Improving Examination Results - May 2006

May 2006

In a continuing effort to assist member firms' compliance efforts, NASD is issuing this regular communication, "Improving Examination Results." This document has two sections: "Examination Priorities" and "Frequently Found Violations," both of which relate to NASD's routine examinations of firms. While each firm must establish its own compliance programs and supervisory procedures, members have commented that it is very helpful to them when we share our overall priorities. This permits firms to focus their efforts on issues that are particularly timely and better prepare for regulatory examinations. This document, therefore, alerts firms to some of the higher priority areas where we often see recurring problems and offers some practical guidance on how to avoid common pitfalls. NASD may, of course, examine topical areas in addition to those highlighted in this communication.

Examination Priorities

NASD has identified the following areas of particular importance to the examination program.

Variable Insurance Products

The complexity of variable insurance products coupled with numerous sales practice violations and supervisory failures continue to make this area a priority in overselling of enhanced riders, supervision of hypothetical illustrations, variable annuities offered within qualified plans, appropriateness of multiple contracts per client, supervisory systems, procedures regarding contract delivery, and secondary market activity for both variable annuities and variable universal life insurance. Examiners will also review contract financing which includes the use of free withdrawals to fund additional contracts. View our Notice to Members 99-35: "The NASD Reminds Members Of Their Responsibilities Regarding The Sales Of Variable Annuities" and Notice to Members 00-44: "The NASD Reminds Members Of Their Responsibilities Regarding the Sale of Variable Life Insurance."

Mutual Fund Share Sales Practices

Mutual funds offer various share classes that contain differing fee structures. Member firms that recommend a specific share class, such as A, B or C, should have conducted an analysis of the effects of the fee structure on the investor's return and to recommend the share class that is most appropriate for the customer. NASD also expects that member firms have adequate supervisory procedures and controls relative to breakpoints and sales charge waivers to ensure that investors are charged the correct sales loads on mutual fund transactions. Examiners review mutual fund transactions to determine if recommendations of specific share classes are suitable and to determine if customers received the appropriate sales charge. View Notice to Members 02-85 and 03-47 for more important information about breakpoints.

Anti-Money Laundering

The PATRIOT Act requires that member firms have procedures to prevent and detect money laundering and terrorist financing. All member firms must have established anti-money laundering compliance programs, identified an AML compliance person to NASD, initiated procedures to detect and report any suspicious activity through a SAR-SF, and established a written Customer Identification Program (CIP). Effective March 2006, NASD amended Rule 3011 to establish a specific timeframe for the ongoing testing of each firm's AML Compliance Program. NASD also issued two IMs to 3011, one that defines what constitutes an independent test and one that requires member firms to verify their AML Compliance Officer contact information in the NASD Contact System (NCS) each quarter. It is essential that the information provided in NCS is accurate, since this information is used by the Financial Crimes Enforcement Network to send requests for customer account information pursuant to Section 314(a) of the USA PATRIOT Act. Anti-money laundering remains an examination priority. View our AML Issue Center Web page for more detailed guidance, including an AML Small Firm Template.

Electronic Communications

Before employing electronic storage media, member firms are required to notify in writing their Designated Examining Authority. Our examiners will focus on the filing of the required notification with NASD, and will continue to review to ensure that the use of electronic storage media by member firms to maintain and preserve required records meets the requirements of SEC Rule 17a-4(f).

Branch Office Sales Practices

NASD examinations of member firm branch offices will continue to be a priority in 2006. Risk assessment that focuses on sales practices and other factors help us identify branch offices as warranting an examination. Additionally, the examinations will focus on the supervision of the activities of the associated persons operating out of the branch office.

Sales Seminars

Member firm seminar presentations must adhere to the content standards of NASD Rule 2210, which generally prohibits false, misleading or exaggerated statements or claims. Additionally, sales materials of any kind used in connection with a seminar (including advertisements, invitations, scripts and outlines) must be approved prior to use and in writing by a registered principal. Such material may also be subject to filing with the NASD Advertising Regulation Department depending upon its content, and the products referenced.

In addition to the requirements of Rule 2210, members must supervise the seminar activities of their representatives in accordance with Rule 3010. Such supervision is particularly critical where representatives are permitted to make extemporaneous presentations, e.g., in connection with question and answers from the audience, or where a representative does not rely upon a detailed script or outline. In such instances, members need to have a process in place for monitoring how the representative is communicating and ensuring that he or she is complying with the content standards of Rule 2210.

