually transparent about their concerns. They communicate well in advance when they’re about to crack down on something, giving agents, advisors, and brokers more than enough time to respond. FINRA is an excellent case in point.

In early January 2018, the securities self-regulatory organization released its annual Regulatory and Examination Priorities Letter, which tells member firms and registered representatives what it intends to focus on during the year. The letter, in effect, is a great resource for resolving compliance issues before FINRA gets involved.  It also helps firm executives prepare for their FINRA examinations.

The regulator’s 2018 letter was wide-ranging. FINRA announced it will focus its efforts on fraud, high-risk firms and brokers, and operational and financial risks, including technology governance, cybersecurity, and market regulations. Other priorities will include:

  • Sales practice risks, especially recommendations of complex products to unsophisticated, vulnerable investors;
  • Protection of customer assets and the accuracy of firm’s financial data; and
  • Market integrity, including best execution, manipulation across markets and products, and fixed-income data integrity.

In the body of the letter, FINRA provided further details on each regulatory concern. Several that bear a strong relationship to broker sales activities follow.

Fraud: FINRA announced that once again, fraud will be a high enforcement priority. These include activities such as insider trading, microcap pump-and-dump schemes, issuer fraud, and Ponzi-type schemes. Also, a focus will be continuing to identify cases of potential insider trading, which FINRA refers to the U.S. Securities and Exchange Commissions (SEC). Reining in scams targeting senior investors will receive a strong emphasis, as well.

High-Risk Firms and Brokers: FINRA will focus on protecting investors from firms and brokers that take advantage of their customers. Specifically, it will look at practices such as hiring, supervision of high-risk brokers, supervision of point-of-sale activities, and branch inspection programs. Also a focus will be sales of advanced securities products to unsophisticated investors.

Sales Practice Risks: This is an especially wide-ranging area. In 2018, FINRA says it will pay serious attention to suitability violations, especially to the business practices and processes that produce suitable sales. Suitability in the context of employer-sponsored retirement plans and IRA rollovers will be hot-button issues too, as will be sales of initial coin offerings, cryptocurrencies, the use of margin loans in the sales process, and proper use of securities-backed lines of credit.

Cybersecurity: 2018 will continue to see high FINRA involvement in protecting customer assets and information against hacking and other cyber-crimes. As in prior years, FINRA will continue to evaluate the effectiveness of firms’ cybersecurity protocols—specifically their preparedness, technical defenses, and resiliency measures.

To further help member firms and their brokers, FINRA released a Report on FINRA Examination Findings. Based on what it finds when it visits firms at least once every four years, this document can also be a helpful resource in assuring firm compliance with FINRA rules in 2018 and beyond.

For further information about FINRA’s 2018 priorities, please visit its website here.

Continue to keep up to date with ethical practices by reading the latest news on  National Ethics AssociationFor information on affordable E&O insurance for low-risk insurance agents, investment advisors, and real estate broker/owners, please visit EOforLess.com.

­A Cautionary Tale: After 50+ Disclosure Events, Rogue Broker Finally Gets the Boot

For years, we’ve been preaching to financial professionals about the importance of keeping their compliance records free of black marks. Our argument: that all it takes is one bad disclosure to besmirch your record. And now that sanction reports live forever on the Internet, one event can make it impossible to generate new business . . . for years, if not decades, to come.

However, sometimes we run across news that makes us question this advice. For instance, Financial Advisor IQ recently reported the case of a renegade broker who racked up more than 50 disclosure events over a 14-year-time period, all easily found on his FINRA BrokerCheck record. The fact that the broker operated beyond the regulatory pale for years makes one question whether government agencies are capable of protecting consumers against rogue advisors. In this particular case, the answer, apparently, is no.

The more you learn about this broker’s track record, the more shocking his story becomes. According to Financial Advisor IQ, FINRA recently threw Anthony Diaz, a Pennsylvania broker last registered with IBN Financial Services, Inc., out of the business. But it took him repeatedly selling unsuitable securities to at least 17 clients since 2000 for FINRA to act. To its credit, FINRA ordered him to refund $4.3 million to his clients, including $1 million in compensatory damages, $2.9 million in punitive awards, and $413,000 in legal fees. But it tolerated his behavior for years.

Over the course of his career, Diaz repeatedly made inappropriate recommendations. He pushed clients to make variable annuity exchanges with no reasonable basis. He misrepresented products to clients. He lied about their net worth so he could sell them alternative investments. He deceived his product firms and broker-dealers. He falsified signatures on annuity applications. He also got embroiled in numerous client disputes, including a 2017 complaint alleging he made poor recommendations, had a client sign a blank form, and put false information on their documents.

During his career, Diaz worked for 11 different securities firms and was fired from five of them. Apparently, the broker-dealers didn’t care about his atrocious disclosure history; they were more impressed with his sizable client list. And regulators only got serious about policing him over the last couple years, when FINRA finally barred him and the New Jersey and Pennsylvania securities agencies pulled his license.

But think about the impact he had on those 17 clients—how much they must have worried about losing their money, how aggravated they were filing FINRA claims, how much they shelled out in legal fees. If regulators had done their jobs years ago, clients could have entirely avoided this nightmare.

Now, surely the broker-dealers and the clients themselves share culpability. Why did firms keep hiring and firing this guy? And why did consumers retain the guy when even a cursory BrokerCheck read would have revealed his true nature? His track record should have disqualified him from holding even a janitorial position in the securities business.

