IV(g) GI- Due Diligence for Vendors and Service Providers
|
|
- Lee Hines
- 8 years ago
- Views:
Transcription
1 IV(g) GI- Due Diligence for Vendors and Service Providers PANEL AGENDA Lisa Roth Keystone Capital Corporation Fred Shane Commonwealth Financial Network 1. Outsourcing Overview 2. Examples of Outsourced Products & Services Utilized by Broker Dealers and Investment Advisors 3. Common Risks Associated with Outsourcing 4. Why Broker Dealers May Utilize Third Party Service Providers and/or Vendors 5. Rules and Regulations Regarding Third Party Service Provider Due Diligence 6. Enforcement Trends Regarding a Broker Dealer s Obligation to and Monitor Outsourced Service Providers 7. What a BD/IA Should Consider Before Committing to a Third Party Vendor 8. Onboarding New Vendors: Focus Points, Methods and Techniques to Effectively Perform Due Diligence of New Service Providers 9. Due Diligence Lifecycle 10. Red Flags: Suggested Actions Risk Officers Should Consider when Red Flags are Identified 11. Understanding Section 15(c) of the Investment Company Act Methods for Enhancing a Firm s Due Diligence Infrastructure Resource Materials NSCP National Membership Meeting Washington DC- October 22-24, 2012
2 2012 NSCP Annual Meeting October 22 24, 2012 Workshop IV(g) GI- Due Diligence for Vendors and Service Providers Lisa Roth Keystone Capital Corporation Fred Shane Commonwealth Financial Third Panelist TBD RESOURCE MATERIALS Items Description
3 Notice to Members NASD Notice to Members FINRA (Securities Lawyer Handbook) paragraph (1), (3), or (4) of subsection (f) TEMPLATES & HANDOUTS Items Description BD Compliance Calendar Due Diligence Matrix Sample Policy Checklist Onsite Due Diligence Meeting Notes Sample Outsourcing Due Diligence Form RFP Due Diligence Sample DISCIPLINARY MATTERS Items Description Merrill Lynch, Pierce, Fenner & Smith Incorporated ( Merrill Lynch or the Firm ), Respondent Case Jimmy Wayne Freeman Jr. (CRD # , Registered Representative, Corpus Christi, Texas) SUGGESTED ARTICLES Items Description SEC Sues Fund Adviser for Fees Charged in Breach of Duty Under the Investment Company Act, June 2012 Regulatory Compliance Operations and Systems Outsourcing: Compliance Considerations for Broker Dealers
4 IV(g) GI- Due Diligence for Vendors and Service Providers By: Lisa Roth Fred Shane Vendor Moderator (TBD) Prepared For: National Society of Compliance Professionals October 23 rd, Outsourcing Overview Over the past 10 years financial firms have become increasingly reliant on external services providers to fulfill key functions within their organizations (BCJS). Reasons for increased usage of external services providers by BD s and IA s may stem from resource constraints, cost cutting initiatives and/or a shift toward segregation of duties. Despite delegation of key functional responsibilities, regulators such as the SEC and FINRA require that BD s and IA s conduct initial and ongoing due diligence of external vendors (05-48 and 11-14). 2. Examples of Outsourced Products & Services Utilized by Broker Dealers and Investment Advisors Banking o Trust Servicing o Custodial Services o Escrow or Omnibus Accounts o General Banking Services Compliance/Legal o CCO Function o Internal and Branch Auditing and Testing o Marketing Material, Advertising, Communications o Legal Representation o Procurement o Firm Element and Other Training o Pre-Hire Background Checks Due Diligence Consultation o Product and Related Due Diligence Accounting/Auditing o Financial Statement Preparation and o Auditing of a Firm s Internal Controls o Tax Preparation o Expense Reporting o General Accounting Consultation
5 Technology o Disaster Recovery o Data Storage o Help Desk o Data Security o System Development Project Management o Develop and Execute Project Initiatives Operations o Archiving and Record Storage o Transfer Agents and Third Party Administration o Trade Desk Sub Advisory Services 3. Common Risks Associated with Outsourcing Operational Risk: Operational risks that stem from vendor errors, employee wrong doing and/or lack of oversight by management. Operational risk could result in a monetary loss, procedural breakdown or risk of exposure through headline event. Examples of operational risk include a Transfer Agency whose customer service reps provide incorrect information to clients or a technical systems vendor that experiences a security breach, causing the firm to experience unanticipated outages or data tampering/loss. Legal Risk: Legal risk can be linked to contractual and/or litigation risk. An example of a contractual risk may be when a Broker Dealer signs an agreement without ensuring that terms and conditions of the agreement are compliant with industry regulations. For instance, a vendor s contract may allow for data sharing in contravention to industry requirements and/or the firm s own policies. Litigation risk may arise when an Investment Advisor is sued by clients who suffer a financial loss due to incorrect NAV valuations conducted by a custodian bank. Reputation Risk: Reputational risk occurs when the public s opinion changes toward a firm due to an action, event or situation that may arise due to a negative consequence. Broker Dealers and Investment Advisors assume a great deal of reputational risk when partnering with external service providers. In fact, firms rely on third party service providers to conduct themselves ethically to ensure client accounts are serviced accurately and correctly. Clients and regulators alike will question the validity of a BD/IA s business practices should a negative report regarding a third party service provider find its way to the front page of a news periodical.
6 Regulatory Risk: Regulatory risk can greatly increase for firms who are regulated by a government entity or government sponsored entity. BD/IA s assume a risk when partnering with firms who have to adhere to regulatory guidelines. Examples may include a Transfer Agent that is required to follow specific SEC rules regarding record keeping. Another example could be an auditing firm who is required to follow GIPS oversight standards. Partnering with a service provider who is under regulatory scrutiny can negatively impact a BD/IA s reputation, service to clients and open itself up to litigation. The opposite is also true. BDs and IAs also face significant risk when partnering with a non-regulated entity, or with a vendor whose policies do not take FINRA, SEC and State securities/advisory regulations into account. For instance, a data archiving vendor may be adequately secure from threat of intrusion, but it may not provide recordkeeping for adequate lengths of time, or in formats acceptable to securities regulators. Company Risk BD/IA s alike can suffer tremendous consequences from a corporate standpoint should a third party service provider experience a negative situation. Investors, clients and regulators alike rely on the BD/IA to conduct a reasonable due diligence to ensure third party vendors are ethical, compliant and capable of performing their assigned duties 4. Why Broker Dealers May Utilize Third Party Service Providers and/or Vendors Capital Constraints Limited Resources Access to Technology Ability to Expand Business Operations Quickly Separation of Business Functions (i.e. Checks and Balance) Expand Client Offerings of Product and Services 5. Rules and Regulations Regarding Third Party Service Provider Due Diligence NTM o o Outsourcing functions an activity or function to a third party service provider does not relieve members of their ultimate responsibility for compliance with all applicable federal securities laws and regulations and NASD and MSRB rules regarding the outsourced activity or function (NTM 05-48). Rule 3010 requires NASD members to design a supervisory system and corresponding written supervisory procedures that are appropriately tailored to each member s business structure. If a member, as part of its business structure, outsources covered activities, the member s supervisory system and written supervisory procedures must include procedures regarding its outsourcing practices to ensure compliance with applicable securities laws and regulations and NASD rules. The procedures should
