It is better to be alone than in bad company. – George Washington (1)

Avoiding bad company is more than sound advice; it is a key consideration in the financial services industry. For broker-dealers, Section 17 of the Securities Act of 1933 (the “1933 Act”) and Section 10(b) of the Securities Exchange Act of 1934 (the “1934 Act”) and Rule

10b-5 thereunder, impose broad anti-fraud standards on the securities industry. This policy consideration is baked into the key rule sets governing unregistered securities – Regulations A, CF and D. FINRA Rule 2010 also requires broker-dealers and their associated persons

to “observe high standards of commercial honor and just and equitable principles of trade.” Registered investment advisers (“RIAs”) also must consider with whom they choose to employ as paid solicitors for their advisory services as the Investment Advisers Act of 1940’s (the “IA Act”) “Marketing Rule” prohibits certain individuals from serving in that capacity. (2)

Broker-dealers and RIAs serve as trusted advisors for their clients in a wide range of financial matters. But they are not private detectives. The rules appear to acknowledge this by providing for a “reasonable care” standard that, very broadly stated, affords some protection if one can establish that he, she or it did not know and, in the exercise of reasonable care, could not have known, that a disqualification existed. (3) FINRA acknowledges this as well, noting in Regulatory Notice 23-08 (“23-08”) that “[w]hile members are not expected to have the same knowledge

as an issuer or its management, FINRA reminds members of the importance of conducting a reasonable investigation that independently verifies an issuer’s material representations and claims, particularly when the member or its associated persons are affiliated with the issuer or when red flags are present. A member’s independent analysis of the offering should not rely solely upon representations made by the issuer or its affiliates.” (4) Indeed, FINRA uses the word “reasonable” 81 times in 23-08.

What is a “reasonable investigation”? This article offers practical tips to help broker-dealers and RIAs to meet this standard.

What is “Bad”?

Bad company and I won’t deny . . . bad, bad company till the day I die. – Bad Company (5)

We think that before addressing the “how” question it is helpful to review the “what”. Phrased differently, what is the point of a firm’s diligence? While the Marketing Rule has a narrower set of disqualifying events, the rule sets cited above are in general agreement that an individual is a “bad actor” if that person is subject to:

• A criminal conviction within the previous 10 years (5 years in the case of the issuer and its predecessors and affiliated issuers) in connection with:
  • the purchase or sale of a security;
  • making a false filing with the SEC; or
  • the conduct of the business of an underwriter, broker, dealer, municipal securities dealer, investment adviser or paid solicitor of purchasers of securities; (6) or

• A court injunction and restraining order issued entered in the past 5 years and currently in effect in connection with:
  • the purchase or sale of a security;
  • making a false filing with the SEC; or
  • the conduct of the business of an underwriter, broker, dealer, municipal securities dealer, investment adviser or paid solicitor of purchasers of securities; (7) or

• A final order of a state regulator of securities, insurance, banking, savings associations or credit unions; federal banking agencies; the Commodity Futures Trading Commission and the National Credit Union Administration that:
  • currently bars (or has the effect of barring) a covered person from associating with a regulated entity, engaging in the business of securities, insurance or banking, or engaging in savings association or credit union activities; or
  • are based on fraudulent, manipulative, or deceptive conduct and were issued within 10 years of the proposed sale of securities; (8) or
• An SEC order:
  • relating to brokers, dealers, municipal securities dealers, investment companies, and investment advisers and their associated persons under Section 15(b) or 15B(c) of the 1934 Act, or Section 203(e) or (f) of the IA Act that:
    • suspends or revokes the person’s registration as a broker, dealer, municipal securities dealer or investment adviser;
    • places limitations on the person’s activities, functions or operations; or
    • bars the person from being associated with any entity or from participating in the offering of any penny stock; or
  • issued within the past 5 years and remain in effect to cease and desist from violations and future violations of the scienter-based anti-fraud provisions of the federal securities laws, including, but not limited to, Section 17(a)(1) of the 1933 Act, Section 10(b) of the 1934 Act and Rule 10b-5 thereunder and Section 206(1) of the IA Act; or
  • within the past 5 years to refuse, stop or suspend the Regulation A exemption within the last five years, or a pending proceeding to determine whether such an order should be issued; (9) or
• Suspension or expulsion from membership in a self-regulatory association (“SRO” - i.e., a registered national securities exchange or national securities association, such as FINRA) or from association with an SRO member for any act or omission to act constituting conduct inconsistent with just and equitable principles of trade; (10) or
• A U.S. Postal Service false representation order entered within the preceding five years, or a temporary restraining order or preliminary injunction with respect to conduct alleged to have violated the false representation statute that applies to U.S. mail. (11)

Of course, a firm is welcome to set a standard that exceeds the regulatory standard. For example, a firm may choose not to do business with a person or entity that is actively litigating a matter with a regulator.

