Thursday, January 24, 2008

What Do the Numbers 3012 and 3013 Mean to You?

For those into numerology, perhaps those numbers portend happiness, prosperity, or love. For you in the securities compliance business, you know otherwise. They mean WORK.

This is a reminder for those of you who first complied in about February or March 2006--and again last Feb. or March--with the 'testing and verification' requirement under FINRA Rule 3012 . You are required to test and verify every 12 months; that is, by the anniversary of your last test date. Since the testing and verification process takes longer than 5 minutes, or even a few hours, you may want to start the process now, or least prepare your strategy.

Remember your goal:
To verify that your firm has in place processes to:
(a) establish, maintain and review policies and procedures reasonably designed to achieve compliance with applicable NASD/FINRA rules, MSRB rules and federal securities laws and regulations;
(b) modify such policies and procedures as business, regulatory and legislative changes and events dictate; and
(c) test the effectiveness of such policies and procedures on a periodic basis, the timing and extent of which is reasonably designed to ensure continuing compliance with NASD/FINRArules, MSRB rules and federal securities laws and regulations .


Here is an example of the steps you might take to meet that goal:
1. Take an inventory of the securities rules and regulations that are relevant to the firm’s business, including identification of new or changed requirements applicable to existing or new lines of business;
2. Review the firm’s supervisory procedures and control system procedures that are designed to address the rules and regulations, as well as additional, internal policies;
3. Perform testing of adherence to the firm’s compliance, supervisory, and supervisory controls procedures using a risk-based approach;
4. Identify and detail the gaps perceived in meeting required procedures.
5. Devise a reasonable plan for addressing the perceived gaps.


Note the term 'risk-based'--it's important. You don't have to test every single procedure every year. You can prioritize and stagger your reviews according to product risks, customer profiles, new business areas and perceived weaknesses (i.e., from earlier office inspection or FINRA exam results).

You'll want to put the results your process in writing and present it to the top business officer of your firm. This meeting between you (CCO) and the top dog (CEO, for instance) is required. If you and the top officer are one and the same, may I suggest a mirror to aid in the communication?

Your top business officer will sign the 3013 Certification after reading the report and judging for him/herself that your firm does indeed have the necessary processes in place. S/He doesn't have to like the state of compliance, but s/he does have to acknowledge the existence of the firm's processes.

And remember, you don't submit the 3012 report or the 3013 certification to FINRA or SEC. You put them in labelled files and hope the examiner is happy with them in your next cycle exam. He or she probably will be: word has it examiners are not being overly fussy about compliance in small firms, but they do want to see good faith efforts.

No comments: