HelpFINRA Manual: Contents
FINRA Manual
Corporate Organization Notices
2004
04-95 NASD Issues Reminder to Members Regarding the Municipal Securities Rulemaking Board's Implementation of Real-Time Reporting and Dissemination of Transactions in Municipal Securities
04-92 Amendments to Section 13 of Schedule A to the NASD By-Laws Governing the Review Charge for Advertisement, Sales Literature, and Other Such Material Filed with or Submitted to NASD
04-91 NASD Has Filed for Immediate Effectiveness Amendments to Section 7 of Schedule A to the NASD By-Laws Governing Fees for Filing Documents Pursuant to the Corporate Financing Rule
04-90 NASD Issues Interpretive Guidance Regarding Various Trade Reporting and Compliance Engine (TRACE) Rules
04-89 NASD Alerts Members to Concerns When Recommending or Facilitating Investments of Liquefied Home Equity
04-86 SEC Approves NASD Interpretive Material to Rule 2210 Regarding Member Firms' Use of Investment Analysis Tools
04-85 SEC Approves Amendments to Rule 6954(c) Requiring ECNs to Capture and Report Routed Order Identifier Information to OATS
04-83 NASD Requests Comment on Whether to Propose New Rule That Would Address Conflicts of Interest When Members Provide Fairness Opinions in Corporate Control Transactions (Comment Period Expired January 10, 2005)
04-80 NASD Seeks Comment on Proposed Changes to the OATS Rules (Comment Period Expired January 20, 2005)
04-79 SEC Approves New Chief Executive Officer Compliance Certification and Chief Compliance Officer Designation Requirements
04-78 SEC Approves Amendments to Rule 1120 to Eliminate Exemptions from the Continuing Education Regulatory Element Requirements
04-77 SEC Announces Approval of Amendment to NASD's Minor Rule Violation Plan (MRVP) to Include Failure to Timely Submit Amendments to Form U5
04-74 Broker-Dealer, Investment Adviser Firm, Agent and Investment Adviser Representative Renewals for 2005
04-73 Amendments to Section 4 of Schedule A to the NASD By-Laws Governing Qualification Examination Fees
04-72 Impermissible Use of Negative Response Letters for the Transfer of Mutual Funds and Variable Annuities (Changes in Broker-Dealer of Record)
04-69 Mandatory Use of Combined New Order/Route and Combined New Order/Execution Reports Delayed until April 4, 2005; Clarification of Combined Reporting Format Requirements for Related Order Information Submitted by Multiple Order Sending Organizations
04-68 SEC Approves Rule Amendment Requiring That ADF Market Participant Provide Advance Written Notice When Denying Access
04-66 NASD Reminds Member Firms of Their Obligations to Ensure the Accuracy and Integrity of Information Entered into Order-Routing and Execution Systems
04-65 SEC Approves Amendments to TRACE Rules to Disseminate Transaction Information on All TRACE-Eligible Securities, Modify and Supplement Defined Terms, and Enhance Notification Requirements
04-64 SEC Announces Immediate Effectiveness of the Deletion of IM-2210-4(b) and Rule Series 3400 as Obsolete
04-59 SEC Announces Immediate Effectiveness of Amendments to the Rule 9600 Series Establishing Waiver Subcommittee of the National Adjudicatory Council
04-58 SEC Grants Accelerated Approval of Rule Change Relating to Transfers of Specifically Designated Customer Account Assets through the Automated Customer Account Transfer Service (ACATS) (This version was updated on 8/19/04)
04-57 NASD Extends Jurisdiction to Suspend Formerly Associated Persons Who Fail to Pay Arbitration Awards
04-54 Operative Date of Short Sale ACT Reporting Requirements for OTCBB and Other Non-NASDAQ OTC Equity Securities Extended to September 24, 2004
04-53 SEC Approves Amendments to IM-10104 and Rules 10306 and 10319 Regarding "Last Minute" Adjournments of Arbitration Hearings
04-51 SEC Approves Amendments to TRACE Rule 6230 to Reduce the Reporting Period to 30 Minutes on October 1, 2004, and to 15 Minutes on July 1, 2005
04-50 Treatment of Commodity Pool Trail Commissions under Rule 2810 (Direct Participation Programs Rule) (The effective date has been delayed until 10/12/04)
04-49 SEC Approves Amendments to Rules 10308 and 10312 Regarding Arbitrator Classification, Disclosures, and Challenges
