Skip to main content
Notice to Members 04-79

SEC Approves New Chief Executive Officer Compliance Certification and Chief Compliance Officer Designation Requirements

Published Date:

INFORMATIONAL

Annual Compliance Certification and Designation of Chief Compliance Officer

Compliance Date: December 1, 2004

SUGGESTED ROUTING

KEY TOPICS

Continuing Education
Executive Representatives
Legal & Compliance
Registered Representatives
Senior Management
Training

CCO
CEO
Certification
Compliance
Rule 3013
Supervision

Executive Summary

The Securities and Exchange Commission (SEC) has approved new NASD Rule 3013 and an accompanying interpretive material that requires members to (1) designate a chief compliance officer (CCO) and (2) have the chief executive officer (CEO) or equivalent officer certify annually that the member has in places processes to establish, maintain, review, test, and modify written compliance policies and written supervisory procedures reasonably designed to achieve compliance with applicable NASD rules, MSRB rules, and federal securities laws and regulations. Members must designate and identify to NASD on Schedule A of Form BD a principal to serve as CCO by December 1, 2004. The CEO certification must be executed within one year of December 1, 2004 and annually thereafter. The new rule language and interpretive material can be found in Attachment A.

Questions/Further Information

Questions or comments concerning this Notice may be directed to Philip Shaikun, Associate General Counsel, Regulatory Policy and Oversight, at (202) 728-8451.

Background and Discussion

NASD Rule 3013 is intended to bolster attention to members' compliance programs by requiring substantial and purposeful interaction between business and compliance officers throughout the firm. To that end, the rule requires each member to designate a CCO and further requires that the CEO certify annually that the member has in place processes to establish, maintain, review, modify, and test policies and procedures reasonably designed to achieve compliance with applicable NASD rules, MSRB rules, and federal securities laws and regulations.

The certification language and additional guidance are set forth in Interpretive Material (IM) 3013. The certification includes not only a statement that the member has in place certain compliance processes, but also that the CEO has conducted one or more meetings with the CCO in the preceding 12 months to discuss the processes. The interpretive material explains that the mandated meetings between the CEO and CCO must include a discussion of the member's compliance efforts to date and identify and address significant compliance problems and plans for emerging business areas. NASD notes that for certain members, the size, nature, and complexity of their business may warrant more than one annual meeting between the CEO and CCO.

The certification also includes a declaration that the CEO has consulted with the CCO and such other officers, employees, outside consultants, lawyers, and accountants, to the extent necessary to attest to the statements in the certification.

The processes must be evidenced in a report that is provided to the member's board of directors and audit committee. The report must be produced prior to execution of the certification and be reviewed by the CEO, CCO, and any other officers the member deems necessary to make the certification. It should include the manner and frequency in which the processes are administered, as well as the identification of officers and supervisors who have responsibility for such administration. The report need not contain any conclusions resulting from the processes set forth therein. The report may be combined with any other compliance report or other similar report required by any other self-regulatory organization provided it meets certain requirements set forth in the interpretive material.

The designated CCO may hold another position within the member, so long as that person can discharge the duties of the CCO in light of his or her other additional responsibilities. The interpretive material describes the obligations of the CCO with respect to a member's compliance scheme and the indispensable role the CCO must play to enable the CEO to make the certification.

Finally, the interpretive material notes that supervisors with business line responsibility remain accountable for the discharge of a member's compliance policies and written supervisory procedures. The signatory to the certification is certifying only as to having processes in place to establish, maintain, review, test, and modify the member's written compliance and supervisory policies and procedures. It further states that the execution of the certification and any consultation rendered in connection with such certification does not by itself establish business line responsibility.

Members must maintain the certification and report in their files for inspection, but do not need to send them to NASD.

Compliance Date

The rule becomes effective on December 1, 2004. Members therefore will be required to designate and identify to NASD on Schedule A of Form BD a principal to serve as CCO by that effective date. The CEO certification must be executed within one year after the effective date and annually thereafter.


ATTACHMENT A

3013. Annual Certification of Compliance and Supervisory Processes

(a) Designation of Chief Compliance Officer

Each member shall designate and specifically identify to NASD on Schedule A of Form BD a principal to serve as chief compliance officer.
(b) Annual Certification

Each member shall have its chief executive officer (or equivalent officer) certify annually, as set forth in IM-3013, that the member has in place processes to establish, maintain, review, test and modify written compliance policies and written supervisory procedures reasonably designed to achieve compliance with applicable NASD rules, MSRB rules and federal securities laws and regulations, and that the chief executive officer has conducted one or more meetings with the chief compliance officer in the preceding 12 months to discuss such processes.

