FINRA Rule 3120 Testing – 10 Years Later

It’s hard to believe it has been over ten years since the inception of NASD Rule 3012 (n/k/a FINRA Rule 3120).  The requirements under this rule shook broker-dealers at the core when they first were issued.  As you may recall, the Rule mandates FINRA member broker-dealers to test the effectiveness of their supervisory system at least annually, and report any significant exceptions to the firm’s senior management. Basically, a firm’s processes are tested against their procedures, and a determination is made if there are gaps, and if so, what needs to be changed – the firm’s process or their procedures.  An eye should always be kept during the testing to determine both processes and procedures are up to date with all current regulations.

What exactly does this mean for broker-dealers?  Over the last ten years most firms have developed a system and practice for this testing and documentation; however, some still question annually if they are “doing it right”.  As in most FINRA compliance practices, a good place to begin is with the standard “Who, What, When, Where, Why and How” questions to make certain everything is covered adequately.  Let’s go over the basics…

WHO is required to do this, and who does this testing?

  • Testing is required by most broker-dealers (firms registered as a Capital Acquisition Broker (CAB) are exempt from this requirement)
  • Firms can elect to have one person conduct the entire testing, or, as is the case with many large firms, multiple persons can be assigned different areas of the testing; however, a designated principal of the firm oversees all testing conducted.

WHAT should be tested?

  • Firms are encouraged to use a risk-based approach in determining the necessary areas of testing in any given year. Some factors used in this determination could include:
  • Top revenue producing business activities;
  • Areas in which the firm has previously experienced procedural deficiencies;
  • Areas identified by regulators as ‘hot topics’;
  • Business activities in which the firm has received customer complaints; and
  • Business activities or products that may be new to the firm

WHEN should this testing be conducted?

  • The intent for this testing is for it to be an ongoing testing of a firm’s processes and procedures.
  • The 3120 report is required annually, not to extend beyond 365 days.
  • For a newly approved firm, the first testing and 3120 report must be completed within 12 months of becoming a FINRA member.

WHERE is this conducted?

  • Testing is conducted where the activities being tested take place.

WHY conduct this testing?

  • The obvious answer here is to satisfy the rule requirements; however, the testing is also beneficial for firms. It can help identify:
  • Potential areas of concern;
  • Areas needing updating or changing; and
  • Areas where additional training may be needed for associated persons

HOW is this testing best conducted to be compliant with the Rule?

  • Firms are encouraged to use a risk-based approach in selecting the sample it tests during any given year.
  • Once the areas of testing have been determined for the year, a review of the firm’s processes in each area is completed and a determination is made if the process matches the firm’s written supervisory procedures. If not, what change needs to be made – the way something is being done, or a change in how it is described in the WSP?
  • Upon completion of the required testing, but no less than annually, the designated principal must submit a detailed report to senior management (CEO/Board of Directors/Audit Committee) which outlines the firm’s system of supervisory controls, a summary of testing results including any significant exceptions, and any additional or amended written supervisory procedures created as a result of the testing.
  • Keep in mind, not all procedures must be tested on an annual basis.

Once the designated principal has presented the 3120 Report to senior management, the CEO (or equivalent officer) must complete a compliance and supervision certification and a report, required under FINRA Rule 3130. This report is different from that required under Rule 3120. The purpose of the 3130 Report is to identify the processes a firm follows to ensure the firm’s policies and procedures under FINRA Rule 3110 are kept current, and that the firm adopts the Supervisory Control Procedures required under FINRA Rule 3120.

The annual certification states that the firm has the necessary processes in place to establish, maintain, review, test and modify its supervisory policies and procedures, and that the CEO (or equivalent officer) has met with the CCO at least once during the preceding 12 months to discuss the firm’s supervisory controls. This certification must be completed at least annually, on or before the anniversary date of the prior year’s certification.

While the Rule numbers changed during the FINRA Rule synchronization process, the basics of the testing requirements remain the same.

NCS Regulatory Compliance is committed to helping firms comply with the testing and certification requirements set forth in these rules. To learn how we can assist your firm in meeting these requirements, please contact your NCS Regulatory Compliance consultant directly, or one of the compliance specialists at NCS Regulatory Compliance at 800-800-3204.

Kathryn Langridge