SDDco Perspective Newsletter

Aug 6, 2019  |  Vol 11. Edition 1

Dear SDDco Clients and Colleagues: Our SDDco Perspective includes industry news, guidance, regulatory rule updates, deadlines, and other timely matters impacting brokers, advisors, fintech firms, taxpayers, investors, and their service professionals. The SDDco Perspective is made available on our website monthly at


Bryon Lyons

Bryon Lyons
CEO, SDDco Brokerage Advisors LLC

Department of Homeland Security Updates EB-5 Investor and Regional Center Rules

Department of Homeland Security (“DHS”) issued on July 24, 2019 the EB-5 Immigrant Investor Program Modernization final rule, to be effective November 21, 2019. The headline changes to the EB-5 program, which allows potential immigrants to make job producing investments in America in exchange for a pathway to a Green Card, include an increase in the standard minimum investment amount from $1MM to $1.8MM. Additionally, for EB-5 immigrant investments made into a targeted employment area (“TEA”), which was defined as any city or town with a population of 20,000 or more, the minimum investment amount has been raised to $900k, up from $500k. The TEA definition has been modified to provide that only cities and towns with a population of 20,000 or more outside of metropolitan statistical areas (“MSAs”) may qualify as a TEA.

The final rule also sets the schedule for regular Consumer Price Index for All Urban Consumers (“CPI-U”)-based adjustments in the standard minimum investment amount, and conforming adjustments to the TEA minimum investment amount, every 5 years, beginning 5 years from the November 21, 2019 effective date.

EB-5 Immigrant Investor Program Modernization – Final Rule
Immigrant Investors to Pay at Least $900,000 for Green Cards – Bloomberg Law

FINRA Asks Firms in Regulatory Notice to Continue Digital Asset Conversation

On July 18, 2019, the Financial Industry Regulatory Authority (“FINRA”) issued Regulatory Notice 19-24 Digital Assets, which encourages member firms to notify FINRA if they engage in (or plan to engage in) any activities related to digital assets, be they cryptocurrencies or other virtual coins or tokens, whether ICOs or pre-ICOs. On July 8, 2019, the SEC and FINRA issued a Joint Statement on the custody of digital assets that articulated the regulators’ concerns surrounding broker dealer customer protection rule obligations. In 2018, FINRA issued a similar regulatory notice asking member firms to promptly notify their Regulatory Coordinator of any involvement by a firm, its associated persons, or affiliates in the digital asset space. The 2018 notice asked that communication between member firms and FINRA be ongoing through July 31, 2019. FINRA Regulatory Notice 19-24 extends that date to July 31, 2020.

FINRA Regulatory Notice 18-20 Digital Assets
FINRA Regulatory Notice 19-24 Digital Assets
SEC – FINRA Joint Statement on Broker-Dealer Custody of Digital Asset Securities


Erin Furtado

Erin Furtado
Head of Marketing

Think you’re safe from cyber-attacks on your summer vacation? Think again.

Many of those in the financial industry have the means to take luxury vacations all over the world, all year round, with August being among the high seasons. Before you decide to rent that yacht for a week in The French Riviera, Amalfi Coast, Greek Islands or anywhere else in the world be aware that cyber criminals have gone to the extent of accessing smart devices belonging to the passengers on yachts, accessing their accounts and demanding payment. Always follow tips when vacationing so you do not fall victim to a cyber-attack:

  • Keep smart devices up-to-date, by applying security patches
  • Change passwords often, using strong and complex combinations
  • Don’t bring smart devices from home to work unless you have permission and speak to your IT department to ensure the device is safe
  • Stay educated on new cyberattack trends

Cyber Security Video

According to The IMF, Global Central Banks Will Issue Digital Currencies

The International Monetary Fund (IMF) issued a statement predicting global central banks will issue digital currencies sometime in the future. While Sweden, China, Uruguay, Ukraine and Russia are currently testing digital systems, the IMF might start to jump on this trend themselves. The IMF and World Bank conducted a survey and discovered many more central banks would probably introduce their own digital currencies in some form. It is a natural evolution as most economies are gradually going cashless.

Read More >


  • Become compliant with all state and federal requirements including FINRA, NYDFS, SEC, etc.
  • Infrastructure Testing including Penetration Testing
  • Customized and Tested Policies and Procedures
  • Fully Managed Incident Response Coverage
  • Data Security Training
  • Vendor Due Diligence
  • Risk Assessments

Cybersecurity graphic

Speak with an SDDco consultant about how we can help you navigate the nuances of armoring your firm through SDDco Cyber.


