Skip to main content
Notice to Members 07-32

NASD Amends Rule 3013 and Interpretive Material 3013 to Permit Members to Designate Co-Chief Executive Officers and Multiple Chief Compliance Officers

Published Date:
Compliance Date: July 16, 2007

GUIDANCE

SUGGESTED ROUTING

KEY TOPICS

Legal & Compliance
Operations
Registered Representatives
Senior Management
Training
Rule 3013
IM-3013

Annual Certification of Compliance and Supervisory Processes

Executive Summary

Effective July 16, 2007, NASD member firms may designate co-chief executive officers (co-CEOs) and multiple chief compliance officers (co-CCOs) to discharge the requirements of Rule 3013 (Annual Certification of Compliance and Supervisory Processes and accompanying IM-3013. The text of the rules, as amended, are set forth in Attachment A of this Notice.1

Questions/Further Information

Questions regarding this Notice may be directed to Philip Shaikun, Associate Vice President and Associate General Counsel, Office of General Counsel, at (202) 728-8451.

Background & Discussion

NASD Rule 3013(a) requires each member to designate, and specifically identify on Schedule A of the Uniform Application for Broker-Dealer Registration (Form BD), a principal to serve as chief compliance officer (CCO). Rule 3013(b) requires that the CEO certify annually that the firm has in place processes to establish, maintain, review, modify and test policies and procedures reasonably designed to achieve compliance with applicable NASD rules, MSRB rules and federal securities laws and regulations.

The certification language and additional guidance are set forth in IM-3013. The certification includes not only a statement that the member has in place certain compliance processes, but also that the CEO has conducted one or more meetings with the CCO in the preceding 12 months to discuss the processes. The IM explains that the mandated meetings between the CEO and CCO must include a discussion of the firm's compliance efforts to date and identify and address significant compliance problems and plans for emerging business areas. The IM further sets forth the expertise that is expected of a CCO, including the process of gaining an understanding of a member's products, services and line functions that need to be the subject of written compliance policies and written supervisory procedures.

NASD recognizes that such expertise may reside in more than one individual in firms with distinct business segments. In those circumstances, NASD believes the purposes of the rule can be achieved equally effectively by dividing the responsibility to advise the firm on its compliance scheme among those compliance experts within each business unit. Accordingly, the amendment permits a member to designate multiple CCOs on Schedule A of Form BD, provided that:

(1) each designated CCO is a principal;
(2) the member precisely defines and documents the areas of primary compliance responsibility assigned to each designated CCO and makes specific provisions for which of the designated CCOs has primary compliance responsibility in areas that can reasonably be expected to overlap;
(3) each designated CCO satisfies all of the requirements of Rule 3013 and IM-3013 with respect to his or her defined area of primary compliance responsibility as if that individual was the firm's only CCO; and
(4) collectively, the designated CCOs have the responsibilities and expertise that enable them to consult with the CEO on the totality of the subject matters required to be addressed in the certification by the CEO under Rule 3013.

Thus, for example, IM-3013 explains that member must conduct one or more meetings annually between the CEO and CCO to (1) discuss and review the matters that are the subject of the certification; (2) discuss and review the member's compliance efforts as of the date of such meetings; and (3) identify and address significant compliance problems and plans for emerging business areas. A member that chooses to have multiple CCOs must conduct one or more meetings annually between the CEO and each designated CCO, individually or collectively. And at each such meeting, the CEO is required to discuss with each CCO the required topics, but only as it relates to the particular CCO's defined area of primary compliance responsibility. Similarly, the IM requires review by the CCO of the report evidencing a member's processes and consultation by the CEO with the CCO prior to execution of the certification. Firms with multiple CCOs must have each CCO must review the report, and the CEO must consult with each CCO prior to certification.

The amendment also permits the designation of a single co-CEO solely for the purposes of compliance with Rule 3013 and IM-30132 (a member firm may have a maximum of two CEOs). However, in contrast to the change that permits co-CCOs, co-CEOs may not divide up the requirements of the Rule and IM; rather, each of the two CEOs are required to individually discharge all of the obligations set forth in Rule 3013 and IM-3013, each is responsible for the representations in the certification as if they were the member's only CEO, and the signature of each co-CEO is be expected to appear on the same single annual certification.


