We all remember those feelings right before a big test. The anxiety of wondering, “Did I prepare enough? Did I review the right material? What happens if I fail?”
FINRA Rule 3120 is all about establishing testing policies and procedures to verify that your supervisory system is operating effectively. That is, you are adequately reviewing business activities and responding appropriately when any weaknesses to the framework have been identified.
Establishing your Testing & Verifying Process
A failed testing and verification process could lead to compliance violations, enforcement actions and/or costly penalties and fees. Consider the key points below, and you’ll be sure to get a passing grade.
Testing – Your Final Exam
A firm’s supervisory system is only as good as its controls. Controls surrounding personnel, customer transactions and communications are essential to ensure a well-run and compliant organization. Every firm must check the adequacy of those controls through annual testing.
By testing the adequacy of supervisory policies and procedures and management’s ability to enforce them, firms can ensure that supervisory systems are appropriately preventing and detecting compliance violations.
While testing should be comprehensive, it does NOT need to include a review of each and every policy or procedure every year. Testing scopes should be risk-based, using methodologies and sampling to determine which areas are most important to inspect.
Firms should focus on areas of higher risk, such as products or activities that bring in the most revenue for the firm, or those that are new or have had previously identified weaknesses in previous years.
Scopes should also consider market hot topics or areas of regulatory focus or changes, as well as any business activities where the firm has had many customer complaints.
Verifying – Review your Answers
Sometimes you can study for hours, only to find out that you were reading an outdated copy of the textbook. Besides testing the adequacy of supervisory policies and procedures, it is important to remember that the supervisory system and corresponding policies and procedures should not be static.
They can become quickly outdated due to changes in business activities and regulatory requirements. Do policies refer to current regulations? Are they updated to account for technological advances?
It may become necessary to re-evaluate the purpose of various supervisory controls as a result of any major changes. Throughout the testing process, the suitability of procedures surrounding management’s responses to any exceptions noted during the supervisory process should also be reviewed.
When exceptions are found, management should quickly respond and reevaluate existing policies to correct any weaknesses identified.
Your Report Card
After testing is complete, a report should be issued to the firm’s senior management on at least an annual basis. Any weaknesses identified during the testing and verification process should be reported upon and responded to in a timely manner.
This report should:
- Describe the methodologies and procedures used for testing;
- Include a summary of all test results;
- Contain management’s responses and follow-up actions to any exceptions noted during the testing and verification process.
Management’s responses should consider any areas where a number of exceptions to policies and procedures are noted and determine whether additional changes should be made to strengthen the overall supervisory control system.
Examples of follow-up actions could be policy or procedure modifications, improved documentation or recordkeeping, additional supervisory personnel or inspections to review transactions, or further training throughout the firm.
Additional Requirements for Bigger Firms
If gross revenues are over $200 million, regulations require additional information to be reported to management. First, a compilation of all customer complaints and internal investigations reports made to FINRA during the preceding year.
Next, a summary of all compliance efforts throughout the year in these specific areas:
- Trading and market activities;
- Investment banking activities;
- Antifraud and sales practices;
- Supervision; and
- Anti-money laundering.
The Benefit of Getting Straight A’s
Reporting the right information to the right people at the right time can make all the when it comes to compliance with FINRA Rule 3120. Ensuring that the appropriate members of management have reviewed and assessed the adequacy of the supervisory framework will allow for proper oversight and accountability throughout the organization.
This will contribute to an overall stronger supervisory system and robust testing and verification processes. In the end, this could mean less work for you in preparing for the next test, and perhaps even straight A’s from here on out.