IM-3013. Annual Compliance and Supervision Certification

The NASD Board of Governors is issuing this interpretation to the requirement under Rule 3013(b), which requires that the member's chief executive officer (or equivalent officer) execute annually1 certification that the member has in place processes to establish, maintain, review, test and modify written compliance policies and written supervisory procedures reasonably designed to achieve compliance with applicable NASD rules, MSRB rules and federal securities laws and regulations. The certification shall state the following:

* * * * * * * * * *

Annual Compliance and Supervision Certification

The undersigned is the chief executive officer (or equivalent officer) of [name of member corporation/partnership/sole proprietorship] (the "Member"). As required by NASD Rule 3013(b), the undersigned makes the following certification:

1. The Member has in place processes to:
 
(a) establish, maintain and review policies and procedures reasonably designed to achieve compliance with applicable NASD rules, MSRB rules and federal securities laws and regulations;
(b) modify such policies and procedures as business, regulatory and legislative changes and events dictate; and
(c) test the effectiveness of such policies and procedures on a periodic basis, the timing and extent of which is reasonably designed to ensure continuing compliance with NASD rules, MSRB rules and federal securities laws and regulations.
2. The undersigned chief executive officer (or equivalent officer) has conducted one or more meetings with the chief compliance officer in the preceding 12 months, the subject of which satisfy the obligations set forth in IM-3013.
3. The Member's processes, with respect to paragraph 1 above, are evidenced in a report reviewed by the chief executive officer (or equivalent officer), chief compliance officer, and such other officers as the Member may deem necessary to make this certification, and submitted to the Member's board of directors and audit committee.
4. The undersigned chief executive officer (or equivalent officer) has consulted with the chief compliance officer and other officers as applicable (referenced in paragraph 2 above) and such other employees, outside consultants, lawyers and accountants, to the extent deemed appropriate, in order to attest to the statements made in this certification.2
* * * * * * * * * *

It is critical that each NASD member understand the importance of employing comprehensive and effective compliance policies and written supervisory procedures. Compliance with applicable NASD rules, MSRB rules and federal securities laws and regulations is the foundation of ensuring investor protection and market integrity and is essential to the efficacy of self-regulation. Consequently, the certification requirement is intended to require processes by each member to establish, maintain, review, test and modify its compliance policies and written supervisory procedures in light of the nature of its businesses and the laws and rules that are applicable thereto, and to evidence such processes in a report reviewed by the chief executive officer (or equivalent officer) executing the certification.

Included in this processes requirement is an obligation on the part of the member to conduct one or more meetings annually between the chief executive officer (or equivalent officer) and the chief compliance officer to: (1) discuss and review the matters that are the subject of the certification; (2) discuss and review the member's compliance efforts as of the date of such meetings; and (3) identify and address significant compliance problems and plans for emerging business areas.

The periodic and content requirements for meetings between the chief executive officer (or equivalent officer) and the chief compliance officer, as well as the pertinent requirements of paragraphs 3 and 4 of the certification, are intended to indicate the unique and integral role of the chief compliance officer both in the discharge of certain compliance processes and reporting requirements that are the subject matter of the certification and in providing a reliable basis upon which the chief executive officer can execute the certification. The chief compliance officer is the primary advisor to the member on its overall compliance scheme and the particularized rules, policies and procedures that the member adopts. This is because the chief compliance officer should have an expertise in the process of (1) gaining an understanding of the products, services or line functions that need to be the subject of written compliance policies and written supervisory procedures; (2) identifying the relevant rules, regulations, laws and standards of conduct pertaining to such products, services or line functions based on experience and/or consultation with those persons who have a technical expertise in such areas of the member's business; (3) developing, or advising other business persons charged with the obligation to develop, policies and procedures that are reasonably designed to achieve compliance with those relevant rules, regulations, laws and standards of conduct; (4) evidencing the supervision by the line managers who are responsible for the execution of compliance policies; and (5) developing programs to test compliance with the member's policies and procedures.

