In recent years, the Securities and Exchange Commission (SEC) and Financial Industry Regulatory Authority (FINRA) have heightened their expectations of what constitutes a "comprehensive" branch self-inspection program. Firms that fail to meet these expectations might receive a visit — and disciplinary action — from either FINRA or the SEC's Office of Compliance Inspections and Examinations (OCIE). To avoid regulatory intervention and discipline, firms should implement heightened branch inspection processes and procedures.


1. The Basic Rules.

Before the examiners come knocking, broker-dealers should ensure that they follow FINRA's rules requiring firms to conduct periodic branch inspections. These rules are complex and often confusing, but following them is vital to avoid sanction.

The required frequency of inspections depends on the type of office:

  • Annual inspections: Offices of Supervisory Jurisdiction (OSJ)1 and non-OSJ offices that supervise non-branch locations require annual inspections.
  • Triennial inspections: Non-supervisory branch offices must be inspected every three years, although a shorter cycle may be appropriate due to the nature and complexity of the branch's securities business, the volume of business done, and the number of associated persons assigned to the branch.
  • "Periodic" inspections: Non-branch offices must be inspected "periodically," the frequency of which depends on the nature and complexity of the securities activities for which the location is responsible, as well as the nature and extent of customer contacts.
  • Importantly, FINRA's rules require that branch inspections involve "testing and verifying" the firm's policies and procedures in the following areas:
  • the safeguarding of customer funds and securities;
  • maintenance of books and records;
  • supervision of customer accounts serviced by branch office managers;
  • transmittal of funds between customers and registered representatives and between customers and third parties;
  • validation of customer address changes; and
  • validation of changes in customer account information.

Not coincidentally, gaps in these policies and procedures are often the subject of findings in FINRA examinations and formal disciplinary proceedings.

2. Joint Risk Alert: Enhanced Risk-Based Requirements.

The SEC and FINRA expanded upon these requirements for branch office inspection programs in a jointly issued 2011 National Examination Risk Alert ("Risk Alert"). Although allegedly intended to provide guidance, the Risk Alert actually imposed a new requirement on broker-dealers: risk-based analyses of each branch office to determine the appropriate frequency, intensity, and focus of inspections.

In effect, the Risk Alert requires firms to continuously monitor their branch offices for changes in "overall business, products, people and practices" and to inspect—often unannounced—more frequently and intensely those offices that carry greater risk.

Each inspection must also be tailored to the business conducted in each branch and the risks specific to that business. Further, senior branch office examiners who have the experience, training, and expertise to understand how to conduct a proper probe should be the individuals responsible for carrying out the inspections.

According to the Risk Alert, risk-based analyses must consider, among other things:

  • the nature and complexity of products and services offered;
  • the volume of business done;
  • the location of the office;
  • the number of associated persons assigned to a location;
  • whether a location has a principal on-site; and
  • the disciplinary history of registered representatives or associated persons.

3. In-Depth Examinations of Registered Representatives' Private Activities.

In addition to these risk-based requirements, FINRA's management has imposed an additional expectation for branch inspection programs: in-depth examinations of registered representatives' financial circumstances.

At the Securities Industry and Financial Markets Association (SIFMA) Complex Products Forum on September 27, 2012, Susan Axelrod, Executive Vice President, Member Regulation Sales Practice, explained that successful branch inspection programs should examine registered representatives' financial circumstances in some depth. Some of these "sound practices" identified by examination staff include the following:

  • searching public records and social media for representatives' outside activities;
  • requiring representatives to turn over personal banking and financial records;
  • conducting inspections of representatives' computers and portable devices; and
  • requiring brokers to sign periodic certifications about outside activities.

According to Axelrod, FINRA considers these practices to be critical in preventing brokers—often looking to supplement their income—from engaging in unapproved private securities transactions.

4. The Comprehensive Automated Risk Data System.

Further, FINRA fully expects to integrate branch inspection processes into its proposed Comprehensive Automated Risk Data System (CARDS), a program that will allow FINRA to collect information from broker-dealers on a standardized, regular basis. FINRA executives Richard Ketchum, Chairman and Chief Executive Officer, Carlo di Florio, Chief Risk Officer and Head of Strategy, and Axelrod have, on at least three occasions in 2014, expressed an intention to use CARDS to "identify potential business conduct problems" unique to branch offices.

Most recently, at the SIFMA Complex Products Forum on October 29, 2014, Axelrod told the audience that CARDS will allow FINRA to track the types of products carried by particular branches of each firm. According to Axelrod, CARDS will also track patterns of transactions that could indicate "bad behavior" on the part of a particular branch. Likewise, on October 20, 2014, at the National Society of Compliance Professionals' Conference, di Florio stated that CARDS would assist FINRA in monitoring branch offices for "problem areas such as pump and dump schemes, suitability, churning, mutual fund switching and concentrations of high-risk securities."


In addition to observing the regulators' rules and guidance, broker-dealers should also be aware of the following:

1) FINRA issues an Annual Regulatory and Examination Priorities Letter, which lists the products and sales practice issues on which FINRA examiners plan to focus their efforts. Branch offices that offer such products may require more frequent and intense internal inspections. In 2014, for example, FINRA noted the following products: (1) longer duration instruments; (2) high yield securities recommended to retail investors; and (3) microcap and low-priced over-the-counter securities. Sure enough, OCIE in 2014 examined 22 broker-dealers who offered microcap securities, and "more than 80% were issued letters of deficiency for material control weaknesses and/or potential violations of law." See our related client alert.

2) A recent study conducted by the Wall Street Journal identified geographic "hot spots" where sales abuses are more likely to occur. It is a good bet that OCIE, FINRA, and state investigators will focus even more attention on these so-called "hot spots," which are generally areas with higher than average elderly populations.

3) Using its new Broker Migration Model, FINRA plans to track "recidivist brokers"— brokers who have patterns of complaints or disclosures for sales practice abuses—even as these brokers move between firms. OCIE and FINRA will assuredly place more emphasis on branch offices that employ such brokers; firms would be well-advised to conduct adequate due diligence when hiring.


1.Under FINRA rules, an OSJ is an office at which one or more of the following activities takes place:

  • order execution and/or market making;
  • structuring of public offerings or private placements;
  • maintaining custody of customers' funds and/or securities;
  • final acceptance (approval) of new accounts on behalf of the firm;
  • review and endorsement of customer orders;
  • final approval of retail communications for use by persons associated with the firm, except for an office that solely conducts final approval of research reports; or
  • responsibility for supervising the activities of persons associated with the firm at one or more other branch offices of the firm.

Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Morrison & Foerster LLP. All rights reserved