04-48 SEC Approves Amendments to Rule 6954 Requiring Members to Record and Report Execution Price and Firm Capacity in OATS Execution Reports
04-46 Mandatory Changes to OATS New Order, Combined New Order/Route, and Combined New Order/Execution Reports
04-45 NASD Seeks Comment on Proposed Rule to Impose Specific Sales Practice Standards and Supervisory Requirements on Members for Transactions in Deferred Variable Annuities
04-44 Impermissible Confidentiality Provisions and Complaint Withdrawal Provisions in Settlement Agreements
04-43 Members' Use of Affidavits in Connection with Stipulated Awards and Settlements to Obtain Expungement of Customer Dispute Information under Rule 2130
04-42 NASD Informs Members of Upcoming District Committee and District Nominating Committee Elections
04-41 NASD Announces Nominees for Regional Industry Member Vacancies on the National Adjudicatory Council
04-39 SEC Approves Amendments to Clarify the Term "TRACE-Eligible Security" and to Expand the Scope of an Exemption from TRACE Reporting Requirements
04-38 NASD Reminds Member Firms of Their Obligations to Adhere to Credit Extension Requirements and Day Trading Margin Rules
04-37 SEC Approves Rules Requiring Members to Create Business Continuity Plans and Provide Emergency Contact Information
04-33 Limited Net Capital Relief from the Reclassification of Certain Equity as Liabilities in Accordance with Statement of Financial Accounting Standards No. 150 (Action required by 05/10/04)
04-32 SEC Approves Amendments to Require Quarterly Review and Update of Executive Representative Contact Information
04-31 NASD Announces Nomination Procedures for Regional Industry Member Vacancies on the National Adjudicatory Council
04-29 NASD Informs Members of Upcoming District Committee and District Nominating Committee Elections (This version corrects certain administrative and other non-substantive text)
04-28 SEC Approves Amendments to Repeal Rule 4613A(e)(1) Requiring Same-Priced Quotations on Multiple Markets
04-26 NASD Reminds Members of Their Duty to Ensure Proper Application of Discounts in Sales Charges to Sales of Unit Investment Trusts (UITs)
04-25 SEC Approves New NASD Research Analyst Qualification and Examination Requirements (Series 86/87)
04-24 SEC Announces Immediate Effectiveness of IM-3150 Governing Exemptions from the Reporting Requirements of NASD Rule 3150
04-23 NASD Seeks Comment On (1) Amending its Minor Rule Violation Plan to Include Failure Timely to Submit Amendments to the Uniform Termination Notice for Securities Industry Registration (Form U5); and (2) Adopting a Rule to Create an Inactive Disclosure
04-22 SEC Approves Amendments to Rule 1120 (Continuing Education Requirements) Regarding Regulatory Element Contact Person
04-21 NASD Provides Further Guidance on Amendments to NASD Rule 3370 — Affirmative Determination Requirements
04-20 IPO Distribution Manager to Replace Compliance Desk; Filings Required for All New Issues as Defined in Rule 2790
04-18 NASD and NYSE Provide Further Guidance on Rules Governing Research Analysts' Conflicts of Interest
04-16 NASD Adopts Rule 2130 Regarding Expungement of Customer Dispute Information From The Central Registration Depository
04-15 SEC Approves Amendments to NASD Rules Concerning Member Participation in the National Do-Not-Call Registry
04-13 SEC Approves Amendments to Rule 2710 (Corporate Financing Rule) and Rule 2720 (Distribution of Securities of Members and Affiliates-Conflicts of Interest)
04-12 Change in Policy of Granting Foreign Deferrals to Registered Supervisors and Principals from the Continuing Education Regulatory Element
04-11 NASD Reminds Members and Associated Persons of Their Duty to File Uniform Submission Agreements
04-10 SEC Approves Amendments to Membership Application and Continuation Rules (Rules 1011, 1014, and 1017)
04-09 SEC Announces Immediate Effectiveness of Amendments to Section 4 of Schedule A to the NASD By-Laws
04-08 Effective Date of Amendments to NASD Rule 3370 (Affirmative Determination Requirements) Extended to April 1, 2004