Equity Indexed Annuities

Equity-indexed annuities (EIAs) are financial instruments in which the issuer, usually an insurance company, guarantees a stated interest rate and some protection from loss of principal, and provides an opportunity to earn additional interest based on the performance of a securities market index. NASD is concerned about the manner in which associated persons are marketing and selling unregistered EIAs, and the potential absence of adequate supervision of these sales practices. Examiners will focus on supervisory procedures with respect to registered representatives offering unregistered Equity Indexed Annuities. In addition examiners will look at the suitability and supervision of variable annuity distributions, exchanges and replacements, the proceeds of which were used to purchase Equity Indexed Annuities. View Notice to Members 05-50 for more information about Equity Indexed Annuities.

Private Securities Transactions

NASD expects firms to understand the nature of NASD Rule 3040, which requires any person associated with a member firm who participates in a private securities transaction to provide written notice, prior to participating in the transaction, to the employing member firm. The written notice must describe in detail the proposed transaction and the associated person's role in the transaction. NASD also expects that once a firm approves the transaction, it must be recorded on the firm's books and records and supervised as if it were a transaction executed by the firm itself. Examiners will review whether the firm has received written notice of the transaction and approved such transaction, and will be closely monitoring the firm's actions in supervising the activity as if it were a transaction of the firm.

Regulation S-P

Regulation S-P addresses the sharing, protection and disposal of consumer information. Electronic communications between member firms and their customers continues to increase; technologies are changing, and opt-out provisions regarding information sharing are still in place. Recent incidents of online security breaches further underscore the importance of adequate safeguards. Regulation S-P continues to be a focus of review by examiners.

Heightened Supervision and Supervisory Controls

Regulators will continue to focus on member firm supervisory systems and procedures pertaining to heightened supervision for representatives with a number of sales practice disclosures in CRD. Our examiners are also scrutinizing the adequacy of supervision of producing branch managers and attendant conflicts, with particular emphasis on the new supervisory control provisions in Rules 3010 and 3012. View Notice to Members 04-71 for additional information. Examiners will be assessing the adequacy of regulated firms' supervision and supervisory controls.

New Products and Non-Conventional Instruments

NASD is focused on the number and nature of increasingly complex products that are being introduced to the market and geared toward retail investors. These new products raise suitability and supervisory concerns. Examiners will review the adequacy of firm due diligence procedures for reviewing and analyzing new products. In addition, examiners will review for policies that address the need to perform a product-level suitability analysis, customer-specific suitability analysis, ensure that promotional materials are fair, accurate, and balanced, implement adequate internal controls, and provide training to registered representatives selling the products.

Broker-Dealer Self and Affiliate Offerings

In order to raise capital, brokerage firms sometimes sell their own securities, or those of an affiliate. Such broker-dealer self-offerings can take the form of registered public offerings or private placements. NASD has noted numerous areas of regulatory concern with some broker-dealer self and affiliate offerings. It is important to note that offers to sell securities in a public offering must be registered with the SEC or meet an exemption from registration. NASD will monitor for those firms conducting self and/or affiliate offerings for compliance with SEC registration rules. NASD will also review offering documentation for fraudulent and misleading statements and material omissions, as well as the nature of the offering and the use of the proceeds.

Real Estate Investment Trusts

Member firm activities with respect to Real Estate Investment Trusts (REIT) will be an area of focus for NASD in 2006. NASD will review the information contained in REIT offering documents versus what is being told to customers by associated persons selling these securities for any indications of misrepresentations or omissions of material facts, and will also look to determine whether customers received volume discounts when applicable. Examinations will also focus on cash and non-cash compensation arrangements for compliance with NASD Rule 2810.

Regulation SHO

Regulation SHO was effective January 3, 2005. The rule addresses: the marking of orders as long, short or short exempt; outlines the locate requirements for short sales of securities; and, imposes close out or pre-borrow requirements for short sales of threshold securities. Since this regulation is in an area where market abuses have been known to occur, our examiners review for compliance with all aspects of the rule.

