Regulatory Notice 11-54

FINRA and the SEC Issue Joint Guidance on Effective Policies and Procedures for Broker-Dealer Branch Inspections

Published Date:

Branch Office Inspections

Regulatory Notice
Notice Type

Guidance		Referenced Rules & Notices

NASD Rule 3010
NTM 98-96
NTM 99-45
Suggested Routing

Compliance
Internal Audit
Risk
Senior Management		Key Topics

Branch Office Inspections
Risk Management
Supervision

Executive Summary

FINRA and the Securities and Exchange Commission's Office of Compliance Inspections and Examinations are issuing the attached National Exam Risk Alert to provide broker-dealer firms with information on developing effective policies and procedures for branch office inspections. The Alert reminds firms of supervisory requirements under FINRA's supervision rule and notes common deficiencies and strong compliance practices.

Questions concerning this Notice should be directed to:

•   Michael Rufino, Chief Operating Officer, Member Regulation Sales Practice, at (212) 858-4487; or
•   George Walz, Vice President, Office of Risk, at (202) 728-8211.

National Examination Risk Alert

By the Office of Compliance Inspections and Examinations in cooperation with the Financial Industry Regulatory Authority 1

Information for Managers and Chief Compliance Officers

Volume I, Issue 2

November 30, 2011

In this Alert:

Topic: Broker-dealer branch inspections

Objectives: Encourage firms to create effective policies and procedures for their branch inspections.

Key Takeaways:

A broker-dealer's branch inspection program is a key part of its supervisory system.

Exam staff have found a number of deficiencies in branch inspections conducted by firms.

This Risk Alert presents a joint report by OCIE staff and FINRA staff, highlighting a number of practices that examiners have observed that are found in effective branch office supervisory systems.

Broker-Dealer Branch Inspections

The branch inspection process is a critical component of a comprehensive risk management program and can help protect investors and the interests of the firm. OCIE and FINRA examination staff have observed that firms that execute this process well typically:

•   tailor the focus of branch exams to the business conducted in that branch and assess the risks specific to that business;
•   schedule the frequency and intensity of exams based on underlying risk, rather than on an arbitrary cycle, but examine branch offices at least annually;
•   engage in a significant percentage of unannounced exams, selected through a combination of risk based analysis and random selection;
•   deploy sufficiently senior branch office examiners who understand the business and have the gravitas to challenge assumptions; and
•   design procedures to avoid conflicts of interest by examiners that may serve to undermine complete and effective inspection.

Conversely, firms with significant deficiencies in the integrity of their overall branch inspection process, typically:

•   utilize generic examination procedures for all branch offices, regardless of business mix and underlying risk;
•   try to leverage novice or unseasoned branch office examiners who do not have significant depth of experience or understanding of the business to challenge assumptions;
•   perform the inspection in a "check the box" fashion without questioning critically the integrity of underlying control environments and their effect on risk exposure;
•   devote minimal time to each exam and little, if any, resources to reviewing the effectiveness of the branch office exam program;
•   fail to follow the firm's own policies and procedures by not inspecting branch offices as required, announcing exams that were supposed to be unannounced, or failing to generate a written inspection report that included the testing and verification of the firm's policies and procedures, including supervisory policies and procedures;
•   fail to have adequate policies and procedures, particularly in firms that use an independent contractor model and that allow registered personnel to also conduct business away from the firm; and
•   lack heightened supervision of individuals with disciplinary histories or individuals previously associated with a firm with a disciplinary history.

A well-designed branch inspection program is both: (1) a necessary element (but not the only element) of a firm's compliance and reasonable supervision of its branch offices and branch office personnel under Section 15(b)(4)(E) of the Securities Exchange Act as well as FINRA rules; and (2) an integral component of the firm's risk management program. The branch inspection provides the firm with the opportunity to validate its surveillance results from branch offices and to gather on-site intelligence that supplements the ongoing management and surveillance of the branch from a business and risk management standpoint.

