Interpretive Letter to Jeffrey W. Kilduff, Esq., O'Melveny & Myers, LLP
July 5, 2001
Jeffrey W. Kilduff, Esq.
O'Melveny & Myers, LLP
1650 Tysons Boulevard
McLean, Virginia 22102
Re: | Electronic Signatures: Request for Interpretive Letter NASD Rules 3010(d) and 3110(c)(1)(C) |
Dear Mr. Kilduff:
I am responding to your letter of February 15, 2001 to NASD Regulation, Inc. ("NASD Regulation") which requested interpretive guidance regarding the use by registered principals of the various broker-dealer operations of SunAmerica Financial Network, Inc. ("SunAmerica") of a particular information technology that permits immediate electronic review of new customer accounts, changes to existing customer accounts, order tickets, sales blotters and other supervisory logs requiring principals' review. Specifically, you seek interpretive guidance as to whether the use of electronic signatures through this information technology is in accordance with the provisions of NASD Rules 3010(d) and 3110(c)(1)(C).
Background
As you explained in your letter, SunAmerica and its subsidiary broker-dealers (collectively, "SFNI") would like to allow its Series 24 principals to perform immediate electronic review of registered representatives' activities through SFNI's web-based broker workstation, VISION2020. The purpose of using VISION2020 is to streamline and enable better and faster supervision, both by First Line Supervisors, who are appropriately registered principals, and by appropriately registered principals at the Home Office.
According to your letter, SFNI registered representatives will use VISION2020 to establish all new accounts. After a representative establishes a new account on VISION2020, the representative will have the customer sign the New Account Form and arbitration agreement, which will be forwarded to the Home Office. SFNI registered representatives will also use VISION2020 to make account changes, which will automatically generate a letter to the client for his or her records. In addition, SFNI registered representatives will use VISION2020 to place orders. A First Line Supervisor will have immediate access to details of the order tickets, as well as to the clients' financial information and investment objectives.
In each of these cases, a First Line Supervisor will have immediate access to the information through VISION2020. VISION2020 will alert First Line Supervisors of account changes made by registered representatives. After reviewing the information, a First Line Supervisor will accept, reject, or mark "Pending Clarification" the account or order. A designation of Accept or Reject will constitute final action on the account or order. If a First Line Supervisor marks the account "Pending Clarification," a First Line Supervisor can revisit the account or order (and mark it Accept or Reject) after conducting further review or investigation outside of VISION2020. The Home Office will have access to and will regularly review three reports: (1) Aging Reports, which will identify new accounts or orders that have not been accepted or rejected within 15 days of establishment; (2) Aging Reports, which will identify those marked "Pending Clarification" that have not been acted upon after 15 days; and (3) Rejected Reports, which will identify new accounts, account changes or orders that have been rejected.
First Line Supervisors will also use VISION2020 to review weekly the Supervisory Sales Blotter, which the First Line Supervisor must characterize as either "Reviewed" or "Pending Clarification." The Home Office will have access to and will review reports tracking the First Line Supervisors' progress in reviewing the Blotters.
VISION2020 provides immediate access to any and all required books and records in the formats required by the Securities and Exchange Commission ("SEC") and NASD Regulation. VISION2020 stores all account and transaction information on a secured server, which allows authorized persons immediate access to download, print, or view any documents. First Line Supervisors will affix their electronic signature, date, and time of review to all forms that they store in VISION2020. In addition, electronic trails will be recorded so that the source of every entry can be determined. Stored information is protected by system validations and a multi-server, redundant environment that backs up the data nightly to ensure its integrity.
VISION2020 and SNFI's policies will provide for adequate security and restrictions on access. VISION2020 can only be accessed by authorized users through a secured and encrypted web browser. Managers of Offices of Supervisory Jurisdiction are responsible for approving access to the system for representatives and employees, who will sign a User Agreement and be given User IDs. Even among those who are given unique User IDs, the level of access is restricted by the type of license and registration held by the individual. The User ID can be terminated at will by the Home Office. Supervisory functions are coded into VISION2020 based on the supervisory structure in the office. Users are forbidden from sharing passwords, and VISION2020 instructs users to change their passwords frequently to protect against unauthorized use.
Finally, SNFI's Supervisory Sales Manuals contain all the current written policies and procedures for operating the supervisory components of VISION2020 and for assuring compliance with SEC and NASD rules. SNFI will review and update the manuals periodically to ensure conformance with changes to the policies and procedures.