Frequently Found Violations Update

Municipal Trade Reporting (MSRB Rule G-14)

Violation: MRSB Rule G-14 requires municipal securities brokers and dealers to report their municipal securities transactions accurately and on time. Effective January 31, 2005, the time was reduced to within 15 minutes of trade execution for most types of transactions. Municipal transactions may be reported to the MSRB Real Time Reporting System ("RTRS") through three portals: (a) the message based trade input RTRS Portal operated by National Securities Clearing Corporation ("NSCC") may be used to report any trade submission or modification; (b) the RTRS Web-based Portal operated by the MSRB may be used for low volume transaction submissions and for modifications of trade records, but cannot be used for submitting or modifying inter-dealer transaction data used in the comparison process; and (c) the NSCC Real Time Trade Matching ("RTTM") Web-based trade input method may be used only for submitting or modifying data with respect to inter-dealer transactions eligible for comparison. We have been finding that firms are not reporting municipal trades within the first 15 minutes.

While a firm may utilize an agent, such as its clearing firm, to submit the data to RTRS, the firm remains responsible for the accuracy and timeliness of those reports submitted on its behalf.

Each municipal securities broker or dealer must obtain a unique broker symbol from NASD to identify its transactions for reporting purposes. Also, all firms must file a Form RTRS with MSRB which identifies the manner in which its trades will be reported, the broker symbol used by the firm, the identity of the firm's submitter (i.e., clearing firm and/or service bureau), information on firm personnel who can be contacted if there are problems in the submissions, and information for system testing. Importantly, Form RTRS also allows firms to select a method of real-time error feedback on their transaction submissions so that corrections may be made as soon as possible. The Form RTRS must be kept up-to-date with amended filings should any of the information change.

Why this is important:Information submitted to MSRB on inter-dealer and customer transactions is publicly disseminated by the MSRB almost immediately after the transactions are reported. Investors and dealers in municipal securities rely on the accurate and timely dissemination of transaction information to provide much-needed price transparency, and facilitates a dealer's ability to price municipal securities fairly to comply with MSRB Rule G-30, and provides investors with a tool for making an informed investment decision.

The solution:Firms can use the real-time error feedback provided by the MSRB to follow up on inaccurate transaction reports, determine the cause of those errors, and correct systems or procedures as necessary. This feedback is provided via e-mail, RTRS Web, or interactive messaging. In addition, firms may access monthly reports of their performance statistics via RTRS Web. There is no charge for either real-time feedback or the monthly reports. Only one authorized person per firm may receive the information, which can then be disseminated to the appropriate departments throughout the firm. Please see MSRB Notice 2005-56 for more information.

Questions about Form RTRS, methods of error feedback, and the monthly performance statistics reports may be directed to MSRB's Transaction Reporting Department at (703) 797-6600.

Supervisory Controls Rule

Violation: Rule 3012 became effective on January 31, 2005 and requires members to: (a) have supervisory control procedures that test and verify the member's supervisory procedures, and (b) where necessary, amend or create additional supervisory procedures. Designated principals submit to the member firm's senior management, no less than annually, a report detailing each member's system of supervisory controls, the summary of test results and significant identified exceptions, and any amended supervisory procedures created in response to the test results.

Furthermore, member firms are required to establish, maintain, and enforce written supervisory control policies and procedures that are designed to:

(A) review and supervise customer account activity conducted by branch office managers and individuals serving similar functions, and that a person senior to or independent of the manager must conduct the review;

(B) review and monitor (i) all transmittals of funds (including wires or checks) or securities from member firm customers to third party accounts or outside accounts, (ii) customer changes of address and the validation of such changes of address, and (iii) customer changes of investment objectives; and

(C) provide heightened supervision over the activities of each producing manager who is responsible for generating 20% or more of the revenue of the business units supervised by the producing manager's supervisor.

Examiners have found that members fail to have adequate procedures or fail to implement the procedures. Rule 3012 was amended on February 14, 2006 to include a requirement for firms claiming the "limited size and resource" exemption to notify NASD electronically of such claims of exemption from the Rule within 30 days of the date of the reliance on such an exemption. Prior to this, member firms were required to keep written documentation of the factors used to determine that the firm was eligible for the exemption.

Why this is important: This rule was created to safeguard against operational and sales practice abuses that can stem from ineffective supervisory and supervisory controls procedures. Two areas of focus that this rule addresses are lack of supervision over producing branch managers and misappropriation of customer funds by the firm's employees. Failure to implement the requirements of Rule 3012 could leave a firm vulnerable to sales practice issues generated within branches managed by producing branch managers who, based on his or her own sales activities may not have the time or resources to adequately supervise the activities occurring within the branch office. Concerning potential misappropriation of customer funds, the rule targets three "red flags" or indicators that such activity may be occurring, including: (1) changes in customer addresses, (2) reviews of third party transfers of cash or securities, and (3) changes in customer investment objectives. Failure to create, implement and enforce procedures covering these areas could harm customers and expose the firm to potential misappropriation of customer funds by firm employees.