04-07 NASD Requests Comment on Proposed Amendments to Rules 2710 (Corporate Financing) and 2810 (Direct Participation Programs) (This version corrects certain administrative and other non-substantive text)
04-06 SEC Approves Permanent TRACE Fee Structure and Nine-Month Pilot Program for BTDS Professional Delayed-Time Data Display Fee
04-04 SEC Announces Immediate Effectiveness of Amendments to Section 5 of Schedule A to the NASD By-Laws
| View Whole Section | Text only | Print Manager | Link |
04-37 SEC Approves Rules Requiring Members to Create Business Continuity Plans and Provide Emergency Contact Information
GUIDANCE
Business Continuity Plans
Effective Dates:
Rule 3510: Clearing Firms: August 11, 2004
|
SUGGESTED ROUTING |
KEY TOPICS |
|
Legal/Compliance |
Business Continuity Plans |
Executive Summary
On April 7, 2004, the Securities and Exchange Commission (SEC) approved the new NASD Rule 3500 Series, which requires members to establish emergency preparedness plans and procedures.1 Rule 3510 requires each member to create and maintain a business continuity plan and enumerates certain requirements that each plan must address. The Rule further requires members to update their business continuity plans upon any material change and, at a minimum, to conduct an annual review of their plans. Each member also must disclose to its customers how its business continuity plan addresses the possibility of a future significant business disruption and how the member plans to respond to events of varying scope. Rule 3520 requires members to designate two emergency contact persons and provide this information to NASD via electronic process.
The Rule 3500 Series, Emergency Preparedness, is included in this Notice as Attachment A. NASD's Small Introducing Firm Template will be available at www.nasdr.com/business_continuity_planning.asp.
Questions/Further Information
Questions regarding this Notice may be directed to Daniel M. Sibears, Senior Vice President & Deputy, Member Regulation, Regulatory Policy and Oversight (RPO), (202) 728-6911; or Shirley H. Weiss, Associate General Counsel, Office of General Counsel, RPO, at (202) 728-8844.
Discussion
Rule 3510. Business Continuity Plans
NASD Rule 3510 requires each member to create and maintain a business continuity plan. Each member's plan must identify procedures relating to an emergency or significant business disruption that are "reasonably designed to enable the member to meet its existing obligations to customers." In addition, such procedures must address the member's existing relationships with other broker-dealers and counter-parties. The business continuity plan must be made available promptly upon request to NASD staff.
Updating Requirement
Rule 3510(b) requires each member to update its plan in the event of any material change to the member's operations, structure, business, or location. Each member must also conduct an annual review of its plan to determine if any updates are needed in light of any changes to the member's operations, structure, business, or location.
Elements of a Plan
The Rule recognizes the diversity of members' business and operations. Accordingly, the requirements of a plan are flexible and should be tailored to the size and needs of each member. However, each plan must, at a minimum, address the following ten key areas:
(1) Data back-up and recovery (hard copy and electronic);(2) All mission critical systems;(3) Financial and operational assessments;(4) Alternate communications between the member and its customers;(5) Alternate communications between the member and its employees;(6) Alternate physical location of employees;(7) Critical business constituent, bank, and counter-party impact;(8) Regulatory reporting;(9) Communications with regulators; and(10) How the member will assure customers' prompt access to their funds and securities in the event that the member determines that it is unable to continue its business.Each member's plan must address the above-listed categories only to the extent applicable and necessary. At the same time, the above-listed categories are not exhaustive; members should address other key areas for their plans to be complete and thorough based on their business and operations.
