3130. Annual Certification of Compliance and Supervisory Processes
1 Members must ensure that each ensuing annual certification is effected no later than on the anniversary date of the previous year's certification.
• • • Supplementary Material: --------------
.01 Designation of Co-Chief Executive Officers. A member may choose to designate a second co-chief executive officer, provided that each of the two chief executive officers must individually discharge all of the obligations set forth in Rule 3130, and each shall be held responsible for the representations in the certification as if they were the member's only chief executive officer. Designation of a co-chief executive officer pursuant to this Rule applies only for the purposes of this Rule and has no effect on any other regulatory obligation imposed on a member or its chief executive officer.
.02 Designation of Multiple Chief Compliance Officers. FINRA recognizes that compliance expertise may reside in more than one individual in firms with distinct business segments. Therefore, a member may choose to designate more than one chief compliance officer, provided that (1) each designated chief compliance officer is a principal; (2) the member precisely defines and documents the areas of primary compliance responsibility assigned to each designated chief compliance officer and makes specific provisions for which of the designated chief compliance officers has primary compliance responsibility in areas that can reasonably be expected to overlap; (3) each designated chief compliance officer satisfies all of the requirements of Rule 3130 with respect to his or her defined area of primary compliance responsibility as if that individual was the member's only chief compliance officer and (4) collectively, the designated chief compliance officers have the responsibilities and expertise that enable them to consult with the chief executive officer(s) on the totality of the subject matters required to be addressed in the certification by the chief executive officer(s) under Rule 3130. Thus, for example, a member that chooses to have multiple chief compliance officers is required to conduct one or more meetings annually between the chief executive officer(s) (or equivalent officer(s)) and each designated chief compliance officer, individually or collectively. At each such meeting, the chief executive officer (or equivalent officer) would be required to discuss with each chief compliance officer the required topics, but only as it relates to the particular chief compliance officer's defined and documented area of primary compliance responsibility.
.03 Importance of Compliance Processes. It is critical that each FINRA member understand the importance of employing comprehensive and effective compliance policies and written supervisory procedures. Compliance with applicable FINRA rules, MSRB rules and federal securities laws and regulations is the foundation of ensuring investor protection and market integrity and is essential to the efficacy of self-regulation. Consequently, the certification requirement is intended to require processes by each member to establish, maintain, review, test and modify its compliance policies and written supervisory procedures in light of the nature of its businesses and the laws and rules that are applicable thereto, and to evidence such processes in a report reviewed by the chief executive officer(s) (or equivalent officer(s)) executing the certification.
.04 Content of Meetings Between Chief Executive Officer and Chief Compliance Officer. Included in this processes requirement is an obligation on the part of the member to conduct one or more meetings annually between the chief executive officer(s) (or equivalent officer(s)) and the chief compliance officer(s) to: (1) discuss and review the matters that are the subject of the certification; (2) discuss and review the member's compliance efforts as of the date of such meetings; and (3) identify and address significant compliance problems and plans for emerging business areas.
.05 Role of the Chief Compliance Officer. The periodic and content requirements for meetings between the chief executive officer(s) (or equivalent officer(s)) and the chief compliance officer(s), as well as the pertinent requirements of paragraphs 3 and 4 of the certification, are intended to indicate the unique and integral role of a chief compliance officer both in the discharge of certain compliance processes and reporting requirements that are the subject matter of the certification and in providing a reliable basis upon which the chief executive officer(s) can execute the certification. A chief compliance officer is a primary advisor to the member on its overall compliance scheme and the particularized rules, policies and procedures that the member adopts. This is because a chief compliance officer should have an expertise in the process of (1) gaining an understanding of the products, services or line functions that need to be the subject of written compliance policies and written supervisory procedures; (2) identifying the relevant rules, regulations, laws and standards of conduct pertaining to such products, services or line functions based on experience and/or consultation with those persons who have a technical expertise in such areas of the member's business; (3) developing, or advising other business persons charged with the obligation to develop, policies and procedures that are reasonably designed to achieve compliance with those relevant rules, regulations, laws and standards of conduct; (4) evidencing the supervision by the line managers who are responsible for the execution of compliance policies; and (5) developing programs to test compliance with the member's policies and procedures.
