FINRA's (Financial Industry Regulatory Authority) New Consolidate

Michael T. Foley

Email

312-902-5452

Bio and Articles

FINRA's (Financial Industry Regulatory Authority) New Consolidated Supervision Rules: A Roadmap to Compliance

by: Michael T. Foley, Janet M. Angstadt of Katten - Advisories

Wednesday, November 12, 2014

Print Mail Download

Introduction

The Financial Industry Regulatory Authority (FINRA) has adopted comprehensive new consolidated rules regarding supervision of member firms' activities, which become effective on December 1. While the new FINRA rules incorporate and adopt many of the supervisory requirements under existing National Association of Securities Dealers (NASD) and New York Stock Exchange (NYSE) Rules,^[1] they also materially modify certain supervisory requirements and introduce a variety of new obligations. In particular, new FINRA Rule 3110 (titled Supervision and referred to in this advisory as the "New Consolidated Rule" or the "Rule") replaces NASD Rule 3010 and corresponding provisions of various NYSE-incorporated rules.^[2] The New Consolidated Rule imposes certain requirements with respect to firms' supervisory systems, written supervisory procedures, internal inspections, and transaction reviews and investigations. While many of the Rule's requirements track the requirements of the legacy NASD and NYSE rules that they are replacing, there are some notable differences and new requirements. Additionally, new FINRA Rules 3120 (Supervisory Control Systems), 3150 (Holding of Customer Mail) and 3170 (Tape Recording of Registered Persons of Certain Firms), which also go into effect on December 1, replace and/or modify additional related NASD and NYSE rules. Firms will need to review and update their supervisory practices, as well as their written supervisory procedures, to comply with the new rules.

This advisory is intended to identify and summarize the new requirements imposed by the new FINRA rules as compared to the NASD rules they are replacing, but is not intended to describe or identify all of the requirements of the new rules.^[3]

Establishment of Supervisory System

New Requirements Related to Supervision of Offices of Supervisory Jurisdiction

New FINRA Rule 3110(a), like the rules it replaces, requires member firms to establish and maintain a system to supervise its associated persons that is reasonably designed to achieve compliance with applicable legal and regulatory requirements. The Rule sets forth essentially the same minimum requirements for such supervisory systems that are required by current rules, including, for example, adoption of written supervisory procedures (WSPs), designation of registered principals to carry out supervisory responsibilities and conducting an annual compliance meeting or interview.^[4] However, the Rule also imposes some new obligations related to the supervision of firms' Offices of Supervisory Jurisdiction (OSJs).

Principal's Physical Presence at OSJ. New Rule 3110(a)(4), like the rule it is replacing, requires the designation of one or more appropriately registered principals in each of a member firm's OSJs.^[5] However, the New Consolidated Rule also requires the designated principal of an OSJ to have a physical presence, on a regular and routine basis, at each OSJ for which the principal has supervisory responsibilities.

Presumption Against a Single Individual Acting as Principal for Multiple OSJs. The New Consolidated Rule establishes a general presumption that a principal will not be designated and assigned to be the on-site principal of more than one OSJ,^[6] but does not prohibit a firm from designating the same principal to supervise multiple OSJs. However, if the firm does so it must consider the following and document in its WSPs the factors leading it to conclude that assigning a single principal to multiple OSJs was reasonable:

whether the on-site principal's experience and training qualifies him/her to supervise the activities and associated persons in each location;
whether the principal has the capacity/time to supervise the activities and associated persons in each location;
whether the on-site principal is a producing registered representative;
whether the OSJ locations are in sufficiently close proximity to ensure that the on-site principal is physically present at each location on a regular and routine basis; and
the nature of activities at each location, including size and number of associated persons, scope of business activities, nature and complexity of products and services offered, volume of business done, the disciplinary history of persons assigned to such locations, and any other indicators of irregularities or misconduct.

