Remote Non-Branch Office Inspections: Facilitating Home Office Arrangements
Financial services firms, like other businesses, must address employees' requests for more flexible work arrangements, including working from home. For broker-dealers, however, longstanding rules formulated around the traditional office structure can make it difficult to accommodate these arrangements. Financial Industry Regulatory Authority ("FINRA") rules require member firms to perform on-site inspections of all locations from which they regularly conduct business, including employees' residences and other places where they are permitted to work remotely. Dispatching examiners to multiple apartments and homes can be resource intensive, costly and personally intrusive, especially for locations not held out as a place of business and where operational functions are limited. However, these burdens may be mitigated through effective technology-driven reviews performed remotely.
FINRA has taken these issues into consideration in proposing to amend its rules to permit remote inspections of residences and other non-branch locations where employees work on a regular basis.1 The relief should enable firms to permit more of these arrangements. This measure is still pending and FINRA has not indicated whether or when it will finalize the proposal.2 However, incorporating remote inspections into the review cycle can lessen the on-site work to be done and possibly provide a basis for extending the period between on-site examinations.
Current On-Site Requirements
FINRA Rule 3110 requires member firms to supervise the activities of their associated persons and to conduct on-site inspections of all branch offices and other business locations.3 The rule defines a "branch office" to mean "any location where one or more associated persons . . . regularly conducts the business of effecting any transactions in, or inducing or attempting to induce the purchase or sale of, any security[.]"4 The definition contains several exceptions, referred to as "non-branch locations," including an "associated person's primary residence"5 and a "temporary location"6 typically used to accommodate employees working from home. Among other things, the location cannot be held out to the public as an office of the firm or used to meet customers or to handle funds or securities. A registered person working from the location must be assigned to at least one appropriately registered supervisor in a branch office or OSJ that is responsible for reviewing his or her activities. The locations must be inspected according to a plan that takes into account, among other things, (1) the nature and complexity of securities activities, (2) customer contact, (3) volume of business, (4) disciplinary history and (5) signs of irregularity or misconduct.7 There is a presumption that the location will be inspected on-site at least once every three years unless the firm determines that a longer period is warranted and the considerations are set out in the firm's written supervisory and inspection procedures ("Inspection Program").8
FINRA's Proposal to Allow Remote Inspections of Residences and Other Locations
FINRA proposes to allow member firms to conduct remote inspections in lieu of on-site inspections of "qualifying offices."9 A "qualifying office" would include the primary residence or temporary location where an employee works from home, provided the person does not have a "disciplinary history" as defined in FINRA Rule 3170(a)(3) and is not subject to a "statutory disqualification" as defined in Section 3(a)(39) of the Securities Exchange Act of 1934.10 The firm must have written policies and procedures reasonably designed to determine whether (i) the location is eligible for remote inspection and (ii) the inspection performed is appropriate taking into consideration the factors noted above and whether the person has a disclosure event under items 14(C) through (J) of Form U4.11 A written report of the remote inspection must be made and kept on file.
On-site inspections of these locations continue to be required pending any adoption of the FINRA proposal or other relief. Meanwhile, remote inspections at appropriate intervals may provide a basis for extending the period for on-site inspections or reduce the amount of work required on-site subject to the results of those examinations and any issues identified during ordinary supervision of the representative's activities.12 Written policies and procedures for remote inspections should be incorporated in the firm's Inspection Program. The efficacy of those remote inspection procedures should be tested against on-site inspection results.
Policies and Procedures
The following are some issues that firms should consider in preparing policies and procedures for the approval and supervision of employees working remotely, including an Inspection Program that incorporates both remote and on-site inspections of non-branch locations.
Guidelines for Working Remotely
Many firms have guidelines and protocols for employees working outside the office (whether or not on a regular basis); such guidelines may address, among other things, (1) supervisor notification and approval, (2) required use of firm-issued devices and computers, (3) connection to the firm's systems through secure communications links, (4) corresponding policies limiting or restricting the use of personal or non-proprietary devices, communication systems, software or accounts for business purposes, (5) limitations on document production and record storage and (6) restrictions on meetings with customers.
Policies and Procedures for Working from Home or Another Non-Branch Location on a Regular Basis
Firms should have more comprehensive policies and procedures governing arrangements where employees work from home or another non-branch location on a regular basis. Those policies and procedures should incorporate guidelines for working remotely and, in addition, address the following:
Policies may restrict or prohibit such arrangements where the employee has a disciplinary history or a prior statutory disqualification. Conditions or restrictions may apply to persons that have reportable events on Form U4. The firm should consider policies that address whether and to what extent the arrangements are appropriate for senior executives and supervisors, high-level operations, technology or finance professionals, employees performing sensitive or important functions (including those with access to funds or securities), and persons engaged in activities requiring close supervision, such as traders and persons selling complex products or services.
Policies and procedures for approving such arrangements may require authorization from the head of the business unit, the Human Resources Department, and consultation with legal or compliance personnel, in addition to the person's immediate supervisor.
Policies and procedures should be in writing and provide for appropriate documentation of approved arrangements, reviews and inspection of the location as a non-branch location. The firm should record the address of each non-branch location. (The location should not be advertised or held out to customers or others as a place from which the firm conducts business.) The record for each location should include the employee's name, title and registrations, business activities, department, the branch location or OSJ to which he or she is assigned for supervision and the name of his or her supervisor.
Additional Guidelines for Working Remotely
The firm should have additional controls for employees working remotely on a regular basis, potentially including requiring use of firm communication devices, computers and applications, special log-on requirements and installing monitoring software on computers.
