Notes from the Chicago Small Firms Conference
9/23/2008

On September 23, 2008 I attended the last 2008 FINRA Small Firms conference. If you have not had the chance to attend one of the Small Firms Conference, I highly recommend them as they really focus the program on best practices and issues for smaller firms. In addition, it is a good opportunity to speak with compliance people from other small firms about the challenges they face and how they cope. As I said this was the last one for 2008 and FINRA will only host three live conferences next year – one each in NYC, San Francisco, and Chicago. They will also be hosting a number of online, interactive meetings for small firms in 2009.

The first session was on Examinations and Continuing Membership Applications. The information on examinations was virtually the same as we hear at every FINRA conference but for those of you who have no heard this before or as a reminder for those of you who haven’t seen FINRA in a while, let’s go over some highlights. Cycle Examination schedules are determined based on a risk-based evaluation that includes a review of the firm’s net capital requirement, the products being offered, and the regulatory history of the firm and its representatives. The preliminary schedule is set by FINRA’s Rockville office and sent to the Districts at the start of each year. The Districts then review the lists and can make changes recommendations based on what they know about the firms and other factors that may not have been known to Rockville at the time of the evaluation. Once the lists are finalized, the District assigns the examinations to its staff based on the complexity and product mix to try to match the right examiners to the exam. Exams are generally done by teams where each team member performs certain aspects of the review. Each team has a lead and a manager. While the lead is generally onsite, the manager is back at the District and is available if you have any questions or concerns before, during or after your exam.

The exam process starts with a call from the examination manager or one of the team to the firm to set up the date for the exam to begin. This will generally occur up to 30 days prior to the proposed exam date. This is followed by a letter from the exam manager or one of the Assistant District Directors to introduce the team and confirm the date. While FINRA will try to be flexible where they can about timing, they must complete a certain number of examinations each year and sometimes are unable to make changes due to internal reasons. The key is communication and if you need to propose a different date do it at the initial call or as soon as the letter arrives.

Once a date is set, you will be requested to complete an information gathering form through WebIR. This initial questionnaire is designed to confirm the products offered by the firm and some other high level information such as ownership structure. This information is reviewed by the examination team and a second request is sent out for you to complete a focused product questionnaire through WebIR. This second request allows the FINRA staff to target the examination to the way you conduct your business so it is very important that it be completed as quickly an accurately as possible. If you have questions or unsure about how to answer something, you should contact your FINRA coordinator or the exam lead for clarification. Once FINRA gets this information, they begin their forensics. This includes a review of the information provided as well as the filings and regulatory history of the firm and any prior examination findings.

A records request is then generated and posted on WebIR. FINRA tries to post this about 2 weeks prior to the exam start and will always have it posted at least 1 week prior to the start. This list contains the files that FINRA expects you to have ready for them when they arrive as well as documents they may ask you to send in advance. Again, if you have questions about anything on the list or the format in which they want to receive data, call the exam lead and ask. It is better to ask the question than spend time gathering something that is not what is wanted or producing in a format that FINRA can’t review.

Now my helpful hint – take your records request, number each item and set up a file folder identified with the number for each request. In each folder you will place a copy of the documents requested or an explanation as to why the information is not being provided, such as an explanation on why it is not applicable. If you have a file that is too large to copy, let the examiner know this and that you will provide the original when they are ready for it.

When the examiners arrive be sure you give them adequate space to work in a quiet area. They will generally utilize their own wireless Internet connection but be sure a hook-up is available just in case. A telephone should also be available. You should give them the contact information for the person who will be available to answer questions or gather additional information for them as needed. Then show them where that person is located and the location of the restrooms.

The examination will begin with a “kick-off” meeting to review the examination process and so the examination staff can get familiar with how you conduct your business. Spend some time and make sure that they have a clear picture of how things are done, who your customers are and who is responsible for various functions. Time spent at this meeting will make things easier in the long run and is a good opportunity to schedule status meetings or set other expectations. The examiners will then get to work and will be in your office until all examination work is complete so this may be longer than the last time they visited when some work was completed offsite.