Considerations for Firms That Wish to Designate a Single Principal for Multiple OSJs. It is entirely plausible that a small firm or a firm with small OSJs may conclude that designating a separate principal for each location is not practicable. Alternatively, a firm might believe, taking into consideration the factors above and based upon the experience and qualifications of its supervisory staff, that a particular individual might be best suited to act as the designated on-site supervisor for multiple OSJs. In any event, firms that have designated, or in the future wish to designate, a single individual as designated principal for more than one OSJ would be well served to carefully and thoroughly consider the factors delineated above, and document in detail in the firm's WSPs the factors that led the firm to conclude that such a designation is reasonable. Moreover, in light of the presumption in the New Consolidated Rule that a principal will not be assigned to be the on-site principal for more than one OSJ, any firm that does designate a single individual as on-site principal for more than one OSJ should closely monitor the effectiveness of that principal (including tracking and documenting the amount of time the principal spends at each such OSJ) and should keep apprised of any changes in the factors considered in arriving at the decision to appoint the single principal, e.g., changes in the principal's capacity/time based upon his/her other job functions, changes in the activities and associated persons in each location, changes in the scope or size of activities at each location or the products/services offered, changes in the personnel at the locations in question, including changes in the disciplinary history of such persons, etc.

Establishment, Maintenance and Enforcement of Written Procedures

New FINRA Rule 3110(b), like its predecessor, obligates FINRA member firms to establish, maintain and enforce WSPs that are reasonably designed to achieve compliance with applicable laws and regulations in light of the types of businesses in which the firm and its associated persons engage. However, the new requirements differ from the existing rules in various ways, and will require firms to review and update their WSPs, and their supervisory practices, in light of the new requirements.

Supervision of Supervisory Personnel

Elimination of Special Supervisory Requirements for Producing Managers. The New Consolidated Rule eliminates the special requirements under NASD Rule 3012(a)(2) related to the supervision of a producing manager's account activity, including the requirement for heightened supervision when a producing manager's revenue rises above a specified threshold.

Prohibition Against a Supervisor Supervising His/Her Own Activities. New FINRA Rule 3110(b)(6)(C) is designed to address potential abuses in connection with supervision of all supervisory personnel, instead of just addressing the customer account activity of only producing managers. In particular, the Rule requires firms to adopt WSPs that prohibit supervisory personnel from:

supervising their own activities;
reporting to a person that the supervisor is supervising; or
having their compensation or continued employment determined by a person that the supervisor is supervising.

To comply with these new requirements, firms should review their supervisory designations to determine if they have any supervisors designated as supervising their own activities, or situations in which a supervisor's compensation or employment situation is determined by someone he/she is responsible for supervising. If any such situations are identified, the firm will need to revise its supervisory designations to comply with the above requirements, or take advantage of the limited exception described below.

Limited Exception Available. A limited exception in the New Consolidated Rule exists for situations in which the firm concludes that it cannot comply with the foregoing prohibitions because of the firm's size or because of a supervisor's position within the organization. The exception is intended to be quite narrow; in particular, FINRA has indicated that it expects that the exception will be used primarily by a sole proprietor in a single-person firm, or where a supervisor holds a very senior executive position in the firm (such that there is no available supervisor over whom the senior executive does not have compensation and/or continued employment authority). However, the above situations are not exclusive, and it is possible that a firm may rely on the exception in other situations where compliance is not possible because of the size of the firm or the supervisor's position within the firm. In either event, if a firm intends to rely upon the exception, it must document the factors considered by the firm in determining that compliance with the new requirements are not possible and must document how the supervisory arrangement with respect to the affected supervisory personnel nonetheless complies with the requirement that the firm's supervisory system be reasonably designed to achieve compliance with all applicable legal and regulatory requirements.

Elimination of Reporting Requirement. Under existing rules, firms that rely on an exception (the "Limited Size and Resources Exception") to the existing rules regarding producing manager supervision are required to provide notice to FINRA within the first 30 days of the firm's first reliance on the exception and annually thereafter. This notification requirement is eliminated effective December 1 and no new analogous notification obligation is imposed by the New Consolidated Rule, including with respect to firms that rely on the above exception.

Risk-Based Transaction Review

Clarification of Transaction Review Requirements. Like the existing rule, the New Consolidated Rule requires firms to implement WSPs for the review (evidenced in writing) of all transactions relating to the firm's securities or investment banking business, by a registered principal. In connection with this requirement, the New Consolidated Rule and guidance provided by FINRA also now clarify and confirm that:

Member firms are not required to conduct detailed reviews of each transaction, as long as the firm uses a reasonably designed risk-based review system. In this context, "risk-based" means the use of a methodology to identify and prioritize for review those areas that pose the greatest risk of potential legal or regulatory violations; the system must provide sufficient information to allow the firm to focus on the areas that pose the greatest numbers of and risks of violation.
To the extent that a firm uses technology-based review systems with parameters designed to assess which transactions require closer scrutiny, a firm principal must review those parameters and evidence that review in writing.
A principal relying on a risk-based review system remains responsible for any deficiency in the system's parameters or criteria that result in the system not being reasonably designed.

