Blame Frank Gruttadauria. A little over one year after NASD's new supervisory control rules (3012 and 3013) took effect, broker/dealers are tightening the screws on the way they supervise their brokers and advisors. Some firms have implemented sweeping changes, including hiring new staff and even creating whole new departments. But it hasn't been a smooth ride for smaller b/ds, which are having a hard time coming up with the cash to comply.
In case you've forgotten, Gruattadauria is the former registered rep who was able to defraud clients over a 15-year period without detection because he was essentially supervising himself. From 1987 to 2002, while serving as a rep at a series of different firms, he defrauded clients of over $115 million; his fraud went undetected until he surrendered himself to authorities in 2002. The Securities and Exchange Commission and the New York Stock Exchange later charged SG Cowen Securities and Lehman Brothers with failing to supervise Gruttadauria, and ordered the firms to pay penalties of $5 million and $2.5 million, respectively.
To prevent another Gruttadauria, regulators created rules 3012 and 3013. Rule 3012 mandated for the first time that b/ds formally review their supervisory procedures, and create an extensive written report on the results to be submitted annually. Specifically, b/ds are required to create a system for testing supervisory procedures, and to designate individuals who are responsibile for establishing, maintaining and enforcing that system. What's more, these individuals must be “independent.” In other words, they can't report to a producing manager, have supervisory responsibility over the activity being reviewed or be paid with revenue generated by the activities reviewed.
And then there are the written reports. Due every April 2, these must detail the firms' supervisory procedures, summarize how they were tested, describe what “exceptions” to the rules were found (so-called gap analyses) and describe any changes that were made to the supervisory procedures as a result of those tests. Rule 3013, meanwhile, requires CEOs to annually certify that their firms' supervisory procedures are reasonably designed to achieve compliance with federal securities laws and NASD rules.
It's “forcing firms to sit down, and see where compliance is working and where it isn't,” says Linda Lerner, counsel at Debevoise & Plimpton in New York.
Getting In Gear
To comply, some b/ds have established entirely new departments responsible for handling 3012 and 3013 processes, says Glen Barrentine, special counsel at Cadwalader, Wickersham & Taft in New York. “Firms are saying they need a centralized view across the firm.”
Take New York-based Maxim Group, an NASD member firm with 400 employees and two registered investment advisories. In 2006, the firm created an “internal control” department, and hired two full-time employees in an effort to comply with the new supervisory rules. The internal control department carries out surveillance of the firm's 16 business units and conducts independent testing on a monthly or quarterly basis, says John Sergio, Maxim's chief operating officer.
Sergio says that the department also maintains all of the firm's written supervisory procedures and policy bulletins, which together number in the hundreds of pages. Because of the vast number of procedures that need to be supervised — including things like transmission of funds, changes in customers' investment objectives and even changes of customer addresses — the department is, at any given time, conducting independent testing of written documents somewhere in the firm. “If you have a very strong internal control function, it protects your business all year round,” he said. “The spirit of the rule is that it is not something you can look at once or twice — you have to be fully committed.”
Other firms have taken a different approach — creating a position with supervisory control within each business unit, says Barrentine. That person is basically there to tell the business side, “Here's what you need to do” to adequately supervise a particular department, he explains. A spike in NASD enforcement actions and fines related to deficiencies in supervision means there is a lot more at stake if the business side misinterprets supervisory procedures, Barrentine says. “The fallout from getting it wrong has increased tremendously.”
This department-by-department approach also helps firms comply with rule 3013, because b/ds can ask the designated individuals to submit “sub-certifications” of their written supervisory procedures. Sub-certifications aren't required by 3013, but they're a great means of preparing the CEO for his annual certification, says Lerner. “If the CEO doesn't have clear sub-certifications talking about what the processes are, what the gap analysis was, how can the CEO possibly be in a position to do the certification?” she asks.
Smaller Firms Suffer
It is a different story at small b/ds, where compliance with 3012 and 3013 has stretched resources thin. Just hiring dedicated compliance officers is very expensive, and may put some firms out of business, says Bill Singer, partner at Lawrenceville, N.J.-based Stark & Stark and a columnist for this magazine. Singer cites one father-son operation that planned to hire a compliance officer for $45,000. But the firm will need to hire another broker just to generate the earnings needed to pay the compliance officer's salary, Singer says.
Small firms also lack the resources to make compliance with 3012 and 3013 an ongoing exercise, Singer says. “The sad reality is there is a flurry of activity” at deadline time, when firms make a cursory review of written supervisory procedures and compile them into one book. “The NASD doesn't like to hear that we have these bibles that are basically doorstops,” he says. Lisa Roth, chairperson of the National Association of Independent Broker Dealers, warns this last-ditch approach could result in trouble from the regulators.
But for now, it looks like regulators are giving firms some breathing room. At this point they just want to see that firms are trying to come to grips with the requirements, says Barrentine. “People are still at a very early stage in this process. Regulators understand it will take a few years to gel.”
Firms are hopeful that having robust processes in place for 3012 and 3013 will help them down the road when regulators find violations, said Barrentine. The “gap analysis” required by 3012 gives firms the opportunity to correct problems in advance of a regulatory inspection, says Lerner. “Self-correction goes a long way to mitigating any sanctions.”