NASD understands that the business of some members may not touch upon each of the categories and that members may not perform certain of the "mission critical systems" functions. If a member does not include a specified category in its plan, the member's business continuity plan must document the rationale for its absence. Similarly, if a member relies on another entity for any one of the above-listed categories or any mission critical system, the member's business continuity plan must explain the relationship with the other entity in its plan. Even where members rely on another entity to perform certain functions, members must still create specific procedures to follow in light of a significant business disruption. If, for example, a clearing firm maintains customer funds and securities on behalf of an introducing firm, the introducing firm must create its own procedures and may not merely state that the firm does not hold customer funds or securities.
NASD also understands that many introducing firms may rely on their clearing firms for most mission critical systems and the maintenance of certain books and records. As such, introducing firms may need access to information contained within its clearing firm's business continuity plan. NASD strongly encourages all clearing firms to grant their introducing firms access to their plans or create an executive summary of their plan that is relevant for the introducing firm.
Plan Approval
Rule 3510(d) requires each member to designate a member of senior management who is also a registered principal to approve the plan and be responsible for conducting the required annual review. The review does not require the member of senior management to personally conduct all aspects of the review; however, he or she must review the final plan, including any proposed changes to the existing plan.
While a single designated member of senior management must approve the final plan, the member firm remains responsible for compliance with Rule 3510. Senior management approval is intended only to ensure that a person with proper authority reviews the plan, and not to make one person responsible for a member's compliance with Rule 3510.
Data Back-Up and Recovery (Hard Copy and Electronic)
One of the categories that members' business continuity plans must address is "data back-up and recovery (hard copy and electronic)." NASD notes that the Rule does not mandate that members keep book and records (and back-up books and records) in both hard copy and electronic formats. Members should refer to SEC and NASD rules and interpretative materials that specifically address record retention requirements, including SEC Rule 17a-4 and NASD Rule 3110, to determine which records (and in what format) firms must retain.
Mission Critical Systems
For purposes of Rule 3510, NASD defines "mission critical system" as "any system that is necessary, depending on the nature of a member's business, to ensure prompt and accurate processing of securities transactions, including, but not limited to, order taking, order entry, execution, comparison, allocation, clearance and settlement of securities transactions, the maintenance of customer accounts, access to customer accounts and the delivery of funds and securities." This definition is substantially similar to the SEC's definition of "mission critical system" in its Y2K Rules.
Financial and Operational Assessments
Rule 3510(c)(3) defines "financial and operational assessments" as "a set of written procedures that allows a member to identify changes in its operational, financial, and credit risk exposures." Operational risk focuses on the firm's ability to maintain communications with customers and to retrieve key activity records through its "mission critical systems." Financial risk relates to the firm's ability to continue to generate revenue and to retain or obtain adequate financing and sufficient equity. In addition, an eroding financial condition could be exacerbated or caused by a deterioration in the value of the firm's investments due to the lack of liquidity in the broader market, which would also hinder the ability of the firm's counter-parties to fulfill their obligations. A firm would be expected to periodically assess changes in these exposures, quickly assess the situation, and take appropriate action relative to a significant business disruption. Members' procedures should be written and implemented to reflect the interrelationship among these risks.
Critical Business Constituent, Bank, and Counter-Party Impact
Members must have procedures that assess the impact that a significant business disruption would have on critical business constituents (businesses with which a member firm has an ongoing commercial relationship in support of the member's operating activities), banks (lenders), and counter-parties (e.g., other broker-dealers or institutional customers). In addition, members must provide for alternative actions or arrangements with respect to their contractual relationships with business constituents, banks, and counter-parties in the event of a material business disruption to either party. In short, the Rule requires a member to assess the effect of a significant business disruption on its business constituents, banks, and counter-parties and decide appropriate actions if faced with any such situation. The Rule, however, permits each member to adopt an approach in dealing with its business constituents, banks, and counter-parties that is best suited to the member's particular operations, structure, business, and location.
