Notice to Members 06-11

SEC Approves Amendment to NASD Interpretive Material 3013 Regarding Timing of Submission of Report that Evidences Processes to a Member's Board of Directors and Audit Committee

Published Date:
Effective Date: March 17, 2006

GUIDANCE

Annual Compliance and Supervision Legal & Compliance Certification

SUGGESTED ROUTING

KEY TOPICS
Legal & Compliance
Operations
Registered Representatives
Senior Management
Training 		IM-3013 (Annual Compliance and Supervision Certification)

Executive Summary

The Securities and Exchange Commission (SEC) has approved an amendment to Interpretive Material 3013 (IM-3013) to establish the timing with respect to the requirement to submit to the member's board of directors and audit committee (or equivalent bodies) a report that evidences certain processes that form the basis of a certification by the Chief Executive Officer (CEO) under Rule 3013.1 The rule change permits submission of the final report to these governing bodies to take place either before or after the execution of the certification, provided that the board of directors and audit committee (or equivalent bodies) receive the report at the earlier of their next scheduled meetings or within 45 days after execution of the certification. The rule change became effective upon SEC approval on March 17, 2006.

The text of IM-3013 with the changes indicated is in Attachment A.

Questions/Further Information

Questions concerning this Notice may be directed to Philip Shaikun, Associate Vice President and Associate General Counsel, Office of General Counsel, Regulatory Policy and Oversight, at (202) 728-8451.

Background and Discussion

NASD Rule 3013 requires each member's CEO or equivalent officer to certify annually that the member has in place processes to establish, maintain, review, modify and test policies and procedures reasonably designed to achieve compliance with applicable NASD rules, MSRB rules and the federal securities laws. The rule is accompanied by IM-3013, which sets forth the actual certification language and also provides additional guidance about the requirements of the rule and sets forth certain limitations to its scope.

The certification consists of four attestations, each set forth in a separate numbered paragraph within IM-3013. In paragraph 3 of the certification, the CEO attests that the member's processes are "evidenced in a report reviewed by the chief executive officer (or equivalent officer), chief compliance officer, and such other officers as the Member may deem necessary to make this certification, and submitted to the Member's board of directors and audit committee."

The rule is not intended to require the board of directors or audit committee to review or consider the report as a condition to the CEO executing the certification. Rather, the requirement that the report be submitted to the member's board of directors and audit committee (or equivalent bodies) is intended to ensure that those governing bodies remain informed of this aspect of the member's compliance system in the context of their overall responsibility for governance and internal controls of the member for which they serve. Accordingly, the rule change permits submission of the final report to these governing bodies to take place either before or after the execution of the certification, provided that the board of directors and audit committee (or equivalent bodies) receive the report at the earlier of their next scheduled meetings or within 45 days after execution of the certification. Importantly, the board of directors and audit committee (or equivalent bodies) must receive the report in its final form regardless of whether the member elects to submit it to them before or after certification by the CEO.

The rule change became effective upon SEC approval on March 17, 2006. Members must execute their first CEO certification no later than April 1, 2006.

1 Exchange Act Release No. 53509 (March 17, 2006) (SR-NASD-2006-036).

ATTACHMENT A

Text of approved rule change. New language is underlined; deletions are in double brackets.

IM-3013. Annual Compliance and Supervision Certification

The NASD Board of Governors is issuing this interpretation to the requirement under Rule 3013(b), which requires that the member's chief executive officer (or equivalent officer) execute annually1 a certification that the member has in place processes to establish, maintain, review, test and modify written compliance policies and written supervisory procedures reasonably designed to achieve compliance with applicable NASD rules, MSRB rules and federal securities laws and regulations. The certification shall state the following:

* * * * * * * * * *

Annual Compliance and Supervision Certification

The undersigned is the chief executive officer (or equivalent officer) of [name of member corporation/partnership/sole proprietorship] (the "Member"). As required by NASD Rule 3013(b), the undersigned makes the following certification:

