This rule was introduced with the filing of SR-FINRA-2013-025 which has been approved by the SEC. This rule becomes effective on December 1, 2014.
(a) Supervisory System
Each member shall establish and maintain a system to supervise the activities of each associated person that is reasonably designed to achieve compliance with applicable securities laws and regulations, and with applicable FINRA rules. Final responsibility for proper supervision shall rest with the member. A member's supervisory system shall provide, at a minimum, for the following:
(1) The establishment and maintenance of written procedures as required by this Rule.
(2) The designation, where applicable, of an appropriately registered principal(s) with authority to carry out the supervisory responsibilities of the member for each type of business in which it engages for which registration as a broker-dealer is required.
(3) The registration and designation as a branch office or an office of supervisory jurisdiction (OSJ) of each location, including the main office, that meets the definitions contained in paragraph (e) of this Rule.
(4) The designation of one or more appropriately registered principals in each OSJ and one or more appropriately registered representatives or principals in each non-OSJ branch office with authority to carry out the supervisory responsibilities assigned to that office by the member.
(5) The assignment of each registered person to an appropriately registered representative(s) or principal(s) who shall be responsible for supervising that person's activities.
(6) The use of reasonable efforts to determine that all supervisory personnel are qualified, either by virtue of experience or training, to carry out their assigned responsibilities.
(7) The participation of each registered representative and registered principal, either individually or collectively, no less than annually, in an interview or meeting conducted by persons designated by the member at which compliance matters relevant to the activities of the representative(s) and principal(s) are discussed. Such interview or meeting may occur in conjunction with the discussion of other matters and may be conducted at a central or regional location or at the representative's(') or principal's(') place of business.
(b) Written Procedures
(1) General Requirements
Each member shall establish, maintain, and enforce written procedures to supervise the types of business in which it engages and the activities of its associated persons that are reasonably designed to achieve compliance with applicable securities laws and regulations, and with applicable FINRA rules.
(2) Review of Member's Investment Banking and Securities Business
The supervisory procedures required by this paragraph (b) shall include procedures for the review by a registered principal, evidenced in writing, of all transactions relating to the investment banking or securities business of the member.
(4) Review of Correspondence and Internal Communications
The supervisory procedures required by this paragraph (b) shall include procedures for the review of incoming and outgoing written (including electronic) correspondence and internal communications relating to the member's investment banking or securities business. The supervisory procedures must be appropriate for the member's business, size, structure, and customers. The supervisory procedures must require the member's review of:
(A) incoming and outgoing written (including electronic) correspondence to properly identify and handle in accordance with firm procedures, customer complaints, instructions, funds and securities, and communications that are of a subject matter that require review under FINRA rules and federal securities laws.
(B) internal communications to properly identify those communications that are of a subject matter that require review under FINRA rules and federal securities laws.
Reviews of correspondence and internal communications must be conducted by a registered principal and must be evidenced in writing, either electronically or on paper.
(5) Review of Customer Complaints
The supervisory procedures required by this paragraph (b) shall include procedures to capture, acknowledge, and respond to all written (including electronic) customer complaints.
(6) Documentation and Supervision of Supervisory Personnel
supervisory procedures required by this paragraph (b)
shall set forth the supervisory system established by the member pursuant to paragraph (a) above, and shall include:
(A) the titles, registration status, and locations of the required supervisory personnel and the responsibilities of each supervisory person as these relate to the types of business engaged in, applicable securities laws and regulations, and FINRA rules.
(B) a record, preserved by the member for a period of not less than three years, the first two years in an easily accessible place, of the names of all persons who are designated as supervisory personnel and the dates for which such designation is or was effective.
(C) procedures prohibiting associated persons who perform a supervisory function from:
(i) supervising their own activities; and
(ii) reporting to, or having their compensation or continued employment determined by, a person or persons they are supervising.
a. If a member determines, with respect to any of its supervisory personnel, that compliance with subparagraph (i) or (ii) above is not possible because of the member's size or a supervisory personnel's position within the firm, the member must document:
1. the factors the member used to reach such determination; and
2. how the supervisory arrangement with respect to such supervisory personnel otherwise complies with paragraph (a) of this Rule.