It is that expertise in the process of compliance that makes the chief compliance officer an indispensable party to enable the chief executive officer to reach the conclusions stated in the certification. Consequently, any certification made by a chief executive officer under circumstances where the chief compliance officer has concluded, after consultation, that there is an inadequate basis for making such certification would be, without limitation, conduct inconsistent with the observance of the high standards of commercial honor and the just and equitable principles of trade — a violation of Rule 2110. Beyond the certification requirement, it is the intention of both Rule 3013 and this Interpretive Material to foster regular and significant interaction between senior management and the chief compliance officer regarding the member's comprehensive compliance program.

The chief compliance officer and other compliance officers that report to the chief compliance officer (as described in the sentence that immediately follows) shall perform the compliance functions contemplated by this Interpretive Material and paragraphs 3 and 4 of the certification. Nothing in this Interpretive Material is intended to limit or discourage the participation of other employees both within and without the member's compliance department in any aspect of the member's compliance programs or processes, including those matters discussed in this Interpretive Material. However, it is understood that the chief compliance officer and, where applicable, the most senior compliance officers having primary compliance department responsibility for each of the member's business segments, will retain responsibility for the compliance functions contemplated by this Interpretive Material and paragraphs 3 and 4 of the certification.

As may be necessary to render their views and advice, the chief compliance officer and the other officers referenced in paragraph 3 of the certification who consult with the chief executive officer (or equivalent officer) pursuant to paragraph 4, shall, in turn, consult with other employees, officers, outside consultants, lawyers and accountants.

The NASD Board of Governors recognizes that supervisors with business line responsibility are accountable for the discharge of a member's compliance policies and written supervisory procedures. The signatory to the certification is certifying only as to having processes in place to establish, maintain, review, test and modify the member's written compliance and supervisory policies and procedures and the execution of this certification and any consultation rendered in connection with such certification does not by itself establish business line responsibility.

The requirement to designate a chief compliance officer does not preclude such person from holding any other position within the member, including the position of chief executive officer, provided that such person can discharge the duties of a chief compliance officer in light of his or her other additional responsibilities. The requirement that a member's processes include providing the report to the board of directors and audit committee (required by paragraph 3 of the certification) does not apply to members that do not utilize these types of governing bodies and committees in the conduct of their business.3

The report required in paragraph 3 of the certification must document the member's processes for establishing, maintaining, reviewing, testing and modifying compliance policies, that are reasonably designed to achieve compliance with applicable NASD rules, MSRB rules and federal securities laws and regulations, and any principal designated by the member may prepare the report. The report must be produced prior to execution of the certification and be reviewed by the chief executive officer (or equivalent officer), chief compliance officer and any other officers the member deems necessary to make the certification and must be provided to the member's board of directors and audit committee. The report should include the manner and frequency in which the processes are administered, as well as the identification of officers and supervisors who have responsibility for such administration. The report need not contain any conclusions produced as a result of following the processes set forth therein. The report may be combined with any other compliance report or other similar report required by any other self-regulatory organization provided that (1) such report is clearly titled in a manner indicating that it is responsive to the requirements of the certification and this Interpretive Material; (2) a member that submits a report for review in response to an NASD request must submit the report in its entirety; and (3) the member makes such report in a timely manner, i.e., annually.


1 Members must ensure that each ensuing annual certification is effected no later than on the anniversary date of the previous year's certification.

2 Members should understand that the requirements of Rule 3013 and this Interpretive Material represent, in part, a principle-based requirement to certify that the member has in place processes to establish, maintain, review, test and modify written compliance policies and written supervisory procedures reasonably designed to achieve compliance with applicable NASD rules, MSRB rules and federal securities laws and regulations. Consequently, compliance with the periodic and content requirements in this Interpretive Material pertaining to meetings between the chief executive officer (or equivalent officer) and the chief compliance officer does not satisfy the full extent of these principle-based obligations that will vary with the facts and circumstances of a member's business activities and organizational structure. Moreover, NASD emphasizes the testing aspect of this principle-based requirement; an integral purpose of NASD rules pertaining to supervision is that members adopt policies and procedures that are effective as to both the scope of, and the achievement of compliance with, applicable NASD rules, MSRB rules and federal securities laws and regulations.

3 As a part of their process, members must have the report reviewed by their governing bodies and committees that serve similar functions in lieu of a board of directors and audit committee.