Third-Party Vendor Violations

It looks like some Utah-based credit unions might be re-examining the risk of broker-dealer networking arrangements after the Utah Division of Securities petitioned to fine three independent broker-dealers a combined $2.25 million for failing to comply with regulatory requirements.

Federal credit unions can’t register as broker-dealers or sell non-deposit investments directly to members. To provide those services to members, some credit unions use third-party brokerage agreements and host employees of these firms in the credit unions’ offices.  Requirements include:

  • Physically separating the broker-dealer from regular credit union business activities.
  • Ensuring the broker-dealer controls all securities business at the credit union.
  • The broker-dealer is responsible for all advertisements and they must make clear that the broker-dealer is providing the services, the credit union is not a broker-dealer and the broker-dealer is not affiliated with the credit union. Broker-dealer ads may not prominently reference the credit union and may only refer to location.

Apparently, not every broker-dealer has been following the rules. A drop-in agency review of Cetera Advisor Networks, LPL Financial and CUSO Financial Services found many violations of these rules, including business cards, signs and materials implying that brokers were employees of the credit unions. Some credit union social media posts also misconstrued the relationships, the agency found. The broker-dealers weren’t following their own policies and procedures.

Managing Complaints to Achieve Better Results

This wasn’t a limited problem. Issues were found at several credit unions.

Cetera, LPL, and CUSO may be on the hook for fines of $1 million, $750,000 and $500,000, respectively, but that doesn’t mean they are the only ones at fault. A 2010 NCUA letter warned credit unions that their securities activities must meet the same standards for broker-dealers. It’s possible the credit unions involved could face regulatory attention from the NCUA.

This problem could potentially have been avoided with more due diligence, which the NCUA strongly recommends when partnering with a broker-dealer. It also encourages a thorough risk assessment.

“The credit union’s directors should, as with any business activity, fully evaluate the risks involved with non-deposit investment activities, including legal risks, reputation risks, and economic risks.”

In these cases, the risk of failing to comply with broker-dealer regulations and the potential financial impact on the vendor should have been considered. Just because the broker-dealer is responsible for advertising doesn’t mean the credit union doesn’t need to be familiar with the rules that must be followed. It still should have systems in place to ensure compliance.

Due diligence of LPL would have revealed the broker-dealer has experienced similar issues in the past. Last year the Massachusetts Securities Division found that LPL did not clearly distinguish itself as separate from the credit union. It used DBA similar to the credit’s name, didn’t have proper signs identifying the broker-dealer and used inconsistent disclosures on business cards.

LPL also got in trouble for advisors’ misleading statements about compensation, including commissions and whether they were paid by the credit union. The result was a $1 million fine.

Just because you’ve had a successful, long-term relationship with a third-party vendor doesn’t mean that your due diligence can end or that you can assume a residual risk rating. Ongoing due diligence should uncover potential issues a vendor is having and give your institution the opportunity to ensure that the same problem doesn’t exist at your institution. If a vendor has a known problem at other institutions, you’ll have a hard time explaining to regulators why you didn’t think to re-examine the vendor relationship and ensure compliance with regulations, policies, and procedures.