How to Detect “Bad”

There is nothing more deceptive than an obvious fact. – Arthur Conan Doyle (12)

Timing is Everything – Have a Plan from the Outset

Conducting the proper level of due diligence at the outset can significantly limit a firm’s chances of running afoul of a bad actor disqualification provision. This also reduces a firm’s exposure

to the reputational damage that bad actors can cause. We encourage a firm to map out the due diligence process in its procedures, either as a part of supervisory policies or in a “desktop manual”. A key component of this is to have the entity and/or the covered person(s) certify to a specified list of statements or declarations about their background at the beginning of the relationship.

TIPS:

• Establish a set of due diligence policies and procedures that maps out the firm’s investigation process.
• Establish a set of documents or a questionnaire for the covered person and/or issuer to complete and sign at the outset of the process.
• The due diligence questionnaire should have the covered person list out all relevant licenses the person possesses including the states of issuance (as relevant).
• Hold diligence calls to request pertinent information from the subject, as needed.

Trust, but Verify

We note that FINRA emphasizes in 23-08 the importance of conducting a reasonable investigation that independently verifies an issuer’s material representations and claims. This means a firm cannot rely solely on the assertions made by the covered persons. Instead, it is important to document the steps taken to verify the claims made. As such, we believe that to truly mitigate a firm’s risk, it must go beyond sending a simple questionnaire.

TIPS:

• For any red flags identified, establish a process for a deeper dive due diligence and an escalation path for further review (this should be included in the due diligence policies and procedures).
• The availability of records can vary by state and the firm’s process may have to be tailored for certain jurisdictions.

Leverage the Information Age: Use “OSINT”

Deeper dive due diligence can help identify disqualifying events. A firm can work with a due diligence professional to establish a framework or access proprietary databases that work for this scenario, especially if it knows of any adverse issues at the outset. This can also include a full open-source intelligence (“OSINT”) investigation of the individual or entity in question. An OSINT-based investigation involves looking into all publicly available records in addition to a review of deep web and in some cases dark web resources. This level of due diligence will likely uncover any hidden issues and risks and provide the firm with a much deeper understanding of the covered person’s or entity’s background.

1. See https://www.goodreads.com/quotes/124175-there-is-nothing-more-deceptive-than-an-obvious-fact (last visited Sept. 14, 2023).
   

There is a wealth of information that a firm can mine to help it search for a bad actor, particularly for finding regulatory actions. The resources relevant to researching the profile of a covered person in the financial industry context include:

• The Consumer Financial Protection Bureau (CFPB) at https://www.consumerfinance.gov.
• The Commodities Futures Trading Commission (CFTC) at https://www.cftc.gov.
• FINRA’s BrokerCheck at https://brokercheck.finra.org.
• The Department of Justice at https://www.justice.gov.
• The Internal Revenue Service at https://www.irs.gov.
• The National Futures Association (NFA) at https://www.nfa.futures.org and https://www.nfa. futures.org/basicnet.
• The SEC’s Investment Adviser Public Disclosure (IAPD) website at https://adviserinfo.sec gov.
• State Bar Associations.
• The Department of Treasury at https://home.treasury.gov.
• State Financial Regulators at https://www.nasaa.org/contact-your-regulator.
• Public Access to Court Electronic Records (PACER) at https:pacer.uscourts.gov.

In particular, PACER offers valuable insight into the federal litigation history of the entity or person under review. It is important to review any opinions or orders beyond the outcome itself to identify any troubling patterns of behavior that may be red flag indicators.

Finally, researching history at the state or local level can be challenging, depending on the jurisdictions in play. Most available background checks only cover simple database searches, which may not uncover all available records. Each jurisdiction will have a unique method of obtaining prior court records. The relevant state regulator may have insight on uncovering convictions related to the disqualifying events listed above.