7 include, without limitation, a due diligence analysis of all of its current or prospective third-party service providers to determine whether they are capable of performing the outsourced activities (NTM 05-48). o After the member has selected a third-party service provider, the member has a continuing responsibility to oversee, supervise, and monitor the service provider s performance of covered activities. This requires the member to have in place specific policies and procedures that will monitor the service providers compliance with the terms of any agreements and assess the service provider s continued fitness and ability to perform the covered activities being outsourced. Additionally, the member should ensure that NASD and all other applicable regulators have the same complete access to the service provider s work product for the member, as would be the case if the covered activities had been performed directly by the member (NTM 05-48). NTM o o Proposed FINRA Rule 3190(a)(1) clarifies that a member firm s use of a third-party service provider (including any sub-vendor) to perform functions or activities related to the member firm s business as a regulated broker-dealer does not relieve the firm of its obligation to comply with applicable securities laws and regulations and with applicable FINRA and MSRB rules. Proposed Supplementary Material.01 (Scope of Third-Party Service Provider) clarifies that the term third-party service provider (including any subvendor) shall include any person controlling, controlled by or under common control with a member firm, unless otherwise determined by FINRA.4The proposed provision also prohibits a member firm from delegating its responsibilities for, or control over, any functions or activities performed by a third-party service provider. Proposed FINRA Rule 3190(a)(1) is consistent with FINRA s current guidance that a member firm s use of a third-party service provider for such activities does not relieve the firm of its ultimate responsibility to achieve compliance with all applicable securities laws and regulations and FINRA and MSRB rules, and that the ultimate responsibility for supervision of outsourced activities lies with thefirm.5additionally, FINRA Rule 3190(a)(3) clarifies that nothing in the proposed rule s provisions shall be construed to permit any person to engage in activities that require registration and qualification under FINRA rules without obtaining the necessary registrations and qualifications (NTM 11-14). Proposed FINRA Rule 3190(a)(2) requires each member firm, pursuant to its obligations under FINRA rules, to establish and maintain a supervisory system and written procedures for any functions or activities performed by a third-party service provider that are reasonably designed to achieve compliance with applicable securities laws and regulations and applicable FINRA and MSRB rules. Additionally, proposed FINRA Rule 3190(b) requires that a member firm include in these supervisory procedures an ongoing due diligence analysis of each current or prospective third-party service provider to determine, at a minimum, whether: (1) the third-party service provider is capable of performing the activities being outsourced; and (2) with respect to any activities being outsourced, the member firm can achieve compliance with applicable securities laws and regulations and applicable FINRA and MSRB rules. These provisions are consistent with existing guidance noting that, if a member firm outsources activities, its supervisory system and written supervisory procedures required by NASD Rule 3010 (Supervision) must include supervisory procedures for its outsourcing practices to ensure such compliance and that those procedures should include, without limitation, conducting a
8 Rule 3190 due diligence analysis of all of its current or prospective third-party service providers to determine whether they are capable of performing the outsourced activities (NTM 11-14). o Specifically, proposed FINRA Rule 3190 (Use of Third-Party Service Providers) makes clear that: when a member firm outsources a function or activity related to its business as a regulated broker-dealer to a third-party service provider, it does not relieve the firm of its obligation to comply with applicable securities laws and regulations and FINRA and Municipal Securities Rulemaking Board (MSRB) rules; and (NTM 11-14). the firm cannot delegate its responsibilities for, or control over, any outsourced functions or activities (NTM 11-14). 6. Enforcement Trends Regarding a Broker Dealer s Obligation to and Monitor Outsourced Service Providers Merrill Lynch, Pierce, Fenner & Smith Incorporated ( Merrill Lynch or the Firm ), Respondent Case o Merrill Lynch outsourced some of its proxy functions for certain accounts of its advisory programs to a third party service provider. The Vendor misdirected proxy ballots, utilized outdated proxy delivery designations and conducted clerical errors. o Several other infractions were identified in this case associated with the firm s lack of adherence to Several NASD, FINRA and SEC rules. o Enforcement included Censure and $2.8 million Fine Jimmy Wayne Freeman Jr. (CRD # , Registered Representative, Corpus Christi, Texas) Without admitting or denying the allegations, Freeman consented to the described sanctions and to the entry of findings that he entered into a written contract with a company to sell note agreements, without providing notice to, nor receiving permission from, his firm to engage in any activities related to a company. The findings stated that Freeman lacked the proper license, a Series 7, to do so. The findings also stated that Freeman represented that the company s products were safe and the notes guaranteed a high return within five years, but he lacked any factual basis to make these claims; he did not have any experience with the company s products and failed to conduct adequate due diligence. The findings also included that while recommending the company s investments to his customers, Freeman provided them with the company s sales literature, which contained several unwarranted and misleading statements, failed to disclose any risks involved in the investments, and guaranteed the products would succeed. The statements helped form the basis of Freeman s recommendations to his customers, even though he did not verify these claims prior to recommending and selling the note agreements to his customers. Although Freeman did not write these statements or assist in the drafting of the sales literature, he should have known that
9 the statements were misleading. The suspension is in effect from March 5, 2012, through March 4, (FINRA Case # ) 7. What a BD/IA Should Consider Before Committing to a Third Party Vendor Risks Associated with Outsourcing o Do the benefits outweigh the risks associated with third party service providers performing key functions? o Will the firm s reliance on the Vendor be deemed reasonable by a regulator? o Will the firm s reliance on the Vendor be deemed reasonable by its clients and shareholders? Due Diligence Procedures o Does the BD/IA have policies, procedures and resources to effectively vet new/existing third party service providers? o Does the BD/IA employ at least one person adequately qualified to oversee the Vendor relationship? o Can a BD/IA manage third party relationships without it compromising the firm s ethical standards, business model, or client base, including periodic or ongoing due diligence? Contingency Plan o What would the impact be to a firm should they have to cancel their business relationship with an external service provider? o What steps and/or actions will be taken if a BD/IA has to terminate ties with a third party service provider? Regulatory Expectations o Does a BD/IA comply with applicable regulations pertaining to third party due diligence? o Does the Vendor meet or exceed relevant regulatory requirements? o Has the Vendor maintained a satisfactory level of compliance with its OWN regulators, or within its own industry standards? o Can a BD/IA enhance its oversight procedures quickly and correctly if required by regulators? 8. Onboarding New Vendors: Focus Points, Methods and Techniques to Effectively Perform Due Diligence of New Service Providers Centralization: The Due Diligence process can be effectively managed if there is a centralized resource who owns the due diligence procedure on behalf of a BD/IA. The centralized resource can be one person or a small group dedicated to ensuring all due diligence related items are gathered correctly, filed, tracked and reviewed by the appropriate parties. In addition, the due diligence specialist(s) can monitor the oversight process and make changes as needed to ensure compliance with applicable regulations. Another advantage to having a dedicated due diligence resource is that internal and external stakeholders will immediately know who to contact for questions relating to third party oversight. This can be extremely advantageous during a regulatory exam or internal audit. Lastly, centralization is also important when storing due diligence files. Documents should be store in a central area such as a computer drive or file cabinet. This will enable stakeholder to find information easily and provide them the ability to extract files quickly if needed.