You have asked that the NASD confirm that the use of VISION2020 in connection with principal review and approval of new customer accounts and the placement of orders is in accordance with the provisions of Rules 3010(d) and 3110(c)(1)(C).
Response
NASD Rule 3010(d) requires that each member establish procedures for the review and endorsement by a registered principal in writing, on an internal record, of all transactions and all correspondence of its registered representatives pertaining to the solicitation or execution of any securities transaction. NASD Rule 3110(c)(1)(C) requires members to maintain, for each customer account opened after January 1, 1991, a signature of the registered representative introducing the account and signature of the member or partner, officer, or manager who accepts the account.
Although NASD Rules do not expressly provide for electronic review and signature, the staff believes that the use of VISION2020 to satisfy the principal approval requirements under NASD Rules 3010(d) and 3110(c)(1)(C) is permissible as long as certain conditions are met. You represent that the following safeguards will apply:
- VISION2020 will allow NASD examining staff immediate access to required records and documents;
- VISION2020 will allow NASD examining staff to download and print hard copies of required records and documents;
- VISION2020 will allow NASD examining staff to review copies of all relevant imaged documents and will provide an audit trail of principals who reviewed the customer accounts and orders;
- VISION2020 will store all required records and documents on a secured server, which will operate in a redundant, multi-server environment to ensure the integrity of the data;
- VISION2020 and SFNI's policies and procedures will allow VISION2020 to be used only by those individuals who have been approved and only at the level of access for which those individuals have been approved;
- VISION2020 can only be viewed through a password protected and encrypted web browser and VISION2020 will instruct users to change their passwords frequently;
- SNFI will maintain current written policies and procedures at each branch office that utilizes VISION2020 that accurately describe the system, its safeguards and its operating procedures; and
- SNFI will review periodically the policies, procedures, and operations to ensure conformance with changes and enhancements in policies and procedures.
In addition, based on the SEC's recently issued interpretive guidance on the Electronic Signatures in Global and National Commerce Act,1 the staff believes that the following safeguards are also necessary:
- VISION2020 will be capable of indexing and cross-referencing stored information to ensure access to all relevant documents and records;2
- VISION2020 will store documents in a non-rewriteable and non-erasable ("write once, read many" or "WORM") format;3
- VISION2020 will allow for third-party access;4
- VISION2020 will serialize records to ensure both accuracy and accessibility of the records.5
You should, however, consult with SEC staff regarding compliance with requirements under the federal securities laws, including SEC Rules 17a-3 and 17a-4.
Our conclusion is based on the representations you provided and compliance with the safeguards listed above, and it is limited to the ability of appropriately registered principals of SNFI to use VISION2020 to review and approve electronically (through the use of electronic signatures) new accounts, account changes, order tickets, transaction blotters and other supervisory logs requiring principal approval under Rules 3010(d) and 3110(c)(1)(C). The failure to follow any of the listed safeguards in the use of VISION2020 may cause the firm to fail to comply with the requirements of NASD Rules.6
This letter does not address, among other things, the effectiveness of the review and approval process provided via VISION2020.
I hope this letter is responsive to your inquiry. Please note that the opinions expressed herein are staff opinions only and have not been reviewed or endorsed by the Board of Directors of NASD Regulation. This letter responds to the issues that you have raised based on the facts as you have described them, and does not address any other rule or interpretation of NASD Regulation or all the possible regulatory and legal issues involved.
Very truly yours,
Nancy Libin
Assistant General Counsel
cc: | Dan Sibears, Sr. Vice President, Market Regulation Alan Wolper, District Director - District 7 |
1 See Commission Guidance to Broker-Dealers on the Use of Electronic Storage Media under the Electronic Signatures in Global and National Commerce Act of 2000, Exchange Act Rel. No. 44238 (May 1, 2001).
2 Id. at 9 (noting that SEC Rule 17a-4(f) requires indexing to ensure that examiners have "a means to search for specific records among the many that have been stored").
3 Id. (noting that the WORM requirement "is designed to ensure that electronic records are capable of being accurately reproduced for later reference by maintaining the records in an unalterable form").
4 Id.
5 Id. at 6-7.
6 See also Letter from Robert Smith, Assistant General Counsel, NASD Regulation, to Steven F. Gatti, Clifford, Chance, Rogers & Wells (June 15, 2000), at www.nasdr.com/2910/3110_05.asp.