So what are the lessons learned from the Diaz case?

  • First, if you’re insurance licensed and refer clients to a broker to purchase securities, please do careful due diligence on that person. Eliminate those with anything more than a trivial complaint in their past. And given the number of brokers who have flawless records, perhaps adopt a zero-tolerance posture regarding customer disputes.
  • Second, encourage your friends, family members, and colleagues to do serious research on potential brokers. The BrokerCheck system is user-friendly. There’s absolutely no excuse for a consumer not to do a deep dive into a broker’s compliance history to see if the person is trustworthy.
  • Third, if you’re securities licensed, supplement your BrokerCheck file with other sources of information your prospects might find useful. For example, give your prospects access to a comprehensive background check on you, available through the National Ethics Association. Also, consider joining the Better Business Bureau. And as long as you don’t have an investment-advisory license, give your prospects the names of several clients who can vouch for your integrity.
  • Finally, as disappointing as the Diaz story is, it highlights the tremendous opportunities financial professionals with clean records have. With so many ethically flawed competitors in the marketplace, those committed to doing business ethically and legally will have a huge competitive advantage over the unethical bottom-feeders. When consumers finish checking you out, they will know you’re the real deal—a financial professional who will serve their best interests and in whom they can place their trust.

To read more about ethical business practices, visit the Ethics Center at the National Ethics Association, sponsor of EOforLess. 

­Whatever your license type—life or health insurance, securities broker, registered investment advisor, property-casualty agent, or real estate broker owner—cybersecurity should top your list of risk-management concerns. As recent news has repeatedly shown, financial professionals of all stripes face increasing cyber risks. And those who continue doing business as usual are setting themselves up for potentially catastrophic outcomes.

­The good news is agents and advisors have two powerful avenues of self-defense: insurance and security best practices.

Now, if  you thought E&O insurance didn’t protect against cyberattacks, you’re not alone. Many financial professionals assume they need dedicated cyberinsurance to receive the most comprehensive protection. And they’re correct. However, you can still receive basic coverage through your E&O insurance policy. Here’s how that works:

Today’s E&O insurance policies not only protect you against the standard risks of making a mistake or failing to do something important, they now also cover you against certain cyberrisks. For example, EOforLess’s life insurance agent E&O has a client network damage and privacy claim endorsement. This means you will have protection against plaintiff lawsuits relating to an alleged electronic infection that harms a client’s network. The loss must result from you providing covered professional services to the client. In other words, if a client picks up a computer virus (and sustains a financial loss as a result) from having accessed your computer network, your E&O policy can indemnify that person or entity within the limits and definitions of your policy (and the specific wording of its network endorsement). However, it’s important to realize that standalone cyberinsurance offers much more comprehensive protection.

What about common-sense security practices? Actually, implementing a surprisingly short list of measures can go a long way toward keeping you and your clients safe. Here are some of the best measures to implement:

    1. Threat awareness. Part of having secure computers and networks is being aware of the threats you face. To this end, follow industry trade publications to stay current on the cyberattacks and breaches financial entities have suffered recently. Also, visit the Financial Services Information Sharing and Analysis Center to learn more about recent incidents.
    2. Secure passwords. Even in this day and age, a surprising number of people still have poor password hygiene. They use their names and birthdays, rely on simplistic words and phrases, and fail to lock down their passwords against prying eyes and thieving hands. By mandating the use of a password management application, you can vastly augment your firm’s cybersecurity. Such apps simply ask you and your staff to remember one master password. Then through an Internet browser extension, they automatically serve up longer, more complex passwords when you visit websites. This means you’ll no longer need to know or save potentially hundreds of passwords.
    3. Multi-factor authentication (MFA). MFA is a security approach that depends on two or more methods of authenticating a user’s identity before allowing a log-in or other transaction. It typically combines what the user knows (i.e., a password), what the user has (a security token or code), and what the user is (biometric verification as in a smartphone’s built-in fingerprint reader). Having multiple security layers makes it harder for intruders to break into a device or network, since they need to have not only your password, but also your token device and biometric data.
    4. Security best practices. A large number of cyberbreaches occur due to employees’ unsafe computing practices. For example, they often fall prey to e-mail phishing attacks in which they clink on a URL within an email. This then infects their computer with a virus or other code that can lead to unauthorized break-ins. Even worse, online criminals now use increasingly plausible approaches to dupe employees into clicking on malicious links. Solution? Constant employee training on security awareness and best defensive practices.
    5. Data encryption. Make it your business to learn how to encrypt all client data before sending it over e-mail or via other channels. This is a critical element for safeguarding business and customer data.
    6. Destroy old hardware. If you are disposing of obsolete computers or other devices, make sure to magnetically erase the equipment. Otherwise, criminals may find a way to access the data on the computers or devices and use it to perpetrate a breach to your current hardware and networks.
    7. Install  software patches (updates). As the latest cyberattacks are foiled, computer and system vendors typically update their software to fix bugs and close back doors that lead to breaches. However, if you don’t take advantage of those updates, your data will remain susceptible to attack.

The point is this: Cybersecurity is no longer the province of information technology (IT) professionals. Insurance and financial advisors need to stay abreast of the latest threats and adopt protective measures as soon as possible. By keeping informed, adopting best practices, and relying on their E&O and cyberinsurance policies as backstops, they should be well protected against potentially devastating cyberattacks. Good luck!