In connection with the implementation of the New Consolidated Rule, firms should consider reviewing their transaction review procedures and to the extent that they utilize a risk-based system, confirm that the system's parameters to assess which transactions merit further review are appropriate and have been reviewed and approved by a principal (and that such review and approval have been evidenced in writing).

Review of Correspondence and Internal Communications

New FINRA Rule 3110(b)(4) generally adopts the requirements of existing NASD Rule 3010(d)(2) with respect to the adoption of WSPs for the review of correspondence, and also codifies, clarifies and expands upon prior regulatory guidance concerning the review of electronic communications and internal communications. Although these requirements do not materially alter firms' existing obligations, their adoption may provide a good opportunity for firms to review existing policies and procedures to confirm that they are up-to-date and consistent with the New Consolidated Rule. Accordingly, these requirements are summarized below.

General Requirements. Firms must adopt appropriate supervisory procedures, in light of the firm's business, size, structure and customers, for the review of incoming and outgoing written (including electronic) correspondence and internal communications relating to the firm's securities and investment banking business. At a minimum, firms' supervisory procedures must require the review by a registered principal of:^[7]

incoming and outgoing written (including electronic) correspondence to properly identify and handle customer complaints, instructions, funds and securities, and correspondence that is of a subject matter that requires review under FINRA rules and federal securities laws; ^[8] and
internal communications of a subject matter that require review under FINRA rules and federal securities laws.

Use of Risk-Based Principles. A firm may employ risk-based principles in developing WSPs for the review of correspondence and internal communications, but if a firm does so it must decide the extent to which additional policies and procedures for the review of communications that fall outside of the subject matters listed above are necessary for its business and structure. To the extent that a firm does not engage in some or all of the activities that are of a subject matter that require review, its WSPs should so indicate as the rationale for the firm not reviewing its communications for references to those activities.

Special Requirements for Firms That Do Not Require Review of All Outgoing Correspondence. To the extent that a firm decides (using risk-based principles) that not all correspondence must be reviewed before use or distribution, the firm's WSPs must provide for: the education of associated persons regarding the firm's correspondence procedures; the documentation of such training; and surveillance and follow-up to confirm that such procedures are implemented and followed.

Evidence of Review. The New Consolidated Rule codifies prior guidance indicating that a firm's review of correspondence and internal communications must be evidenced in writing, either electronically or on paper, and must identify the reviewer, the communication that was reviewed, the date of review and any follow-up actions taken (merely opening a document is not considered to be sufficient review).

Lexicon-Based Tools. FINRA also has reiterated that to the extent that a firm uses a lexicon-based screening tool or other automated system in the course of the supervisory review of communications, it must understand the limitations of such systems and consider whether additional review is necessary as a result. The supervisor to whom responsibility for reviewing correspondence and internal communications is delegated remains responsible for any deficiency in such an automated system's criteria that results in the system not being reasonably designed.

Customer Complaints

Handling of Customer Complaints. The New Consolidated Rule requires that a firm's WSPs include procedures to capture, acknowledge and respond to all written (including electronic) customer complaints. The Rule, consistent with current requirements, does not apply to oral complaints, as FINRA is of a view that they are difficult to capture and assess (instead, FINRA encourages firms to provide customers with a form or other format to communicate complaints in writing); please note, however, that the failure to address any customer complaint (written or oral) may be deemed by FINRA to constitute a violation of a firm's requirement to observe high standards of commercial honor and just and equitable principles of trade. Accordingly, firms that have not done so already should consider adopting policies and procedures that require firm personnel to report all customer complaints, including oral complaints, to supervisory and/or Compliance Department personnel for handling.

