NASD staff is issuing this memorandum to respond to questions regarding the scope of the guidance provided in Notice to Members 05-48 (July 2005) (Outsourcing: Members' Responsibilities When Outsourcing Activities to Third-Party Service Providers) ("NtM 05-48" or "the Notice"). As further discussed below, the guidance in NtM 05-48 is provided for the sole purpose of clarifying a member's responsibilities if it outsources certain activities. It is not intended as guidance regarding the appropriateness of outsourcing a particular activity or whether an activity may or may not be outsourced to a non-broker-dealer third-party service provider.
Background and Discussion
In July 2005, NASD issued NtM 05-48, which provides members with guidance regarding their responsibilities when outsourcing activities to third-party service providers. NASD issued the Notice because of the growing trend among broker-dealers to outsource an increasing number of activities and functions to outside entities - both regulated and unregulated - and the lack of uniformity in broker-dealer procedures regarding the use and supervision of outsourcing. Following the publication of NtM 05-48, NASD has received inquiries and communications suggesting that the Notice includes guidance identifying specific functions that may be outsourced to a third party-service provider and the appropriateness of outsourcing activities to a third-party service provider that is not registered as a broker-dealer.
These suggestions misunderstand the nature and content of NtM 05-48's guidance. In issuing NtM 05-48, NASD did not intend to indicate what functions may or may not be outsourced or to provide any opinion regarding the appropriateness of a firm outsourcing any particular function to a third-party service provider that is not registered as a broker-dealer. Rather, the purpose of NtM 05-48 was to clarify a member's responsibilities if the member outsources "covered activities" which the Notice identifies as activities or functions that, if performed directly by members, would be required to be the subject of a supervisory system and written supervisory procedures pursuant to NASD Rule 3010. To help members understand the meaning of the term "covered activities," the Notice provided a short, non-exhaustive list of examples as a reference.1
As identified in NtM 05-48, the primary responsibility for any member outsourcing covered activities is to include procedures regarding its outsourcing practices in its supervisory system and written supervisory procedures to ensure compliance with applicable securities laws and regulations and NASD rules. In addition, because a member has a continuing responsibility to oversee, supervise, and monitor the service provider's compliance performance of covered activities, the member must have in place specific policies and procedures to monitor the service provider's compliance with the terms of any agreements and assess the service provider's continued fitness and ability to perform the covered activities being outsourced.
In addition, NtM 05-48 makes clear that under certain circumstances a function outsourced to a third-party service provider renders the person performing that function an associated person of the member by virtue of performing that function, thereby effectively negating any outsourcing because members are responsible for the supervision of all associated persons. NtM 05-48 also points out that the ultimate responsibility for supervision lies with the member. Accordingly, the member may never contract its supervisory and compliance activities away from its direct control, although it may outsource certain activities that support the performance of its supervisory and compliance responsibilities.
Please note that the opinions expressed in this memorandum are staff opinions only and have not been reviewed or endorsed by the NASD Board of Governors. If you have any questions regarding this memorandum, please contact Patricia Albrecht, Assistant General Counsel, Office of General Counsel, NASD Regulatory Policy and Oversight, at (202) 728-8026.
1 See endnote 2, NtM 05-48 ('Examples of covered activities include, without limitation, order taking, handling of customer funds and securities, and supervisory responsibilities under Rule 3010 (Supervision) and Rule 3012 (Supervisory Control System').