Gary Fox

Gary Fox

Protecting Your Client’s PII – The SEC Issues Findings, and Warnings

In April of 2019, the SEC’s Office of Compliance Inspections and Examinations (OCIE) issued a risk alert highlighting common Regulation S-P deficiencies found in their examinations of broker-dealers and registered investment advisers. Those issues were very similar, if not identical, to issues highlighted by OCIE in other recent risk alerts. Going by the old adage of “People don’t tell you things that they want you to forget”, this recent risk alert should put any firm subject to Regulation S-P on notice that they should review their firm’s procedures and business practices to ensure they aren’t deficient in these areas.

Here are some of the findings OCIE highlighted:

Privacy and Opt-Out Notices:

  • OCIE staff observed registrants that did not provide Initial Privacy Notices, Annual Privacy Notices and Opt-Out Notices to their customers.
  • OCIE also found that when such notices were provided to customers, the notices did not accurately reflect firms’ policies and procedures.

Policies not implemented or not reasonably designed to safeguard customer records and information with regards to the following areas:

  • Personal devices
  • Electronic communications
  • Unsecure networks
  • Outside vendors
  • PII inventory
  • Incident response plans
  • Unsecure physical locations
  • Login credentials
  • Departed employees

The SDDco Group can help you and your firm review and enhance your compliance program to address these areas with our Cybersecurity service. Contact me ( for further details about our support.

Read More >

Ross Marlin

Ross Marlin
Associate Director

SEC Issues Risk Alert on Cloud Data Storage Security

The SEC’s Office of Compliance, Inspections and Examinations (OCIE) has issued a Risk Alert warning firms to monitor and supervise third-party cloud providers that house their regulatory data.

The Risk Alert highlights three primary risk factors associated with cloud-based storage of customer information:

  • Misconfigured Network Storage Solutions
  • Inadequate Oversight of Vendor-Provided Network Storage Solutions; and
  • Insufficient Data Classification Policies and Procedures

The Risk Alert also notes that failure to properly address these security concerns could raise compliance issues under the Safeguards Rule of Regulation S-P and the Identity Theft Red Flags Rule of Regulation S-ID.

Read more >

To learn more about how SDDco can help strengthen your firm’s compliance program, click here.


Bob Fortino

Bob Fortino
Managing Partner

SEC Formalizes Relief for Certain Captive Broker-Dealers by Adopting Single Issuer Exemption

The SEC has adopted rules that allow a broker-dealer, which acts as an agent for only one issuer, to be exempt from the requirement for an annual independent audit by a PCAOB approved audit firm. The SEC believes that this exemption will be mostly used by “captive” or affiliated broker-dealers where the issuer will have sufficient information about the broker-dealer’s activities. There is no requirement for the issuer and broker-dealer to be affiliates, but affiliates are the firms most likely to qualify for this exemption.

Read More >


Casey Muller

Casey Muller
Director of Legal & Internal Compliance

Judicial Opinion isn’t Always Crystal Clear

Did you know that, per a 2008 Supreme Court ruling in Stoneridge Investment Partners, LLC v. Scientific-Atlanta, Inc., a plaintiff in a private securities action, including class action suits, may only bring a rule 10b-5 securities fraud claim against primary actors (with primary liability) and not against an aider and abettor? However, the government (i.e. the SEC) is able to assert a 10b-5 claim against either type of defendant. While this concept may be surprising, at least it’s fairly straight forward… or so we thought. SCOTUS seems to have muddied those waters with its most recent decision in Lorenzo v. Securities and Exchange Commission.

Read more >


Elizabeth Drivas

Elizabeth Drivas
Business Consultant, Paychex

What Do I Do When I Hire a New Employee?

Employers must report the following information for each newly hired or rehired employee within 20 calendar days of the hiring date (if an employer reports electronically, it must submit two monthly reports—if needed—between 12 and 16 days apart):

  • Employee name (first, middle initial, last), address (street, city, state, and ZIP code), Social Security number, and hire date.
  • Employer name, address (street, city, state, and ZIP code), and identification number (assigned by the IRS).
  • Whether dependent health insurance benefits are available to the employee and if so, the date the employee qualifies for the benefits.

Employers required to report to New York State (and multistate employers who designate New York as their reporting state) should use one of the methods below to submit the new hire information:

Click here if you want to avoid this process completely or reach out to our dedicated Paychex representative Elizabeth Drivas at (646) 228-5529.


Keep a look out for us at upcoming conferences!

NSCP National Conference

NSCP National Conference

Baltimore, MD | Oct 21-23, 2019

Register Now:

FINRA Small Firm Conference

Santa Monica, CA | Oct 23-24, 2019

Register Now:

SDDco Group makes this general information available for educational purposes only, the contents of which were not originated from SDDco. SDDco is not affiliated with any of the publishing persons or entities of the articles herein. The information provided should not be construed as legal advice. This email may constitute an advertisement under U.S. law. | | (212) 751.4422