Conflicts of Interest

Avoiding Conflicts of Interest in the Firm's Supervisory System. The New Consolidated Rule includes a new provision (FINRA Rule 3110(b)(6)(D)) that requires each member firm to adopt WSPs that are reasonably designed to prevent its supervisory system from being compromised due to the conflicts of interest that may be present with respect to the particular associated person being supervised, including the position of such person, the revenue such person generates for the firm, or any compensation that the supervisor may derive from the associated person being supervised. There are no exceptions to these requirements, and the written guidance provided by FINRA does not shed any light on how firms are expected to comply with them. At a minimum, firms should consider amending their WSPs to include heightened or special supervision to address situations in which an individual's rank, stature or revenue production within the firm could create a conflict of interest with respect to the supervision of that individual (e.g., as the result of the economic, commercial or financial interests that the supervisor has in the associated person being supervised). For example, a firm might require additional supervision from outside the branch in instances where a given producer at a branch office generates a materially disproportionate amount of that branch's revenue. Generally, identifying the particular situations in which such a conflict of interest might apply likely will depend on various firm-specific factors, including business size, scope and mix.

Use of Electronic Media to Maintain and Communicate Written Supervisory Procedures

Requirements for Communicating WSPs Electronically. The New Consolidated Rule includes the same requirements currently in place regarding firms' obligations to maintain and communicate their WSPs and any amendments thereto. The Rule now also expressly permits a firm to satisfy its obligation to communicate WSPs and WSP amendments electronically, provided that the firm satisfies the following requirements:

the WSPs have been promptly communicated to, and are readily accessible by, all associated persons to whom the supervisory procedures apply (for example, through the firm's intranet system);
all amendments to the written supervisory procedures are promptly posted to the firm's electronic media;
associated persons are notified that amendments relevant to their activities and responsibilities have been made to the WSPs;
the firm has reasonable procedures to monitor and maintain the security of the material posted so that it cannot be altered by unauthorized persons; and
the firm retains current and prior versions of its WSPs in compliance with applicable record retention requirements.

FINRA has reiterated that while all associated persons should have knowledge of the supervisory procedures relevant to their activities, firms may decide to provide only their supervisory personnel with the parameters detailing how the firm monitors activity to detect and prevent potentially violative conduct.

Internal Inspections

Like the existing rules, new FINRA Rule 3110(c)(1) requires a firm to review, at least annually, the businesses in which it engages. The review must be reasonably designed to assist the firm in detecting and preventing violations of, and achieving compliance with, applicable laws and regulations.^[9]The New Consolidated Rule adopts and incorporates many of the existing requirements applicable to firms' obligations to conduct such internal inspections, but also expands upon and modifies certain of those obligations, such that firms will need to review and possibly revise their internal audit programs to conform to the New Consolidated Rule. Relevant new, clarified, expanded or otherwise modified aspects of the internal inspections provisions of the Rule are described below.

Inspection Cycle. The New Consolidated Rule now explicitly requires that the annual internal inspection of the businesses in which a firm engages be conducted on a calendar-year basis. The chart below sets forth the additional required inspection cycles for particular location types as set forth under the Rule (new provisions or requirements imposed by the Rule are set forth in italics):

Location Type	Inspection Cycle
OSJ	At least annually, on a calendar-year basis.
Branch office that supervises one or more non-branch locations	At least annually, on a calendar-year basis.
Branch office that does not supervise any non-branch locations	At least once every three years.^[10]
Non-branch locations	On a regular periodic schedule determined by the firm,subject to a presumption that non-branch locations will be inspected at least once every three years (even in the absence of any "red flags"); if a firm establishes a periodic inspection schedule for such locations of less often than once every three years the firm must document in its WSPs the factors relied upon in concluding that the longer inspection cycle is appropriate.

Firms should review their inspection cycles in light of the new requirements and make modifications to their inspection cycles and WSPs as necessary.

Content of Report. The New Consolidated Rule modifies somewhat the required content of inspection reports under the existing NASD Rule, as follows (changes are set forth in italics):

Existing Requirement Under NASD Rule 3010(c)(2)	Requirement Effective Dec. 1, 2014 Under the New Consolidated Rule
The report must include, without limitation, the testing and verification of the firm's policies and procedures, including supervisory policies and procedures, in the following areas:	If applicable to the location being inspected, the report must include, without limitation, the testing and verification of the firm's policies and procedures, including supervisory policies and procedures, in the following areas:
safeguarding of customer funds and securities;	safeguarding of customer funds and securities;
maintaining books and records;	maintaining books and records;
supervision of customer accounts serviced by branch office managers;	the supervision of supervisory personnel;
transmittal of funds between customers and registered representatives and between customers and third parties;	transmittals of funds or securities from customers to third party accounts, from customer accounts to outside entities, from customer accounts to locations other than a customer's primary residence, and between customers and registered representatives, including the hand-delivery of checks; and
validation of customer address changes; and validation of changes in customer account information.	changes of customer account information, including address andinvestment objectives changes and validations of such changes.