10 Due Diligence Questionnaires: It is vital for BD/IA s to have due diligence questionnaires available so they can gather key information about a firm. This information is to identifying operational, financial, technology or legal risk. Questionnaires can also act as an attestation by having a vendor confirm in writing that the information they are providing is accurate and true. Lastly, due diligence questionnaires demonstrate to regulators that a vetting process is in place and utilized by the firm when warranted. Tracking Checklists: The due diligence process can produces an enormous amount of documents which have to be accounted for accurately. Excel spreadsheets are a useful tool to effectively track due diligence related documents. In addition, Excel checklists can provide management with a high level snap shot of the vetting process associated with third party service providers. Excel checklists should at least note vendor name, key dates, documents required, documents received as well as a section for miscellaneous comments. The great part about tracking sheets is that they can be tailored to meet the needs of the firm conducting due diligence. Written Supervisory Procedures (WSP s): FINRA Rule 3012 and SEC Regulation 206(4)7 requires that Broker Dealer s and/or Investment Advisors have written policies and procedures to evidence their supervisory oversight. WSP s should document the due diligence process by noting applicable steps taken during the vetting process. In addition, the WSP s should note the due diligence questionnaires, tracking spread sheets and any other form of documents utilized to conduct a third party review. Lastly, WSP s should be drafted in such a way that a firm can evidence each item noted in the procedures. WSP s should be reviewed at least annually or updated immediately should a new regulation warrant enhancing the procedures. Collaboration: The success of a due diligence program relies heavily on its ability to effectively communicate with internal and external stakeholders. A Due Diligence Officer should have the ability to provide clear expectations to external vendors to ensure they provide all required information. In addition, Due Diligence Officer s will need to effectively communication internally by providing a logical analysis (either written or verbatim) of a vendor to management. Due Diligence Officers should also have the ability to adhere to varying needs as each manager may have different needs regarding to their decision making process. Ongoing : A firm must continuously monitor a Vendor annually to ensure they are adhering to the service agreement and do not pose a risk to the firm.
11 9. Due Diligence Lifecycle 10. Red Flags: Suggested Actions Risk Officers Should Consider when Red Flags are Identified Follow the Red Flag Plan o o o A firm should draft WSP s that detail next steps action items in the event that a red flag is identified. The Red Flag Plan should be reviewed at least annually by applicable stakeholders. The Red Flag Response team should include senior level executives in Compliance, Legal, Operations and Investments. Document o o Save all supporting documentation that identified the red flag to a centralized location. Obtain additional evidence via the internet, onsite meetings or through verbal communication. Summary Analysis o Draft a Red Flag Summary Analysis that notes the risk identified, when it was discovered, documents that support the assumption and stakeholders who will review the report.
12 Stakeholder Meeting o o Conduct a meeting with applicable internal stakeholders to review the evidence and determine next steps. Establish a final action plan and assign a leader to ensure all steps are completed. Below are some examples of action items. Legal letter to Vendor officially terminating the relationship. Internal/External communication Search for a new Vendor Prepare for legal, compliance or customer fallout. o Document meeting notes and save to Vendor folder. Red Flag Action Item Checklist o o o o Note each step that needs to be completed to effectively terminate the relationship with the Vendor. Ensure each checklist item is complete. Save supporting documentation along with checklist to Vendor folder. Communicate with stakeholders until all action items have been addressed and the Vendor relationship has been legally terminated. 11. Understanding Section 15(c) of the Investment Company Act 1940 Approval of contract to undertake service as investment adviser or principal underwriter by majority of non interested directors. In addition to the requirements of subsections (a) and (b) of this section, it shall be unlawful for any registered investment company having a board of directors to enter into, renew, or perform any contract or agreement, written or oral, whereby a person undertakes regularly to serve or act as investment adviser of or principal underwriter for such company, unless the terms of such contract or agreement and any renewal thereof have been approved by the vote of a majority of directors, who are not parties to such contract or agreement or interested persons of any such party, cast in person at a meeting called for the purpose of voting on such approval. It shall be the duty of the directors of a registered investment company to request and evaluate, and the duty of an investment adviser to such company to furnish, such information as may reasonably be necessary to evaluate the terms of any contract whereby a person undertakes regularly to serve or act as investment adviser of such company. It shall be unlawful for the directors of a registered investment company, in connection with their evaluation of the terms of any contract whereby a person undertakes regularly to serve or act as investment adviser of such company, to take into account the purchase price or other consideration any person may have paid in connection with a transaction of the type referred to in paragraph (1), (3), or (4) of subsection (f) (Securities Lawyer Handbook).
13 SEC Sues Fund Adviser for Fees Charged in Breach of Duty Under the Investment Company Act FOR IMMEDIATE RELEASE Washington, D.C., June 26, 2012 The Securities and Exchange Commission today sued AMMB Consultant Sendirian Berhad (AMC), a Malaysian investment adviser, alleging that for more than a decade, AMC charged a U.S. registered fund for advisory services that AMC did not provide. The SEC alleges that by doing so, AMC breached its fiduciary duty with respect to compensation under the Investment Company Act of Kuala Lumpur-based AMC served as a sub-adviser to the Malaysia Fund, Inc., a closed-end fund that invests in Malaysian companies, whose principal investment adviser is Morgan Stanley Investment Management, Inc. (MSIM). The SEC alleges that AMC misrepresented its services during the fund s annual advisory agreement review process for each year for more than 10 years, and AMC collected fees for advisory services that it did not provide. AMC, a unit of AMMB Holdings Berhad, one of Malaysia s largest banking groups, agreed to pay $1.6 million to settle the SEC s charges, without admitting or denying the allegations. The case follows the SEC s recent related action against the Malaysia Fund s primary adviser, MSIM, and is part of an inquiry into the investment advisory contract renewal process by the SEC Enforcement Division s Asset Management Unit. We are committed to ensuring that advisers to registered funds adhere to their fiduciary duty with respect to the receipt of compensation. Here, AMC breached that duty by charging fees for services that were not rendered, said Bruce Karpati, Chief of the Asset Management Unit in the SEC s Division of Enforcement. AMC s advisory fees were approved each year from 1996 to 2007 as part of the 15(c) process, a reference to Section 15(c) of the Investment Company Act of 1940, which requires a registered fund s board to annually evaluate the fund s advisory agreements, and advisers to provide the board with information reasonably necessary to make that evaluation. 12. Methods for Enhancing a Firm s Due Diligence Infrastructure Centralize Due Diligence Function and Asses Existing Due Diligence Process and Procedures Create an Action Plan to Enhance Due Diligence Existing Program Conduct Independent Research o Regulatory websites o Industry conferences o News periodicals o Historical enforcement actions and legal cases Collaborate with Internal Stakeholders Build the Due Diligence Infrastructure o DDQ s o Tracking Spreadsheets
14 o WSP s o Centralized Database Establish reasonable Time Frames for Performing Ongoing Due Diligence, and/or and Test Due Diligence Procedures at Least Annually Maintain a Vendor Inventory Questionnaires Tracking Checklists Due Diligence Officer WSP s Ongoing