(D) procedures reasonably designed to prevent the supervisory system required pursuant to paragraph (a) of this Rule from being compromised due to the conflicts of interest that may be present with respect to the associated person being supervised, including the position of such person, the revenue such person generates for the firm, or any compensation that the associated person conducting the supervision may derive from the associated person being supervised.
(7) Maintenance of Written Supervisory Procedures
A copy of a member's written supervisory procedures, or the relevant portions thereof, shall be kept and maintained in each OSJ and at each location where supervisory activities are conducted on behalf of the member. Each member shall promptly amend its written supervisory procedures to reflect changes in applicable securities laws or regulations, including FINRA rules, and as changes occur in its supervisory system. Each member is responsible for promptly communicating its written supervisory procedures and amendments to all associated persons to whom such written supervisory procedures and amendments are relevant based on their activities and responsibilities.
(c) Internal Inspections
(1) Each member shall conduct a review, at least annually (on a calendar-year basis)
, of the businesses in which it engages. The
review shall be reasonably designed to assist the member
in detecting and preventing violations of, and achieving compliance with, applicable securities laws and regulations, and with applicable FINRA
rules. Each member shall review the activities of each office, which shall include the periodic examination of customer accounts to detect and prevent irregularities or abuses. Each member shall also retain a written record of the date upon which each review and inspection is conducted.
(A) Each member shall inspect at least annually (on a calendar-year basis) every OSJ and any branch office that supervises one or more non-branch locations.
(B) Each member shall inspect at least every three years every branch office that does not supervise one or more non-branch locations. In establishing how often to inspect each non-supervisory branch office, the member shall consider whether the nature and complexity of the securities activities for which the location is responsible, the volume of business done at the location, and the number of associated persons assigned to the location require the non-supervisory branch office to be inspected more frequently than every three years. If a member establishes a more frequent inspection cycle, the member must ensure that at least every three years, the inspection requirements enumerated in paragraph (c)(2) have been met. The member's written supervisory and inspection procedures shall set forth the non-supervisory branch office examination cycle, an explanation of the factors the member used in determining the frequency of the examinations in the cycle, and the manner in which a member will comply with paragraph (c)(2) if using more frequent inspections than every three years.
(C) Each member shall inspect on a regular periodic schedule every non-branch location. In establishing such schedule, the member shall consider the nature and complexity of the securities activities for which the location is responsible and the nature and extent of contact with customers. The member's written supervisory and inspection procedures shall set forth the schedule and an explanation regarding how the member determined the frequency of the examination.
inspection and review by a member pursuant to paragraph (c)(1) must be reduced to a written report and kept on file by the member for a minimum of three years, unless the inspection is being conducted pursuant to paragraph (c)(1)(C) and the regular periodic schedule is longer than a three-year cycle, in which case the report must be kept on file at least until the next inspection report has been written.
(A) If applicable to the location being inspected, that location's
written inspection report must
include, without limitation, the testing and verification of the member's policies and procedures, including supervisory policies and procedures in the following areas:
(i) safeguarding of customer funds and securities;
(ii) maintaining books and records;
(iii) supervision of supervisory personnel;
(iv) transmittals of funds (e.g., wires or checks, etc.) or securities from customers to third party accounts; from customer accounts to outside entities (e.g., banks, investment companies, etc.); from customer accounts to locations other than a customer's primary residence (e.g., post office box, "in care of" accounts, alternate address, etc.); and between customers and registered representatives, including the hand-delivery of checks; and
(v) changes of customer account information, including address and investment objectives changes and validation of such changes.
(B) The policies and procedures required by paragraph (c)(2)(A)(iv) must include a means or method of customer confirmation, notification, or follow-up that can be documented. Members may use reasonable risk-based criteria to determine the authenticity of the transmittal instructions.
(C) The policies and procedures required by paragraph (c)(2)(A)(v) must include, for each change processed, a means or method of customer confirmation, notification, or follow-up that can be documented and that complies with SEA Rules 17a-3(a)(17)(i)(B)(2) and 17a-3(a)(17)(i)(B)(3).