Risk-Based Inspections

An effective risk assessment process will help drive the frequency, intensity and focus of branch office inspections; it should also serve as an important consideration in the decision to conduct the exam on an announced or unannounced basis. Therefore, branch offices should be continuously monitored with respect to changes in the overall business, products, people and practices. Branch inspections should be conducted by persons that have sufficient knowledge and experience to evaluate the activities of the branch, and should be overseen by senior personnel such as the CCO or other knowledgeable principal. Further, procedures should be designed to avoid conflicts of interest that may serve to undermine complete and effective inspections because of the economic, commercial or financial interests that an examiner holds in the associated person or branch being inspected.

Branch office inspections provide an opportunity for oversight that should enhance the firm's routine surveillance and supervisory activities. For instance, branch office inspections may allow a firm to better identify the nature and extent of outside business activities of registered branch office personnel. Outside business activities conducted by registered persons may carry added risk because these activities may be perceived by customers as part of the member's business. Confirming that the scope of outside business activities of registered branch office personnel conform to those activities authorized by the firm is an important component of the branch office inspection, and addresses a risk that may be more difficult to monitor. For much the same reasons, unannounced inspections (which do not provide an opportunity to hide, alter or destroy documentation or other information reflecting such activities) are a critical element of any well designed branch office inspection program and should constitute a significant percentage of all exams conducted.

This ongoing risk analysis should be a key element of the firm's exam planning process and lead to more frequent examinations of offices posing higher levels of risk than dictated by the firm's non-risk based cycle, and lead firms to engage in more unannounced exams of such offices. Some areas of high risk to consider are: sales of structured products; sales of complex products, including variable annuities; sales of private or otherwise unregistered offerings of any type; or offices that associate with individuals with a disciplinary history or that previously worked at a firm with a disciplinary history. NASD IM-3010-1 also lists additional factors to consider in making this determination.

Pursuant to NASD Rule 3010(c)(2), each branch office inspection must include a written report that includes, at a minimum, testing and verification of the firm's policies and procedures in specified areas. As discussed further below, it is a good practice for this report to note any deficiencies and areas of improvement, as well as outline agreed-upon actions, including timelines, to correct the identified deficiencies.

Oversight of Branch Office Inspections

A broker-dealer's internal branch inspection program is a necessary part of its supervisory system and a strong indicator of a firm's culture of compliance. To test the quality of broker-dealers' required inspections of branch offices, SEC and FINRA examiners may seek to review and verify items related to an effective branch examination program, particularly matters such as supervisory procedures regarding customer accounts and sales of retail products. For example, examiners may review the following:

•   policies and procedures, including supervisory procedures as they pertain to the supervision of customer accounts, including those serviced by income producing managers;
•   policies and procedures relating to the handling of money and securities physically received at the branch;
•   validation of changes in customer addresses and other account information in accounts serviced by the branch;
•   procedures related to transmittals of funds between customers and third parties, and between customers and registered representatives ("RRs");

•   firm testing of policies and procedures related to specific retail products, including:

•   sales of structured products;
•   private and other unregistered offerings;
•   municipal securities;
•   mutual funds; and
•   variable annuity sales and exchanges;

•   firm testing in retail sales practice areas, including:

•   verification of customer account information;
•   supervision of customer accounts;
•   written supervisory procedures ("WSPs");
•   new account review, suitability of investments;
•   unauthorized trading;
•   churning;
•   allocations of new issues;
•   licensing; and
•   training;
•   advertising and other communications with the public or with customers (such as email and other written correspondence) and compliance with approval procedures;
•   evidence of unreported outside or other unauthorized business activities by review of: customer files, written materials on the premises and at any satellite locations, branch office accounting records, appointment books and calendars, phone records, bank records;
•   procedures for handling of customer complaints;
•   risk-based reviews of bank accounts of the branch and affiliated entities, third-party wire transfers, and branch signature guarantee log; and
•   procedures to uncover use of unauthorized computers or other electronic devices and/or social media.

