Introduction
Securities regulators have long been concerned with the potential regulatory risks associated with geographically dispersed broker-dealer offices, citing the observation that the distance of these offices from compliance and supervisory personnel could make it easier for them to be involved in and conceal securities laws violations. On-site internal inspections of those offices have been viewed as a vital component of the supervisory process in mitigating those potential risks. SEC Staff Legal Bulletin No. 17 (March 19, 2004). However, given recent advances in technology and changing work environments resulting from the COVID-19 pandemic, broker-dealer supervisory practices have evolved. This evolution has not gone unnoticed by regulators such as FINRA, who has adopted a new voluntary inspections pilot program rule which will allow member firms to perform required office inspections by remote means. FINRA member firms will have the ability to opt into this voluntary program beginning on June 1, 2024. The discussion below covers some aspects of what FINRA member firms may expect, including potential benefits, regarding this new rule.
Highlights of FINRA’s Rule 3110 Internal Inspection Requirements
As part of the supervision requirements of FINRA Rule 3110, member firms must perform internal inspections of their offices and locations. These different offices and locations are classified as Offices of Supervisory Jurisdiction (also called “OSJs”- where certain supervisory activities and other enumerated activities, such as the maintenance of customer funds and securities, take place), branch offices (where the business of inducing or effecting securities transactions takes place), and non-branch locations (such as residences and other types of locations which satisfy branch office exclusion requirements). FINRA Rule 3110(f)(2)(A). FINRA Rule 3110(a)(3) requires that members register and designate OSJs and branch offices based on the rule’s definitions of those offices and locations.
FINRA Rule 3110 requires that OSJs, and branch offices that supervise non-branch locations, be inspected at least annually in accordance with the rule’s requirements. Branches that do not supervise non-branch locations, and the non-branch locations themselves, must be inspected at least every 3 years. FINRA has required that these inspections take place on-site at the office or location in question. FINRA Rule 3110(c); FINRA Rule 3110.13; FINRA Regulatory Notice 11-54 at 6.
FINRA’s Existing Remote Office Inspections Rule 3110.17
As we all know, the advent of the COVID-19 pandemic presented challenges for member firms to perform on-site inspections. In 2020, FINRA introduced Rule 3110.17 to provide temporary relief from the on-site inspection requirement by allowing firms to conduct office inspections remotely (without an on-site visit to the office or location) if they complied with that rule’s specific requirements for such inspections. However, FINRA Rule 3110.17 will automatically sunset on June 30, 2024, and FINRA has stated that “[a]s of July 1, 2024, firms will no longer be able to rely on Rule 3110.17 to fulfill their Rule 3110(c) obligations.” As such, firms that wish to continue using remote inspections may opt to do so through FINRA’s voluntary, three-year remote inspection pilot program pursuant to new Rule 3110.18 as discussed more fully below. FINRA Regulatory Notice 24-02 at 5 (Jan. 23, 2024).
FINRA’s Remote Inspections Pilot Rule 3110.18
FINRA Rule 3110.18, which was adopted in November 2023, provides eligible firms with the option to participate in a voluntary, three-year remote inspections pilot program. This program will allow firms to fulfill their Rule 3110(c) inspection obligations through remote means for eligible OSJs, branch offices and non-branch locations, subject to specified safeguards and limitations. The rule states that “[t]he requirement to conduct inspections of offices and locations is one part of a member’s overall obligation to have an effective supervisory system and therefore the member must maintain its ongoing review of the activities and functions occurring at all offices and locations, whether or not the member conducts inspections remotely.” FINRA Rule 3110.18(a),(d); 88 FR 82464.