Accordingly, firms will need to modify their inspection procedures to include testing and verification of policies and procedures regarding the supervision of supervisory personnel generally, and not just regarding the supervision of customer accounts of a branch office manager. Similarly, firms will need to test their policies and procedures not just with respect to transmittals of funds that would result in a change of beneficial ownership, but instead with respect to all transmittals of funds or securities to an account where the customer on the original account is not a named account holder.

WSP Requirements Related to Confirming Certain Customer Instructions. The New Consolidated Rule imposes an explicit requirement that each firm's policies and procedures include, as a way to determine the authenticity of transmittal instructions, a means or method (which may be risk-based) of customer confirmation, notification or follow-up that can be documented.^[11] Similarly, under the New Consolidated Rule a firm's policies and procedures for processing changes in customer account information (such as address or investment objective changes) must include a means or method of customer confirmation, notification or follow-up that can be documented.^[12] Firms should, to the extent necessary, revise their WSPs to comply with the foregoing requirements.

Locations That Do Not Engage in All Activities Subject to Testing. The New Consolidated Rule gives firms the flexibility to note either in their WSPs or in the written inspection report (and not only in the inspection report, as is required in the existing rules) that: (1) a given location does not engage in all of the activities that must be tested/verified under the rule (i.e., those listed in the "Content of Report" section above); and (2) WSPs for such activities must be in place before that location may engage in them.

Limitations on Who May Conduct the Inspection. To protect against potential conflicts of interest the existing rules prohibit branch office managers and supervisors, and the persons they supervise, from conducting office inspections. The New Consolidated Rule (in particular, FINRA Rule 3110(c)(3)) takes a broader approach. In particular, it generally prohibits an associated person from conducting an inspection of a location if that associated person: (1) is assigned to that location; (2) is supervised (directly or indirectly) by an associated person assigned to that location; or (3) otherwise reports to an associated person assigned to that location.

Exception for Firms of Limited Size and Resources. The New Consolidated Rule retains (with certain modifications) the existing rule's exception to the above limitations on who may conduct the inspection for firms that determine that compliance with the limitations is not possible. Such firms must document in the inspection report both the factors that led the firm to conclude that compliance was not possible and how the inspection nonetheless complies with the requirement that the inspection be reasonably designed to assist in detecting and preventing violations of, and achieving compliance with, the firm's regulatory obligations. FINRA has indicated that although the exception may apply in other instances, it typically would apply where the firm has only one office or has a business model where small offices report directly to an OSJ manager who also is considered the small office's branch office manager. The New Consolidated Rule no longer includes the requirement that a firm relying on the exception have a principal who has the requisite knowledge to conduct the inspection—instead, firms have the ability to assign anyone with the requisite knowledge to conduct the inspection, regardless of registration or other status.

Replacement of 'Heightened Office Inspection' Requirements. The existing rule requires that firms conduct "heightened office inspections" if: (1) the person conducting the inspection reports to the branch office manager's supervisor (or works in an office supervised by the branch office manager's supervisor); and (2) the branch office manager generates 20 percent or more of the revenue of the units supervised by the branch office manager's supervisor. The New Consolidated Rule (at FINRA Rule 3110(c)(3)(A)) replaces this provision with a requirement that firms have in place procedures reasonably designed to prevent the effectiveness of inspections being compromised due to any conflict of interest (e.g., where the associated person or his/her supervisor has a particular economic, commercial or financial interest in the associated person or business being inspected). Accordingly, firms' inspection programs will need to be updated to include parameters designed to identify potential conflicts of interest and to address such conflicts to prevent the inspection of the location from being compromised.

Focused Reviews of One-Person OSJ Locations. FINRA has recently reiterated its belief (in FINRA Regulatory Notice 14-10) that one-person OSJ locations where the on-site principal engages in sales-related activities that trigger OSJ designation should be subject to focused reviews because of the possible conflicts of interest that may arise. FINRA also stated that it would monitor one-person OSJs to determine whether they are adequately supervised, including supervision addressing possible conflicts of interest or sales practice violations. Firms that do not already have procedures calling for heightened or focused inspections of such locations should consider adopting them.