TIPS:

• If searching for court records, then consider a service provider that obtains records directly from the relevant courts.
• A covered person’s resume can provide key context when searching for criminal actions.

Identity Resolution is Critical

Another important factor is ensuring that the firm has clearly identified the subject of its review. We recommend corroborating the information returned with the identity of the firm’s subject with contextual clues whenever possible. For example, a search for “Ryan Smith” on any search engine will yield, among other results, an ESPN SportsCenter anchor, a successful businessman and a co-author of this article. Only one of these individuals is a lawyer in the securities industry (and decidedly less interesting than the other two). The more information collected, the easier this will be to accomplish. Information such as work history, current address, and professional

accomplishments can go a long way. Plus, senior executives will typically have some level of web presence to help identify a match.

Document, Document, Document

I’m a hoarder. For me, documentation has always been key, and I’ve kept everything from my past. – Diane Keaton (13)

This should not come as any shock to anyone reading this article that it is extremely important to establish a formalized set of documentation to evidence the level of due diligence conducted and the findings of the firm’s review. Indeed, FINRA noted in 23-08 that “[a] member may demonstrate that it has conducted a reasonable, independent investigation by: documenting the inquiries, research, and analysis that the member conducted.” (14) Despite this advice, this is an overlooked part of the process. A firm should take credit for its efforts.

TIPS:

• For each individual or entity reviewed, document the due diligence process through a templated report demonstrating the steps taken to verify the assertions made.
• The documentation should include a printout or a screenshot of the findings of any database searches even if the result is no records found.
• Understand the artifacts.
• Track items that require further inquiry.

Comprehensive Due Diligence Makes for Great Shade

Someone is sitting in the shade today because someone planted a tree a long time ago. – Warren Buffett (15)

Due diligence’s long-term value should not be discounted. Not only do the regulators expect this of the financial professionals that they regulate, but miscalculating risk and falling on the wrong side of the anti-fraud equation can cause a firm or its clients irreparable reputational damage. While financial fraud makes for good reading – and in some cases recently translates into entertaining Hollywood scripts – it is terrible for business. The harsh glare from repeated regulatory inquiries and/or litigation arising from dealing with bad company can cripple a business or a career. No one wants this to be their legacy. Get some shade.

1. See https://www.brainyquote.com/quotes/george_washington_377893 (last visited Sept. 14, 2023).
2. See IA Act Rule 206(4)-1(b)(3).
3. See IA Act Rule 206(4)-1(b)(3); Reg A Rule 262(b)(4); Reg CF Rule 503(b)(4); and Reg D Rule 506(d)(2)(iv).
4. 23-08 at 6.
5. From the band’s 1974 debut album titled “Bad Company” (of course).
6. Reg A Rule 262(a)(1), Reg CF Rule 503(a)(1), and Reg D Rule 506(d)(1)(i); see generally IA Act Rule 206(4)-1(e)(4)(i)-(ii).
7. Reg A Rule 262(a)(2), Reg CF Rule 503(a)(2), and Reg D Rule 506(d)(1)(ii); see generally IA Act Rule 206(4)-1(e)(4)(iv).
8. IA Rule 206(4)-1(e)(4)(iii); Rule A Rule 262(a)(3); Reg CF Rule 503(a)(3); and Reg D Rule 506(d)(1)(iii).
9. Reg A Rule 262(a)(4), (5) and (7); Reg CF Rule 503(a)(4), (5) and (7); and Reg D Rule 506(d)(1)(iv), (v) and (vii); see generally IA Act Rule 206(4)-1(e)(4)(v).
10. Reg A Rule 262(a)(6); Reg CF Rule 503(a)(6); and Reg D Rule 506(d)(1)(vi).
11. Reg A Rule 262(a)(8); Reg CF Rule 503(a)(8); and Reg D Rule 506(d)(1)(viii).
12. See https://www.goodreads.com/quotes/124175-there-is-nothing-more-deceptive-than-an-obvious-fact (last visited Sept. 14, 2023).
13. See https://www.azquotes.com/quote/999159 (last visited Sept. 14, 2023).
14. 23-08 at 7; see also FINRA Regulatory Notice 10-22 at 7..
15. See https://graciousquotes.com/legacy/ (last visited Sept. 14, 2023).