Frequently Asked Questions
Supervisory Control Procedures
Q: What is the difference between written supervisory procedures (WSPs) and supervisory control procedures (SCPs)?
A. WSPs are the actual procedures that a firm must adopt to supervise its personnel in the conduct of the firm's securities and/or investment banking business. SCPs comprise two sets of distinct written procedures:
(1) procedures to test and verify that the WSPs achieve compliance with the applicable FINRA rules and federal securities laws, and procedures to amend or add WSPs, where necessary, to achieve compliance; and
(2) specified procedures that are part of a firm's SCPs, such as supervision of producing managers; and procedures to review and monitor certain specified activities (e.g., transmittal of customer funds, changes of customers addresses and changes of customer investment objectives).
"The head of
"Compliance department will review the FINRA Weekly Update emails to determine if any new or proposed requirements are applicable to the firm and the firm's business activities. If so, the compliance department will identify and implement changes to the firm's supervisory system and supervisory procedures to ensure compliance with the new requirements."
Q: Should the written SCPs required by Rule 3012 be separate from the firm's WSPs required by NASD Rule 3010?
A. Firms are permitted to maintain both procedures in the same manual or document, as long as they are clearly identifiable.
Q. How should firms inform FINRA of who their designated SCP principal(s) is/are?
A. Firms must designate the principal(s) and his or her supervisory control responsibilities in their SCPs.
Q: Can my firm use our self-assessment, internal audit or inspection process to comply with Rule 3012's testing and verification requirement?
A. A self-assessment, internal audit or inspection process may be used to satisfy a part or the entirety of the testing and verification process. The extent to which these processes may be solely relied upon depends on whether any of these processes test and verify that the firm's methods, policies and procedures of supervision are reasonably designed to comply with applicable laws, regulations and FINRA and MSRB rules and determine which procedures must be amended or added. If your firm decides to use one or more of its self-assessment, internal audit or inspection processes as a testing mechanism, it must indicate in its annual Rule 3012 report that it has used the data from these processes as a testing mechanism.
Q: Do we need to test and verify all of the firm's policies and procedures on an annual basis?
A. Your firm may use risk-based methodologies and sampling to test a subset of policies and procedures annually. If a risk-based approach is used, factors such as the following may be considered in determining scope:
Q. If my firm has been in existence for less than one year, when must I complete Rule 3012 testing and verification requirements?
A. Your firm must have in place its entire supervisory control system by the time it becomes a member of FINRA. However, the Rule 3012 report demonstrating the firm's testing and verification does not have to be completed until the first anniversary of becoming a FINRA member.