FINRA has published Regulatory Notice 11‑14 requesting comment on a proposed new Rule 3190, which is intended to clarify the scope of a member firm’s obligations and supervisory responsibilities for functions or activities outsourced to third-party service providers. The proposed rule would specifically address the use of third-party service providers to perform functions or activities related to the member’s regulated business as a broker-dealer, and would except ministerial activities performed on behalf of a member.
In 2005, the NASD issued guidance, in Notice to Members 05‑48, concerning the responsibilities of member firms when outsourcing activities. The NASD noted that, while broker-dealers have long outsourced regulated activities and functions, for example, in clearing arrangements with registered clearing firms, the NASD had observed an increase in other kinds of outsourcing arrangements, including arrangements with unregulated entities, such as data service providers, and regulated entitles, such as transfer agents. The NASD, together with the New York Stock Exchange, conducted a survey of member practices with respect to outsourcing and found that, although firms generally had informal procedures to screen service providers for proficiency and otherwise supervise their activities, there was a lack of written procedures to monitor outsourcing service providers.
The NASD’s guidance included a discussion of the continued accountability and supervisory responsibility of the outsourcing firm for the activities and functions performed by the third-party provider, the need for written supervisory policies and procedures and activities and functions that may not be outsourced. Of particular interest was the discussion of the outsourcing of supervisory and compliance activities. The NASD stated that a member may not contract its supervisory and compliance activities away from its direct control. However, a member may outsource certain activities that support the performance of its supervisory and compliance responsibilities. For example, a member may use a computer software program designed by a service provider to detect excessive trading in customer accounts, provided that the member makes its own determination that the system is current and reasonably designed to achieve the desired compliance.
Proposed Rule 3190
FINRA states that it has continued to receive numerous questions concerning outsourcing and that proposed Rule 3190 is intended to clarify the obligations and supervisory responsibilities of member firms using outsourcing arrangements. The proposed rule contains the features described below.
The use of a third-party service provider to perform functions or activities related to the member’s business as a regulated broker-dealer does not relieve the member of its obligation to comply with applicable securities laws and regulations and SRO rules. The member may not delegate its responsibilities for, or control over, any functions or activities performed by a third-party service provider. (Third-party service providers, for purposes of the proposed rule, would include affiliates of the member.)
Members are required to have written policies and procedures governing the use of third-party service providers.
No service provider may engage in functions or activities that require registration unless the service provider is appropriately registered.
The member firm must have procedures for ongoing due diligence of third-party service providers sufficient to determine whether:
the third-party service provider is capable of performing the outsourced activities; and
the member can achieve compliance with applicable laws and rules with respect to the outsourced activities.
Special Provisions for Clearing or Carrying Members
Clearing and carrying members must vest an associated person with the authority and responsibility for:
the movement of customer proprietary cash or securities;
the preparation of net capital or reserve formula computations; and
the adoption or execution of compliance or risk management systems.
Clearing and carrying members must have enhanced due diligence procedures that would allow them to take prompt corrective action where necessary to achieve compliance and would require that the member approve any transfer of duties by a third-party service provider to a sub-vendor. Finally, clearing and carrying members would be required to notify FINRA of all outsourcing agreements with third-party service providers. Notice would be required to be made of all such arrangements within three months of the effective date of the rule and thereafter within 30 days after entering into such an arrangement.
The proposed rule would provide exceptions from its requirements for ministerial activities on behalf of the member not otherwise prohibited by applicable securities laws or regulations or SRO rules and for activities of clearing brokers pursuant to a carrying agreement approved under soon-to-be-adopted Rule 4311 (replacing NASD Rule 3230).
The proposed rule does not specifically address some matters discussed in NTM 05‑48. In particular, the proposed rule and the proposing notice do not address the use of compliance consultants to provide compliance software, training materials, form policies and procedures and updates on new laws, rules and interpretations; nor do they address the nature of the due diligence member firms must exercise with respect to persons they consult for effective and current compliance and supervisory systems.
The comment period for proposed Rule 3190 expires on May 13, 2011.