Requirements and Guidance Pertaining to Broker-Dealer Branch Inspections

The responsibility of broker-dealers to supervise their associated persons is a critical component of the federal regulatory scheme. Sections 15(b)(4)(E) and 15(b)(6)(A) of the Exchange Act authorize the Commission to impose sanctions on a firm or any person that fails to reasonably supervise someone that is subject to the supervision of such firm or person who violates the federal securities laws. In order to defend such a charge, a broker-dealer could show that it has established procedures that would reasonably be expected to prevent and detect a violation by such other person, and has a system for applying such procedures that has been effectively implemented. Such a system must be designed in such a way that it could reasonably be expected to prevent and detect, insofar as practicable, securities law violations.

The staff of the SEC's Division of Trading and Markets (formerly known as the Division of Market Regulation) has noted that an effective branch office inspection program is a vital component of a supervisory system reasonably designed to oversee activities at remote branch offices.2 A number of Commission decisions in the area, both settled and litigated, set forth principles that can guide firms in constructing an effective branch office inspection program.3 Those cases suggest that regular branch office inspections over reasonably short intervals, including unannounced inspections, are the cornerstone of a well designed branch office inspection program.4 The Commission has sanctioned firms that have not conducted unannounced examinations of their branch offices. 5 Where a firm only conducts pre-announced examinations, that could create opportunities for branch office personnel to alter or destroy, documents, or commit other securities law violations, resulting in major fines for the firm.6 As a result, OCIE and FINRA staff believe that a well-constructed branch office inspection program should include unannounced inspections, based on a combination of random selection, risk-based selection and for cause exams.

Beyond the timing and nature of the inspections, OCIE and FINRA staff also believe that past guidance suggests that a well-constructed branch office supervisory program should include: procedures for heightened supervision of remote branch offices that have associated persons with disciplinary histories; independent verification of the nature and extent of outside business activities; senior management's involvement in assuring that adequate procedures are in place and that sufficient resources are devoted to implementing those procedures; periodic reassessment of supervisory responsibilities ; adequate delineation of supervisory responsibilities; periodic reassessment of supervisory responsibilities; thorough investigation and documentation of customer complaints; and a system of follow up and review of those and other red flags.7

FINRA rules and rule interpretations provide additional requirements and guidance in the area. NASD Rule 3010(b) requires every member broker-dealer to establish, maintain and enforce written procedures to supervise the types of business in which it engages and to supervise the activities of RRs, registered principals, and other associated persons that are reasonably designed to achieve compliance with applicable securities laws and regulations, and with the applicable FINRA rules.

Notice to Members 99-45 instructs broker-dealers to adopt and implement a supervisory system that is "tailored specifically to the member's business and must address the activities of all its registered representatives and associated persons."8 Procedures that merely recite the applicable rules or fail to describe the steps the firm will take to determine compliance with applicable securities laws and regulations are not reasonable.9 A broker-dealer's procedures should instruct the supervisor on the requirements needed to be in compliance with the regulations.10 The procedures should describe the activities the supervisor will conduct along with the frequency as to when the reviews will be conducted.11

NASD Rule 3010(c)(1) requires each member to conduct a review, at least annually, of the businesses in which it engages. A broker-dealer must conduct on-site inspections of each of its office locations; Office of Supervisory Jurisdictions ("OSJs")12 and non-OSJ branches that supervise non-branch locations at least annually, all non-supervising branch offices at least every three years; and non-branch offices periodically. For these other branch offices, firms should consider whether a cycle of less than three years would be more appropriate, using factors such as the nature and complexity of the branch's securities business, the volume of business done, and the number of associated persons assigned to each branch.13 Pursuant to NASD Rule 3010(c)(1), broker-dealers must document the examination schedules for each non-supervisory branch and non-branch office in their WSPs, including a description of the factors used to determine the examination cycle for such locations. The rule also requires broker-dealers to record the dates each inspection was conducted.14

Pursuant to NASD Rule 3010(c)(2) the reports reflecting these reviews and inspections must be kept on file by the broker-dealer for a minimum of three years. NASD Rule 3010(c)(3) generally prohibits a branch office manager or any other person within the office with supervisory duties (or any person supervised by such person) from conducting an inspection of the office.15

