FINRA Supervisory Controls Assessment
FINRA Rule 3120 – Assessment
FINRA Rule 3130 – CEO Certification
FINRA CEO / CCO Certification
Annual CEO Certification
Supervisory Controls Assessment
Each of these rules has a separate purpose, although FINRA permits the reports required under each to be combined into one. FINRA Rule 3130 requires that the firm designate a Chief Compliance Officer (CCO) and that the CEO certify annually that the firm has processes in place to establish, maintain, review, test and modify written compliance policies and written supervisory procedures. The CEO also attests that he or she has conducted at least one meeting with the CCO in the prior 12 months to discuss these processes. The annual requirement for FINRA Rule 3120 testing (the supervisory controls assessment) and verification relates to the review of the firm’s supervisory systems, including supervisory policies and procedures. A FINRA Rule 3120 report should detail the testing and verification of a firm’s procedures and specifically whether those procedures are reasonably designed to achieve compliance with applicable rules. In practice, firms often prepare a single report and may even call it a “FINRA Supervisory Controls Assessment” report when in reality in also includes the required CEO certification per FINRA Rule 3130. When FirstMark handles the annual supervisory controls assessment for a client, it prepares a single report along with a separate written certification for review and signature by the CEO. The combined report serves as the basis for the CEO certification. The report provides recommendations for amendments to the firm’s procedures and supervisory controls as needed.
FirstMark conducts comprehensive reviews of client supervisory systems and procedures in the manner required by FINRA Rule 3120. This is a risk-based review during which we test and verify that the firm’s supervisory procedures are reasonably designed to achieve compliance with applicable securities laws and regulations (and FINRA Rules). It also identifies exceptions and amendments that may be required as a result of the testing. FirstMark provides recommendations based on its assessment.
Using risk-based methodologies and sampling (similar to what FINRA examiners use when conducting examinations) FirstMark tests and verifies those areas of the firm’s written supervisory policies and procedures that are most likely to pose the greatest risk, often called a “risk-based approach.” In making this determination, FirstMark works with the client to identify areas of: significant revenue, prior regulatory exam findings, emerging issues, new business lines, regulatory priorities, and concentrations in customer grievances (if any). FirstMark provides input and expertise regarding the areas to be selected. Once a plan is developed, the testing commences and FirstMark prepares the comprehensive, consolidated report that satisfies FINRA Rules 3120 and 3130. Note that a supervisory controls assessment is not an audit, nor is it designed to be exhaustive. Rather, using FINRA guidance, it is designed using a risk-based approach.