1 NASD filed this amendment with the Securities and Exchange Commission for immediate effectiveness on July 16, 2007. See SR-NASD-2007-049. Pursuant to Section 19(b) of the Securities Exchange Act of 1934, the SEC has authority to summarily abrogate this type of rule change within 60 days of the filing.

2 Designation of a co-CEO pursuant to the rule amendment has no effect on any other regulatory obligation imposed on a member or its CEO.


ATTACHMENT A

Below is the text of the rule change. New language is underlined; deletions are in brackets.

3013. Annual Certification of Compliance and Supervisory Processes

(a) Designation of Chief Compliance Officer(s)

Each member shall designate and specifically identify to NASD on Schedule A of Form BD one or more [[a]] principals to serve as a chief compliance officer.
(b) Annual Certification

Each member shall have its chief executive officer(s) (or equivalent officer(s)) certify annually,1 as set forth in IM-3013, that the member has in place processes to establish, maintain, review, test and modify written compliance policies and written supervisory procedures reasonably designed to achieve compliance with applicable NASD rules, MSRB rules and federal securities laws and regulations, and that the chief executive officer(s) has conducted one or more meetings with the chief compliance officer(s) in the preceding 12 months to discuss such processes.

1 No change to text of footnote.

IM-3013. Annual Compliance and Supervision Certification

The NASD Board of Governors is issuing this interpretation to the requirement under Rule 3013(b), which requires that the member's chief executive officer(s) (or equivalent officer(s)) execute annually1 a certification that the member has in place processes to establish, maintain, review, test and modify written compliance policies and written supervisory procedures reasonably designed to achieve compliance with applicable NASD rules, MSRB rules and federal securities laws and regulations. A member may choose to designate a second co-chief executive officer, provided that each of the two chief executive officers must individually discharge all of the obligations set forth in Rule 3013 and this Interpretive Material, and each shall be held responsible for the representations in the certification as if they were the member's only chief executive officer.2 The certification shall state the following:


1 No change to text of footnote.

2Designation of a co-chief executive officer pursuant to this Interpretive Material applies only for the purposes of Rule 3013 and IM-3013 and has no effect on any other regulatory obligation imposed on a member or its chief executive officer.

* * *

Annual Compliance and Supervision Certification

The undersigned is/are the chief executive officer(s) (or equivalent officer(s)) of [name of member corporation/partnership/sole proprietorship] (the "Member"). As required by NASD Rule 3013(b), the undersigned make(s) the following certification:

1. The Member has in place processes to:
(a) establish, maintain and review policies and procedures reasonably designed to achieve compliance with applicable NASD rules, MSRB rules and federal securities laws and regulations;
(b) modify such policies and procedures as business, regulatory and legislative changes and events dictate; and
(c) test the effectiveness of such policies and procedures on a periodic basis, the timing and extent of which is reasonably designed to ensure continuing compliance with NASD rules, MSRB rules and federal securities laws and regulations.
2. The undersigned chief executive officer(s) (or equivalent officer(s)) has/have conducted one or more meetings with the chief compliance officer(s) in the preceding 12 months, the subject of which satisfy the obligations set forth in IM-3013.
3. The Member's processes, with respect to paragraph 1 above, are evidenced in a report reviewed by the chief executive officer(s) (or equivalent officer(s)), chief compliance officer(s), and such other officers as the Member may deem necessary to make this certification. The final report has been submitted to the Member's board of directors and audit committee or will be submitted to the Member's board of directors and audit committee (or equivalent bodies) at the earlier of their next scheduled meetings or within 45 days of the date of execution of this certification.
4. The undersigned chief executive officer(s) (or equivalent officer(s)) has/have consulted with the chief compliance officer(s) and other officers as applicable (referenced in paragraph 3 above) and such other employees, outside consultants, lawyers and accountants, to the extent deemed appropriate, in order to attest to the statements made in this certification.[2]3