Once the field work is done, the exam team will have an Exit Meeting with you. This is an opportunity to discuss their findings and for you to provide more information if something was missed or if you disagree with something. A report is issued but, unlike the old exam process, no written response is required. These are preliminary findings and nothing is final until the results have been reviewed by the examination manager and District management staff.

Once this review is complete, an examination report is issued. You will generally have 14-28 days to respond to this report and should include not only any information to dispute findings, if applicable, but also information on how deficiencies have been, or will be, corrected.  A final disposition letter will be issued once the responses to the examination report have been reviewed by senior management at the District. FINRA disposes of examinations in one of 4 ways – No Further Action, Cautionary Action, Compliance Conference or Formal Disciplinary Action. Neither the Cautionary Action nor Compliance Conference are reportable on the firm’s Form BD and are designed to stress the seriousness of the deficiencies without taking formal disciplinary action. If a Formal Disciplinary Action is warranted, the matter is turned over to Enforcement for further investigation and dispensation. This type of disposition is generally reportable on the firm’s Form BD.

All examination reports are available to the SEC for review as part of their oversight of FINRA. The SEC also examines the FINRA offices in a manner similar to the way FINRA examines its member firms.

Branch examinations are also risk-based and firms with a large branch network will generally be required to complete a separate information request regarding their branch operations and supervision. The process during the onsite examination is very similar to what happens at the main office and an Exit Meeting is held at either the branch or the main office at the conclusion of the examination. The dispositions process for branch examinations is also the same.

Cause examinations are conducted by the enforcement area and can be done via letter or onsite. Most cause examination result from one the following – complaints from customers or another regulator, tips from the public or competitors and regulatory filings, such as terminations for cause or net capital violations. All source information is reviewed by a Central Review Group in Washington, DC to determine whether there is sufficient information and merit to move forward with an investigation. If so, the matter is referred to the District where an examiner will reach out to the parties involved to gather additional information about the matter. These preliminary letters do not mean that the firm has done anything wrong but are the first step in determining whether there is a problem and further action is required. Therefore, it is very important that you provide all information required within the time frame included in the letter, which is usually 2 weeks. If you have questions about a request or need an extension for specific items, you need to contact the examiner identified in the letter. Keep in mind that every investigation will include a review of supervision and related policies and procedures since this is required by SEC so don’t be surprised if the request asks for names of supervisors and copies of procedures. If additional information is needed or the information received is not accurate and complete, the examiner can schedule an onsite visit or request that the parties come to the FINRA offices to give on-the-record testimony. Once the examiner has gathered adequate information from all relevant parties, the examiner and management in the enforcement area will review it and make recommendations on disposition. Dispositions on cause examinations are the same as for cycle examination.

Enforcement staffs meet weekly to discuss current investigations and some matters that come up in every meeting and, therefore, are FINRA’s radar, include – outside business activities, private securities transactions, inaccurate U-4 and U-5 disclosures and forgery. It was noted that forgery seems to be a growing problem with the increase in electronic communication because reps are sometimes ask to sign documents by the client so that the client does not have to come into their office or take time out of their schedule to otherwise meet with the rep as well as to prevent delays in processing of paperwork. FINRA reminded us all that this is still forgery and is illegal.  

The second half of this session dealt with Continuing Membership Applications. There seems to be a great deal of confusion about when a filing is required under Rule 1017, when the firm is simply required to provide notification as to a change and where an application filed under 1017 must be sent. Laura Trotz from the Chicago District set out to try to answer some of these questions.

When is an application required? If there is more than 25% change in the ownership of the firm or business expansion (i.e. changes in business lines and number of offices or number of reps outside the safe harbors) a 1017 application is required unless the firm can show why the change is not material. Keep in mind that if your membership agreement contains restrictive language, such as identifying the number of offices or representatives allowed or the firm has been the subject of certain disciplinary actions, the member cannot take advantage of the safe harbor to increase the number of offices or representatives.

