SDDco Perspective Newsletter

June 4, 2019  |  Vol 9. Edition 1

Dear SDDco Clients and Colleagues: Our SDDco Perspective includes industry news, guidance, regulatory rule updates, deadlines, and other timely matters impacting brokers, advisors, fintech firms, taxpayers, investors, and their service professionals. The SDDco Perspective is made available on our website monthly at


Bryon Lyons

Bryon Lyons
CEO, SDDco Brokerage Advisors LLC

Facebook Said to be Planning Crypto-Currency Based Payments System

On May 9, 2019, the U.S. Senate Committee on Banking, Housing, and Urban Affairs, wrote what the British Broadcasting System (“BBC”) termed an “open-letter” to Mark Zuckerberg and Facebook requesting information regarding its planned (yet unannounced) launch of a global digital payments system. The BBC reports that Facebook plans to roll out "GlobalCoin" in several countries by the first quarter of 2020. It is reported that Facebook hopes to start testing its new crypto-currency by the end of 2019.

BBC Reports Facebook to Roll Out GlobalCoin in 2020
U.S. Senate Banking Open Letter to Mark Zuckerberg
Business Insider re Global Coin

SEC Issues Industry-Wide Risk Notice to Brokers and Advisors

On May 23, 2019, the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) issued a Risk Alert to Broker-Dealers and Investment Advisers that discusses recent examination findings related to firms’ use of electronic books and records storage solutions, including cloud-based third-party storage vendors.

OCIE staff identified misconfigured network settings; inadequate oversight of vendor-provided network storage operations; and, insufficient data classification policies and procedures as key concerns arising from their examinations. OCIE’s use of the Risk Alert is intended to encourage registered broker-dealers and investment advisers to review their practices, policies, and procedures with respect to the compliant electronic storage of customer information and their active oversight of third-party vendors.

SEC Industry-Wide Risk Alert re Electronic Storage


Erin Furtado

Erin Furtado
Head of Marketing

Alert! Alert! SEC Issues Privacy and Data Security Risk Alert

The privacy risk alert was published after OCIE observed advisors and broker dealers were not providing privacy notices and, if they did, they were lacking pertinent information. OCIE hopes this alert will remind those in question to provide compliant privacy and opt-out notices and adopt effective policies and procedures for safeguarding customer information, under Regulation S-P. Gaps in data security policies and procedures are common among small and medium-sized financial firms and could cause data breaches, examination by the SEC and OCIE, and harm to your reputation. Advisors and broker-dealers should review and update their written policies and procedures to avoid such vulnerabilities. To find out how you can bridge any compliance gaps, read more...

Read More >

SEC and FINRA Share Regulatory Priorities for 2019

The SEC’s and FINRA’s priorities overlap in 2019 when it comes to cybersecurity. The SEC has stated that it will prioritize cybersecurity in each of its five examination programs, and will continue to focus on risk assessment, access rights and controls, data loss prevention and incident response. FINRA is also prioritizing the importance of cybersecurity through regulatory technology ("RegTech"). FINRA plans to observe how firms are using RegTech tools to: 1) make their compliance efforts more efficient; and 2) address risks, challenges and regulatory concerns including supervision and governance systems, third-party vendor management, safeguarding customer data and cybersecurity. Firms should make sure they are following rules and securities laws in these areas, so they are not targeted.

Read More >


  • Become compliant with all state and federal requirements including FINRA, NYDFS, SEC, etc.
  • Infrastructure Testing including Penetration Testing
  • Customized and Tested Policies and Procedures
  • Fully Managed Incident Response Coverage
  • Data Security Training
  • Vendor Due Diligence
  • Risk Assessments

Cybersecurity graphic

Speak with an SDDco consultant about how we can help you navigate the nuances of armoring your firm through SDDco Cyber.