The solution: Each member firm, regardless of size or business type, must establish, maintain, and enforce a system of supervisory control policies and procedures that test and verify the firm's policies and procedures. Firms must ensure that a person senior or "otherwise independent" to producing branch managers are performing the day-to-day supervisory reviews of the producing branch managers' activities. In the instance where a firm is relying on the "limited size and resource" exemption, firms must file notification within 30 days of reliance on an exemption. A determination must be made as to whether heightened supervision over the firm's branch managers is required. Finally, firms must ensure that the procedures related to preventing and detecting misappropriation of customer funds are adequate. Annually, the firm's designated principals must submit a report detailing the firm's system, test results, exceptions noted, as well as any additional or amended supervisory procedures created in response to the test results.

Provision of Information and Testimony and Inspection and Copying of Books (NASD Procedural Rule 8210)

Violation:Members or persons associated with a member are failing to provide the information or testimony or to permit an inspection and copying of books, records, or accounts pursuant to NASD Procedural Rule 8210.

Why this is important:The failure to provide requested information or to allow necessary inspections may adversely impact or hinder an investigation, complaint, examination, or proceeding authorized by the NASD By-Laws or Rules.

The solution: To comply with Rule 8210 each member or person associated with a member must provide NASD information orally or in writing and allow for the inspection and/or copying of books, records, and accounts of the member or person, by the deadline given by NASD. Failure to comply with Rule 8210 may result in either formal or informal disciplinary actions.

Written Supervisory Procedures (NASD Conduct Rule 3010)

Violation: Members are required to establish, maintain and enforce an adequate supervisory system. The supervisory system will be composed of many different elements, both objective, such as regular reviews of specific areas of activity, and subjective, including placing competent, qualified, and experienced individuals in supervisory roles. Written supervisory procedures document the supervisory system that the member has established.

NASD examiners sometimes encounter firms with procedures that do not include a description of the controls and procedures actually used by a firm to reasonably detect and prevent misconduct, but instead merely recite the rule requirements or firm policies.

Why this is important: Without an adequate supervisory system firms will not be able to properly supervise the business of their firms, supervise their associated persons, or be able to achieve compliance with applicable securities laws and rules. Having adequate written supervisory procedures will allow a firm to properly supervise its registered representatives, and support training of registered representatives so that they are aware of the firm's procedures and compliance responsibilities.

The solution:Members must have written supervisory procedures that adequately address all activities in which the firm engages and that adequately describe what the firm will do to supervise the activity. A firm's written supervisory procedures would clearly state (i) who: the identification of the principal responsible for conducting the subject procedure; (ii) what: a description of the specific procedure that is to be conducted by the supervisor; (iii) when: a statement as to when or how often the specific procedure is to be conducted; and (iv) how: a statement as to how the firm will evidence the fact that the procedure has been conducted.

For example, though not required by the rule, a firm may decide to include in its supervisory system elements such as automated exception reports and surveillance programs that monitor for unusual trading activity in customer accounts. The firm's procedures would identify the supervisor who will monitor these reports, instruct the supervisor on which reports produced by the surveillance system the supervisor is to review, including a description of how often these reports would be reviewed, the steps to be taken if suspicious activity is discovered, and how to document the supervisor's oversight activities.

Members may avail themselves of a number of resources available on NASD's Web site that serve as job aids and tools to assist with compliance responsibilities. For example, templates, frequently asked questions with answers, web pages dedicated to specific regulatory topics, Notices to Members, and transcripts of educational preventive compliance workshops, and more, are available as resources for members. While there are a number of resources on NASD's Web site, we are providing a direct link to Notice to Members 99-45 considering that members frequently cite this Notice as highly valuable on the topic of supervision and compliance.

