Securities Regulators Issue Risk Alert for Brokerage Firms to Conduct Effective Branch Office Supervisions
FINRA (the Financial Industry Regulatory Authority) and the SEC (the Securities and Exchange Commission) recently joined together to issue a National Exam Risk Alert (the “Alert”). Republished by FINRA as Regulatory Notice 11-54, the Alert provides an excellent overview of the requirements for a brokerage firm’s supervision program, including information on developing effective policies and procedures for branch office inspections. Noting that the “branch inspection process is a critical component of a comprehensive risk management program and can help protect investors and the interests of the firm”, the Alert details the kinds of practices that sound supervisory systems typically employ as well as the kinds of practices that deficient supervisory systems typically employ. The Alert concludes with a list of effective supervisory practices that brokerage firms seriously should consider adopting. Let’s examine the highlights of this most important Alert.
Overview of Supervision Requirements
Preliminarily, the Alert reminds firms of its critical supervisory obligations. Sections 15(b)(4)(E) and 15(b)(6)(A) of the Exchange Act authorize the Commission to impose sanctions on a firm or any person that fails to reasonably supervise someone that is subject to the supervision of such firm or person who violates the federal securities laws. The regulators have noted that an effective branch office inspection program is a vital component of a supervisory system reasonably designed to oversee activities at remote branch offices. A number of SEC decisions set forth principles that can guide firms in constructing an effective branch office inspection program, and suggest that regular branch office inspections over reasonably short intervals, including unannounced inspections, are the cornerstone of a well designed branch office inspection program.
In addition, the regulators believe that a well-constructed branch office supervisory program should include: “procedures for heightened supervision of remote branch offices that have associated persons with disciplinary histories; independent verification of the nature and extent of outside business activities; senior management’s involvement in assuring that adequate procedures are in place and that sufficient resources are devoted to implementing those procedures; periodic reassessment of supervisory responsibilities; adequate delineation of supervisory responsibilities; periodic reassessment of supervisory responsibilities; thorough investigation and documentation of customer complaints; and a system of follow up and review of those and other red flags.”
Finally, the regulators want brokerage firms to customize their supervisory systems to their particular firms. The Alert reminds firms of FINRA’ Notice to Members 99-45, which instructs firms “to adopt and implement a supervisory system that is ‘tailored specifically to the member’s business and must address the activities of all its registered representatives and associated persons’”. Similarly, a brokerage firm’s procedures should instruct the supervisor on the requirements needed to be in compliance, including the frequency of reviews, and the fact that the reviews will be on-site.
Practices of Firms With Effective Supervisory Systems
The Alert give examples of what brokerage firms have done in adopting an effective supervisory process. Examples include:
- Tailor the focus of branch exams to the business conducted in that branch and assess the risks specific to that business;
- Schedule the frequency and intensity of exams based on underlying risk, rather than on an arbitrary cycle, but examine branch offices at least annually;
- Engage in a significant percentage of unannounced exams, selected through a combination of risk based analysis and random selection;
- Deploy sufficiently senior branch office examiners who understand the business and have the gravitas to challenge assumptions; and
- Design procedures to avoid conflicts of interest by examiners that may serve to undermine complete and effective inspection.
Practices of Firms With Deficient Supervisory Systems
Conversely, the Alert details practices of brokerage firms “with significant deficiencies in the integrity of their overall branch inspection process.” Examples include:
- Utilize generic examination procedures for all branch offices, regardless of business mix and underlying risk;
- Try to leverage novice or unseasoned branch office examiners who do not have significant depth of experience or understanding of the business to challenge assumptions;
- Perform the inspection in a “check the box” fashion without questioning critically the integrity of underlying control environments and their effect on risk exposure;
- Devote minimal time to each exam and little, if any, resources to reviewing the effectiveness of the branch office exam program;
- Fail to follow the firm’s own policies and procedures by not inspecting branch offices as required, announcing exams that were supposed to be unannounced, or failing to generate a written inspection report that included the testing and verification of the firm’s policies and procedures, including supervisory policies and procedures;
- Fail to have adequate policies and procedures, particularly in firms that use an independent contractor model and that allow registered personnel to also conduct business away from the firm; and
- Lack heightened supervision of individuals with disciplinary histories or individuals previously associated with a firm with a disciplinary history.