[2]3 Members should understand that the requirements of Rule 3013 and this Interpretive Material represent, in part, a principle-based requirement to certify that the member has in place processes to establish, maintain, review, test and modify written compliance policies and written supervisory procedures reasonably designed to achieve compliance with applicable NASD rules, MSRB rules and federal securities laws and regulations. Consequently, compliance with the periodic and content requirements in this Interpretive Material pertaining to meetings between the chief executive officer(s) (or equivalent officer(s)) and the chief compliance officer(s) does not satisfy the full extent of these principle-based obligations that will vary with the facts and circumstances of a member's business activities and organizational structure. Moreover, NASD emphasizes the testing aspect of this principle-based requirement; an integral purpose of NASD rules pertaining to supervision is that members adopt policies and procedures that are effective as to both the scope of, and the achievement of compliance with, applicable NASD rules, MSRB rules and federal securities laws and regulations.

* * *

It is critical that each NASD member understand the importance of employing comprehensive and effective compliance policies and written supervisory procedures. Compliance with applicable NASD rules, MSRB rules and federal securities laws and regulations is the foundation of ensuring investor protection and market integrity and is essential to the efficacy of self-regulation. Consequently, the certification requirement is intended to require processes by each member to establish, maintain, review, test and modify its compliance policies and written supervisory procedures in light of the nature of its businesses and the laws and rules that are applicable thereto, and to evidence such processes in a report reviewed by the chief executive officer(s) (or equivalent officer(s)) executing the certification.

Included in this processes requirement is an obligation on the part of the member to conduct one or more meetings annually between the chief executive officer(s) (or equivalent officer(s)) and the chief compliance officer(s) to: (1) discuss and review the matters that are the subject of the certification; (2) discuss and review the member's compliance efforts as of the date of such meetings; and (3) identify and address significant compliance problems and plans for emerging business areas.

The periodic and content requirements for meetings between the chief executive officer(s) (or equivalent officer(s)) and the chief compliance officer(s), as well as the pertinent requirements of paragraphs 3 and 4 of the certification, are intended to indicate the unique and integral role of [[the]]a chief compliance officer both in the discharge of certain compliance processes and reporting requirements that are the subject matter of the certification and in providing a reliable basis upon which the chief executive officer(s) can execute the certification. [[The]]A chief compliance officer is [[the]]a primary advisor to the member on its overall compliance scheme and the particularized rules, policies and procedures that the member adopts. This is because [[the]]a chief compliance officer should have an expertise in the process of (1) gaining an understanding of the products, services or line functions that need to be the subject of written compliance policies and written supervisory procedures; (2) identifying the relevant rules, regulations, laws and standards of conduct pertaining to such products, services or line functions based on experience and/or consultation with those persons who have a technical expertise in such areas of the member's business; (3) developing, or advising other business persons charged with the obligation to develop, policies and procedures that are reasonably designed to achieve compliance with those relevant rules, regulations, laws and standards of conduct; (4) evidencing the supervision by the line managers who are responsible for the execution of compliance policies; and (5) developing programs to test compliance with the member's policies and procedures.

NASD recognizes that such expertise may reside in more than one individual in firms with distinct business segments. Therefore, a member may choose to designate more than one chief compliance officer, provided that (1) each designated chief compliance officer is a principal; (2) the member precisely defines and documents the areas of primary compliance responsibility assigned to each designated chief compliance officer and makes specific provisions for which of the designated chief compliance officers has primary compliance responsibility in areas that can reasonably be expected to overlap; (3) each designated chief compliance officer satisfies all of the requirements of Rule 3013 and this Interpretive Material with respect to his or her defined area of primary compliance responsibility as if that individual was the member's only chief compliance officer and (4) collectively, the designated chief compliance officers have the responsibilities and expertise that enable them to consult with the chief executive officer(s) on the totality of the subject matters required to be addressed in the certification by the chief executive officer(s) under Rule 3013. Thus, for example, a member that chooses to have multiple chief compliance officers is required to conduct one or more meetings annually between the chief executive officer(s) (or equivalent officer(s)) and each designated chief compliance officer, individually or collectively. At each such meeting, the chief executive officer (or equivalent officer) would be required to discuss with each chief compliance officer the required topics, but only as it relates to the particular chief compliance officer's defined and documented area of primary compliance responsibility.