Business Continuity Planning

Violation: Rule 3510 requires each member to create and maintain a business continuity plan and enumerates certain requirements that each plan must address. The Rule further requires members to update their business continuity plans upon any material change and, at a minimum, to conduct an annual review of their plans. Each member also must disclose to its customers how its business continuity plan addresses the possibility of a future significant business disruption and how the member plans to respond to events of varying scope. Rule 3520 requires members to designate two emergency contact persons and provide this information to NASD via electronic process. It has been noted that many firms have either failed to prepare an adequate business continuity plan, failed to update the plan as necessary, or have failed to designate qualified emergency contact persons.

Why this is important:Rule 3510 has been effective since August 11, 2004 for clearing firms and since September 10, 2004 for introducing firms. Rule 3520 has been effective since June 14, 2004. In addition, failure to have an adequate and current plan could leave a firm vulnerable in the event that the firm faces an emergency or significant business disruption.

The solution: Each member firm, regardless of size or business type, must develop a business continuity plan reasonably designed to enable it to meet its existing obligations to customers. The plan must, at a minimum, address the ten elements listed in the rule. Additionally, the plan must be updated to address any significant changes to the member's business, operations, structure and/or location. The plan must be approved by an appropriate member of senior management who is registered principal. Members must also designate two emergency contact persons who are registered as principals and must communicate the names of the contact persons to NASD via the NASD Contact System. Further information regarding these rules, including applicable Notice-to-Members, Frequently Asked Questions and a Small Firm Template, can be found at our online Issue Center at Business Continuity Planning.

Registration Requirements

Violation:Article IV, Section 1 of the NASD By-Laws, Article V, Section 2 of the NASD By-Laws, and Article V, Section 3 of the NASD By-Laws require member firms to maintain accurate registration information including outside business affiliations on all forms filed with the NASD's Central Registration Depository (CRD). This includes, but is not limited to accurate and timely filings of Form U4, Form U5, and Form BD. It also requires firms to disclose various changes in business such as the type of business it is approved to conduct, branch offices, and certain disclosable events that occurred while a person was associated with the firm. Members frequently fail to update this information within thirty (30) days as prescribed by the rule.

Why this is important:If this information is not kept current or properly disclosed, NASD may not have current regulatory information on the status of current and previous associated persons. Moreover, accurate and current information about firms helps NASD better assess whether, for example, firms are in compliance with membership agreements. Similarly, in conducting risk assessments, focusing examinations, and planning examination schedules, NASD considers information about the firm that is contained in various regulatory filings.

The solution: All members are required to keep their registration information up to date. All information, with regard to hiring status of associated persons, branch offices, and approved business practices, must be submitted and updated in a timely fashion. For more information about monitoring for compliance with registration and disclosure requirements, please see our online Web CRD Late Filing Fee Report. This report shows whether a firm submitted U4 and U5 filings in the required time frame. Provided on a monthly basis, the report assists in assessing and monitoring compliance with reporting obligations under NASD's by-laws and rules. The report allows member firms to download report data directly into Microsoft Excel and receive automatic notifications when updated reports are available.

Anti-Money Laundering (NASD Rule 3011)

Violation:NASD Rule 3011 requires member firms to develop and implement a written anti-money laundering program reasonably designed to achieve and monitor the member's compliance with the requirements of the Bank Secrecy Act (31 USC 5311 et seq) and the implementing regulations promulgated thereunder. Effective, October 1, 2003, member firms were required to have in place a written Customer Identification Program (CIP). Examiners continue to review AML supervisory systems to ensure that firms have implemented an adequate CIP to verify the identity of all customers who open accounts. Frequently found violations suggest that firms failed to establish, document, and maintain a written CIP.

Why this is important:An effective CIP is essential for effective anti-money laundering programs. Adequate CIP's provide for a firm to form a reasonable belief that it knows the true identity of a customer.

The solution: Establish, document and maintain an effective written CIP tailored to your firm's size and business. At a minimum, the CIP must include procedures for the following: (a) specifying the identifying information that will be obtained from each customer; (b) verifying the identity of each customer using the required information within a reasonable time before or after the customer's account is opened, (c) describing the documents that the firm will use for verification as well as non-documentary methods the firm will use for verification; (d) risk-based procedures for verifying the identity of each customer to the extent reasonable and practicable; and (e) procedures addressing situations where based on the firm's risk assessment of a new account by a customer that is not an individual, the firm will obtain information about individuals with authority or control over such account. Additionally, the CIP must include procedures addressing record retention, comparison with government lists, and customer notice.

For more information about AML, please see our online Issue Center page for Anti-Money Laundering.