(D) If a member does not engage in all of the activities enumerated in paragraphs (c)(2)(A)(i) through (c)(2)(A)(v) at the location being inspected, the member must identify those activities in the member's written supervisory procedures or the location's written inspection report and document in the member's written supervisory procedures or the location's written inspection report that supervisory policies and procedures for such activities must be in place at that location before the member can engage in them.
(3) For each inspection conducted pursuant to paragraph (c),
a member must:
(A) have procedures reasonably designed to prevent the effectiveness of the inspections required pursuant to paragraph (c)(1) of this Rule from being compromised due to the conflicts of interest that may be present with respect to the location being inspected, including but not limited to, economic, commercial, or financial interests in the associated persons and businesses being inspected; and
(B) ensure that the person conducting an inspection pursuant to paragraph (c)(1) is not an associated person assigned to the location or is not directly or indirectly supervised by, or otherwise reporting to, an associated person assigned to the location.
(C) If a member determines that compliance with paragraph (c)(3)(B) is not possible either because of a member's size or its business model, the member must document in the inspection report both the factors the member used to make its determination and how the inspection otherwise complies with paragraph (c)(1).
(d) Transaction Review and Investigation
(1) Each member shall include in its supervisory procedures a process for the review of securities transactions that are reasonably designed to identify trades that may violate the provisions of the Exchange Act, the rules thereunder, or FINRA rules prohibiting insider trading and manipulative and deceptive device that are effected for the:
(A) accounts of the member;
(B) accounts introduced or carried by the member in which a person associated with the member has a beneficial interest or the authority to make investment decisions;
(C) accounts of a person associated with the member that are disclosed to the member pursuant to NASD Rule 3050 or NYSE Rule 407, as applicable; and
(D) covered accounts.
(2) Each member must conduct promptly an internal investigation into any such trade to determine whether a violation of those laws or rules has occurred.
(3) A member engaging in investment banking services must file with FINRA, written reports, signed by a senior officer of the member, at such times and, without limitation, including such content, as follows:
(A) within ten business days of the end of each calendar quarter, a written report describing each internal investigation initiated in the previous calendar quarter pursuant to paragraph (d)(2), including the identity of the member, the date each internal investigation commenced, the status of each open internal investigation, the resolution of any internal investigation reached during the previous calendar quarter, and, with respect to each internal investigation, the identity of the security, trades, accounts, associated persons of the member, or associated person of the member's family members holding a covered account, under review, and that includes a copy of the member's policies and procedures required by paragraph (d)(1).
(B) within five business days of completion of an internal investigation pursuant to paragraph (d)(2) in which it was determined that a violation of the provisions of the Exchange Act, the rules thereunder, or FINRA rules prohibiting insider trading and manipulative and deceptive devices had occurred, a written report detailing the completion of the investigation, including the results of the investigation,any internal disciplinary action taken, and any referral of the matter to FINRA, another self-regulatory organization, the SEC, or any other federal, state, or international regulatory authority.
For purposes of this Rule:
(A) The term "covered account" shall include any account introduced or carried by the member that is held by:
(i) the spouse of a person associated with the member;
(ii) a child of the person associated with the member or such person's spouse, provided that the child resides in the same household as or is financially dependent upon the person associated with the member;
(iii) any other related individual over whose account the person associated with the member has control; or
(iv) any other individual over whose account the associated person of the member has control and to whose financial support such person materially contributes.
(B) The term "investment banking services" shall include, without limitation, acting as an underwriter, participating in a selling group in an offering for the issuer, or otherwise acting in furtherance of a public offering of the issuer; acting as a financial adviser in a merger or acquisition; providing venture capital or equity lines of credit or serving as placement agent for the issuer or otherwise acting in furtherance of a private offering of the issuer.