To take advantage of the pilot, a firm must comply with the rule’s eligibility criteria, which deem certain high-risk member firms, offices, and locations as ineligible to conduct such inspections. For example, certain firms as a whole would be ineligible if they are or become subject to specified regulatory events such as being: classified as a “Restricted Firm” under FINRA Rule 4111; designated as a “Taping Firm” under FINRA Rule 3170; or suspended from FINRA membership. New firms (who have been FINRA members for less than 12 months) would also be ineligible. Certain firm offices or locations would also be unable to conduct remote inspections based on eligibility criteria. Some examples of ineligible offices or locations include those where: customer funds or securities are handled; individuals in the office or location are subject to heightened supervision pursuant to securities regulatory rules; or proprietary trading activities or supervision thereof take place. Please see Rule 3110.18(f)(1) and (g)(1) for a more complete listing of ineligibility criteria.
In addition to satisfying the rule’s eligibility criteria, firms and their offices or locations must meet certain conditions to participate in the pilot. A firm will be required to: have a record keeping system in place; not physically or electronically maintain and preserve records at the office or location being inspected; have prompt access to such records; and have appropriate surveillance and technology tools for supervising the risks of remotely supervised offices or locations. Offices or locations must: utilize the firm’s electronic communications system; have its correspondence and communications with the public supervised in accordance with Rule 3110; and not physically or electronically maintain the firm’s books or records at that office or location. FINRA Rule 3110.18(f)(2), (g)(2).
If a firm and its offices and locations satisfy both the rule’s eligibility criteria and its conditions, the firm must also develop a reasonable risk-based approach to conducting remote inspections and prepare a documented risk assessment for the office or location being remotely inspected. The risk assessment must document the factors considered, including those covered in the reasonable review standards of Rule 3110.12 and higher risk activities or individuals associated with the office or location. Firms must also consider a non-exhaustive list of other factors for the risk assessment such as customer complaints, products offered, and the customer base to name a few. The risk assessment factor provision also states that a firm’s supervisory system must take any red flags into consideration when determining whether to conduct a remote inspection of the office or location (both in the first instance and as part of the firm’s ongoing determination to conduct subsequent inspections of the office or location) and that firms should conduct on-site inspections or make more frequent use of unannounced, on-site inspections for high-risk offices or locations where there are indicators of irregularities or misconduct (consistent with Rule 3110.12). Please see Rule 3110.18(b) for a more complete listing of risk factors. See also 88 FR 82464 at 82476-82477.
Firms who participate in the pilot are required to establish, maintain, and enforce written supervisory procedures for remote inspections which cover certain areas of the inspections such as the risk assessment and the methodology and technology used in the inspection. Please see Rule 3110.18(c) for a more complete listing of written supervisory procedure requirements.
In terms of conducting the remote inspections, the firm will be held to the reasonable review standards of FINRA Rule 3110.12. Where the inspection identifies any red flags, the firm may need to impose additional supervisory procedures for the office or location in question or provide for a more frequent review of it, including potential subsequent on-site visits on an announced or unannounced basis. Firms will also need to document the results of the remote inspections including: which offices and locations were inspected on a remote basis; which offices and locations where additional supervisory procedures were implemented as the result of the remote inspection; and any additional supervisory procedures or more frequent monitoring for that office or location imposed as the result of the remote inspection (including whether an on-site inspection was conducted). FINRA Rule 3110.18(d), (e).
The rule requires firms to collect and report certain remote and on-site inspection data to FINRA within specified time periods (including for inspections conducted in 2019) and to have procedures covering this data collection and reporting. One of the required data points concerns “significant findings” made as the result of a remote or on-site inspection. FINRA has stated that a “significant finding” is one that should prompt the firm to take further action, such as escalation within the firm for further review resulting in enhanced monitoring of an event or activity through more frequent remote or on-site inspections of the location (on an announced or unannounced basis), or other targeted root cause reviews. Findings including unapproved communication mediums, customer complaints, undisclosed outside business activities, or private securities transactions, among other things, may prompt such escalation or further internal review. Firms will also need to provide data regarding certain aspects of the firm’s remote inspections supervisory procedures to FINRA. FINRA has stated that its data requirements would help it assess the effectiveness of remote inspections. FINRA Rule 3110.18(h); 88 FR 82464 at fn. 82.