15 VALUE [BROKERDEALER]COMPLIANCECALENDAR TASK ALLOCATION FREQUENCY MONTH DESCRIPTION ASSIGNED TO TIME Update Risk Annually 1 risk map and Assessment update as necessary Communications Monthly 1 , correspondence, Outside Accounts Update Firm Contact System (FINRA Gateway) Update Org Chart Schedule Annual Financial Audit Registration Renewals (Firm) Communications Outside Accounts Conduct Gap Analysis advertising Monthly 1 accounts, Report Annually 1 FINRA Gateway - must be done within 17 days of new year. Annually 1 Include Supervisor As Of, review for new RRs; New licenses Annually 1 For Dec fiscal YE firms Annually 1 Final Funding/Rebate if applicable Monthly 2 , correspondence, advertising Monthly 2 accounts, Report Annually 2 prior year report; interview principals and/or CCO,
16 VALUE [BROKERDEALER]COMPLIANCECALENDAR TASK ALLOCATION FREQUENCY MONTH DESCRIPTION ASSIGNED TO TIME update and file new Gap Analysis Limited Size and Annually 2 reaffirm if applicable Resource Exemption COE Annually 2 Coordinate meeting Certification between CEO and (3013 CCO to complete Certification) certification Communications Interim of Prior Year Examination Findings Outside Accounts Communications Outside Accounts Monthly 3 , correspondence, advertising Annually 3 Perform review to verify completion of plan to address deficiencies from prior year tests and inspections Monthly 3 accounts, Report Monthly 4 , correspondence, advertising Monthly 4 accounts, Report Clearing Annually 4 current list of
17 VALUE [BROKERDEALER]COMPLIANCECALENDAR TASK ALLOCATION FREQUENCY MONTH DESCRIPTION ASSIGNED TO TIME Firm available reports, Surveillance select applicable Reports reports Privacy Policy Delivery Schedule Client Mailings Communications Outside Accounts Schedule Internal inspections Communications Conduct Internal Inspections Annual 4 Deliver notice of privacy policy to customers Annual 4 BCP, CIP, Margin, Privacy, other as applicable Monthly 5 , correspondence, advertising Monthly 5 accounts, Report Annually 5 Schedule internal and branch office inspections; recommend other tests: AML Ind Test, BCP/Data Security Monthly 6 , correspondence, advertising Annually 6 1st of 2 reminders; Conduct branch inspections, home office inspection; other
18 VALUE [BROKERDEALER]COMPLIANCECALENDAR TASK ALLOCATION FREQUENCY MONTH DESCRIPTION ASSIGNED TO TIME inspections Outside Monthly 6 accounts, Accounts Report Communications Outside Accounts Plan Annual Assoc Persons s and Training AML Independent Test Onsite Internal s Communications Outside Accounts Monthly 7 , correspondence, advertising Monthly 7 accounts, Report Annually 7 Plan training, revise and update attestation, COE acknowledgement and other annual forms as applicable Annually 8 Conduct onsite independent test Annually 8 Conduct onsite inspection and fiduciary review Monthly 8 , correspondence, advertising Monthly 8 accounts, Report
19 VALUE [BROKERDEALER]COMPLIANCECALENDAR TASK ALLOCATION FREQUENCY MONTH DESCRIPTION ASSIGNED TO TIME AML Annually 9 Prepare written report Independent of independent test Test Report including plan to address any Annual/Fiduciary Report Assoc. Persons: Compliance Meeting, Training, Forms Communications Outside Accounts Communications Branch Inspection Outside Accounts deficiencies Annually 9 Prepare and deliver written report including plan to address any deficiencies identified in the report Annually 9 Deliver training and annual associated persons forms Monthly 9 , correspondence, advertising Monthly 9 accounts, Report Monthly 10 , correspondence, advertising Spot Check 10 status of branch inspections (completeness, trends) Monthly 10 accounts, Report
20 VALUE [BROKERDEALER]COMPLIANCECALENDAR TASK ALLOCATION FREQUENCY MONTH DESCRIPTION ASSIGNED TO TIME Communications Monthly 11 , correspondence, Outside Accounts Registration Renewals (Assoc. Pers) Registration Renewals (Firm) Registered Representative Update Registration Update CRD; U4 Communications Compliance Manual Update advertising Monthly 11 accounts, Report Annually 11 Gather information and update U4 or U5 amendments as needed (post-date to 12/31) Annually 11 Preliminary statements become available (Check FINRA website for Renewal Calendar) Spot Check 11 Deliver RR attestations; monitor for completeness Quarterly 11 Gather information and update form as necessary Monthly 12 , correspondence, advertising Annually 12 "Year in " summary report of compliance year past
21 VALUE [BROKERDEALER]COMPLIANCECALENDAR TASK ALLOCATION FREQUENCY MONTH DESCRIPTION ASSIGNED TO TIME and look ahead (generic) Compliance Annually 12 "Year in " Manual Update summary report of compliance year past and look ahead Outside Accounts Registration Renewals (Firm) Annual Program Total (specific) Monthly 12 accounts, Report Annually 12 Fund the Renewal Account (Check for the deadline - usually the second week of December) Client Special Projects Total Engagement Summary
22 Firm Name Service Type Date TOB Requested TOB Requestor TOB Report Complete TOB ed by Legal TOB Letter Sent to TPSP Date Internal Communication Sent Date External Communication Sent (If Applicable) TOB Files Saved to Firm Folder Pine Tree Data Storage Technology 2/1/2012 President Complete Yes Yes 2/15/2012 2/17/2012 Yes
23 Misc. Comments Due Diligence Officer Sign Off All files saved, legal letters sent. Internal customer service and tech notified. Yes
24 Onsite Due Diligence Meeting Notes (Firm Name) (Date of Meeting) OnsiteMN_7/2012_Draft Page 1
25 Meeting Information Firm Name Address Length of Meeting Meeting Location Interview Notes 1. Meeting Attendees (Include Name & Title) Firm Overview History Executive Management Business Plan Future Business Plan Workforce Geographic and Statistics References 3. Products and Services Overview Persons Name & Title Contact Information Products and Services Details OnsiteMN_7/2012_Draft Page 2
26 4. Legal and Compliance Persons Name & Title Contact Information Legal or Compliance History Litigation or Enforcement Actions Pending or Finalized Regulatory (if applicable) Compliance and Legal Structure Department Size Process and Procedures 5. Operations Persons Name & Title Contact Information Department Structure Department Size Operational Process and Procedures Operational Internal Controls Checks and Balances Disaster Recovery Process Flow Internal Audit Sample Reports OnsiteMN_7/2012_Draft Page 3
27 6. Technology Persons Name & Title Contact Information Technology Departmental Structure Size of Department Process and Procedures Checks and Balances Disaster Recovery Process Flow Technology Oversight and Internal Controls 7. Financial Persons Name & Title Contact Information Accounting and Finance Departmental Structure Size of Department Process and Procedures Checks and Balances Internal and External Oversight and Controls Auditor (and Auditor Report) Financial Statement Sample Reconciliation Reports OnsiteMN_7/2012_Draft Page 4
28 Due Diligence Officer Summary Analysis (to be completed internally) Due Diligence Officer Name: Date Analysis Completed: OnsiteMN_7/2012_Draft Page 5
29 OUTSOURCING DUE DILIGENCE FORM SERVICE TO BE OUTSOURCED 1. Type of service to be outsourced: Accounting/Finance: Compliance Consulting: Legal Services: Administrative Functions: Information Technology: Operations/Support Functions: Other: 2. Is this service essential to the operation of the Firm (i.e. transaction order entry; custody and prime brokerage; service designed to promote rapid recovery of operations etc.)? Yes No APPROPRIATENESS OF OUTSOURCING 1. Potential impact on Firm if service provider fails to perform: Financial Impact: High Medium Low N/A Reputational Impact: High Medium Low N/A Operational Impact: High Medium Low N/A Customer Service Impact: High Medium Low N/A Potential Losses to Customers: High Medium Low N/A Comply with Regulatory Requirements: High Medium Low N/A Costs to Firm: High Medium Low N/A Degree of Difficulty Replacing Service Provider: High Medium Low N/A Comments: 2. Is there an affiliation or other relationship between the Firm and the service provider? Yes No If yes, please describe the relationship and any potential conflicts of interest: 3. Is the service provider a regulated entity subject to independent supervision? Yes No If yes, name of regulator: SERVICE PROVIDER INFORMATION 1. General Information Firm Name: Firm Address: Contact Name(s): CRD # (if applicable): Phone: Fax: Website: Outsourcing Due Diligence Form 1