Admonition to Adopt Risk-Based Inspections
The Alert states that the “branch offices should be continuously monitored with respect to changes in the overall business, products, people and practices.” This “ongoing risk analysis” should lead to more effective supervision. The Alert advises that “[s]ome areas of high risk to consider are: sales of structured products; sales of complex products, including variable annuities; sales of private or otherwise unregistered offerings of any type; or offices that associate with individuals with a disciplinary history or that previously worked at a firm with a disciplinary history.”
Tips As To What Regulatory Inspections Seek To Review and Verify
The Alert details several areas ripe for regulatory inspection. For example, examiners may review the following:
- Policies and procedures, including supervisory procedures as they pertain to the supervision of customer accounts, including those serviced by income producing managers;
- Policies and procedures relating to the handling of money and securities physically received at the branch;
- Validation of changes in customer addresses and other account information in accounts serviced by the branch;
- Procedures related to transmittals of funds between customers and third parties, and between customers and registered representatives;
- Firm testing of policies and procedures related to specific retail products, including sales of structured products, private and other unregistered offerings; municipal securities; mutual funds; and variable annuity sales and exchanges;
- Firm testing in retail sales practice areas, including: verification of customer account information; supervision of customer accounts; written supervisory procedures (“WSPs”); new account review; suitability of investments; unauthorized trading; churning; allocations of new issues; licensing; and training;
- Advertising and other communications with the public or with customers (such as email and other written correspondence) and compliance with approval procedures;
- Evidence of unreported outside or other unauthorized business activities by review of: customer files, written materials on the premises and at any satellite locations, branch office accounting records, appointment books and calendars, phone records, and bank records;
- Procedures for handling of customer complaints;
- Risk-based reviews of bank accounts of the branch and affiliated entities, third-party wire transfers, and branch signature guarantee log; and
- Procedures to uncover use of unauthorized computers or other electronic devices and/or social media.
Review of Effective Practices
The Alert concludes with a consolidated list of effective practices that brokerage firms should consider adopting. Examples include:
- Using risk analysis to identify whether individual non-supervising branches should be inspected more frequently than the FINRA-required minimum three-year cycle, and whether firms should conduct “re-audits”;
- Using surveillance reports, employing current technology and techniques as appropriate, to help identify risk and develop a customized approach for the firm’s compliance program and branch office inspections that consider the type of business conducted at each branch;
- Employing comprehensive checklists that incorporate previous inspection findings and trends from internal reports such as audit reports;
- Conducting unannounced branch inspections;
- Including in the written report of each branch inspection any noted deficiencies and areas of improvement. The report should also outline agreed upon actions, including timelines, to correct the identified deficiencies;
- Using examiners with sufficient experience to understand the business being conducted at the particular branch being examined and the gravitas to challenge assumptions;
- Designing procedures to avoid conflicts of interest by examiners that may serve to undermine complete and effective inspection;
- Involving qualified senior personnel in several branch office examinations per year;
- Incorporating findings on results of branch office inspections into appropriate management information or risk management systems, as well as using a compliance database that enables compliance personnel in various offices to have centralized access to comprehensive information about all of the firm’s registered representatives and their business activities;
- Providing branch office managers with the firm’s internal inspection findings and requiring them to take and document corrective action;
- Tracking corrective action taken by each branch office manager in response to branch audit findings; and
- Elevating the frequency and/or scope of branch inspections where registered representatives are allowed to conduct extraordinary business activities, for example, by selling away from the firm.
The regulators state that branch office inspections “must be conducted with vigilance.” While the suggestions contained in the Alert “are not meant to be exclusive or exhaustive and do not constitute a safe harbor”, they should go a long way in assisting firms adopt a well-designed branch office inspection program. Let’s hope that they do!