- Proposed FINRA Regulatory Changes Regarding Outsourcing that Require Attention
- April 20, 2011 | Authors: Stephen H. Cohen; Akiba Stern
- Law Firm: Loeb & Loeb LLP - New York Office
On March 29, 2011, the Financial Industry Regulatory Authority (FINRA) published for industry comment a proposed rule clarifying the scope of a member firm's obligations and supervisory responsibilities for functions or activities outsourced to a third-party.
The proposed Rule (FINRA Rule 3190 - Third-Party Service Providers) makes clear that:
- when a member firm outsources a function or activity related to its business as a regulated broker-dealer to a third-party service provider, it does not relieve the member firm of its obligation to comply with applicable securities laws and regulations, and FINRA and Municipal Securities Rulemaking Board (MSRB) rules;
- the member firm cannot delegate its responsibilities for, or control over, any outsourced functions or activities;
- a member firm must have supervisory procedures, including due diligence measures, to ensure that its arrangements with third-party service providers are reasonably designed to achieve compliance with applicable securities laws and regulations, and FINRA and MSRB rules.
- The proposed rule also imposes additional restrictions and obligations that apply solely to a clearing or carrying member firm and its third-party service provider arrangements.
Proposed Rule 3190 will for the first time memorialize the guidance set forth in NTM 05-48 in the form of an affirmative set of supervisory obligations for which a broker-dealer and its personnel will be held accountable. As a result, failure to comply with the new rule would enable FINRA to more readily cite deficiencies on FINRA exams, which could lead to an increase in disciplinary events and fines for member firms.
Changes Impacting All Member Firms Utilizing Outsourcing Services
Under the proposed rule, any member firm (whether an introducing broker or a clearing or carrying firm) utilizing third-party outsourcing arrangements will be subject to the following:
- The term “third-party agreement” now includes both the third-party service provider and sub-vendors utilized by the third-party service provider. Therefore, broker-dealers must create supervisory systems and written procedures for functions performed by the third-party service provider and its sub-vendors.
- FINRA is now explicitly proposing the following ongoing due diligence requirements for member firms:
- Member firms must conduct due diligence of both current and prospective third-party service providers and their sub-vendors to whom they outsource broker-dealer functions; and
- The due diligence procedures must be included in the member firm’s supervisory procedures.
- Unless otherwise determined by FINRA to the contrary, affiliates to whom member firms outsource will not be treated any differently than non-affiliate third-parties.
- The proposed rule specifically applies to all functions and activities related to a member firm’s business.
Practice Pointers - Member firms should consider the following questions based on these enhancements to NTM 05-48:
- To the extent that a member firm is required to perform ongoing due diligence of sub-vendors of its third-party service providers, how can it fulfill its obligations if it does not have privity of contract with the sub-vendors? Is review of the third-party service provider’s due diligence of their sub-vendors sufficient, or must the member firm actually perform its own due diligence above and beyond the third-party service provider’s due diligence of the sub-vendors? In addition, can reliance on the third-party service provider’s due diligence satisfy the member firm’s new obligation to document the process in its written supervisory procedures?
- How often and how extensively must the member firm perform such ongoing due diligence of sub-vendors? Could it shift to the third-party service provider the burden of periodically informing the member firm of changes to the status of its previous due diligence of the sub-vendor, or will the member firm have an affirmative obligation to obtain that information directly from the sub-vender (which is potentially difficult if the member firm is not in privity with the sub-vender)?
- Under what circumstances is FINRA likely to acknowledge that an affiliate should not be considered to be a third-party service provider and therefore subject to proposed Rule 3190? For example, if an affiliate is a “Material Associated Person”1, would this be sufficient evidence for FINRA that such affiliate is sufficiently known to the member firm that due diligence requirements would either be lightened or dropped?
- To the extent a member firm conducts business activities that are not required to be conducted by a broker-dealer out of its broker-dealer2 entity, and utilizes third-party service providers, does proposed Rule 3190 apply to such non-securities activities? While traditionally such non-securities activities were not subject to FINRA’s jurisdiction, in a different proposed rule regarding supervision, FINRA seems to expand its jurisdiction over non-securities related matters by requiring member firms to designate a principal to supervise every business the member firm operates, regardless of whether registration as a broker-dealer is required for that activity. Will proposed Rule 3190 similarly subject all of a member firm’s businesses to the requirements of proposed Rule 3190 regardless of whether the business is securities related or not?