Transaction Review and Investigation

Prevention of the Misuse of Material Non-Public Information. NYSE Rule 342.21, which was adopted to assist firms in preventing the misuse of material non-public information by firms and their associated persons, requires NYSE member firms to review trades in NYSE-listed securities and related instruments effected for the firm's account or for the account of a firm-employee or the family member of such an employee, and to promptly investigate any trade that may have violated insider trading laws or rules. New FINRA Rule 3110(d), which applies to all FINRA members and not just those who also are NYSE members, replaces NYSE Rule 341.21, extends its requirements beyond just NYSE-listed securities and related instruments to all securities, and adopts additional requirements related to the identification of other potentially manipulative activity in the accounts of the firm, its associated persons and other related accounts, as summarized below.

Accounts Subject to the Transaction Review Requirements. Under new FINRA Rule 3110(d)(1), firms must adopt WSPs that implement a process for the review of transactions in the following types of accounts:

the accounts of the firm;
accounts introduced or carried by the firm in which an associated person of the firm has a beneficial interest or otherwise has the authority to make investment decisions;
accounts of an associated person of the firm that are disclosed to the firm pursuant to NASD Rule 3050 or NYSE Rule 407;^[13] and
"covered accounts," which are defined as any account introduced or carried by the firm that is held by:
- the spouse of an associated person;
- the child of an associated person or the spouse of the child of an associated person, but only if the child resides in the same household as, or is financially dependent upon, the associated person;
- any other related individual over whose account the associated person has control; or
- any other individual over whose account the associated person has control if the associated person also materially contributes to the financial support of the individual.

Risk-Based Surveillance Protocol to Identify Possible Insider Trading. Pursuant to the New Consolidated Rule, firms' WSPs must set forth a process that is reasonably designed to identify trades in the account types detailed above that may violate applicable prohibitions against insider trading and manipulative devices. However, the Rule does not impose any specific monitoring parameters, but instead allows firms to adopt a risk-based surveillance protocol tailored to the firm's business model and activities. FINRA has explained that there is no requirement that a firm examine every trade in the account types above.^[14]FINRA notes, as an example, that "some firms may determine that only specific departments or employees pose a greater risk and examine trading in those accounts accordingly."^[15] Generally speaking, firms should seek to identify the contexts (in light of the firm's business) in which associated persons are likely to come into possession of material non-public information or other information (such as information regarding impending customer or firm transactions of size) that could be used in connection with a manipulative device, and to implement a surveillance process designed to flag trading activity (in the account types above) that could be violative in light of the associated person's access to such information.

Internal Investigation of Potentially Violative Trades. Any potentially violative trade identified by the firm requires a prompt internal investigation to determine whether a violation of law or regulation, in fact, occurred. Generally, a firm's procedures should include specific guidelines and criteria to allow the firm to determine whether a trade is potentially violative and requires such an investigation. For example, to the extent that a firm uses exception reports to identify potentially violative trades, the firm's procedures should identify risk-based follow-up steps to be taken to determine whether a trade identified on such an exception report is potentially violative and requires an internal investigation (there is no requirement that every trade identified on an exception report trigger an internal investigation).

Reporting of Internal Investigation for Firms that Provide Investment Banking Services. The New Consolidated Rule requires certain firms (only) to file reports concerning the firm's internal investigations with FINRA, as follows:

Who Must Report?

When Must They Report?

What Must They Report?

FINRA member firms that engage in investment banking services, such as:

acting as an underwriter;
participating in a selling group in an offering for the issuer or otherwise acting in furtherance of a public offering of the issuer;
acting as a financial adviser in a merger or acquisition; or
providing venture capital or equity lines of credit or serving as placement agent for the issuer or otherwise acting in furtherance of a private offering of the issuer

(The above are non-exclusive examples of investment banking services set forth in the New Consolidated Rule.)

Within five business days after completion of an internal investigation resulting in a determination by the firm that a trade violated prohibitions against insider trading and/or manipulative and deceptive devices

The results of the investigation, any internal discipline that was meted out, and any referral of the matter to a regulatory or self-regulatory authority

Within ten business days of the end of each calendar quarter

Quarterly reports must include:

the firm's identity;
the commencement date of each internal investigation;
the status of each open internal investigation;
the resolution of any internal investigation reached during the previous calendar quarter; and
with respect to each internal investigation, the identity of the security, trades, accounts, firm's associated persons or family members of such associated person holding a covered account, under review, and a copy of the firm's insider trading review policies and procedures

There is no internal inspection reporting requirement for firms that do not engage in investment banking services. Firms that do engage in investment banking services and that therefore are subject to the reporting requirement must file their reports either in hard copy or electronically to the firm's Regulatory Coordinator.

