Comments on Regulatory Notice 08-24
Via E Mail to firstname.lastname@example.org
Re: FINRA Regulatory Notice 08-24 (Proposed Consolidated FINRA Rules Governing Supervision and Supervisory Controls)
Ladies and Gentlemen:
Thank you for allowing interested parties to comment on this proposal. On behalf of member firm George K. Baum & Company, we respectfully provide the following comments and suggestions.
We appreciate and support FINRA's efforts to "re-write certain provisions of the existing supervision and supervisory control rules in a manner that provides firms with greater flexibility to tailor their supervisory and supervisory control procedures to reflect their business, size and organizational structure." Also, we agree with the overriding principle, expressed by FINRA in various contexts, that member firms should be permitted to design and implement appropriate "risk-based" measures in their efforts to comply with certain FINRA rules and requirements. Needless to say, one size does not fit all FINRA member firms.
Our specific comments or requests regarding FINRA Regulatory Notice 08-24 are:
- In respect of proposed new Rule 3110(b)(2) (Review of Member's Investment Banking and Securities Business), we agree, as stated in proposed Supplementary Material .06 (Risk-based Review of Member's Investment Banking and Securities Business), that members should be permitted to use a "risk-based review system" in their efforts to comply with this rule.
- Proposed Supplementary Material .09 (Risk-based Review of Correspondence and Internal Communications) references correspondence with the public and internal communications "that fall outside of the subject matters listed in Rule 3110(b)(4)...." We believe that the Proposed Supplementary Material .09 should be clear that each member is permitted to implement risk-based principles in respect of reviewing any/all types of correspondence and internal communications relating to the firm's business, whether or not such correspondence and internal communications fall outside of the subject matters listed in proposed Rule 3110(b)(4).
- Proposed Rule 3110(b)(7) (Maintenance of Written Supervisory Procedures) should be clear that members may use appropriate electronic means: to make available copies of their written supervisory procedures at their OSJs and other offices; and to communicate throughout their organizations amendments to their written supervisory procedures.
- Proposed Rule 3120 (formerly Rule 3012) provides in part that member firms must "test and verify" their supervisory procedures. We believe that it should be clear that such "testing and verification" also may be risk-based in light of the member's particular business and circumstances. NASD Notice to Members 05-29 (April 2005) contains helpful guidance regarding these "testing and verification" requirements. However, we propose that FINRA also expressly adopt a particular standard that the SEC specified in its March 13, 2008, proposed amendments to Regulation S-P (73 Federal Register pages 13692 to 13719). There, in the context of proposing that securities broker dealers and other covered institutions should be required to "[d]esign and document in writing and implement information safeguards ...", the SEC proposed that such securities broker dealers and other covered institutions should be required to: "(iv) Regularly test or otherwise monitor and document in writing the effectiveness of the safeguards' key controls, systems, and procedures, including the effectiveness of access controls on personal information systems, controls to detect, prevent and respond to attacks, or intrusions by unauthorized persons, and employee training and supervision." Id . at page 13696 (underlining added). FINRA's express adoption of this "[r]egularly test or otherwise monitor and document in writing the effectiveness" standard for proposed Rule 3120 (formerly Rule 3012) would advance FINRA's stated intent to provide member firms with "greater flexibility to tailor their supervisory and supervisory control procedures to reflect their business, size and organizational structure" and would enable member firms to apply appropriate risk-based means to satisfy the rule's "testing and verification" requirements.
We would be happy to discuss with FINRA personnel all or any part of these comments and requests.
Kent J. Lund
Executive Vice President, Chief Compliance Officer
George K. Baum & Company
This communication constitutes an electronic communication within the meaning of the Electronic Communications Act, 18 USC 2510, and its disclosure is strictly limited to the recipient intended by the sender of this message. This communication may contain confidential and privileged material for the sole use of the intended recipient and receipt by anyone other than the intended recipient does not constitute loss of the confidential or privileged nature of the communication. Any review or distribution by others is strictly prohibited. If you are not the intended recipient or an employee or agent responsible for delivering this message to the intended recipient, please contact sender by return electronic mail and delete all copies of this communication. Similar laws in other countries where any recipient of this e-mail resides also apply.