Review of Effective Practices

As noted throughout this Risk Alert, SEC and FINRA examiners have identified some practices that are characteristic of many effective supervisory procedures and effective branch office supervisory systems.16 Such practices are consolidated here:

•   Using risk analysis to identify whether individual non-supervising branches should be inspected more frequently than the FINRA-required minimum three-year cycle. Branches that meet certain risk criteria based on risk ratings are inspected more often. In addition, some firms conduct "re-audits" more frequently than required when routine inspections reveal a higher than normal number of deficiencies, repeat deficiencies or serious deficiencies. Typically, these re-audits and audits for cause are unannounced inspections.
•   Using surveillance reports, employing current technology and techniques as appropriate, to help identify risk and develop a customized approach for the firm's compliance program and branch office inspections that considers the type of business conducted at each branch.
•   Employing comprehensive checklists that incorporate previous inspection findings and trends from internal reports such as audit reports.
•   Conducting unannounced branch inspections. Firms elected to conduct unannounced examinations either randomly or based on certain risk factors. These "surprise" exams may yield a more realistic picture of a broker-dealer's supervisory system, as it reduces the risk that individual RRs and principals might attempt to falsify, conceal or destroy records in anticipation for an internal inspection.
•   Including in the written report of each branch inspection any noted deficiencies and areas of improvement. The report should also outline agreed upon actions, including timelines, to correct the identified deficiencies.
•   Using examiners with sufficient experience to understand the business being conducted at the particular branch being examined and the gravitas to challenge assumptions.
•   Designing procedures to avoid conflicts of interest by examiners that may serve to undermine complete and effective inspection.
•   Involving qualified senior personnel in several branch office examinations per year.
•   Incorporating findings on results of branch office inspections into appropriate management information or risk management systems; and using a compliance database that enables compliance personnel in various offices to have centralized access to comprehensive information about all of the firm's RRs and their business activities. Such a system appears to be highly useful to the compliance personnel at the OSJ and elsewhere for quickly accessing information and for supervising independent contractor RRs dispersed across a broad geographic area.
•   Providing branch office managers with the firm's internal inspection findings and requiring them to take and document corrective action.
•   Tracking corrective action taken by each branch office manager in response to branch audit findings.
•   Elevating the frequency and/or scope of branch inspections where registered personnel are allowed to conduct business activities other than as associated persons of a broker-dealer, for example away from the firm.

Conclusion

This alert reminds broker-dealers that their branch office inspections must be conducted with vigilance. It describes certain supervisory tools that, based on OCIE and FINRA staff examinations and Commission enforcement cases, are characteristic of good supervisory procedures for branch office inspections, including the use of unannounced onsite inspections. While this alert summarizes recognized precedent and standards, and provides OCIE and FINRA staff views with regard to means to enhance branch inspections, it does not provide an exhaustive list of steps to effectively discharge responsibilities. A well-designed branch office inspection program is a necessary element — but not the only element — of reasonable supervision of a firm's branch offices and branch office personnel.

We recognize that each firm is different and that firms need flexibility to adopt procedures to suit their individual structures and business needs. Our suggestions as to compliance methods are not meant to be exclusive or exhaustive and do not constitute a safe harbor. Rather, this report may assist firms in crafting more effective policies and procedures for branch office inspections to prevent and detect misconduct. We urge firms to review their policies and procedures in this regard to determine if they are reasonably designed to prevent and detect violations of applicable law and rules.

1 The Securities and Exchange Commission ("SEC"), as a matter of policy, disclaims responsibility for any private publication or statement by any of its employees. The views expressed herein are those of the staff of the Office of Compliance Inspections and Examinations ("OCIE") in coordination with other SEC staff, including in the Division of Trading and Markets, and do not necessarily reflect the views of the Commission or the other staff members of the SEC. This document was prepared by OCIE staff in consultation with the staff of the Financial Industry Regulatory Authority ("FINRA") and is not legal advice.

