Now that brokerage firms have had a full year to comply with new supervisory control regulations from the New York Stock Exchange and the NASD, they can reflect on lessons learned and how, going forward, their chief executive officers can do a better job of setting, testing and supervising compliance controls. This is according to a Deloitte & Touche webcast last week: "Supervisory Control Regulations for Broker/Dealers: Compliance in the Second Year and Beyond."
NYSE Rule 342 and NASD Rules 3010, 3012, 3013 are similar in that they require the CEO of every member firm to certify annually that the firm "has in place processes to establish, maintain, review, test and modify written compliance policies and written supervisory procedures reasonably designed to achieve compliance with applicable rules and federal securities laws and regulations."
The certification must include a representation that the CEO has conducted one or more meetings with the firm's chief compliance officer in the preceding 12 months to discuss the processes. The processes must be documented in a report reviewed by the CEO and others and submitted to the firm's board of directors and audit committee.
Firms' most common approach has been to create a matrix of rules applicable to the firm's lines of business. They have then mapped written supervisory procedures to the rules, analyzed them and established a testing plan, noting areas to be tested and how frequently reports should be prepared.
The first year has presented challenges. For one, there has been an inconsistent understanding as to what constitutes a written supervisory procedure and which departments should have them, said Susan Levey, a director at Deloitte. Some firms have simply reprinted regulations rather than documenting their internal procedures. Also, many brokerages have handled written supervisory procedures informally, failing to centralize the process, to provide enough details or to keep the procedures up to date.
Regarding certification of written supervisory procedures, CEOs are required to handle that, but some have pushed this duty off on senior managers.
There are also technology limitations, and complying with the new regulations is costly. At the outset, Deloitte found, there were few tools on the marketplace to help brokerages comply, but recently there has been an increase in workflow and customizable compliance software.
Also, firms feel regulators haven't given them enough guidance on the certification process, Levey said. In addition, said Erin DeCroix, a senior manager at Deloitte, "There is no guidance from regulators as to how often the testing needs to be performed." As a result, firms have established a wide range of testing guidelines appropriate to their organization, including interviews, testing of transactional data, observations and trend analysis and examination of reports. "Many firms have applied a risk-based testing approach to the areas where testing is being performed," DeCroix said.
However, there have been some positives, Levey noted. For one, the relationship between compliance officers and senior management has strengthened at many companies, and firms are offering more training for supervisors, she said.
This year, brokerages should be prepared to provide regulators with documentation proving testing in the first year and action plans on handling identified gaps, Levey said.
Deloitte based its findings on a survey of firms that have complied with the supervisory control regulations. The majority of participants, 78%, work for a firm with one legal entity subject to supervisory control regulations, and 29% were dual NYSE and NASD members. There is a difference in the way firms have to respond to the rules and different time requirements if they are a member of the NYSE and the NASD.
To comply with the supervisory control regulations, 81% of participants indicated that their firm leveraged internal audit reviews and 31% leveraged their Sarbanes-Oxley initiatives to comply. Firms are trying to use prior initiatives and reviews to help them comply, DeCroix explained.
Going forward, many firms are keeping the same methodology of the first year intact, but a few are tweaking their methodology to better comply. Some firms are focusing less on drafting written supervisory procedures and more on testing. This would be typical of a firm that had spent a lot of time drafting written supervisory procedures in the first year, but had limited information to test because the procedures were relatively new, DeCroix said.
Additionally, firms that may have used external consultants in the first year to help them define a methodology and program, are now bringing the tasks in-house.
The regulators had hopes to strengthen relationships between CEOs and the compliance department. Fifty-five percent of the respondents to the Deloitte survey said the two parties have always been in frequent touch. However, 36% of participants said the relationship between the CEOs and the compliance department at their firms has become more formalized as a result of the new regulations.
(c) 2006 Money Management Executive and SourceMedia, Inc. All Rights Reserved.