New Content Requirements for Annual Reports to Senior Management Regarding Compliance Testing

Compliance Testing Requirement. Like its predecessor (NASD Rule 3012(a)), new FINRA Rule 3120 requires firms to designate at least one firm principal responsible for implementation of supervisory control policies and procedures that test that the firm's supervisory procedures are reasonably designed to achieve compliance with applicable law and regulation, and create, where necessary, amended WSPs to close any gaps identified by the required testing.

Report of Testing Results. Under new FINRA Rule 3120, the designated principal(s) also must submit an annual report to senior management, which is to include the following:

All firms*

Details of the firm's system of supervisory controls;
Summary of the test results including significant identified exceptions; and
Any amended supervisory procedures adopted in response to the test results.

Additional requirements for any firm that reported $200 million or more in gross revenue on its FOCUS report in the prior calendar year**

Tabulation of the reports pertaining to customer complaints and internal investigations made to FINRA during the preceding year; and
A discussion of the preceding year's compliance efforts, including procedures and educational programs, in each of the following areas:
trading and market activities;
investment banking activities;
anti-fraud and sales practices;
finance and operations;
supervision; and
anti-money laundering.

* These requirements are the same as are set forth in existing NASD Rule 3012(a)(1).

** The subject matters listed are required only to the extent applicable to the firm's business. These requirements are based upon, but vary somewhat from, NYSE Rule 342.30.

New Requirements for Holding Customer Mail

Existing NASD Rule 3110(i) imposes strict time limits on a firm's ability to hold customer mail. Those limits are eliminated by new FINRA Rule 3150, which allows firms to hold customer mail subject to the following conditions:

The firm receives written instructions from the customer to hold the customer's mail for a specific period of time (if the period is longer than three consecutive months, including any aggregation of time periods from prior requests, the request must include an acceptable reason such as safety or security concerns);^[16]
The firm informs the customer in writing of alternate methods (e.g., email) that the customer may use to receive/monitor account activity and information and obtains the customer's confirmation of the receipt of such information; and
The firm verifies, at reasonable intervals, that the customer's instructions still apply.

The firm must be able to communicate in a timely manner to the customer during the time it is holding the customer's mail, as is necessary to provide important account information (e.g., privacy notices) and must put into place reasonable precautions designed to prevent the customer's mail from being tampered with, from being held without the customer's consent, or from being used by an associated person in any manner that would violate applicable laws or regulations. Firms should update their mail hold policies and procedures (and related WSPs) in accordance with these new requirements.

Tape Recording Requirements for Firms That Employ A Certain Percentage of Registered Persons From "Disciplined Firms"

New FINRA Rule 3170 (Tape Recording of Registered Persons of Certain Firms) adopts NASD Rule 3010(b)(2) without substantive change. This rule continues to require firms that employ more than a certain percentage of registered persons from "disciplined firms" (as defined by the Rule) to institute special WSPs related to telemarketing activities and to tape record conversations. The new rule makes clear that a "tape recording" includes any electronic or digital recording that otherwise meets the Rule's requirements.

Conclusion

While the New Consolidated Rule and the other related new FINRA rules do not impose sweeping changes to the supervisory requirements of FINRA member firms, they do require various changes to firms' processes and procedures. Firms must carefully review their current practices, policies and procedures (including WSPs) to determine what changes they should implement to comply with the new requirements.

^[1]_{The FINRA Rulebook consists of FINRA Rules, NASD Rules, and rules incorporated from NYSE. The incorporated NYSE rules apply only to firms that are both FINRA and NYSE members; the FINRA Rules and NASD Rules apply to all FINRA member firms.}

^[2]_{In particular, the following NYSE rules and interpretations will be deleted and replaced by FINRA Rule 3110: NYSE Rule 342 and interpretations 342(a)(b)/01 through 342(a)(b)/03, 342(b)/01 through 342(b)/02, 342(c)/02, 342(e)/01, 342.10/01, 342.13/01, 342.15/01 through 342.15/05, 342.16/01 through 342.16/03; NYSE Rule 351(e) and interpretation 351(e)/01; NYSE Rule 354; NYSE Rule 401; and NYSE Rule 401A.}