(1) "Office of Supervisory Jurisdiction" means any office of a member at which any one or more of the following functions take place:
(A) order execution or market making;
(B) structuring of public offerings or private placements;
(C) maintaining custody of customers' funds or securities;
(D) final acceptance (approval) of new accounts on behalf of the member;
(E) review and endorsement of customer orders, pursuant to paragraph (b)(2) above;
(F) final approval of retail communications for use by persons associated with the member, pursuant to Rule 2210
(b)(1), except for an office that solely conducts final approval of research reports; or
(G) responsibility for supervising the activities of persons associated with the member at one or more other branch offices of the member.
(A) A "branch office" is any location where one or more associated persons of a member regularly conducts the business of effecting any transactions in, or inducing or attempting to induce the purchase or sale of,
any security, or is held out as such, excluding:
(i) Any location that is established solely for customer service or back office type functions where no sales activities are conducted and that is not held out to the public as a branch office;
(ii) Any location that is the associated person's primary residence; provided that
a. Only one associated person, or multiple associated persons who reside at that location and are members of the same immediate family, conduct business at the location;
b. The location is not held out to the public as an office and the associated person does not meet with customers at the location;
c. Neither customer funds nor securities are handled at that location;
d. The associated person is assigned to a designated branch office, and such designated branch office is reflected on all business cards, stationery, retail communications and other communications to the public by such associated person;
e. The associated person's correspondence and communications with the public are subject to the firm's supervision in accordance with this Rule;
f. Electronic communications (e.g., e-mail) are made through the member's electronic system;
g. All orders are entered through the designated branch office or an electronic system established by the member that is reviewable at the branch office;
h. Written supervisory procedures pertaining to supervision of sales activities conducted at the residence are maintained by the member; and
i. A list of the residence locations is maintained by the member;
(iii) Any location, other than a primary residence, that is used for securities business for less than 30 business days in any one calendar year, provided the member complies with the provisions of subparagraphs (2)(A)(ii)a. through h. above;
(iv) Any office of convenience, where associated persons occasionally and exclusively by appointment meet with customers, which is not held out to the public as an office; *
(v) Any location that is used primarily to engage in non-securities activities and from which the associated person(s) effects no more than 25 securities transactions in any one calendar year; provided that any retail communication identifying such location also sets forth the address and telephone number of the location from which the associated person(s) conducting business at the non-branch locations are directly supervised;
(vi) The Floor of a registered national securities exchange where a member conducts a direct access business with public customers; or
(vii) A temporary location established in response to the implementation of a business continuity plan.
(B) Notwithstanding the exclusions in subparagraph (2)(A), any location that is responsible for supervising the activities of persons associated with the member at one or more non-branch locations of the member is considered to be a branch office.
(C) The term "business day" as used in paragraph (e)(2)(A) of this Rule shall not include any partial business day provided that the associated person spends at least four hours on such business day at his or her designated branch office during the hours that such office is normally open for business.
• • • Supplementary Material: --------------
.01 Registration of Main Office. A member's main office location is required to be registered and designated as a branch office or OSJ if it meets the definitions of a "branch office" or "office of supervisory jurisdiction" as set forth in Rule 3110(e). In general, the nature of activities conducted at a main office will satisfy the requirements of such terms.
.02 Designation of Additional OSJs. In addition to the locations that meet the definition of OSJ in Rule 3110(e), each member shall also register and designate other offices as OSJs as is necessary to supervise its associated persons in accordance with the standards set forth in Rule 3110. In making a determination as to whether to designate a location as an OSJ, the member should consider the following factors:
(a) whether registered persons at the location engage in retail sales or other activities involving regular contact with public customers;
(b) whether a substantial number of registered persons conduct securities activities at, or are otherwise supervised from, such location;
(c) whether the location is geographically distant from another OSJ of the firm;
(d) whether the member's registered persons are geographically dispersed; and
(e) whether the securities activities at such location are diverse or complex.
