The SEC’s Office of Compliance Inspections and Examinations (“OCIE”) issued a Risk Alert and a Regulatory Notice (“Risk Alert”) regarding broker-dealer branch office inspections. The Risk Alert was prepared in consultation with FINRA. The Risk Alert offers suggestions to help firms better perform their supervisory obligations. Summarizing the guidance provided in the Risk Alert, this article reviews existing requirements under FINRA rules for branch office inspections and highlights recommended improvements for branch office inspections to avoid SEC and FINRA violations.
Existing Requirements Under Nasd Conduct Rule 3010 For Broker-Dealer Branch Inspections
Under NASD Rule 3010(c), broker-dealers must conduct internal inspections of all office locations. A written record of the inspection must be kept, which includes, among other things, the “testing and verification of the [firm’s] policies and procedures, including supervisory policies and procedures” in various areas. (NASD Rule 3010(c)(2).) The supervisory policies and procedures to be used when conducting branch inspections must take into consideration a variety of factors, such as (1) firm size; (2) organization structure; (3) scope of business activities; (4) the number and location of offices; (5) the nature and complexity of products and services offered; (6) the volume of business done; (7) the number of associated persons assigned to a location; (8) whether a location has a principal on-site; (9) whether the office is a non-branch location and (10) the disciplinary history of registered representatives or associated persons. (NASD Rule IM-3010-1.)
Sections 15(b)(4)(E) and 15(b)(6)(A) of the Securities Exchange Act of 1934 (the “Exchange Act”) authorize the SEC to impose sanctions on a firm or any person that fails to reasonably supervise someone who is subject to the supervision of such firm or person and who violates the federal securities laws.
Enhancing Supervisory Procedures For Branch Inspections With A Risk-Based Analysis
The SEC and FINRA emphasize the importance of establishing and implementing a robust set of supervisory practices and procedures that reasonably would be expected to prevent and to detect a violation of the federal securities laws.
The Risk Alert suggests a risk-based analysis and monitoring that would act as the crux of a firm’s supervisory procedures for its branch offices. Specifically, the Risk Alert highlights three factors that would be influenced by a risk assessment process: (1) the frequency and intensity of inspections; (2) the focus and custom-tailored qualities of inspections; and (3) the number of unannounced inspections for any given branch office.
Frequency of Inspections. The Risk Alert calls attention to the importance of conducting unannounced inspections and that an “ongoing risk analysis should be a key element of [a] firm’s exam planning process and lead firms to engage in more unannounced exams of such offices.” The Risk Alert suggests that branch offices that meet certain high risk criteria should be inspected more often. Areas of high risk that would influence a firm’s supervisory practices for any given branch office include the nature and extent of outside business activities of registered branch office personnel, sales of structured products, sales of complex products, sales of private or otherwise unregistered offerings of any type, and association of the branch office with individuals who have significant disciplinary history or who previously worked at a firm with significant disciplinary history.
Customized and Focused Inspections. The Risk Alert stresses that a risk assessment approach provides a firm with the opportunity to tailor the focus of branch office inspections around the risks specific to any given branch. Moving away from a generic, “check the box” exam procedure, the Risk Alert promotes the use of surveillance reports, employing current technology and techniques to identify risk and construct a customized approach for the firm’s branch office inspections that reflect on the type of business conducted at each branch.
Unannounced Inspections. The Risk Alert advocates the increased use of unannounced inspections of branch offices, based on a combination of risk-based selection, random selection, and for-cause exams. It points out the elevated possibility of securities violations if branch offices have forewarning of inspections, providing them a chance to hide, alter or destroy documentation or other information. The Risk Alert makes note that the SEC has sanctioned firms that have not conducted unannounced examinations of their branch offices, adding to the importance of this practice.
Additional “Best Practices” Characteristic Of Effective Supervisory Procedures
The Risk Alert states that firms should implement procedures designed to avoid conflicts of interest that may result in incomplete and ineffective branch office inspections because of “economic, commercial or financial interests that an examiner holds in the associated person or branch being inspected.” In addition, the Risk Alert recommends the use of examiners with sufficient experience to comprehend the business being conducted at any given branch office and the character to question and challenge assumptions.
Overall, the SEC and FINRA recommend that a firm’s branch inspection process (1) use a risk-based analysis to create supervisory procedures tailored to the firm’s business and compliance needs rather than the minimum requirements of Rule 3010 and (2) be implemented by supervisory personnel who are free of conflicts of interest and who have the authority and experience to conduct effective examinations and create procedures reasonably designed to prevent and detect violations of applicable law and rules.