1. The Member has in place processes to:

(a) establish, maintain and review policies and procedures reasonably designed to achieve compliance with applicable NASD rules, MSRB rules and federal securities laws and regulations;
(b) modify such policies and procedures as business, regulatory and legislative changes and events dictate; and
(c) test the effectiveness of such policies and procedures on a periodic basis, the timing and extent of which is reasonably designed to ensure continuing compliance with NASD rules, MSRB rules and federal securities laws and regulations.
2. The undersigned chief executive officer (or equivalent officer) has conducted one or more meetings with the chief compliance officer in the preceding 12 months, the subject of which satisfy the obligations set forth in IM-3013.
3. The Member's processes, with respect to paragraph 1 above, are evidenced in a report reviewed by the chief executive officer (or equivalent officer), chief compliance officer, and such other officers as the Member may deem necessary to make this certification [[, and]]. The final report has been submitted to the Member's board of directors and audit committee or will be submitted to the Member's board of directors and audit committee (or equivalent bodies) at the earlier of their next scheduled meetings or within 45 days of the date of execution of this certification.
4. The undersigned chief executive officer (or equivalent officer) has consulted with the chief compliance officer and other officers as applicable (referenced in paragraph 3 above) and such other employees, outside consultants, lawyers and accountants, to the extent deemed appropriate, in order to attest to the statements made in this certification.2

* * * * * * * * * *

It is critical that each NASD member understand the importance of employing comprehensive and effective compliance policies and written supervisory procedures. Compliance with applicable NASD rules, MSRB rules and federal securities laws and regulations is the foundation of ensuring investor protection and market integrity and is essential to the efficacy of self-regulation. Consequently, the certification requirement is intended to require processes by each member to establish, maintain, review, test and modify its compliance policies and written supervisory procedures in light of the nature of its businesses and the laws and rules that are applicable thereto, and to evidence such processes in a report reviewed by the chief executive officer (or equivalent officer) executing the certification.

Included in this processes requirement is an obligation on the part of the member to conduct one or more meetings annually between the chief executive officer (or equivalent officer) and the chief compliance officer to: (1) discuss and review the matters that are the subject of the certification; (2) discuss and review the member's compliance efforts as of the date of such meetings; and (3) identify and address significant compliance problems and plans for emerging business areas.

The periodic and content requirements for meetings between the chief executive officer (or equivalent officer) and the chief compliance officer, as well as the pertinent requirements of paragraphs 3 and 4 of the certification, are intended to indicate the unique and integral role of the chief compliance officer both in the discharge of certain compliance processes and reporting requirements that are the subject matter of the certification and in providing a reliable basis upon which the chief executive officer can execute the certification. The chief compliance officer is the primary advisor to the member on its overall compliance scheme and the particularized rules, policies and procedures that the member adopts. This is because the chief compliance officer should have an expertise in the process of (1) gaining an understanding of the products, services or line functions that need to be the subject of written compliance policies and written supervisory procedures; (2) identifying the relevant rules, regulations, laws and standards of conduct pertaining to such products, services or line functions based on experience and/or consultation with those persons who have a technical expertise in such areas of the member's business; (3) developing, or advising other business persons charged with the obligation to develop, policies and procedures that are reasonably designed to achieve compliance with those relevant rules, regulations, laws and standards of conduct; (4) evidencing the supervision by the line managers who are responsible for the execution of compliance policies; and (5) developing programs to test compliance with the member's policies and procedures.

It is that expertise in the process of compliance that makes the chief compliance officer an indispensable party to enable the chief executive officer to reach the conclusions stated in the certification. Consequently, any certification made by a chief executive officer under circumstances where the chief compliance officer has concluded, after consultation, that there is an inadequate basis for making such certification would be, without limitation, conduct inconsistent with the observance of the high standards of commercial honor and the just and equitable principles of trade—a violation of Rule 2110. Beyond the certification requirement, it is the intention of both Rule 3013 and this Interpretive Material to foster regular and significant interaction between senior management and the chief compliance officer regarding the member's comprehensive compliance program.