.03 Supervision of Multiple OSJs by a Single Principal. Rule 3110(a)(4) requires a member to designate one or more appropriately registered principals in each OSJ with the authority to carry out the supervisory responsibilities assigned to that office ("on-site principal"). The designated on-site principal for each OSJ must have a physical presence, on a regular and routine basis, at each OSJ for which the principal has supervisory responsibilities. Consequently, there is a general presumption that a principal will not be designated and assigned to be the on-site principal pursuant to Rule 3110(a)(4) to supervise more than one OSJ. If a member determines it is necessary to designate and assign one appropriately registered principal to be the on-site principal pursuant to Rule 3110(a)(4) to supervise two or more OSJs, the member must take into consideration, among others, the following factors:
(a) whether the on-site principal is qualified by virtue of experience and training to supervise the activities and associated persons in each location;
(b) whether the on-site principal has the capacity and time to supervise the activities and associated persons in each location;
(c) whether the on-site principal is a producing registered representative;
(d) whether the OSJ locations are in sufficiently close proximity to ensure that the on-site principal is physically present at each location on a regular and routine basis; and
(e) the nature of activities at each location, including size and number of associated persons, scope of business activities, nature and complexity of products and services offered, volume of business done, the disciplinary history of persons assigned to such locations, and any other indicators of irregularities or misconduct.
The member must establish, maintain, and enforce written supervisory procedures regarding the supervision of all OSJs. In all cases where a member designates and assigns one on-site principal to supervise more than one OSJ, the member must document in the member's written supervisory and inspection procedures the factors used to determine why the member considers such supervisory structure to be reasonable and the determination by the member will be subject to scrutiny.
.04 Annual Compliance Meeting. A member is not required to conduct in-person meetings with each registered person or group of registered persons to comply with the annual compliance meeting (or interview) required by Rule 3110(a)(7). A member that chooses to conduct compliance meetings using other methods (e.g., on-demand webcast or course, video conference, interactive classroom setting, telephone, or other electronic means) must ensure, at a minimum, that each registered person attends the entire meeting (e.g., an on-demand annual compliance webcast would require each registered person to use a unique user ID and password to gain access and use a technology platform to track the time spent on the webcast, provide click-as-you go confirmation, and have an attestation of completion at the end of a webcast) and is able to ask questions regarding the presentation and receive answers in a timely fashion (e.g., an on-demand annual compliance webcast that allows registered persons to ask questions via an email to a presenter or a centralized address or via a telephone hotline and receive timely responses directly or view such responses on the member's intranet site).
.05 Risk-based Review of Member's Investment Banking and Securities Business. A member may use a risk-based review system to comply with Rule 3110(b)(2)'s requirement that a registered principal review, all transactions relating to the investment banking or securities business of the member. A member is not required to conduct detailed reviews of each transaction if a member is using a reasonably designed risk-based review system that provides a member with sufficient information that permits the member to focus on the areas that pose the greatest numbers and risks of violation.
.06 Risk-based Review of Correspondence and Internal Communications. By employing risk-based principles, a member must decide the extent to which additional policies and procedures for the review of:
(a) incoming and outgoing written (including electronic) correspondence that fall outside of the subject matters listed in Rule 3110(b)(4) are necessary for its business and structure. If a member's procedures do not require that all correspondence be reviewed before use or distribution, the procedures must provide for:
(1) the education and training of associated persons regarding the firm's procedures governing correspondence;
(2) the documentation of such education and training; and
(3) surveillance and follow-up to ensure that such procedures are implemented and followed.
(b) internal communications that are not of a subject matter that require review under FINRA rules and federal securities laws are necessary for its business and structure.
.07 Evidence of Review of Correspondence and Internal Communications. The evidence of review required in Rule 3110(b)(4) must be chronicled either electronically or on paper and must clearly identify the reviewer, the internal communication or correspondence that was reviewed, the date of review, and the actions taken by the member as a result of any significant regulatory issues identified during the review. Merely opening a communication is not sufficient review.
.08 Delegation of Correspondence and Internal Communication Review Functions. In the course of the supervision and review of correspondence and internal communications required by Rule 3110(b)(4), a supervisor/principal may delegate certain functions to persons who need not be registered. However, the supervisor/principal remains ultimately responsible for the performance of all necessary supervisory reviews, irrespective of whether he or she delegates functions related to the review. Accordingly, supervisors/principals must take reasonable and appropriate action to ensure delegated functions are properly executed and should evidence performance of their procedures sufficiently to demonstrate overall supervisory control.