2 Staff Legal Bulletin No. 17, Remote Office Supervision (March 19, 2004) ("SLB 17").

3See, e.g., Consolidated Investment Services, Inc., Rel. No. 34-36687(Jan. 5, 1996) (where the Commission notes that: "We also agree with the law judge that surprise inspections of [the branch office] would have been a prudent course of action;" Signal Securities, Inc.,, Rel. No. 34-43350 (Sep. 26, 2000) ()(citing Consolidated Investment Services); and Quest Capital Strategies, Rel. No. 34-44935 (Oct. 15, 2001) ()(where the Commission stated that : "A surprise inspection is a compliance tool that is necessarily available to every securities firm in carrying out its supervisory responsibilities."); Royal Alliance Associates, Inc., Rel. No. 34-38174 (Jan. 15, 1997) ()(settled matter); see also SLB 17.

4See, e.g., Consolidated Investment Services, Inc., Rel. No. 34-36687(Jan.5, 1996); Signal Securities, Inc., Rel. No. 34-43350 (Sep. 26, 2000); Quest Capital Strategies, Rel. No. 34-44935 (Oct. 15, 2001).

5See, e.g., Quest Capital Strategies, Inc., Rel. No. 34-44935 (Oct. 15, 2001) and NYLIFE Securities Inc., Rel. No. 34-40459 (September 23, 1998) (settled matter).

6See, e.g., Fidelity Brokerage Services, LLC, Rel. No. 34-50138 (Aug. 3, 2004) (pre-announced inspections resulted in, among other things, employees altering and destroying documents; sanctions included a $1,000,000 fine payable to the SEC, plus a $1,000,000 fine payable to the NYSE) (settled matter).

7See, e.g., Prospera Financial Services, Admin. Pro. File No. 3-10306, Rel. No. 34-43352 (September 26, 2000) (settled matter) for a discussion of the above elements of a branch office supervisory program; see also SLB 17 for further discussion of these and other elements of an effective branch office supervisory system. See also NASD IM-3010-1 (Standards for Reasonable Review).

8NASD Notice to Members 99-45 (June 1999) at 294.

9Id. at 295. See also NASD Notice to Members 98-96 (Dec. 1998).

10NASD Notice to Members 99-45 (June 1999) at 293-94 (giving examples of situations in which "written supervisory procedures would instruct the supervisor" in how to document compliance)..

11Id.

12 An OSJ is defined under NASD Rule 3010(g) as any office of a member at which any one or more of the following functions take place: (a) order execution and/or market making; (b) structuring of public offerings or private placements; (c) maintaining custody of customers' funds and/or securities; (d) final acceptance (approval) of new accounts; (e) review and endorsement of customer orders; (f) final approval of advertising or sales literature, except for an office that solely conducts final approval of research reports; or, (g) responsibility for supervising the activities of associated persons at one or more other branch offices.

13 NASD Rule 3010(c)(1)(B).

14 NASD Rule 3010(c), which governs "Internal Inspections," requires that each broker-dealer review the activities of each of its offices including the periodic examination of customer accounts to detect and prevent irregularities or abuses. The rule also requires that the written inspection report include, without limitation, the testing and verification of the member's policies and procedures, including supervisory policies and procedures in the following areas:

•   Safeguarding of customer funds and securities;
•   Maintaining books and records;
•   Supervision of customer accounts serviced by branch office managers;
•   Transmittal of funds between customers and RRs and between customers and third parties;
•   Validation of customer address changes; and
•   Validation of changes in customer account information.

15 However, the rule provides an exception from this requirement for a firm so limited in size and resources that it cannot otherwise comply. Under NASD Rule 3010(c)(3) the basis for this exception must be documented in the report for each inspection conducted in reliance on the exception.

16 Firms are encouraged to consider the practices described herein in assessing their own procedures and implementing improvements that will best protect their clients. Firms are cautioned that these factors and suggestions are not exhaustive, and they constitute neither a safe harbor nor a "checklist" for SEC staff examiners. Other practices besides those highlighted here may be appropriate as alternatives or supplements to these practices. While some of the effective practices above are existing regulatory requirements, the adequacy of a supervisory program can be determined only with reference to the profile of the specific firm and the specific facts and circumstances.