Members initially will be responsible for identifying those relationships that they deem critical for purposes of complying with the Rule. However, as NASD gains experience in working with the Rule, it may decide to enumerate specific relationships that it views as critical to all members.
Prompt Access to Funds and Securities
Rule 3510(c)(10) requires each member to address how it will assure customers' prompt access to their funds and securities in the event that the member determines it is unable to continue its business. If a member has customers, the member must detail the procedures it will employ to ensure customer access to funds and securities. If a member believes that Securities Investor Protection Corporation (SIPC) rules may affect its response to this subsection, the member should address SIPC rules in its plan. NASD further notes that members may not rely on SIPC membership, by itself, to satisfy their obligations under Rule 3510(c)(10) because SIPC involvement in the liquidation of a broker-dealer is limited to SIPC's authority under the Securities Investor Protection Act of 1970.
Disclosure Requirements
Rule 3510(e) requires each member to disclose to its customers how its business continuity plan addresses the possibility of a future significant business disruption and how the member plans to respond to events of varying scope. In addressing the events of varying scope, NASD believes that each member should: (1) provide specific scenarios of varying severity (e.g., a firm-only business disruption, a disruption to a single building, a disruption to a business district, a city-wide business disruption, and a regional disruption); (2) state whether it plans to continue business during that scenario and, if so, its planned recovery time; and (3) provide general information on its intended response. The disclosure must, at a minimum, be made in writing to customers at account opening, posted on the member's Web site (if the member maintains a Web site), and mailed to customers upon request.
Members must disclose the existence of back-up facilities and arrangements. Members, however, need not disclose the following factors: the specific location of any back-up facilities; any proprietary information contained in the plan; and the parties with whom the member has back-up arrangements. Members may include cautionary language in their business continuity plans indicating that such plans are subject to modification, that updated plans will be promptly posted on the member's Web site, and that customers may alternatively obtain updated plans by requesting a written copy of the plan by mail.
Applicability to Subsidiaries
A subsidiary member firm may satisfy its obligations under Rule 3510 by participating in a corporate-wide business continuity plan of a parent corporation that addresses its subsidiary member firms, even if the parent corporation is not an NASD member. However, if a subsidiary relies on the plan of a non-member parent corporation, the subsidiary member must ensure that the parent's business continuity plan complies with Rule 3510 and addresses all requirements under the Rule.
Importantly, the member also remains responsible for complying with all requirements of Rule 3510. Among other things, the member must designate a member of senior management, who must be a registered principal, to approve the parent's plan (as it applies to the member), conduct an annual review of the plan, and require the plan to be updated as necessary to meet all of the requirements of Rule 3510. The registered principal will also be responsible for requiring the parent to update the plan in the event of any material change to the member's operations, structure, business, or location. The member must comply with the disclosure requirements set forth in Rule 3510(e). In addition, the member must retain a copy of the parent's plan in accordance with applicable federal securities laws and NASD rules, and make it promptly available to NASD staff upon request.
Rule 3520. Emergency Contact Information
Rule 3520 requires members to provide NASD with emergency contact information and to update any information upon the occurrence of a material change. The Rule requires members to designate two emergency contact persons that NASD may contact in the event of a significant business disruption. Each emergency contact person must be a registered principal and a member of senior management. In the case of a member that has only one principal, the second emergency contact person should be another firm employee. In the case of a sole proprietorship with only one employee, the second emergency contact may be an individual, either registered with another firm or non-registered, who has knowledge of the member's business operations, such as the member's attorney, accountant, or clearing firm contact.
In the event of a material change, each member must promptly update its emergency contact information, via such electronic or other means as NASD may require. In addition, the member's Executive Representative, or his or her written designee, must review and, if necessary, update the member's emergency contact information within 17 business days after the end of each calendar quarter. This update must include any change to the designation of the two emergency contact persons. Furthermore, members must have adequate controls and procedures to ensure that only the Executive Representative, or his or her written designee, may perform the review and update. Members must provide this information through NASD's Contact System (NCS) (formerly known as the NASD Member Firm Contact Questionnaire or NMFCQ) at www.nasdr.com/ncs.asp.