Each employee should be assigned to a supervisor in a branch office or OSJ responsible for his or her activities. The employee should adhere to and acknowledge compliance with all applicable firm policies and procedures, including the firm's code of conduct, compliance manual and policies and procedures to protect against misuse of material nonpublic information. The firm should consider whether additional supervisory routines may be appropriate, including procedures to monitor whether the location is identified as a place of business of the firm, enhanced email, log-on and activity reviews, supervisory reports and mandatory attendance at compliance meetings, continuing education programs (possibly, including a module for working remotely) and other important events.
Inspections (Remote and On-Site)
Firms should have an Inspection Program that includes procedures for both on-site and remote office inspections. They should describe the schedule and considerations behind the frequency of inspections. The program for each inspection should take into consideration (1) the office's location, (2) the nature, complexity and scope of the employee's activities there, (3) the volume of business, and (4) the employee's record, including any reportable events on Form U4. In addition to the review of business activities conducted by the person from the location, modules should test for compliance with policies and procedures for working remotely, information and data protection (including cyber-security) and adherence to conditions for treatment of the location as a non-branch office. A written report should be made of the results of each inspection, and the results should be considered in assessing whether any changes should be made to the arrangement, supervision or the timing or substance of future inspections. Remote inspection results should be compared with on-site inspection results to help identify any weaknesses in either set of protocols.
1 In November 2017, FINRA published Regulatory Notice 17-38, Remote Branch Office Inspections, ("Reg. Notice 17-38"), which proposes new Supplementary Material .15, an amendment to FINRA Rule 3110 which, if enacted, would allow broker-dealers to conduct remote inspections of "qualifying offices" to fulfill FINRA's Broker-Dealer supervision requirement. Available at http://www.finra.org/sites/default/files/notice_doc_file_ref/Regulatory-Notice-17-38.pdf.
2 See comment letters to Reg. Notice 17-38, available at http://www.finra.org/industry/notices/17-38. Members have commented favorably on the proposal. While FINRA has identified potential downsides, including a risk that remote inspections might not work as well as on-site inspections to identify misconduct, FINRA also acknowledged the benefit in enabling members to reallocate resources to perform more frequent and in-depth inspections of higher-risk locations. Reg. Notice 17-38. The measure, if adopted, would continue the trend to incorporate technology more in member supervision. FINRA Rule 3110(f)(1).
3 A firm must designate and register each location that is a branch office. FINRA Rule 3110(a)(3). The rule also requires the designation and registration of an office of supervisory jurisdiction ("OSJ"), which is a location where one or more supervisory functions take place. See FINRA Rule 3110(f)(1).
4 FINRA Rule 3110(f)(2).
5 For the primary residence exception to apply, the following conditions must be met: (i) only one associated person, or multiple associated persons who reside at that location if they are members of the same immediate family, conducts business at the location; (ii) the location is not held out to the public as an office and the associated person does not meet with customers at the location; (iii) neither customer funds nor securities are handled at the location; (iv) the associated person is assigned to a designated branch office and that branch office is reflected on all communications to the public by the associated person; (v) the associated person's correspondence and other communications are subject to the firm's supervision; (vi) electronic communications (e.g., email and instant messages) are made through the firm's electronic systems; (vii) all orders are entered through the designated branch office or an electronic system reviewable at the branch office; (viii) the firm maintains written supervisory procedures pertaining to supervision of sales activities conducted at the residence; and (ix) the firm maintains a list of their associated persons' residence locations. FINRA Rule 3110(f)(2)(A)(ii).
6 Firms may use the temporary location exception if the location is used for securities business for fewer than 30 business days in any one calendar year and meets (i) through (viii) of the primary residence requirements noted above. This exception can be used to accommodate a second residence, vacation home or other short-term location used by a representative. FINRA 3110(2)(A)(iii).
7 See FINRA Rule 3110(c)(1)(C), Supplementary Material .12.
8 See FINRA Rule 3110 Supplementary Material .13. An OSJ or supervisory branch office must be physically inspected at least once every year. FINRA Rule 3110(c)(1)(A). A non-supervisory branch office must be inspected at least once every three years. FINRA Rule 3110(c)(1)(B). See Regulatory Notice 11-54, Branch Office Inspections, FINRA and the SEC Issue Joint Guidance on Effective Policies and Procedures for Broker-Dealer Branch Inspections, Nov. 2001, available at https://www.finra.org/sites/default/files/NoticeDocument/p125204.pdf.
9 The proposal would add new Supplementary Material .15 to FINRA Rule 3110. See Reg. Notice 17-38, available at http://www.finra.org/sites/default/files/notice_doc_file_ref/Regulatory-Notice-17-38.pdf.
10 Reg. Notice 17-38. In addition, the books and records associated with the business activity performed there must be maintained at another location.
11 Proposed new Supplementary Material .15 to FINRA Rule 3110 does not expressly provide that the policies and procedures must be in writing; however, FINRA Rule 3110(c), to which it relates, calls for "written supervisory and inspection procedures" that "set forth the non-supervisory branch office examination cycle" and the "factors . . . used in determining the frequency of the examinations." (emphasis added). Moreover, the proposal requires members to document the reasoning for conducting a remote inspection where there has been a reportable disclosure in writing.
12 Under the proposal, a qualifying office also includes certain supervisory branch offices and OSJs, which are currently subject to on-site inspections annually. In the interim between now and if the proposal becomes effective, remote inspections may not be used in lieu of or to extend the period for physical inspections of those locations.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.