Firms may determine whether a change is material and requires an application themselves by reviewing the proposed change against the standards in Rule 1017. If the firm determines it is not material, then no filing is needed but you need to have documentation as to how you arrived at this determination because if FINRA comes in during an examination or has questions as a result of a change to the Form BD, they can require you to defend your position. If they disagree and think it was a material change, the can require you to cease the new activity, if applicable, and to submit a full application under 1017. The moral here is – if you think a change is not material send a request to FINRA with all the pertinent information and ask them for a determination.

When is notification required? As it relates to changes that the firm would have to report of their Form BD, a firm must send a notification if they are changing their principals, including FINOP or CCO, if they want to remove lines of business, if they are moving their main office or if they are changing their clearing firm. It is also recommended that you send notifications for changes of ownership that must be reported on Form BD but do not require a 1017 filing.

Where is the application/notice sent? It depends. Here are some helpful hints:

• Mergers - the application is sent to the District where the surviving member will be located.
• Other 1017 applications – the firm’s supervising District
• Notifications – the firm’s supervising District.
• If the firm is moving to another District, notifications should be sent to both Districts.

1017 (CMA) applications are reviewed under the Standards set forth in Rule 1014 that relates to new members applications. FINRA has 45 days from the date it was received by FINRA to review the initial request and final determination on the change is required to be issued within 180 days.

The second session was on Supervision. This session began with a review of how Rules 3012 and 3013 evolved. The panel then discussed the need for firm’s to create a process for testing a verification that is more than check the box and actually provides a meaningful evaluation of the procedures and processes to make sure they are working. This should be viewed as a gap analysis and should be tailored to the firm based on their business, customers, affiliates and the risks associated with each. This gap analysis should be an examination of the procedures vs. the applicable rules & regulations as well as the procedures vs. actual processes in place at the firm.

Reporting is actually comprised of two pieces that can be combined into a single document:

1. the testing and verification report under 3012 which should include a description of what is being tested, the results of the test and the steps taken to correct deficiencies identified in the testing; and
2. the process report under 3013 which identifies the processes being used to test the supervisory system.

The report on the processes being employed must be presented to the CEO or equivalent at or before the certification required under 3013 is signed and the certification must be signed on or before the anniversary date of the prior year’s certification.

An interesting item that came out in this meeting was that not all firms have “producing managers” as defined under 3012 if the persons identified, as supervising managers have no clients or accounts. This is a change from what we have heard before and it appeared to have come from discussions with the members and Small Firm Advisor Board. If you determine you do not have “producing manager,” you need to have documentation to support this determination. Keep in mind, however, that the types of customer and how the manager is paid are not factor in making this determination.

During examinations, FINRA examiners are looking to see that testing and verification has been done and a report created and that the certification was signed on or before the dates of the prior ones. Their reviews are not focused on content or findings as the process is unique to each firm and the process is not intended to do FINRA’s job for them.

The next part of the discussion centered on procedures. FINRA reminded firms that their procedures need to be tailored to their business and should be both understandable and enforceable. The procedures should clearly define who is responsible and when they became responsible including any duties assigned to someone other than the Principal, how supervision is conducted, how often reviews are done, how the review is documented and what happens if violations are found/escalation procedures.
FINRA again stressed trying to differentiate the role of the compliance office officer from that of a supervisor and trying to segregate duties where possible.

With regard to Rule 3040 (Private Securities Transactions) a question was raised about reps or principals in the firm buying shares or units in a Reg D offering. The answer was that this is a Private Securities Transaction, unless the offering is being done by the firm, even if no customers are involved and the shares/units are purchased for the rep/principal’s portfolio.   