30 (PAGE 2) 2. Is the service provider owned/controlled by a Parent Co.? Yes Name: No 3. Personnel: Approximate # of employees: Does the service provide hire independent contractors? Yes No 4. Background Information: How many years has the service provider been in business? How many years has the service provider provided the outsourced function? Is the service provider known to the Firm or employees of the Firm? Yes No If yes, please name the individual(s) and describe any prior experience each had with the service provider: DUE DILIGENCE 1. What methods did the Firm use to verify the service providers information? (Choose all that apply.) FINRA Public Disclosure Internet Research Entity Formation Documents SEC Public Disclosure Credit/Background Check Independent Research Form BD/ADV Media/News Reports Personal Referral Business Plan 10K RFP Policies Manual(s) Personal Interviews Marketing Materials Financials Onsite Inspection Sales Materials Other: Does the firm maintain evidence of the above methods used to verify the service providers information (i.e. copies of documents reviewed; notes from personal interviews and onsite inspections; printouts from public disclosure sites etc.)? Yes No If yes, please identify where this evidence is maintained: 2. Please list one or more qualified references; firms that use this service (if contacted personally, identify the name of the contact and the result of the contact): 3. Please describe the background and experience of individuals who will be performing the services: 4. Based on your review of the information, has the service provider and/or its principals been subject to any regulatory, criminal or civil disciplinary issues? Yes No If yes, please describe: Outsourcing Due Diligence Form 2
31 5. Based on your review of the information, please describe the service providers ability and capacity to perform the outsourced activities effectively, reliably, and to a high standard (include in your description relevant technical, financial, human resources, and/or other assets of the service provider): 6. Does the service provider have a business continuity plan? Yes No If yes, review a copy of the plan and comment on its adequacy: 7. Is privacy and protection of non-public information a factor in outsourcing? Yes No If yes, comment on the adequacy of the service providers for safeguarding non-public information: 8. After reviewing the information, are there any questionable issues or potential conflicts of interest? Yes No If yes, please describe: CONTRACTS AND AGREEMENTS 1. Has (or will) the Firm entered into a written agreement with the service provider? Yes No If yes, please identify the relevant provisions and disclosures in the contract (choose all that apply). Provides for Firm and regulator access to records Firm and client confidentiality Limitations on service providers ability to sub-contract Payment arrangements Defines responsibilities of all parties subject to contract Provide quality services measures Defines how responsibilities will be monitored Guarantees and indemnities Liability for unsatisfactory performance or other breach Information security provisions Requirement to maintain a disaster recovery plan Disclosure of breaches in security Time Commitment (Termination Date): Other relevant provision(s): 2. Was the written agreement reviewed by the Firms legal counsel? Yes No N/A If yes, name of legal counsel: Date of : 3. Was the written agreement reviewed by the principal responsible for outsourcing functions? Yes No If yes, name of principal: Date of : Outsourcing Due Diligence Form 3
32 OVERSIGHT AND PERIODIC REVIEW 1. List the name and title of the Firm Principal who is responsible for the periodic oversight and review of the outsourced service? 2. Please identify the individual(s) who will monitor the outsourced service if different from above. 3. Please identify the tools that will be used to monitor the outsourced service: Service delivery reports prepared internally Service delivery reports supplied by the service provider Publicly available resources Performance levels established in written agreement Internal auditor Onsite inspection External auditor Attestations by service provider Other 4. Frequency of monitoring: Daily Weekly Monthly Quarterly Annually Other 5. If deficiencies are found, are there procedures in place to respond to such deficiencies (i.e. communicate with the service provider; terminate the contract)? Yes No DOCUMENTATION REVIEW AND APPROVAL 1. Individual(s) responsible for completing this due diligence review: a. b. c. Firm Principal: I have reviewed the information contained in this Outsourcing Due Diligence Form and: The Firm has elected to use the service provider above. The Firm will not use the service provider above. Principal Signature Date Printed Name of Principal Outsourcing Due Diligence Form 4
33 Section x IS Security Policies mm/dd/yy -Effective mm/dd/yy -Revised Policy Checklist Information Services -Author Policy Checklist Required Published Approved Adopted Communicated Revised Acceptable Use <Yes / No> <Date> Account Management <Date> <By> <Date> <Date> <Date> Admin/Special Access Business Continuity Planning Change Management Data Encryption Incident Management Intrusion Detection Network Configuration Network Access Passwords Physical Security Portable Computing Privacy Security Monitoring Security Training Server Hardening Vendor Access Virus and Malware Protection IS Policy Checklist.doc 1 of 6
34 Section x IS Security Policies mm/dd/yy -Effective mm/dd/yy -Revised Policy Checklist Information Services -Author Analysis Matrix SECURITY ELEMENT IS Program Program Development and Evaluation Process INDUSTRY BEST PRACTICE LOCATION LAST Documented development process for the continual updating and review of security policies and procedures and compliance. Includes process for the continuous review and measurement of policy effectiveness. REVISION DATE IMPLEMENTATION Responsibilities and Roles Documented policies that define the roles and responsibilities of system administrators and their relation to the computer systems and network infrastructure in their care. Security Training Awareness and training program in information security and the protection of information resources for personnel who come in contact with sensitive resources. Security Training Policy Security Training Awareness and training program in information security and the protection of information resources for personnel who come in contact with sensitive resources. Change Management Software Updates Policies and procedures for the monitoring of patch and vulnerability information sources, their review, remediation, and the creation of new baseline information for updated systems. Change Management Policy Server Hardening Policy IS Policy Checklist.doc 2 of 6
35 Section x IS Security Policies mm/dd/yy -Effective mm/dd/yy -Revised Policy Checklist Information Services -Author Access Policies Acceptable Use Documentation presenting general guidelines defining scope, behavior, and practices for uses; monitoring of compliance; and polices pertaining to special access users. Account Management Documentation requiring standards and procedures for the creation, distribution, revocation of user accounts. Passwords Documentation requiring standards and procedures for the composition, creation, distribution, use, and revocation of passwords. Internet Access Documentation presenting general guidelines defining scope, behavior, and practices for uses; monitoring of compliance; and polices pertaining to special access users. Access and Use Documentation presenting general guidelines defining scope, behavior, and practices for uses; monitoring of compliance; and polices pertaining to special access users. Network Access Policy Acceptable Use Policy Account Management Policy Password Policy Acceptable Use Policy Acceptable Use Policy IS Policy Checklist.doc 3 of 6
36 Section x IS Security Policies mm/dd/yy -Effective mm/dd/yy -Revised Policy Checklist Information Services -Author Voice Mail Access and Use Documentation presenting general guidelines defining scope, behavior, and practices for uses; monitoring of compliance; and polices pertaining to special access users. Acceptable Use Policy Special Access Policy Secure Gateways Implemented, documented, and maintained gateways that implement security policy. Vendor Access vendor access and safeguarding agreements. Monitoring and Incident Management System Security Tools Intrusion Detection Security Monitoring Virus Detection Escalation Procedures Incident Reporting Incident Handling Incident Investigation Hardware Management Policies Portable Computing Policy The use of audit controls and tools to periodically review security compliance. Response plan for handling and resolving security incidents. Documentation presenting general guidelines defining scope, behavior, and practices for uses; monitoring of compliance; and polices pertaining to special access users. Network Access Policy Network Configuration Policy Vendor Access Policy Security Monitoring Policy Intrusion Detection Policy Incident Management Policy Portable Computing Policy IS Policy Checklist.doc 4 of 6
