Common Examination Findings

Supervisory Control Procedures

FINRA has noted that some firms are incorrectly interpreting the applicability of Rule 3012 to their business, and that a number of firms are failing to apply the requirements of the rule, either in whole or part.


One mistake firms make is failing to recognize that the requirements for specific Supervisory Control Procedures (SCPs) differ from the long-standing requirements for Written Supervisory Procedures (WSPs). Firms not only need to maintain written supervisory procedures, but they also need to have a control process for insuring these procedures are adequate and current. This is a fundamental purpose of Rule 3012.


Deficiencies of this nature often cause other problems. For example, a firm that does not have SCPs also frequently fails to:

  • Designate the principal(s) responsible for establishing, maintaining and enforcing the firm's system of supervisory control policies and procedures;
  • Annually test and verify its supervisory procedures and amend them, as necessary, based on such testing;
  • Adequately supervise the customer account activity of producing managers;
  • Adequately supervise producing managers subject to heightened supervision; and
  • Review, monitor and confirm transmittal of funds or securities from customers to third parties, changes of address and changes of investment objectives.


Testing and Verification


FINRA has noted that some firms failed to test and verify on an annual basis that their supervisory procedures are sufficient and reasonably designed with respect to the activities of the member firm and its registered representatives and associated persons. FINRA has also noted several instances in which a firm did not even have procedures regarding testing and verification.


Testing and verifying a firm's supervisory procedures on an annual basis ensures that the firm's supervisory procedures are reviewed and amended on a regular basis in light of changing business and regulatory environments.


Each firm must have written testing and verification procedures that detail the steps to be taken by the firm to conduct testing and verification to identify any gaps in the firm's supervisory procedures. The procedures must also detail the steps to be taken for drafting and approving new procedures, including identification of the responsible principal and the implementation process.


NASD Rule 3012 Report


Some firms have failed to prepare and timely submit the Rule 3012 annual report to the firms' senior management. In some cases, this is due to the fact that the firms failed to conduct the testing and verification required by Rule 3012 and, hence, are not able to complete the Rule 3012 report due to the absence of critical data.


Submitting the Rule 3012 annual report to the firm's senior management ensures that senior management is aware of the results of the tests conducted on the supervisory system and that any gaps or deficiencies are promptly identified and corrected. Each firm should have a process in place to ensure the timely and adequate completion and submission of the Rule 3012 report to the firm's senior management on an annual basis.


Producing Managers


Firms sometimes fail to adequately supervise the customer account activity of producing managers. Deficiencies in this area are primarily attributed to:

  • A mistaken belief that Rule 3012 is not applicable to all firms.
  • A mistaken belief that filing the limited size and resources exception exempts a member from the rule.
  • A failure to correctly identify producing managers.

Identification and documentation of producing managers is the crucial first step in applying the producing manager supervision requirements of Rule 3012. Failure to identify producing managers essentially renders compliance with the specific requirements pertaining to producing managers under Rule 3012 impossible.


Heightened Supervision


For each producing manager who is not supervised by an otherwise independent person, the firm should have records to demonstrate the calculations undertaken to show whether each producing manager meets the 20-percent threshold and, thus, whether the producing manager should be subject to heightened supervision.


Furthermore, if a firm has a producing manager subject to heightened supervision under Rule 3012, the firm should be able to demonstrate the specific processes taken to conduct the heightened supervision. It is insufficient for a firm to claim that it subjects all of its producing managers to heightened supervision under Rule 3012 without being able to demonstrate the specific and different processes it implemented to conduct the heightened supervision.


Limited Size and Resources Exception


One of the most common Rule 3012 findings noted by FINRA is the inaccurate understanding and application of the limited size and resources exception. Firms often believe that the limited size and resources exception is an exemption from the provisions of Rule 3012. The limited size and resources exception only provides an alternative method for who may perform a producing manager's review.


In addition, a number of firms relied on the limited size and resources exception but failed to notify FINRA of reliance and/or failed to document in their SCPs the factors used to determine that they were unable to comply with the requirement that a person senior to or otherwise independent of a producing manager conduct the producing manager's day-to-day supervisory reviews under Rule 3012.


Transmittals of Funds or Securities From Customers to Third Parties, Changes of Address and Investment Objectives


A number of firms have failed to confirm, verify or follow-up with customers in the event of a change of address, transmittal of funds or a transmittal of customer funds or securities.


Annual Certification of Compliance and Supervisory Process


A number of firms have failed to comply with the annual CEO certification and books and records requirements of FINRA Rule 3130.1 One common deficiency with respect to this aspect of the rule is that the certification made by the CEO was not accurate in that one or all components of the certification had not been discharged. For example, a member firm may not have had in place processes to establish, maintain and review policies and procedures designed to achieve compliance with applicable laws and regulations. In some other instances, the firm did not have any processes to test the effectiveness of its policies and procedures on a periodic basis.



1 FINRA Rule 3130 (Annual Certification of Compliance and Supervisory Processes) replaces NASD Rule 3013 and the corresponding provisions in Incorporated NYSE Rule 342.30 and related NYSE Rule Interpretations (effective December 15, 2008). See Regulatory Notice 08-57 and SR-FINRA-2008-30 for additional information.


The current FINRA rulebook includes (1) FINRA Rules, (2) NASD Rules and (3) rules incorporated from NYSE (Incorporated NYSE Rules).While the NASD Rules generally apply to all FINRA member firms, the Incorporated NYSE Rules apply only to those members of FINRA that are also members of the NYSE (Dual Members). The FINRA Rules apply to all FINRA member firms, unless such rules have a more limited application by their terms. For more information about the rulebook consolidation process, see Information Notice 03/12/08