The session immediately after lunch was “Ask FINRA staff” and some of the highlighted questions involved the following:

Q1. Does FINRA expect firms to have procedures about areas that do not apply to then? 
A1. In most cases FINRA does not expect firms to have procedures that do not apply to the business or how they conduct their business but where activities are prohibited examiners will look for procedures on how the firm ensures the activity does not occur and how they train their representatives.

Q2. What do you do if the exam report cites the firm for lack of procedures for things that are not applicable to their business?
A2. Include an explanation in your response as to why something is not applicable.

Q3. Are firms required to receive copies of brokerage statements or confirms for outside accounts?
A3. Rule 3050 does not require the firm to receive copies. The Rule requires representative to provide notification to the firm about such accounts. However, firms need to have some way of monitoring a representative’s trades to ensure they do not violate securities regulations or firm policies.

Q4. Any status on Rule 2821?
A4. Amendments to paragraph C which deals with supervisory reviews is still pending with the SEC.

Q5. Can firms use a testing matrix for their 3012 testing and verification that is provided by an outside vendor?
A5. Firms can use tools provided by outside vendors or created internally but they should not use the same one every year. In addition, the focus of the testing should change as business and regulations change.

Q6. Why are examiners reviewing liabilities and expenses?
A6. Both FINRA and the SEC are focused are ensuring that liabilities and expenses under expense sharing agreements are accurately reported and that an expense sharing agreement is present where one is warranted.

The final session of the day was on AML. In this session the panel discussed things firms should consider in developing a risk-based program including the types of business and their customers. In assessing risk some things to consider are:

• how the client came to your firm,
• is the ownership of the entity obscure or are there beneficial owners
• where is the customer located in relation to the BD
• is the customer located in a high risk jurisdiction or have offshore funding sources
• where does the customers money come from; and
• are the investment objectives consistent with the activities in the account.

The panel discussed how Life Settlements and Private Placements can be used to hide/launder money by using illegal funds to purchase legitimate businesses or investments and then convert back to cash at a later date. Money Laundering is not always a quick turn around of the funds.

One of the industry panelists reminded us that firms should not just rely on filings with states in verifying a company’s identity as states typically just register firms and do not check on their business or owners. Firms should use other sources for doing due diligence including Internet searches through general search engines and regulatory/governmental resources.

The presentation included some scenarios and asked participants what they would do in these cases. Many seemed harmless enough but when you got down to the underlying facts what seemed like a legitimate business or reason for opening an account turned sinister. The moral to this story – don’t just look at the surface, sometimes the real story is harder to see.

With regard to independent testing FINRA reminded firms that it is an annual requirement unless the firm qualifies to have this testing completed bi-annually because it does not hold customer accounts or execute transactions or act as an introducing broker with respect to customer accounts. If the firm believes they qualify for bi-annually testing, the testing period as well as the reason why it is bi-annual must be included in their AML Program.

Testing personnel must be having a “working knowledge” of the Bank Secrecy Act and cannot be the AML Compliance Officer, anyone who performs one of the functions being tested (including the creation of procedures) or anyone who reports to either unless the firm has no other qualified internal personnel, their policies and procedures address potential conflicts, the person reports to someone senior to the AML Compliance Officer, if possible, and the rationale for appointing this person is clearly documented.

The testing itself should be tailored to the firm’s business and should cover all areas in the firm’s AML Compliance Program including reviews of whether:

1. The procedures are adequate based on regulations and the firm’s business;
2. The program is risk-based;
3. The procedures have been implemented;
4. FinCEN 314(a) requests are being reviewed;
5. Documents are being retained as required; and
6. There is a process for identifying and monitoring higher risk customers.

The panel also discussed training. Training should be provided annually for everyone, including senior management and should include things such as how to identify “red flags” as well as the firm’s procedures and how things should be escalated if violations are suspected.

If you would like more information on this conference, please feel free to contact Laura via email at lcrosbybrown@regulatorycompliance.com. For more information on the Small Firms conference series, please visit www.finra.org.

Back to top

Back to Newsletter