37 Section x IS Security Policies mm/dd/yy -Effective mm/dd/yy -Revised Policy Checklist Information Services -Author Equipment Computer equipment is maintained in accordance with manufacturers recommendations. Records of faults or suspected faults are maintained. Critical systems are under maintenance contract in proportion to their significance. Server Hardening Policy Data Protection Policies Data Encryption Policies regarding encryption of data in transit and in storage. Privacy Documentation establishing responsibility and appropriate measures for protecting private and personally identifying information. Minimum efforts may be required by legislation. Privacy Policy Business Continuity Planning Documentation establishing responsibility for policies and procedures and mechanisms for the creation, testing, and revision of contingency plans for business critical systems. Backup/Disaster Recovery Policy Data Retention Documented policies and procedures for the archival and retention of sensitive data. IS Policy Checklist.doc 5 of 6
38 Section x IS Security Policies mm/dd/yy -Effective mm/dd/yy -Revised Policy Checklist Information Services -Author Backup Policies and procedures and mechanisms for the archival, retention, and recovery of data. Periodic testing of recovery schemes. Backup/Disaster Recovery Policy Off-Site Backup Copies of backup media and logs are stored off-site in a secured facility on a regular basis. Policies and procedures exist governing the transfer and handling of media. Backup/Disaster Recovery Policy Disposal of Sensitive Data Documented policies and procedures for the destruction of media containing sensitive data. Physical Security Basic Physical Security Controlled building access, mandatory access controls for information systems; policy for use of controls and penalties for noncompliance. Physical Security Policy IS Policy Checklist.doc 6 of 6
39 RFP (Annual) Due Diligence Questionnaire (FIRM NAME) RFP DDQ_7/2012_v1 Page 1
40 Company Information Firm Name Address Phone & Fax Website Address Primary Contact Information Company Business Partnerships Auditor Legal Bank Misc. Document Checklist Regulatory Reports Legal Reports Marketing Documents Company Presentation Overview Company Financials Business Continuity Plan Internal Ethics Report (COE) 3 References Operational Procedures Technology Procedures Compliance Procedures Auditor Letter Third Party Vendor Preparer Final Check & Sign-Off Name Title Contact Contact Number Date Click here to enter a date. RFP DDQ_7/2012_v1 Page 2
41 1. Firm Overview (Please provide a brief history of the firm) 2. Products and Services Overview (Please provide a brief overview of your firm s products/services) 3. Executive Management Overview and Bios 4. Legal/Compliance Have there been any arbitration, litigation, complaints, or regulatory organizations/exchange rules violations? If yes, please explain and provide documentation detailing the violation: Is your firm regulated by a government entity or government sponsored entity? If so which ones? Does your firm have any regulatory or legal actions pending? If yes, please explain and provide supporting documentation detailing the action pending. Has any principal or member ever been named in/or convicted of violating any law, federal or state, related to securities or banking? If yes, please provide details and documentation detailing the violation. RFP DDQ_7/2012_v1 Page 3
42 Please provide a summary of your firm s insurance coverage 5. Technology Please describe your firm s policies and procedures pertaining to employee/external access, web access and user id/password protocol (letters, numbers and change requests)? Has there been any privacy breaches in the past 3 years? If a privacy breach occurred, did your firm submit any filings or notices to state and/or federal regulators that disclosed the privacy breach? If a privacy breach occurred please note corrective actions taken to ensure a breach will not occur again: Please detail your firm s disaster recovery plan. 6. Operations Please provide an overview of your firm s operational structure. Please provide an overview of your firm s operational procedures. Please provide an overview of how your firm conducts testing to ensure the effectiveness of operational procedures. RFP DDQ_7/2012_v1 Page 4
43 Does your firm rely on third party service providers? If so, what s your firm s initial and ongoing due diligence process of these firms? 7. Confirmation of Due Diligence Please confirm that your firm conducts an annual review of the following processes Code of Conduct Operations Technology Compliance Entity Yes/No Comment Choose an item. Choose an item. Choose an item. Choose an item. 8. Financials/Accounting 1. Please confirm that your company will provide its most recent audited financial statements. Choose an item. Answer 2. If your company will not provide audited financial statements please explain why? 3. If your firm will not provide audited financial statements, please confirm that your company will provide its most recent unaudited financial statements as well as providing the name, address and telephone number of the accounting firm that prepared these statements: 4. Please confirm that your organization has effective oversight of its employees to prevent accounting activity that would be construed as illegal or in violation of regulatory and/or law enforcement. Choose an item. Answer RFP DDQ_7/2012_v1 Page 5
44 5. Please have your firm s CFO (or a Senior Finance official) confirm that the information provided in the Financial/Accounting section is accurate and true: Name Title Contact Date Click here to enter a date. Due Diligence Officer Summary Notes (to be completed internally) *To be completed internally Final Checklist: Confirm receipt of all documentation internal/ external stakeholders that DD review is complete. Choose an item. Choose an item. E Signature (Due Diligence Coordinator) Date Click here to enter a date. Choose an item. Signer RFP DDQ_7/2012_v1 Page 6
OUTSOURCING DUE DILIGENCE FORM
OUTSOURCING DUE DILIGENCE FORM SERVICE TO BE OUTSOURCED 1. Type of service to be outsourced: Accounting/Finance: Compliance Consulting: Legal Services: Administrative Functions: Information Technology:
More informationRegistration and Regulation of Investment Advisers. Presented by Chris Salter
Registration and Regulation of Investment Advisers Presented by Chris Salter Investment Adviser Registration 2 Overview Registering with the SEC will have a significant impact on the business and operations
More informationGUIDANCE FOR MANAGING THIRD-PARTY RISK
GUIDANCE FOR MANAGING THIRD-PARTY RISK Introduction An institution s board of directors and senior management are ultimately responsible for managing activities conducted through third-party relationships,
More informationFINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information
FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1
More informationDIVISION OF SECURITIES INVESTMENT ADVISOR SELF-INSPECTION CHECKLIST
DIVISION OF SECURITIES INVESTMENT ADVISOR SELF-INSPECTION CHECKLIST July 2013 0 Investment Advisor Self-Inspection Checklist Registration Is the investment advisor properly registered in the IARD System?
More informationBroker-Dealer and Investment Adviser Compliance Programs
Lori A. Richards Principal, PricewaterhouseCoopers Financial Services Regulatory Practice Broker-Dealer and Investment Adviser Compliance Programs Regulatory Requirements, Common Minimum Elements, Other
More informationFINRA Regulation of Broker-Dealer Due Diligence in Regulation D Offerings
FINRA Regulation of Broker-Dealer Due Diligence in Regulation D Offerings EDWARD G. ROSENBLATT, MCGUIREWOODS LLP, WITH PRACTICAL LAW CORPORATE & SECURITIES This Note discusses broker-dealers' affirmative
More informationADV Part 2A Firm Brochure
ADV Part 2A Firm Brochure Alpha Asset Consulting LLC 191 University Boulevard #334 Denver, Colorado 80206 Phone: 303.321.3837 Fax: 303.484.6887 Email: info@alpha-llc.com Website: www.alpha-llc.com Brochure
More informationCOMPLIANCE AND EXAMINATIONS; REPORTING AND RECORDKEEPING REQUIREMENTS
I. COMPLIANCE COMPLIANCE AND EXAMINATIONS; REPORTING AND RECORDKEEPING REQUIREMENTS A. Rule 38a-1 1. Rule 38a-1 under the 1940 Act requires funds to adopt a comprehensive compliance program and appoint
More informationSubstantive Requirements for a Registered Investment Adviser under the U.S. Investment Advisers Act of 1940
Substantive Requirements for a Registered Investment Adviser under the U.S. Investment Advisers Act of 1940 Alternative investment fund managers and other investment advisory firms that are registered
More informationTABLE OF CONTENTS. University of Northern Colorado
TABLE OF CONTENTS University of Northern Colorado HIPAA Policies and Procedures Page # Development and Maintenance of HIPAA Policies and Procedures... 1 Procedures for Updating HIPAA Policies and Procedures...
