November 26, 1997
Via Facsimile (612) 671-1788 and Regular Mail
Ms. Laura Moret
American Express Financial Corporation
IDS Tower 10
Minneapolis, Minnesota 55440
Re: Electronic Approval of New Customer Accounts; NASD Rules 3110(c)(1)(C) and 3010(d)
Dear Ms. Moret:
We are in receipt of your letter and supplemental information requesting interpretive guidance of whether use of electronic signatures in connection with approving new customer accounts by a principal of the broker-dealer through the use of a new electronic workflow process is in accord with the provisions of NASD Rules 3110(c)(1)(C) and 3010(d) (Rules).
As stated in your letter, American Express Financial Corporation and its subsidiary broker-dealers (collectively "AEFC") plan to implement an electronic workflow process using optical disk technology which is designed to permit certain authorized series 24 principals of the broker-dealer entity to review and approve new customer account forms through the use of an electronic approval note.
According to your letter, the process for new accounts set-up and review will be conducted as follows. Upon receipt of a new account application and accompanying documentation, all documents will be imaged on optical disks and stored as an electronic package. Electronic packages will be automatically routed to service associates based on their security access and skill level for the processing steps of account set-up and quality review, and to a series 24 qualified principal for approval. The series 24 principal will review the account application documentation by optical disk to determine the completeness of client information and the suitability of any securities transactions effected in connection with the account opening. If the principal approves an application, an electronic approval note will be attached to the application with the principal’s name and date of approval. Only authorized principals would be given security authorization to attached electronic approval notes.
As to security and access concerns, your letter states that AEFC will maintain a company-wide general security system to define which individuals will have access and what functions each individual will be authorized to undertake through the system (user profile). In addition, unique passwords are developed for each employee and the passwords are changed every 90 days. Finally, AEFC will require additional passwords for authorized principals to make use of the electronic approval notes.
As to questions and issues associated with regulatory access to the system and its components, your letter represents that NASD examining staff will be able to access all customer and firm records immediately. The system will provide for appropriate indexing and cross-referencing of information to provide the examining staff an adequate audit trail and the ability to identify and review all relevant customer and firm records. In addition, the system is designed to permit examiners the ability to review copies of all relevant imaged documents and an audit trail of employees who processed and reviewed the customer new account package. This process will also allow examiners the ability to receive hard copies of any imaged document or record. Further, you represent that AEFC will also maintain a current list of electronic user profiles on-site with the specific functions that each employee is authorized to perform within the system, and the record will be maintained and subject to the NASD and SEC’s record retention requirements and rules.
NASD Rule 3110(c)(1)(C) requires members to maintain, for each customer account opened after January 1, 1991, a signature of the registered representative introducing the account and signature of the member or partner, officer, or manager who accepts the account. NASD Rule 3010(d) requires that each member establish procedures for the review and endorsement by a registered principal in writing, on an internal record, of all transactions and all correspondence of its registered representatives pertaining to the solicitation or execution of any securities transaction.
Since the Rules fail to expressly provide for an electronic signature, you are requesting interpretive guidance of whether electronic signatures may be utilized in place of manual signatures to acknowledge the review and approval by a qualified series 24 principal of new customer account applications or packages. Recently, the SEC has issued a number of releases that approved, among other things, the use of optical disk technology by broker-dealers to store and maintain certain broker-dealer records in electronic format or form, and the acceptance of electronic media to obtain certain client or customer approvals.1
You represent that the following safeguards will apply:
(1) The system will allow NASD examining staff immediate access to required records and will contain appropriate indexing and cross-referencing capabilities to assure access to all relevant documents and records, and retention of the records and documents in accord with the NASD and SEC’s record retention requirements and rules.
(2) The system will permit examining staff to download documents, records and information and permit printing these documents in hard copy.
(3) The system provides for adequate security and restriction of access to authorized employees and principals only. Company-wide user profiles are created with previously approved authority to conduct reviews and approvals. Passwords are changed periodically and are safeguarded against unauthorized use.
In addition, the staff believes that additional safeguards are also necessary under the circumstances, as follows:
(4) AEFC will maintain current written policies and procedures at each branch site that utilizes the electronic system that accurately describe the system, its safeguards, and its operating procedures to assure compliance with the Rules.
(5) AEFC will conduct periodic reviews, at least annually, of the policies, procedures, and operations to assure that the system operates as designed and documented and in accord with the requirements of NASD and SEC rules.
Based on the representations provided and compliance with the safeguards listed above, the staff is of the opinion that a member may utilize electronic signatures in place of manual signatures for qualified principal approval of new customer accounts or applications under the Rules. In addition, this staff opinion would permit members to elect to use electronic signatures to evidence written approvals, as required by NASD Rule 3010(d), if the member complies with each of the five safeguards mentioned above. The failure to follow any of the five listed safeguards in the firm’s elective use of electronic signatures may cause the firm to fail to comply with the requirements of the Rules.
I hope this letter is responsive to your inquiry. Please note that the opinions expressed herein are staff opinions only and have not been reviewed or endorsed by the Board of Directors of NASD Regulation, Inc. This letter responds to the issues that you have raised based on the facts as you have described them, and does not address any other rule or interpretation of the Association or all the possible regulatory and legal issues involved.
Very truly yours,
David A. Spotts
Office of General Counsel, NASD Regulation
1 See SEC Rel. No. 34-36345 (Oct. 6, 1995), 34-37182 (May 9, 1996) and 34-38245 (Feb. 5, 1997).