NEW YORK (Thomson Reuters Regulatory Intelligence) - The Financial Industry Regulatory Authority’s $1.25 million fine levied against a J.P. Morgan Chase & Co unit for lapses in background checks shows the importance to compliance of ensuring proper employee screening.
FINRA fined J.P. Morgan Securities for incomplete background checks on 95 percent of its non-registered associate employees from January 2009 through May 2017. The failures violated regulatory imperatives and prevented the firm from determining whether these persons would have been otherwise disqualified from working at the firm.
The firm self-reported these lapses to FINRA, which was factored into the fine, the self-regulator said in announcing the settlement last month.
Failures in a firm’s screening protocol could showcase either deficient policies and procedures, communications failures in alerting compliance and human resources staff of the missing information, or a conscious disregard.
A company committed to investor protection and using due diligence in the required functions must make employee screening part of the compliance checklist for staff to follow. Furthermore, effective controls must be in place to signal screening gaps.
Firms also should strongly consider going beyond FINRA’s imperatives to further investigate the veracity of claims made in potential employees’ resumes and applications, such as education and employment history and performance.
J.P. MORGAN AND EMPLOYEE SCREENING REQUIREMENTS
J.P. Morgan Securities failed to adequately conduct fingerprint screening on 8,670 non-registered employees for more than eight years, according to FINRA.
The regulator scolded the firm for failing to fingerprint 2,036 non-registered “associated persons” in a timely manner, “preventing it from determining whether those persons might be disqualified from working at the firm.”
While J.P. Morgan fingerprinted the remaining 6,634 non-registered employees, it failed to screen them for all felony convictions or disciplinary actions brought by financial regulators, as required under the Exchange Act and FINRA by-laws, FINRA said.
Instead, J.P. Morgan limited its screening to criminal convictions specified in federal banking laws and an internally-created list that included crimes such as kidnapping, rape, murder, manslaughter and sexual assault, according to the settlement.
The fingerprinting and screening lapses, which occurred from January 2009 through May 2017, affected approximately 95 percent of the firm’s non-registered associated employees.
As a result, at least four employees who should have been disqualified due to criminal convictions were allowed to remain associated with the firm for extended periods – in one case 10 years. Another remained associated for eight years and was subsequently rehired for an additional six months, the agency said.
The list of disqualifying events includes any felony conviction within the past 10 years, certain specified felony or misdemeanor convictions, violations of various securities law, and injunctions entered to enjoin a person from performing a securities-related function.
FINRA member firms are required under Section 17(a) and 17(f)[hhere] of the Exchange Act to fingerprint most employees to determine whether they committed any criminal offenses, according to FINRA.
They must also seek other background information to see if the employees are subject to serious, non-criminal findings or sanctions imposed by financial regulators.
These rules require members and broker-dealers to make and keep current records on associated persons including whether there have been any arrests and indictments for any felony or certain misdemeanors -- such as securities, banking, insurance or real estate related crimes, fraud, false statements or omissions, wrongful taking of property, bribery, forgery, counterfeiting, extortion -- and the disposition of such arrests and indictments.
FINRA Rule 3110(here) requires FINRA-registered firms to adopt policies and procedures that are reasonably designed to ensure compliance with those laws.
“FINRA member firms play an important gatekeeper role in keeping bad actors from harming investors. Firms have a clear responsibility to appropriately screen all employees for past criminal or regulatory events that can disqualify individuals from associating with member firms, even in a non-registered capacity,” said Susan Schroeder, Executive Vice President of FINRA’s Department of Enforcement in a statement announcing J.P. Morgan’s settlement. The firm neither admitted nor denied the charges.
In addition to paying a $1.25 million fine, the firm agreed to review its systems and procedures related to the identification, fingerprinting and screening of non-registered associated persons.
“We self-reported this matter and are pleased it’s now behind us,” said Jessica Francisco, a spokeswoman for J.P. Morgan Securities. She said the firm is “committed to having appropriate controls to comply with regulatory requirements.”
FINRA RULES STRENGTHENED
J.P. Morgan’s settlement revolved around its lack of fingerprint screening as part of its background checking procedures.
FINRA’s overall background check requirements are expansive.
Two years ago, FINRA strengthened its background check requirements. It expanded the obligation of member firms to investigate the background of applicants for registration by confirming the completeness and accuracy of an individual’s Form U4, the document used to register individuals with FINRA member firms.