^[3]_{Except as otherwise explicitly noted, where this advisory describes specific requirements of the current or existing rules, such descriptions relate to existing NASD rules (i.e., NASD Rule 3010, 3012 and 3110). Although the requirements of the NYSE rules and interpretations that are being replaced are in many respects substantially similar to the NASD rules that are being replaced, certain differences do exist. In any event, the requirements of the New Consolidated Rule and the other new FINRA rules discussed herein apply both to FINRA member firms that are not NYSE members and those that are, such that differences in the requirements for NYSE and non-NYSE members with respect to their supervisory system will be effectively eliminated when the new FINRA rules become effective on December 14.}

^[4]_{The New Consolidated Rule codifies existing regulatory guidance indicating that firms are not required to conduct their annual compliance meetings/interviews in person, but if a firm uses another method (e.g., webcast, video conference, etc.) it must take steps to ensure that each registered person attends the entire meeting and is able to ask questions regarding the presentation and receive timely answers.}

^[5]_{An OSJ is defined (in both the existing rules and under the New Consolidated Rule) as any office of a FINRA member firm at which any one or more of the following activities occur: order execution or market making; structuring of public offerings or private placements; maintaining custody of customers' funds or securities; final approval of new accounts; review and endorsement of customer orders; final approval of certain retail communications; or responsibility for supervising the activities of associated persons of the firm.}

^[6]_{FINRA Rule 3110.03.}

^[7]_{The New Consolidated Rule codifies existing regulatory guidance indicating that a supervisor or principal may delegate to an unregistered person the function of reviewing correspondence and internal communications, but the supervisor or principal remains ultimately responsible for such reviews.}

^[8]_{Examples of communications "of a subject matter that require review under FINRA rules and the federal securities laws" include:}

_{communications between non-research and research departments concerning a research report's contents (NASD Rule 2711(b)(3) and NYSE Rule 472(b)(3));}
_{certain communications with the public that require a principal's pre-approval (FINRA Rule 2210);}
_{the identification and reporting to FINRA of customer complaints (FINRA Rule 4530); and}
_{the identification and prior written approval of changes in account name(s) (including related accounts) or designation(s) (including error accounts) regarding customer orders (FINRA Rule 4515).}

^[9]_{The New Consolidated Rule, like its predecessor, requires each firm to retain a written record of each review and inspection (including the date(s) of the inspection), create a written report of each location's inspection and keep each inspection report on file either for a minimum of three years or, if the location's inspection schedule is longer than three years, until the next inspection report has been written.}

^[10]_{Under the New Consolidated Rule, in determining the frequency of inspections of each non-supervisory branch, firms should consider the nature and complexity of the branch's activities and the size of the branch (both in terms of volume of business and number of associated persons). Firms also may adopt an inspection cycle for such a branch office on a more frequent cycle than every three years but target only specified areas of the offices' activities during a particular examination, subject, however, to the requirement (which is consistent with the existing rules) that the firm must inspect all of the required areas listed in FINRA Rule 3110(c)(2) (which are summarized in the "Content of Report" section below) within the three-year cycle. Also the firm must set forth in its written supervisory and inspection procedures, among other things, the manner in which it will inspect those areas within the three-year cycle and the factors relied upon in determining the frequency of the branch's inspection cycle.}

^[11]_{See also FINRA Regulatory Notice 09-64, which provides guidance on firms' policies and procedures to verify transmittal instructions.}

^[12]_{Such policies and procedures also must comply with SEC Rule 17a-3, which requires firms to provide notice of any change in an account owner's address to the customer's old address and also requires firms to provide the account owner with an updated customer record any time there is a change in the account's investment objective. See SEC Rules 17a-3(a)(17)(i)(B)(2) & (3).}

^[13]_{Generally, these rules require an associated person of one firm who wishes to carry a securities account with another firm to obtain his/her firm's consent, and require the carrying firm to provide the associated person's firm with duplicate statements and confirms.}

^[14]_{See Securities Exchange Act Release No. 34-69902 (July 1, 2013), 78 FR 40792 at 40809 (July 8, 2011) (Notice of Filing of File No. SR-FINRA-2013-025).}

^[15]_{FINRA Regulatory Notice 14-10 at p. 12.}

^[16]_{The new rule specifically states that convenience is not an acceptable reason for holding customer mail for longer than three months.}