The cost of doing (non-compliant) business is growing increasingly personal this week, with FINRA issuing a sizable fine to an individual who conducted business activity on a prohibited, personal device.
In the second action of its kind in as many months, the Financial Industry Regulatory Authority (FINRA) has issued a General Securities Representative (GSR) with a $40,000 fine and an 18-month suspension after he was found to have breached myriad FINRA and Securities Exchange Act rules.
The individual in question, John James Hoidas, was registered as a GS with Uhlmann Price Securities, LLC (UPS) between September 2013 and February 2020. Between April 2020 and May 2021, Hoidas was subsequently registered as a GS with American Trust Investment Service, Inc. (ATIS).
In a Letter of Acceptance, Waiver, and Consent issued on June 12, 2023, FINRA has found that, during his tenure as a GS, Hoidas committed compliance failures in three key areas:
1. Unsuitable recommendations
The first regulatory rule breach committed by Hoidas pertains to FINRA Rules 2111 and 2010 – namely that he recommended and sold securities that did not match the risk or investment profiles of his customers.
Between January 6, 2017 and February 7, 2018, Hoidas recommended six unsuitable investment options to three customers. As the level of unsuitability came to light – between June 2019 and December 2021 – several of Hoidas’s customers filed an arbitration against UPS alleging sales practice violations. UPS settled disputes with all of these customers.
2. Borrowed $10,000 from a customer
In a second turn of events, shortly after recommending a series of unsuitable investments, in July 2018, Hoidas borrowed $10,000 from a customer. While FINRA rules do not prohibit this sort of borrowing in its entirety, there are strict parameters around instances in which it would be permissible. UPS, on the other hand, had a written supervisory procedure that explicitly prohibited registered persons from borrowing money from customers – without exception.
Despite this, Hoidas borrowed $10,000 without giving UPS notice – and without obtaining their approval. As a result, Hoidas violated FINRA Rule 3420 and Rule 2010.
When Hoidas failed to repay the loan, the customer complained to UPS, who subsequently reached a settlement with the customer.
3. Communicated with customers on personal communication channels
The third violation from Hoidas comes in the form of off-channel or ‘illicit’ communications – in what is fast becoming a persistent regulatory theme.
UPS has, since at least August 2016, prohibited the use of personal communication channels for securities-related business. The firm’s written procedures say that electronic business communications must only be transmitted through channels approved by the firm. Channels such as personal email, instant messaging applications, and text messages were expressly prohibited from use for business-related communication. These procedures were implemented to enable UPS to supervise and preserve business-related communications in order to remain compliant with FINRA Rule 4511, among others… or so it thought.
Despite having these written procedures in place – from at least March 2017, to July 2019 – Hoidas communicated with UPS customers about securities-related business on his personal phone. Because this method of communication was prohibited, UPS did not have measures in place to capture and preserve communications, which meant they fell foul of FINRA Rule 4511 and Section 17(a) of the Exchange Act.
Further to this, during a later period in which Hoidas was registered as a GS with ATIS, Hoidas entered into a commission-sharing agreement with a separate representative which he did not disclose or seek approval for from ATIS. This meant that – by receiving compensation through an unauthorized and undisclosed commission-sharing agreement – Hoidas caused ATIS to fail to comply with recordkeeping obligations under Rule 13(a)(19) of the Securities and Exchange Act of 1934.
In short, Hoidas left a trail of non-compliant activity over the course of almost 10 years. As a result, FINRA issued a $40,000 fine and suspended Hoidas from FINRA member activity for a period of 18 months.
Personal fines for personal phones: are channel bans an effective compliance strategy
FINRA’s enforcement action against Hoidas is the latest in a string of regulatory action against individuals who have flouted the rules around business communication, opting instead to use prohibited channels such as personal phone or email. $40,000 is a significant fine to be issued against an individual, and it is likely that Hoidas’s use of personal communication devices was an aggravating factor in FINRA’s decision.
In the wake of Hoidas’s non-compliant behavior, both ATIS and UPS suffered both financial and reputational consequences, settling complaints with myriad affected consumers. While UPS did not face the wrath of the regulator directly, there is a wider question here around whether a policy that prohibited the use of certain channels for business communication was an effective, compliant solution.
Channel bans often create fertile ground for off-channel communications. Employees want to speak with customers on the channels that they would naturally use to communicate – text or instant messaging, for example. Where the compliance team implements barriers to business operations, it is inevitable that business will come first.
Instead, firms should consider implementing a strategy that enables effective communication across all channels – but that continues to capture business communication. Technological solutions, such as compliant communication Apps, can ensure that all business communications are captured, from every channel, across both corporate-issued devices as well as BYOD.
By implementing tools, such as those provided by Global Relay, you can plug all business-related communication channels into one unified platform, whereby all communications data is captured, stored, and can be monitored and supervised. No channel is off limits, but all business-related communication is compliant.
