FINRA Rule 3120
Have you ever gone about your daily work duties, head in focus-mode, and realized suddenly that something has gone wrong?
Written by a human
Maybe you’ve accidentally sent a business email from your personal account, and despite all of the policies and procedures put in place by your firm, it’s slipped through the cracks. But how can you know that the guidance and rules are really working, until something like this happens?
For businesses regulated in the US financial markets, FINRA rule 3120 is the solution. It’s the rule in place to test the effectiveness of your internal controls and policies, enabling you to assess gaps and make the changes you need to. Not only in maintaining effective compliance and avoiding a regulatory notice, FINRA 3120 is a practice to help firms learn from previous mistakes.
What is FINRA 3120?
FINRA 3120 is a rule that asks each member to designate a principal to establish, maintain and enforce the member’s supervisory control system. It was introduced in 2014, replacing an old NASD rule (3012) which covered similar requirements for supervisory procedures.
This rule is part of a set of detailed topics introduced to hold broker-dealers accountable and maintain market integrity. While other rules, FINRA 3110 and FINRA 3130, focus on current reporting and real-time reactions to customer complaints or other internal investigations, FINRA 3120 asks firms to look at case information and inspection of the past year.
It forces companies to check their controls, assess the impact of procedures and determine any inconsistencies or errors on an annual basis through their regulatory obligation. The rule aids regulators in maintaining the stability of the markets (through FINRA data), but primarily focuses on helping broker-dealers to learn from their mistakes.
Details of FINRA 3120
FINRA’s 3120 includes requirements for the system of the financial services company, and for the designated principal from the FINRA member. These include:
- Testing the risk-based supervisory system to ensure that it is reasonably designed for compliance
- Creating new systems, or amend existing ones if they are deemed unreasonable
- Writing an annual report which will be submitted to the regulator
The annual report exists for informational purposes. It should include details on the supervisory controls in place, a summary of all tests and results, any significant exceptions to the test results, and details on any additional procedures created as a result of these tests.
Each member firm making a minimum of $200 million per year has further requirements. At these firms, the principal must submit an annual report to its senior management, which details the customer complaints and any internal investigation made to FINRA. Plus, it should contain a full discussion on the compliance efforts including procedures and educational programs in:
- Trading and market activities
- Investment banking activities
- Anti-fraud and scales practices
- Finance and operations
- Supervision
- Anti-money laundering
Compliance challenges of FINRA 3120
In December 2021, FINRA reported an investigation and enforcement action against broker-dealer: Ecoban Securities. The company had failed to set up a system to capture business communications on personal devices, and didn’t have a supervisory system in place to guide staff on record-keeping requirements.
During FINRA’s investigation, Ecoban Securities was found to have failed to have a reasonable supervisory system in place, conduct their annual review, test their processes and report findings to Senior Managers. The company was fined $40,000 and further reprimanded in order to produce a certified supervisory system.
With that in mind, industry professionals must work hard to determine the who, what, when, why of their supervisory control systems. Consider:
| Who | What | Where | Why |
| Assigned principal(s) at broker-dealer firms must complete the FINRA 3120 assessments | A risk-based framework is key, and alongside typical customer complaints consider recent ‘hot topics’ by the regulators | The principal should perform tests and reports in their normal place of work | Alongside satisfying the regulatory requirements, firms should identify additional training and updates or changes needed |
As the enforcement action against Ecoban Securities shows, oversight across all communications is key. If the firm had proper written supervisory procedures in place to capture, analyze and archive all communications, the non-compliance ruling (and its penalties) may have been avoided.
Global Relay has compliance solutions to meet regulatory obligations, from recordkeeping to surveillance.