It is the[[at]] expertise in the process of compliance that makes [[the]]a chief compliance officer an indispensable party to enable the chief executive officer(s) to reach the conclusions stated in the certification. Consequently, any certification made by a chief executive officer (or equivalent officer) under circumstances where [[the]]a chief compliance officer has concluded, after consultation, that there is an inadequate basis for making such certification would be, without limitation, conduct inconsistent with the observance of the high standards of commercial honor and the just and equitable principles of trade—a violation of Rule 2110. Beyond the certification requirement, it is the intention of both Rule 3013 and this Interpretive Material to foster regular and significant interaction between senior management and the chief compliance officer(s) regarding the member's comprehensive compliance program.

The chief compliance officer(s) and other compliance officers that report to the chief compliance officer(s) (as described in the sentence that immediately follows) shall perform the compliance functions contemplated by this Interpretive Material and paragraphs 3 and 4 of the certification. Nothing in this Interpretive Material is intended to limit or discourage the participation of other employees both within and without the member's compliance department in any aspect of the member's compliance programs or processes, including those matters discussed in this Interpretive Material. However, it is understood that [[the]]a chief compliance officer and, where applicable, the most senior compliance officers having primary compliance department responsibility for each of the member's business segments, will retain responsibility for the compliance functions contemplated by this Interpretive Material and paragraphs 3 and 4 of the certification.

As may be necessary to render their views and advice, the chief compliance officer(s) and the other officers referenced in paragraph 3 of the certification who consult with the chief executive officer(s) (or equivalent officer(s)) pursuant to paragraph 4, shall, in turn, consult with other employees, officers, outside consultants, lawyers and accountants.

The NASD Board of Governors recognizes that supervisors with business line responsibility are accountable for the discharge of a member's compliance policies and written supervisory procedures. The signatory to the certification is certifying only as to having processes in place to establish, maintain, review, test and modify the member's written compliance and supervisory policies and procedures and the execution of this certification and any consultation rendered in connection with such certification does not by itself establish business line responsibility.

The requirement to designate [[a]]one or more chief compliance officers does not preclude such persons from holding any other position within the member, including the position of chief executive officer, provided that such persons can discharge the duties of a chief compliance officer in light of his or her other additional responsibilities. The requirement that a member's processes include providing the report to the board of directors and audit committee (required by paragraph 3 of the certification) does not apply to members that do not utilize these types of governing bodies and committees in the conduct of their business.[3]4

The report required in paragraph 3 of the certification must document the member's processes for establishing, maintaining, reviewing, testing and modifying compliance policies, that are reasonably designed to achieve compliance with applicable NASD rules, MSRB rules and federal securities laws and regulations, and any principal designated by the member may prepare the report. The report must be produced prior to execution of the certification and be reviewed by the chief executive officer(s) (or equivalent officer(s)), chief compliance officer(s) and any other officers the member deems necessary to make the certification and must be provided to the member's board of directors and audit committee in final form either prior to execution of the certification or at the earlier of their next scheduled meetings or within 45 days of execution of the certification. The report should include the manner and frequency in which the processes are administered, as well as the identification of officers and supervisors who have responsibility for such administration. The report need not contain any conclusions produced as a result of following the processes set forth therein. The report may be combined with any other compliance report or other similar report required by any other self-regulatory organization provided that (1) such report is clearly titled in a manner indicating that it is responsive to the requirements of the certification and this Interpretive Material; (2) a member that submits a report for review in response to an NASD request must submit the report in its entirety; and (3) the member makes such report in a timely manner, i.e., annually.


[3]4 No change to text of footnote.

* * * * *