The proposed amendments were approved by the Securities and Exchange Commission (SEC) on December 30, 2014, and Rule 3110 went into effect on July 1, 2015.
FINRA said it hoped to include more relevant and accurate information regarding broker-dealers and registered individuals in its WebCRD for authorized users and its consumer-accessible BrokerCheck databases(brokercheck.finra.org/).
In addition to firms investigating the good character, business reputation, qualifications, and experience of applicants for registration, they need to also perform a search of “reasonably available public records” to verify the completeness and accuracy of the details included in an individual’s Form U4.
Applicants certify to the accuracy of Form U-4 when they first apply, but Rule 3110 states that broker-dealers are not permitted simply to rely on that certification; they must independently verify everything.
Firms must also review an applicant’s most recent Form U5, which provides information regarding the reason for the termination of a registration with a member firm, for any potential claims regarding misconduct.
To maintain compliance, member firms are responsible for adopting written procedures for verifying the Form U4. These procedures should specify the process for completing the necessary public record research and provide that those checks will include, at minimum, a national search of available public records and filings like criminal records, bankruptcy filings, civil litigation, court judgments, liens and business records.
The background investigation must be completed before filing a Form U4, and the public records check and Form U5 review within 30 calendar days and 60 calendar days, respectively, after filing the Form U4.
SCREENING BEST PRACTICES
Regulators expect broker-dealers to meet their significant responsibilities in performing background checks on those persons that will be handling customer money for them. The failure to meet these obligations can result in enforcement actions or negligent-hiring claims in arbitration cases.
FINRA does not advocating the use of a particular screening tool nor does it suggest that using one constitutes some sort of “safe harbor.”
The agency is, however, emphasizing its commitment to review how diligently and promptly member firms have demonstrated a commitment to vetting those potential employees who will be handling client accounts.
Maintaining such “evidence of compliance,” is one of the essential practices of any compliance process.
On employment issues, firms should seek to document what procedures they have used to learn as much about a prospective broker as possible and relevant to the job at hand and to note precisely the findings and any reasons for delays.
The broker-dealer should have internal policies outlining the steps required in this type of investigation, specifying exactly who carries out which steps.
Service providers exist that will create disclosure monitoring reports so broker-dealers can obtain reports on applicants, but those services should be vetted for their effectiveness, troubleshooting procedures and adaptability to business needs.
When checking credit histories of a prospective broker, it is also important to be aware of Fair Credit Reporting Act (FCRA) requirements(here).
Under the FCRA, it is necessary to get permission from the subject of a prospective credit report. If a hiring decision is made based on a candidate’s financial history, the FCRA requires notices to the applicant, both before and after the adverse hiring decision is made. Failure to do so can trigger monetary penalties.
The FCRA process enables applicants to challenge decisions made on credit histories and establish whether information in them is erroneous.
In examining information concerning a broker, any red flag should be documented and followed up promptly. Turning a blind eye to such information can lead to severe consequences.
Departments in a firm must coordinate their efforts regarding background checks and their documentation. Human resources and compliance departments, for example, should agree on allocating task responsibilities, sharing of information and record maintenance.
Additionally, FINRA states that the search of “reasonably available public records” must be “national” in scope, but firms doing business internationally must appreciate that there may be circumstances in which a search in foreign jurisdictions is warranted.
In terms of affirmations, firms must be able to point to and prove the use of policies that address the issue of current employees and their annual affirmations about the accuracy of the information on their U-4 forms.
Specifically, these regulates businesses must decide if they will rely on these attestations, or if they will independently verify on an annual basis the currency and accuracy of such data.
While broker-dealers cannot rely on the affirmation of a new applicant, they can rely on them at the annual certification stage.
But actively verifying brokers’ annual attestations can help a firm look more diligent about compliance. The exercise, even if done randomly, would also prepare the firm for the possibility of FINRA making such verification a requirement at some point.
The protection of investors that regulatory bodies and the investing public demands means that a brokerage firm must devote sufficient resources to its compliance program; the heavy lifting that background checks can entail is yet another reminder.
-- FINRA, J.P. Morgan settlement: bit.ly/JPMorgan-settlement
-- FINRA WebCRD: bit.ly/Web-CRD
(Julie DiMauro is a regulatory intelligence expert in the Enterprise Risk Management division of Thomson Reuters Regulatory Intelligence. Follow Julie on Twitter @Julie_DiMauro. Email Julie at firstname.lastname@example.org.)