If a firm fails to satisfy the conditions of Rule 3110.18, it will be ineligible to participate in the program. FINRA could also determine in the public interest and for the protection of investors that a firm has not complied with the rule and is no longer eligible to participate in the pilot by providing written notice to the firm. As the result of either ineligibility event, the firm must conduct on-site inspections of each office and location pursuant to Rule 3110(c). FINRA Rule 3110.18(j), (k).
Participation, Potential Benefits, and Some Compliance Expectations
For a firm to participate in the first year of the pilot program, it will need to provide FINRA with an “opt-in notice” (in a manner and format determined by FINRA) at least five calendar days before a pilot year begins (between June 1, 2024 and June 26, 2024 for the first pilot year as discussed in FINRA Regulatory Notice 24-02 (subject to FINRA’s modification)). Firms who provide this notice agree to participate in the pilot program for the duration of the pilot year, agree to comply with Rule 3110.18, and are automatically signed up for subsequent pilot years until the program expires. To opt-out of the program, a firm will need to provide notice to FINRA at least five days before the subsequent pilot year. FINRA Regulatory Notice 24-02 provides more specifics on key pilot program dates. FINRA also indicated that it is currently developing technological processes and guidance for the submission of opt-in and opt- out notices and data pertaining to the remote inspections pilot. FINRA Regulatory Notice 24-02 at 3-4.
The advantages of participating in the remote inspection pilot include mitigating potential disruptions to the current hybrid work environment, reducing travel costs and lost productivity associated with on-site inspections, the ability to utilize on-site inspections where appropriate, increased flexibility in designing inspection teams and allocating inspection resources, allowing broker-dealers to stay competitive with other segments of the financial services industry that may offer remote work arrangements, and diversity and inclusion benefits. Participation in the pilot may also give firms valuable insight and experience into real-time regulatory expectations in this space and how they may further evolve. 88 FR 28620 at 28624, 28636-28637.
Firms should expect that their compliance with the voluntary inspection pilot’s requirements will be thoroughly reviewed by FINRA. FINRA has indicated that it will use certain risk markers to determine whether it “should examine an office or location, and in turn, examine a firm’s reasonableness determination to conducting remote inspections rather than an on-site inspection for that office or location.” FINRA has stated that “as with any new process or rule, FINRA anticipates undertaking a careful review of firm compliance with Rule 3110.18.” Indeed, FINRA has indicated that “in the context of reviewing a firm’s remote inspections program, one indicator in this evaluation may be whether the firm is identifying risk indicators that are similar to those that FINRA is detecting.” 88 FR 28620 at 28634-28635. FINRA also “expects to publish additional guidance outlining in greater detail operational processes for compliance with the data and information requirements of Rule 3110.18.” FINRA Regulatory Notice 24-02 at 1.
- Counsel
While serving as an attorney with FINRA’s Department of Enforcement, Jonathan counseled FINRA staff on developing investigations and examinations concerning potential violations of the federal securities laws and FINRA ...
About MVA White Collar Defense, Investigations, and Regulatory Advice Blog
As government authorities around the world conduct overlapping investigations and bring parallel proceedings in evolving regulatory environments, companies face challenging regulatory and criminal enforcement dynamics. We help keep our clients up to date in these fast-moving areas and to serve as a thought leader.
The latest from MVA White Collar Defense, Investigations, and Regulatory Advice Blog
- CFPB Finalizes Personal Financial Data Rights Rule 1033
- SEC Settlement Reminds Firms to Periodically Review Their Use of Models, Calculators and Tools When Making Client Recommendations
- THE DESK: MVA’s Swaps & Derivatives Newsletter
- CA Governor Vetoes AI Safety Bill but Indicates Additional AI Regulation Forthcoming