.09 Retention of Correspondence and Internal Communications. Each member shall retain the internal communications and correspondence of associated persons relating to the member's investment banking or securities business for the period of time and accessibility specified in SEA Rule 17a-4(b). The names of the persons who prepared outgoing correspondence and who reviewed the correspondence shall be ascertainable from the retained records, and the retained records shall be readily available to FINRA, upon request.
.10 Supervision of Supervisory Personnel. A member's determination that it is not possible to comply with paragraphs (b)(6)(C)(i) or (b)(6)(C)(ii) of Rule 3110 prohibiting supervisory personnel from supervising their own activities and from reporting to, or otherwise having compensation or continued employment determined by, a person or persons they are supervising generally will arise in instances where:
(a) the member is a sole proprietor in a single-person firm;
(b) a registered person is the member's most senior executive officer (or similar position); or
(c) a registered person is one of several of the member's most senior executive officers (or similar positions).
.11 Use of Electronic Media to Communicate Written Supervisory Procedures. A member may use electronic media to satisfy its obligation to communicate its written supervisory procedures, and any amendment thereto, pursuant to Rule 3110(b)(7), provided that: (1) the written supervisory procedures have been promptly communicated to, and are readily accessible by, all associated persons to whom such supervisory procedures apply based on their activities and responsibilities through, for example, the member's intranet system; (2) all amendments to the written supervisory procedures are promptly posted to the member's electronic media; (3) associated persons are notified that amendments relevant to their activities and responsibilities have been made to the written supervisory procedures; (4) the member has reasonable procedures to monitor and maintain the security of the material posted to ensure that it cannot be altered by unauthorized persons; and (5) the member retains current and prior versions of its written supervisory procedures in compliance with the applicable record retention requirements of SEA Rule 17a-4(e)(7).
.12 Standards for Reasonable Review. In fulfilling its obligations under Rule 3110(c), each member must conduct a review, at least annually, of the businesses in which it engages. The review must be reasonably designed to assist in detecting and preventing violations of and achieving compliance with applicable securities laws and regulations and with FINRA rules. Each member shall establish and maintain supervisory procedures that must take into consideration, among other things, the firm's size, organizational structure, scope of business activities, number and location of the firm's offices, the nature and complexity of the products and services offered by the firm, the volume of business done, the number of associated persons assigned to a location, the disciplinary history of registered representatives or associated persons, and any indicators of irregularities or misconduct (i.e., "red flags"), etc. The procedures established and reviews conducted must provide that the quality of supervision at remote locations is sufficient to ensure compliance with applicable securities laws and regulations and with FINRA rules. A member must be especially diligent in establishing procedures and conducting reasonable reviews with respect to a non-branch location where a registered representative engages in securities activities. Based on the factors outlined above, members may need to impose reasonably designed supervisory procedures for certain locations or may need to provide for more frequent reviews of certain locations.
.13 General Presumption of Three-Year Limit for Periodic Inspection Schedules. Rule 3110(c)(1)(C) requires a member to inspect on a regular periodic schedule every non-branch location. In establishing a non-branch location inspection schedule, there is a general presumption that a non-branch location will be inspected at least every three years, even in the absence of any indicators of irregularities or misconduct (i.e., "red flags"). If a member establishes a longer periodic inspection schedule, the member must document in its written supervisory and inspection procedures the factors used in determining that a longer periodic inspection cycle is appropriate.
.14 Exception to Persons Prohibited from Conducting Inspections. A member's determination that it is not possible to comply with Rule 3110(c)(3)(B) with respect to who is not allowed to conduct a location's inspection will generally arise in instances where:
(a) the member has only one office; or
(b) the member has a business model where small or single-person offices report directly to an OSJ manager who is also considered the offices' branch office manager.
* Where such office of convenience is located on bank premises, signage necessary to comply with applicable federal and state laws, rules and regulations and applicable rules and regulations of other self-regulatory organizations, and securities and banking regulators may be displayed and shall not be deemed “holding out” for purposes of this section.