Repository Service
NASD, through an outside vendor, will provide a repository service for members' business continuity plans. This service is intended to provide members with a place outside of their firm to store a copy of their business continuity plan. Members will be charged a fee of $10–15 per month for use of the repository service, although this fee is subject to change.
1 See Securities Exchange Act Release No. 49537 (Apr. 7, 2004), 69 Fed. Reg. 19586 (Apr. 13, 2004) (SEC Notice of Order Approving File No. SR-NASD-2002-108).
Attachment A
Proposed new language is underlined.
* * * * * * * * * * 3500. EMERGENCY PREPAREDNESS
3510. Business Continuity Plans
(a) Each member must create and maintain a written business continuity plan identifying procedures relating to an emergency or significant business disruption. Such procedures must be reasonably designed to enable the member to meet its existing obligations to customers. In addition, such procedures must address the member's existing relationships with other broker-dealers and counter-parties. The business continuity plan must be made available promptly upon request to NASD staff.(b) Each member must update its plan in the event of any material change to the member's operations, structure, business or location. Each member must also conduct an annual review of its business continuity plan to determine whether any modifications are necessary in light of changes to the member's operations, structure, business, or location.(c) The elements that comprise a business continuity plan are flexible and may be tailored to the size and needs of a member. Each plan, however, must at a minimum, address:(1) Data back-up and recovery (hard copy and electronic);(2) All mission critical systems;(3) Financial and operational assessments;(4) Alternate communications between customers and the member;(5) Alternate communications between the member and its employees;(6) Alternate physical location of employees;(7) Critical business constituent, bank, and counter-party impact;(8) Regulatory reporting;(9) Communications with regulators; and(10) How the member will assure customers' prompt access to their funds and securities in the event that the member determines that it is unable to continue its business.Each member must address the above-listed categories to the extent applicable and necessary. If any of the above-listed categories is not applicable, the member's business continuity plan need not address the category. The member's business continuity plan, however, must document the rationale for not including such category in its plan. If a member relies on another entity for any one of the above-listed categories or any mission critical system, the member's business continuity plan must address this relationship.(d) Members must designate a member of senior management to approve the plan and he or she shall be responsible for conducting the required annual review. The member of senior management must also be a registered principal.(e) Each member must disclose to its customers how its business continuity plan addresses the possibility of a future significant business disruption and how the member plans to respond to events of varying scope. At a minimum, such disclosure must be made in writing to customers at account opening, posted on the member's Internet Web site (if the member maintains a Web site), and mailed to customers upon request.(f) For purposes of this rule, the following terms shall have the meanings specified below:(1) "Mission critical system" means any system that is necessary, depending on the nature of a member's business, to ensure prompt and accurate processing of securities transactions, including, but not limited to, order taking, order entry, execution, comparison, allocation, clearance and settlement of securities transactions, the maintenance of customer accounts, access to customer accounts and the delivery of funds and securities.(2) "Financial and operational assessment" means a set of written procedures that allow a member to identify changes in its operational, financial, and credit risk exposures.3520. Emergency Contact Information
(a) Each member shall report to NASD, via such electronic or other means as NASD may require, prescribed emergency contact information for the member. The emergency contact information for the member includes designation of two emergency contact persons. Each emergency contact person shall be a member of senior management and a registered principal of the member.(b) Each member must promptly update its emergency contact information, via such electronic or other means as NASD may require, in the event of any material change. Each member must review and, if necessary, update its emergency contact information, including designation of two emergency contact persons, within 17 business days after the end of each calendar quarter to ensure the information's accuracy. The member's Executive Representative, or his or her designee, which designation must be in writing, must conduct such review and any update. Furthermore, members must have adequate controls and procedures to ensure that only the Executive Representative, or his or her written designee, may perform the review and update.