It is the expertise in the process of compliance that makes a chief compliance officer an indispensable party to enable the chief executive officer(s) to reach the conclusions stated in the certification. Consequently, any certification made by a chief executive officer (or equivalent officer) under circumstances where a chief compliance officer has concluded, after consultation, that there is an inadequate basis for making such certification would be, without limitation, conduct inconsistent with the observance of the high standards of commercial honor and the just and equitable principles of trade — a violation of Rule 2010. Beyond the certification requirement, it is the intention of this Rule to foster regular and significant interaction between senior management and the chief compliance officer(s) regarding the member's comprehensive compliance program.
.06 Responsibility for Compliance Functions. The chief compliance officer(s) and other compliance officers that report to the chief compliance officer(s) (as described in the sentence that immediately follows) shall perform the compliance functions contemplated by this Rule, including paragraphs 3 and 4 of the certification. Nothing in this Rule is intended to limit or discourage the participation of other employees both within and without the member's compliance department in any aspect of the member's compliance programs or processes, including those matters discussed in this Rule. However, it is understood that a chief compliance officer and, where applicable, the most senior compliance officers having primary compliance department responsibility for each of the member's business segments, will retain responsibility for the compliance functions contemplated by this Rule, including paragraphs 3 and 4 of the certification.
As may be necessary to render their views and advice, the chief compliance officer(s) and the other officers referenced in paragraph 3 of the certification who consult with the chief executive officer(s) (or equivalent officer(s)) pursuant to paragraph 4, shall, in turn, consult with other employees, officers, outside consultants, lawyers and accountants.
.07 Effect of Certification on Business Line Responsibility. The FINRA Board of Governors recognizes that supervisors with business line responsibility are accountable for the discharge of a member's compliance policies and written supervisory procedures. The signatory to the certification is certifying only as to having processes in place to establish, maintain, review, test and modify the member's written compliance and supervisory policies and procedures and the execution of this certification and any consultation rendered in connection with such certification does not by itself establish business line responsibility.
.08 Ability of Chief Compliance Officer to Hold Other Positions. The requirement to designate one or more chief compliance officers does not preclude such persons from holding any other position within the member, including the position of chief executive officer, provided that such persons can discharge the duties of a chief compliance officer in light of his or her other additional responsibilities.
.09 Members Without a Board of Directors or Audit Committee. The requirement that a member's processes include providing the report to the board of directors and audit committee (required by paragraph 3 of the certification) does not apply to members that do not utilize these types of governing bodies and committees in the conduct of their business.2
.10 Content of Report Documenting Processes. The report required in paragraph 3 of the certification must document the member's processes for establishing, maintaining, reviewing, testing and modifying compliance policies, that are reasonably designed to achieve compliance with applicable FINRA rules, MSRB rules and federal securities laws and regulations, and any principal designated by the member may prepare the report. The report must be produced prior to execution of the certification and be reviewed by the chief executive officer(s) (or equivalent officer(s)), chief compliance officer(s) and any other officers the member deems necessary to make the certification and must be provided to the member's board of directors and audit committee in final form either prior to execution of the certification or at the earlier of their next scheduled meetings or within 45 days of execution of the certification. The report should include the manner and frequency in which the processes are administered, as well as the identification of officers and supervisors who have responsibility for such administration. The report need not contain any conclusions produced as a result of following the processes set forth therein. The report may be combined with any other compliance report or other similar report required by any other self-regulatory organization provided that (1) such report is clearly titled in a manner indicating that it is responsive to the requirements of the certification and this Rule; (2) a member that submits a report for review in response to a FINRA request must submit the report in its entirety; and (3) the member makes such report in a timely manner, i.e., annually.
2 As a part of their process, members must have the report reviewed by their governing bodies and committees that serve similar functions in lieu of a board of directors and audit committee.
Amended by SR-FINRA-2008-057 eff. Dec. 15, 2008.
Amended by SR-FINRA-2008-030 eff. Dec. 15, 2008.
Amended by SR-NASD-2007-049 eff. July 16, 2007.
Amended by SR-NASD-2005-121 eff. Oct. 14, 2005.
Adopted by SR-NASD-2003-176 eff. Dec. 1, 2004.
Selected Notices: 04-79, 07-32, 08-57.