Gary Fox

Gary Fox

Proposed Rule Change Relating to FINRA Rule 5110 (Corporate Financing Rule – Underwriting Terms and Arrangements) to Make Substantive, Organizational and Terminology Changes

In early April, FINRA filed a proposed rule change relating to FINRA Rule 5110, the Corporate Financing Rule – Underwriting Terms and Arrangements. According to the regulator, the proposal is to “…make substantive, organizational and terminology changes.” If accepted, the rule change enacts some significant changes to the rules that have governed investment banking for years. The document filed in the Federal Register is 681 pages longs, though many of those pages are half filled with footnotes. Of note are the following proposed changes:

  • FINRA’s proposed rule would exclude certain offerings from the definition of a public offer. These include:
    • Offerings exempt from SEC registration under Section 4(a)(1), (a)(2) and (a)(6) of the Securities Act;
    • Certain offerings exempt from registration under Rule 504 of Regulation D;
    • Offerings that are excluded from the definition of public offering would be exempt from all requirements of the proposed rule.
  • Filing deadlines with FINRA are extended to 3 business days versus the current 1 business day after filing with the SEC or a state securities commission.
  • FINRA has proposed certain exemptions from filing for “experienced issuers”
    • (i) a 36-month reporting history and voting stock held by non-affiliates having at least $150 million in aggregate market value; or
    • (ii) voting stock held by non-affiliates having an aggregate market value of at least $100 million, and annual trading volume of at least three million shares
  • FINRA also has further defined and clarified what constitutes underwriting compensation, which is a welcome addition to the rule.

At 681 pages, the full scope and detail of the changes to Rule 5110 cannot be covered in one article. Stay tuned in the coming months for further pieces regarding the proposed amendments and industry commentary.

Read More >

Ross Marlin

Ross Marlin
Associate Director

SEC Urges Firms Not to Shortchange Compliance

In an April 29, 2019 speech, the Director of the Office of Compliance Inspections and Examinations, Peter Driscoll, stressed the importance of devoting adequate resources to compliance. Mr. Driscoll said: “We cannot underscore enough a firm’s continued need to assess whether its compliance program has adequate resources to support its compliance function….we are concerned when we hear directly from industry participants and read press reports that compliance resources and budgets are being cut or are not keeping up with firms’ risk profiles.” He also stressed that compliance plays a critical role in the success of a firm’s overall business, by protecting the trust of clients, investors, and customers.

Read more >

To learn more about how SDDco can help strengthen your firm’s compliance program, click here .


Bob Fortino

Bob Fortino
Managing Partner

Cannabis Companies Can Now Participate in 401(k) Plans

The 2018 Farm Bill, signed into law by President Trump, has removed hemp from the Controlled Substance Act and classifies hemp as an agricultural product. This removal allows cannabis companies to offer its employees access to 401(k) plans. However, retirement plan providers are rightfully concerned that they are dealing with “traffickers”. This concern exists even though the “…United States Attorney General is on record with the stated intent to refrain from pursuing trafficking prosecutions against otherwise legally-operating cannabis companies.”

Read More >


Casey Muller

Casey Muller
Director of Legal & Internal Compliance

“Ok, Google: What is ‘General Data Protection Regulation’?”

Ireland’s Data Protection Commission (DPC), a national data protection authority, is taking the lead on investigating Google’s compliance with European Privacy rules in accordance with the General Data Protection Regulation (GDPR). Google, as one of the most recognizable brands in the world, is an easy target for early GDPR investigations and an effective approach to raising awareness of Europe’s new data rules. However, it is important to remember that the US-based search giant isn’t being investigated merely because of their global presence. Instead, the only relevant factor that determines a company’s need for GDPR compliance is whether it handles Personally Identifiable Information (PII) belonging to EU citizens.

Read more >


Keep a look out for us at upcoming conferences!

NSCP National Conference

NSCP National Conference

Baltimore, MD | Oct 21-23, 2019

Register Now:

FINRA Small Firm Conference

FINRA Small Firm Conference

Santa Monica, CA | Oct 23-24, 2019

Register Now:

SDDco Group makes this general information available for educational purposes only, the contents of which were not originated from SDDco. SDDco is not affiliated with any of the publishing persons or entities of the articles herein. The information provided should not be construed as legal advice. This email may constitute an advertisement under U.S. law. | | (212) 751.4422