More informationFLORIDA OFFICE OF FINANCIAL REGULATION. Division of Securities. Investment Adviser Guide
FLORIDA OFFICE OF FINANCIAL REGULATION Division of Securities Investment Adviser Guide This guide is intended to assist newly-registered investment advisers in understanding their compliance obligations.
More informationAMERICAN AIRLINES GROUP INC. AUDIT COMMITTEE CHARTER
AMERICAN AIRLINES GROUP INC. AUDIT COMMITTEE CHARTER As adopted by the Board of Directors on December 9, 2013 The Board of Directors (the Board ) of American Airlines Group Inc. (the Company ) hereby sets
More informationSPOTLIGHT ON. Advisors Recordkeeping Obligations
SPOTLIGHT ON Advisors Recordkeeping Obligations The contents of this Spotlight have been prepared for informational purposes only, and should not be construed as legal or compliance advice. Advisors have
More informationSmall Firm Focus: Nuts and Bolts of Tri-Party Arrangements Thursday, May 28 11:15 a.m. 12:15 p.m.
Small Firm Focus: Nuts and Bolts of Tri-Party Arrangements Thursday, May 28 11:15 a.m. 12:15 p.m. Topics: Understand the tri-party arrangement from the operational perspective. Evaluate a potential intermediary
More informationMorgan Stanley. Policy for the Management of Third Party Residential Mortgage Servicing Providers
Morgan Stanley Policy for the Management of Third Party Residential Mortgage Servicing Providers Title Policy for the Management of Third Party Residential Mortgage Servicing Providers Effective Date Owner
More informationHow To Ensure Health Information Is Protected
pic pic CIHI Submission: 2011 Prescribed Entity Review October 2011 Who We Are Established in 1994, CIHI is an independent, not-for-profit corporation that provides essential information on Canada s health
More informationCHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS OF SERVICEMASTER GLOBAL HOLDINGS, INC.
CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS OF SERVICEMASTER GLOBAL HOLDINGS, INC. Adopted by the Board of Directors on July 24, 2007; and as amended June 13, 2014. Pursuant to duly adopted
More informationForm ADV Part 2A Disclosure Brochure
Form ADV Part 2A Disclosure Brochure Effective: February 3, 2014 This Disclosure Brochure provides information about the qualifications and business practices of Congress Capital Partners, LLP ( Congress
More informationAnna M. Lascurain Deputy Attorney General
PETER C. HARVEY ATTORNEY GENERAL OF NEW JERSEY 124 Halsey Street Newark, New Jersey 07101 Attorney for Plaintiff Franklin Widmann, Bureau Chief New Jersey Bureau of Securities Anna M. Lascurain Deputy
More informationIPS RIA, LLC CRD No. 172840
IPS RIA, LLC CRD No. 172840 ADVISORY CLIENT BROCHURE 10000 N. Central Expressway Suite 1100 Dallas, Texas 75231 O: 214.443.2400 F: 214-443.2424 FORM ADV PART 2A BROCHURE 1/26/2015 This brochure provides
More informationInsurance Prudential Rules. ICR Intermediary Conduct. Non-Bank Financial Institutions Regulatory Authority
Insurance Prudential Rules Intermediary Conduct Non-Bank Financial Institutions Regulatory Authority January 2014 Contents 1. Introduction... 3 1.1. Insurance Prudential Rules... 3 1.2. Purpose... 3 2.
More informationWRAP FEE PROGRAM BROCHURE for the Guided Portfolio Services Program and Guided Portfolio Advantage Program (Part 2A Appendix 1 of Form ADV)
Item 1 - Cover Page WRAP FEE PROGRAM BROCHURE for the Guided Portfolio Services Program and Guided Portfolio Advantage Program (Part 2A Appendix 1 of Form ADV) VALIC Financial Advisors, Inc. 2929 Allen
More informationTHE COMMONWEALTH OF MASSACHUSETTS. Division of Insurance. Arbella Indemnity Insurance Company, Inc.
THE COMMONWEALTH OF MASSACHUSETTS OFFICE OF CONSUMER AFFAIRS AND BUSINESS REGULATION Division of Insurance Report on the Comprehensive Market Conduct Examination of Arbella Indemnity Insurance Company,
More informationmicros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) August, 2013 Revision 8.0 MICROS Systems, Inc. Version 8.
micros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) Revision 8.0 August, 2013 1 Table of Contents Overview /Standards: I. Information Security Policy/Standards Preface...5 I.1 Purpose....5
More informationVERDE WEALTH GROUP, LLC
VERDE WEALTH GROUP, LLC 2323 S. Shepherd Dr. Suite 845 Houston, TX 77019 www.verdewealthgroup.com This brochure provides information about the qualifications and business practices of Verde Wealth Group,
More informationMental Health Resources, Inc. Mental Health Resources, Inc. Corporate Compliance Plan Corporate Compliance Plan
Mental Health Resources, Inc. Mental Health Resources, Inc. Corporate Compliance Plan Corporate Compliance Plan Adopted: January 2, 2007 Revised by Board of Directors on September 4, 2007 Revised and Amended
More informationAMPLIFY SNACK BRANDS, INC. AUDIT COMMITTEE CHARTER. Adopted June 25, 2015
AMPLIFY SNACK BRANDS, INC. AUDIT COMMITTEE CHARTER Adopted June 25, 2015 I. General Statement of Purpose The purposes of the Audit Committee of the Board of Directors (the Audit Committee ) of Amplify
More informationAuthorised Persons Regulations
Authorised Persons Regulations Contents Part 1: General Provisions Article 1: Preliminary... Article 2: Definitions... Article 3: Compliance with the Regulations and Rules... Article 4: Waivers... Part
More informationEnterprise PrivaProtector 9.0
IRONSHORE INSURANCE COMPANIES 75 Federal St Boston, MA 02110 Toll Free: (877) IRON411 Enterprise PrivaProtector 9.0 Network Security and Privacy Insurance Application THE APPLICANT IS APPLYING FOR A CLAIMS
More informationWritten Information Security Programs: Compliance with the Massachusetts Data Security Regulation
Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation Melissa J. Krasnow, Dorsey & Whitney LLP A Note discussing written information security programs (WISPs)
More informationHIPAA and Mental Health Privacy:
HIPAA and Mental Health Privacy: What Social Workers Need to Know Presenter: Sherri Morgan, JD, MSW Associate Counsel, NASW Legal Defense Fund and Office of Ethics & Professional Review 2010 National Association
More informationCHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS OF TRIANGLE PETROLEUM CORPORATION AMENDED AND RESTATED AS OF JUNE 6, 2013
CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS OF TRIANGLE PETROLEUM CORPORATION AMENDED AND RESTATED AS OF JUNE 6, 2013 I. PURPOSE OF THE COMMITTEE The purpose of the Audit Committee (the "Committee")
More informationData Management: Considerations for Integrating Compliance Requirements At Home and Abroad. Toronto, Ontario June 14, 2005
Data Management: Considerations for Integrating Compliance Requirements At Home and Abroad Toronto, Ontario June 14, 2005 Outsourcing Update: New Contractual Options and Risks Lisa K. Abe June 14, 2005
More informationInvestment Adviser Guidelines
OFFICE OF THE KANSAS SECURITIES COMMISSIONER Investment Adviser Guidelines An Overview of Rules and Regulations for Investment Advisers Kansas Registered Investment Adviser Guidelines Updated Fall 2014
More informationFINRA-Broker Dealer Investment Banking Due Diligence
FINRA-Broker Dealer Investment Banking Due Diligence On April 20, 2010, the Financial Industry Regulatory Authority ( FINRA ) issued Regulatory Notice 10-22 (the Notice ) reminding broker-dealers of their
More informationReport of the Information & Privacy Commissioner/Ontario. Review of the Canadian Institute for Health Information:
Information and Privacy Commissioner of Ontario Report of the Information & Privacy Commissioner/Ontario Review of the Canadian Institute for Health Information: A Prescribed Entity under the Personal
More informationCharter of the Audit Committee of the Board of Directors of Woodward, Inc.
