Before year-end, as everyone is preparing to take some much-deserved time off, CCOs should take some time to plan for what will be awaiting them in the New Year.
Among other requirements for broker-dealers, FINRA rules 3130 and 3120 (Annual Certification of Compliance and Supervisory Processes and Supervisory Controls Testing) are due annually by April 1 or on the anniversary of its previous year’s filing. The requirements are to ensure that the firm has established appropriate supervisory controls to ensure compliance with applicable securities rules from FINRA, SEC, CFTC, and other regulators or SRO’s as applicable to its product mix.
Working with mid to large sized broker dealers over the years, we have developed a short list of top 5 things to consider now. These have paid off by saving time and money for our clients as well as reducing stress for the entire team.
1. Prior Year Findings/Issues
Depending on the governance structure at your firm, this may already be a part of your program to review issues on an ongoing or periodic basis. The key component here is to ensure that there is appropriate documentation/evidence that the issue has been addressed. Oftentimes, an issue can be reportedly addressed by the key process owner but is pending validation by Compliance or Internal Audit. This is a good time to setup a review to ensure validation occurs.
2. Updated Written Supervisory Procedures
As required by FINRA 3110, updated Written Supervisory Procedures (WSPs) should occur at least annually and upon new business changes such as new launches. Most firms already have an activity throughout the year to monitor for regulatory updates through publications such as Notices to Members from FINRA and/ or SEC Alerts. However, it’s still a good idea at year-end to go through and see that the practices and the WSPs are consistent. As a year-end activity, it’s important to review the WSP’s and check that the relevant updates to the firm’s product/businesses are considered and addressed. The FINRA Checklist and SEC bulletins are great sources to review against the existing WSP. This exercise can be challenging depending on the rules applicable to the specific business and how often the WSP has been updated throughout the year. So, plan accordingly.
A way to spot gaps is to review the rules cited in the WSP and search for them in the latest rule books. If you don’t find them there, chances are the WSP needs to be updated.
3. New Businesses or Products
Depending on the governance structure, this can be an easy or more involved exercise. One of the best ways to see if there is a new business/product is to identify the new supervisors from comparing old and new org charts. This also helps to identify when a business/product changes the name of the group. Of course, the reason this step is important is that this is a good place to check for supervisory controls as they will likely be new. This may also lead to developing new test procedures to satisfy FINRA 3120.
4. Changes in Supervisors
Changes in supervisors will also require updates in the firm’s procedures. The plan here is to have met with new supervisors and to communicate how the annual testing and reporting is done at your firm. It’s a good time to do this especially when people are in a holiday mood.
5. Systems and Third-Parties
It’s true that many of the supervisory controls can be systematic, and/or part of services offered by a third-party vendor. For example, the so-called “fat finger rule” (SEC 15c3-5) typically requires the control to be set within the order entry system to prevent data entry errors. In 2018’s Exam Findings Report, FINRA highlights oversight of vendors must be effective to ensure that the vendors’ controls are meeting the applicable requirements. These may include assessing design of controls (e.g., thresholds, limits, and conditions, etc) as well as frequency of reviews. As new and existing systems are implemented or enhanced, either in-house or at the vendor, it’s important to take inventory of the systems controls and include them as part of the compliance review.