finra rules consulting – Mitch Atkins FINRA Rules Consulting

FINRA reports that there has been a steady increase in the number of incidents in which criminals attempt to scam broker-dealers and their clients.

FINRA says that one way crooks do this is that they target a legitimate broker-dealer by building a website that looks very similar to that of the broker-dealer’s or a registered representative’s site. They will then capture information the customer enters into that site and use it to defraud the investor.

FINRA has also reported that it has seen an increase in the number of instances in which a fraudster poses as a customer requesting funds from his or her account. In a typical example, the criminal will obtain information about the customer’s email account by hacking into the email. Then the criminal sends an email to the broker-dealer requesting that it wire funds to an account overseas, often urgently and often stating that he/she won’t be available for the next 8 hours because he/she is boarding an international flight. This is in hopes that the broker-dealer does not call to verify the transfer. And once these funds are wired, they are almost never recovered. Thieves sometimes also do this with requests for checks to be issued on the customer’s account.

Broker-dealers should ensure that their internal control procedures related to customer requests for funds are effective. Many broker-dealers require a telephone conversation with a customer for disbursement requests over a certain amount that are not being sent to the address of record. Further, during these conversations, customers are required to provide identifying information. To prevent change of address scams where a crook asks to change the address and then requests a check, FINRA requires that broker-dealers take certain steps to ensure there are adequate controls around customer address change requests. Firms must sent notice of any change of address to the customer at the old address (and to the registered representative) on or before the 30^th day after the date the firm received the notice of the change. Those requirements can be found in SEC Rule 17a-3(a)(17)(i)(B)(3) or just click here.

FINRA recommends that broker-dealers, “Immediately contact the SEC and FINRA” and “Report to the FBI” in the event that they believe that their professional identity is being employed in a scam. If your firm has been a victim of such an attack, visit FINRA’s page on Customer Information Protection for a checklist of steps to take.

If you have questions about internal financial controls, Mitch Atkins, FINRA’s former South Region Director has extensive experience in this area. Call Mitch Atkins, Principal at FirstMark Regulatory Solutions, at 561-948-6511.

NASD Rule 3012 and FINRA Rule 3130

NASD Rule 3012(a)(1)(A) requires FINRA members to perform an annual test to verify that procedures are reasonably designed to achieve compliance with applicable securities laws and regulations, and with applicable FINRA/NASD rules. The review must take into account the activities in which the FINRA member and its associated persons and registered representatives engage. And, if the test indicates a need, FINRA requires that its members create additional supervisory procedures (or make amendments to existing procedures) as required based on the review. Following the test, FINRA requires that each member prepare a report that is provided to senior management detailing that member’s supervisory controls, the summary of the test results, any significant identified exceptions, and any additional or amended supervisory procedures created as a result of the test.

FINRA Regulatory Notice 14-10 outlined changes to FINRA’s Supervision Rule, and specifically, the requirements of new FINRA Rule 3110 which replaces NASD Rule 3010 effective December 1, 2014. Key changes include: paragraph (b)(6) of Rule 3110 which eliminates “heightened supervision” requirements and imposes a requirement to review conflicts, paragraph (d)(3)(B) of Rule 3110 which requires a review of transactions with a view toward detecting insider trading, requirements to investigate and document reviews thereof, and specific requirements for the annual report including the firm’s system of supervisory controls, summaries of test results, and details of any additional or amended procedures required. Also, in response to FINRA’s report on conflicts (October 2013), Rule 3110 requires firms to have procedures in place to identify and mitigate conflicts, particularly in the instance of branch office inspections and supervision of personnel also responsible for supervising others. New Supplementary Material 3110.03 impacts OSJ supervision and requires an “on-site” principal at each OSJ. Rule 3110(e) requires firms to justify, in writing, why a supervisor can or must supervise more than one OSJ (if applicable).

FINRA Rule 3130 requires, among other things, that the CEO certify annually that the FINRA member has procedures in place to maintain, review, test and modify written compliance policies and procedures reasonably designed to achieve compliance with applicable rules and regulations.
Many FINRA members utilize outside consultants to conduct the NASD Rule 3012 review so that the executives of the broker-dealer can rely on the report of the consultant in order to make the required certification under FINRA Rule 3130. These assessments are required by Rule 3012 to be conducted every 12 months, unlike the AML Independent Test which is required to be conducted on a calendar year basis.
Mitch Atkins, FINRA’s former South Region Director, has over 21 years of experience in working with broker-dealer supervisory systems, assessing compliance, and preparing reports. Contact Mitch Atkins by calling FirstMark Regulatory Solutions at 561-948-6511.