Guidance Regarding Rule 3012(a)(1) Requirement to Test and Verify a Member's Supervisory Policies and Procedures
GUIDANCE
Supervisory Controls
SUGGESTED ROUTING |
KEY TOPICS |
Legal & Compliance |
Institutional Securities Activities Rule 3012 (Supervisory Control System) Rule 3010 (Supervision) Supervisory Control Procedures Written Supervisory Procedures |
Executive Summary
On September 30, 2004, the Securities and Exchange Commission (SEC) approved NASD's Supervisory Control Amendments in their final form. These amendments became effective on January 31, 2005. A fundamental element of the Supervisory Control Amendments is new Rule 3012 (Supervisory Control System). Rule 3012(a)(1) requires a member to designate one or more principals who will establish, maintain, and enforce a system of supervisory control policies and procedures that tests and verifies that a member's supervisory procedures are reasonably designed to comply with applicable securities laws and regulations, and with applicable NASD rules, and to amend those supervisory procedures when the testing and verification demonstrate a need to do so. In response to requests for guidance on the subject, NASD is issuing this Notice to provide members with guidelines members may use to comply with Rule 3012(a)(1).
Questions/Further Information
Questions or comments concerning this Notice may be directed to Patricia Albrecht, Assistant General Counsel, Office of General Counsel, Regulatory Policy and Oversight, at (202) 728-8026.
Background
On September 30, 2004, the SEC approved the Supervisory Control Amendments in their final form.1 The amendments became effective on January 31, 2005.2 Although NASD has previously provided members with detailed guidance regarding the general application of the Supervisory Control Amendments,3 members have continued to request specific guidance regarding compliance with Rule 3012's (Supervisory Control System) requirement that members test and verify the adequacy of their supervisory procedures.4 Accordingly, NASD is issuing this Notice to provide members with guidelines to assist in meeting this requirement.
Discussion
Generally, NASD expects members to consider the following guidelines when designing a system of supervisory control policies and procedures that will test and verify that their supervisory procedures are reasonably designed to achieve compliance with the applicable securities laws, regulations, and NASD rules. It is important, however, for members to understand that this guidance is not to be construed as a checklist of steps guaranteed to constitute an adequate supervisory control system or a substitute for the development of a supervisory control system that is tailored to the needs and circumstances of individual member firms. In this regard, this guidance does not constitute a safe harbor and members retain the responsibility to design and implement a supervisory control system that is appropriate for their specific businesses and structures.5
Guidelines for Rule 3012(a)(1)
The first step a member should consider taking when designing its supervisory control system is to conduct an inventory of all of the member's businesses and of the securities laws, regulations, and NASD rules relevant to those businesses.
The member should then analyze the requirements of those applicable laws, regulations, and NASD rules by asking, "what questions do the requirements raise that must be answered?" For example, what conduct is prohibited, compelled, limited, or conditioned? How will the member assure compliance with those requirements? Who at the member firm will be responsible for supervising such conduct, and what are the method and parameters of such supervision?
The member should then analyze its own supplementary internal requirements, if any. Will the member's internal business policies further restrict conduct?
The member should next compare the answers that result from the analysis conducted above to its current supervisory procedures and use that comparison to determine if any gaps or deficiencies in those procedures are evident.
The member should then analyze how to address any identified gaps or deficiencies. To do this, the member should first use the same type of question-based approach outlined above. For example, if the member has entered into one or more new businesses or aspects of an existing business, does that call into question other laws or rules or a different application of such laws and rules? Have laws or rules changed in a manner that renders existing procedures inaccurate, obsolete, or incomplete? Has the member's history with respect to customer complaints, litigations/arbitrations, regulatory inquiries or actions, internal surveillance history and experience, branch office examinations, internal audits, or other reported matters in the media or by the regulators with respect to other broker-dealers raised questions as to the sufficiency of the member's procedures?
The answers resulting from this analysis can be distilled into new or amended supervisory procedures that resolve the identified gaps or deficiencies in the member's supervisory procedures.
Members may notice that some of the steps in creating a supervisory control system mirror the guidance NASD has previously provided to assist members in creating the supervisory system and written supervisory procedures required by Rule 3010 (Supervision).6 This similarity not only is deliberate, it is necessary. One cannot adequately test and verify a set of supervisory procedures without revisiting the initial decisions that were made when the supervisory system and written supervisory procedures were first created. In addition, a member's supervisory system and written supervisory procedures are not static. Instead, they often become outdated or ineffective as a result of changes in the firm's business lines, products, practices, or new or amended securities laws.7 Accordingly, it is in the member's best interest to determine whether its previous answers to the basic questions underpinning its supervisory system continue to apply in light of any changes.
Rule 3012(a)(2)
Rule 3012(a)(2) requires that a member's written supervisory control policies and procedures also include procedures to supervise certain enumerated activities. Specifically, Rule 3012(a)(2) requires procedures for the day-to-day supervisory review of a member's producing managers and the imposition of heightened supervisory procedures for producing managers that meet a certain threshold and the monitoring of certain activities, such as transmittal of funds from or to a customer's accounts, customer changes of address, and/or investment objectives.
Members have raised questions as to the differences, if any, between the terms "written procedures to supervise" (required in Rule 3010) and "written supervisory control policies and procedures" (required in Rule 3012(a)(2)). For purposes of the Rule 3012(a)(1) testing and verification requirement, the term supervisory procedures encompasses both terms. Thus, a member must test and verify (and, if necessary, amend) both types of procedureswritten supervisory control policies and procedures, as well as written procedures to supervisein order to meet the requirements of the rule to "(A) test and verify that the member's supervisory procedures are reasonably designed with respect to the activities of the member and its registered representatives and associated persons, to achieve compliance with applicable securities laws and regulations, and with applicable NASD rules and (B) create additional or amend supervisory procedures where the need is identified by such testing and verification."
1 Exchange Act Release No. 50477 (September 30, 2004), 69 F.R. 59972 (October 6, 2004) (SR-NASD-2004-116).
2Notice to Members (NTM) 04-71 (October 2004).
3See NTM 05-08 (January 2005) and NTM 04-71 (October 2004); see also NASD Supervisory Control Amendments Phone-In Workshop Transcript (December 15, 2004), which is available on the NASD Web site at: www.nasd.com/web/groups/educ_progs/documents/education_phone_workshop/nasdw_012809.pdf.
4Rule 3012(a)(1).
5 Some members have expressed doubt regarding whether a very small member, such as a sole proprietor, may be able to develop an adequate supervisory control system to test and verify whether its supervisory procedures are reasonably designed to comply with the applicable laws, regulations, and NASD rules. NASD does not share this view. A sole proprietor (or other small member) can demonstrate that he has reviewed his supervisory procedures in light of any rule changes or changes in business operations and determined whether his supervisory procedures are adequate or require amending. The guidance in this Notice is applicable to sole proprietorships and other small firms, as well as firms of larger size.
6See NTM 99-45 (June 1999).
7Rule 3012(a)(1) recognizes the changing nature of a member's supervisory system by requiring members to submit, no less than annually, a report detailing each member's system of supervisory controls, the summary of the supervisory controls' test results, and any additional or amended supervisory procedures created in response to the test results.