Subscribe to our mailing list

* indicates required







We seek to provide information, insights and direction that may enable the Financial Community to effectively and efficiently operate in a regulatory risk-free environment by curating content from all over the web.


Stay Informed with the latest fanancialish news.




Regulatory Sanctions

Bank B/D Subsidiary Flubs its Customer Privacy Notices – So Where’s the Project Manager

December 28, 2018

by Howard  Haykin


It’s really quite common. Two related financial institutions – one a parent, the other a subsidiary – have similar Regulation S-P notification requirements. There’s confusion as to who is doing what and who is sending which notices. As a result, some notices aren’t sent out, while others are incomplete. Perhaps all that was needed was a qualified project manager.


A Lowell, AR-based broker-dealer agreed to pay a $150K fine, and to certify that it has addressed and corrected its deficient policies, procedures and internal controls, to settle FINRA charges that it failed to provide initial and annual privacy notices to certain brokerage customers, pursuant to Regulation S-P.


The firm, Arvest Wealth Management, is a subsidiary of Arvest Bank that provides brokerage services to retail customers, including the sale of corporate equity and debt securities, mutual funds, government securities, municipal securities, annuities, options, and private placements. A FINRA member since 1997, Arvest had 237 registered persons operating out of 143 branch offices as of April 2018.


ARVEST FAILED TO PROVIDE REQUIRED PRIVACY NOTICES.    FINRA defined the broker-dealer’s regulatory failures into 3 categories:


►    Between January 2009 and December 2014, Arvest arranged for one of its 2 clearing firms to send an initial privacy notice to its brokerage customers but failed to provide the notice to its 2nd clearing firm. As a result, some 940 new brokerage customers never received an initial privacy notice.


►    Between January 2009 and December 2013, some 146,000 brokerage customers (who were also Arvest Bank customer) received annual privacy notices. However, …

  • Those notices, created for and distributed to Arvest Bank customers, did not meet the requirements of a "joint notice" under Regulation S-P – i.e., they didn’t include the required references to the broker-dealer.
  • Arvest failed to provide annual privacy notices to some 34,400 customers who did not have a relationship with Arvest Bank.


►    Beginning in December 2014, Arvest attempted to correct its privacy notice failures by providing all of its brokerage customers with an Arvest Bank privacy notice for both initial and annual privacy notice purposes. However …

  • These notices were not compliant as a "joint notice" because they too failed to include required references to the broker-dealer.
  • As a result, some 14,400 initial notices and 68,000 annual notices were not compliant with Regulation S-P.


Based on the above delivery issues, Arvest violated Rules 4 and 5 of SEC Regulation S-P and FINRA Rule 2010.
For its failure to reasonably supervise the delivery of the privacy notices, Arvest violated NASD Rule 3010(a)(2) and (b)(1), and FINRA Rules 3110(a)(2), (b)(1), and 2010.



This case was reported in FINRA Disciplinary Actions for July 2018.

For details the case, go to ...  FINRA Disciplinary Actions Online, and refer to Case #2014042979701.