The chief compliance officer and other compliance officers that report to the chief compliance officer (as described in the sentence that immediately follows) shall perform the compliance functions contemplated by this Interpretive Material and paragraphs 3 and 4 of the certification. Nothing in this Interpretive Material is intended to limit or discourage the participation of other employees both within and without the member's compliance department in any aspect of the member's compliance programs or processes, including those matters discussed in this Interpretive Material. However, it is understood that the chief compliance officer and, where applicable, the most senior compliance officers having primary compliance department responsibility for each of the member's business segments, will retain responsibility for the compliance functions contemplated by this Interpretive Material and paragraphs 3 and 4 of the certification.

As may be necessary to render their views and advice, the chief compliance officer and the other officers referenced in paragraph 3 of the certification who consult with the chief executive officer (or equivalent officer) pursuant to paragraph 4, shall, in turn, consult with other employees, officers, outside consultants, lawyers and accountants.

The NASD Board of Governors recognizes that supervisors with business line responsibility are accountable for the discharge of a member's compliance policies and written supervisory procedures. The signatory to the certification is certifying only as to having processes in place to establish, maintain, review, test and modify the member's written compliance and supervisory policies and procedures and the execution of this certification and any consultation rendered in connection with such certification does not by itself establish business line responsibility.

The requirement to designate a chief compliance officer does not preclude such person from holding any other position within the member, including the position of chief executive officer, provided that such person can discharge the duties of a chief compliance officer in light of his or her other additional responsibilities. The requirement that a member's processes include providing the report to the board of directors and audit committee (required by paragraph 3 of the certification) does not apply to members that do not utilize these types of governing bodies and committees in the conduct of their business.3

The report required in paragraph 3 of the certification must document the member's processes for establishing, maintaining, reviewing, testing and modifying compliance policies, that are reasonably designed to achieve compliance with applicable NASD rules, MSRB rules and federal securities laws and regulations, and any principal designated by the member may prepare the report. The report must be produced prior to execution of the certification and be reviewed by the chief executive officer (or equivalent officer), chief compliance officer and any other officers the member deems necessary to make the certification and must be provided to the member's board of directors and audit committee in final form either prior to execution of the certification or at the earlier of their next scheduled meetings or within 45 days of execution of the certification. The report should include the manner and frequency in which the processes are administered, as well as the identification of officers and supervisors who have responsibility for such administration. The report need not contain any conclusions produced as a result of following the processes set forth therein. The report may be combined with any other compliance report or other similar report required by any other self-regulatory organization provided that (1) such report is clearly titled in a manner indicating that it is responsive to the requirements of the certification and this Interpretive Material; (2) a member that submits a report for review in response to an NASD request must submit the report in its entirety; and (3) the member makes such report in a timely manner, i.e., annually.

1 Members must ensure that each ensuing annual certification is effected no later than on the anniversary date of the previous year's certification.

2 Members should understand that the requirements of Rule 3013 and this Interpretive Material represent, in part, a principle-based requirement to certify that the member has in place processes to establish, maintain, review, test and modify written compliance policies and written supervisory procedures reasonably designed to achieve compliance with applicable NASD rules, MSRB rules and federal securities laws and regulations. Consequently, compliance with the periodic and content requirements in this Interpretive Material pertaining to meetings between the chief executive officer (or equivalent officer) and the chief compliance officer does not satisfy the full extent of these principle-based obligations that will vary with the facts and circumstances of a member's business activities and organizational structure. Moreover, NASD emphasizes the testing aspect of this principle-based requirement; an integral purpose of NASD rules pertaining to supervision is that members adopt policies and procedures that are effective as to both the scope of, and the achievement of compliance with, applicable NASD rules, MSRB rules and federal securities laws and regulations.

3 As a part of their process, members must have the report reviewed by their governing bodies and committees that serve similar functions in lieu of a board of directors and audit committee.