AUDIT COMMITTEE CHARTER Charter of the Audit Committee of the Board of Directors of Woodward, Inc. Purpose The Audit Committee (the Committee ) is appointed by the Board of Directors to oversee the accounting
More informationOperational Risk Publication Date: May 2015. 1. Operational Risk... 3
OPERATIONAL RISK Contents 1. Operational Risk... 3 1.1 Legislation... 3 1.2 Guidance... 3 1.3 Risk management process... 4 1.4 Risk register... 7 1.5 EBA Guidelines on the Security of Internet Payments...
More informationINSIGHT FINANCIAL ADVISORS 400 North Tustin Avenue, Suite 250 Santa Ana, CA 92705 (714) 541-1400 www.insightfa.com October 1, 2014
INSIGHT FINANCIAL ADVISORS 400 North Tustin Avenue, Suite 250 Santa Ana, CA 92705 (714) 541-1400 www.insightfa.com October 1, 2014 This Brochure provides information about the qualifications and business
More informationAsset Manager Guide to SAS 70. Issue Date: October 7, 2007. Asset
Asset Manager Guide to SAS 70 Issue Date: October 7, 2007 Asset Management Group A s s e t M a n a g e r G u i d e SAS 70 Table of Contents Executive Summary...3 Overview and Current Landscape...3 Service
More informationSYNACOR, INC. AMENDED AND RESTATED AUDIT COMMITTEE CHARTER. As adopted by the Board of Directors on November 16, 2011
SYNACOR, INC. AMENDED AND RESTATED AUDIT COMMITTEE CHARTER As adopted by the Board of Directors on November 16, 2011 PURPOSE: This Charter sets forth the composition, authority and responsibilities of
More informationPERFORMANCE FOOD GROUP COMPANY AUDIT COMMITTEE CHARTER
PERFORMANCE FOOD GROUP COMPANY AUDIT COMMITTEE CHARTER I. PURPOSE The Audit Committee (the Committee ) shall: A. Provide assistance to the Board of Directors (the Board of Directors ) of Performance Food
More informationLEAPFROG ENTERPRISES, INC. AMENDED AND RESTATED AUDIT COMMITTEE CHARTER
073007 LEAPFROG ENTERPRISES, INC. AMENDED AND RESTATED AUDIT COMMITTEE CHARTER The role and responsibilities of the Audit Committee (the Committee ) of the Board of Directors of LeapFrog Enterprises, Inc.
More informationFS Regulatory Brief. New reporting requirements for exempt reporting advisers Some practical considerations. Who is an exempt reporting adviser?
New reporting requirements for exempt reporting advisers Some practical considerations Introduction In June, the Securities and Exchange Commission (SEC) adopted final rules as mandated by the Dodd-Frank
More informationFUND MANAGER CODE OF CONDUCT
FUND MANAGER CODE OF CONDUCT First Edition pursuant to the Securities and Futures Ordinance (Cap. 571) April 2003 Securities and Futures Commission Hong Kong TABLE OF CONTENTS Page INTRODUCTION 1 I. ORGANISATION
More informationREED SMITH LLP INVESTMENT ADVISER NEWS QUARTERLY UPDATE
4th Quarter 2004 REED SMITH LLP INVESTMENT ADVISER NEWS QUARTERLY UPDATE The Investment Adviser News features regulatory and other news items of interest to the investment management industry and investment
More informationJ.H. ELLWOOD & ASSOCIATES, INC. 33 West Monroe, Suite 1850 Chicago, IL 60603 (312) 782-5432 www.ellwoodassociates.com.
J.H. ELLWOOD & ASSOCIATES, INC. 33 West Monroe, Suite 1850 Chicago, IL 60603 (312) 782-5432 www.ellwoodassociates.com March 31, 2015 This brochure provides information about the qualifications and business
More informationCLS Investments, LLC Instructions for the Solicitor Application and Agreement
CLS Investments, LLC Instructions for the Solicitor Application and Agreement Please complete all fields on page 1 of the Solicitor Application and Agreement. Some general guidelines are set forth below.
More informationIRONSHORE SPECIALTY INSURANCE COMPANY 75 Federal St. Boston, MA 02110 Toll Free: (877) IRON411
IRONSHORE SPECIALTY INSURANCE COMPANY 75 Federal St. Boston, MA 02110 Toll Free: (877) IRON411 Enterprise PrivaProtector 9.0 Network Security and Privacy Insurance Application THE APPLICANT IS APPLYING
More informationHOUSTON LAWYER REFERRAL SERVICE, INC. RULES OF MEMBERSHIP
HOUSTON LAWYER REFERRAL SERVICE, INC. RULES OF MEMBERSHIP The Houston Lawyer Referral Service, Inc. (HLRS) is a non-profit corporation sponsored by the Houston Bar Association, Houston Young Lawyers Association,
More informationGUIDELINES ON COMPLIANCE FUNCTION FOR FUND MANAGEMENT COMPANIES
GUIDELINES ON COMPLIANCE FUNCTION FOR FUND MANAGEMENT COMPANIES Issued: 15 March 2005 Revised: 25 April 2014 1 P a g e List of Revision Revision Effective Date 1 st Revision 23 May 2011 2 nd Revision 16
More informationNASAA Recordkeeping Requirements For Investment Advisers Model Rule 203(a)-2 Adopted 9/3/87, amended 5/3/99, 4/18/04, 9/11/05; Amended 9/11/2011
NASAA Recordkeeping Requirements For Investment Advisers Model Rule 203(a)-2 Adopted 9/3/87, amended 5/3/99, 4/18/04, 9/11/05; Amended 9/11/2011 NOTE: Italicized information is explanatory and not intended
More informationCyber and Data Security. Proposal form
Cyber and Data Security Proposal form This proposal form must be completed and signed by a principal, director or a partner of the proposed insured. Cover and Quotation requirements Please indicate which
More informationCommonwealth of Pennsylvania Department of Banking and Securities Bureau of Securities Division of Licensing, Compliance and Examinations
Commonwealth of Pennsylvania Department of Banking and Securities Bureau of Securities Division of Licensing, Compliance and Examinations Investment Adviser Self-Inspection Checklist November 2015 Investment
More informationEURIBOR - CODE OF OBLIGATIONS OF PANEL BANKS
D2725D-2013 EURIBOR - CODE OF OBLIGATIONS OF PANEL BANKS Version: 1 October 2013 1. Objectives The European Money Markets Institute EMMI previously known as Euribor-EBF, as Administrator for the Euribor
More informationBroker-Dealer Concepts
Broker-Dealer Concepts Broker-Dealer AML Program Checklist/Gap Analysis Published by the Broker-Dealer & Investment Management Regulation Group September 2011 I. GENERAL REQUIREMENTS AML AML Program Components
More informationTECK RESOURCES LIMITED AUDIT COMMITTEE CHARTER
Page 1 of 7 A. GENERAL 1. PURPOSE The purpose of the Audit Committee (the Committee ) of the Board of Directors (the Board ) of Teck Resources Limited ( the Corporation ) is to provide an open avenue of
More informationCode of Ethics. I. Definitions
Code of Ethics Old North State Trust, LLC (the Company ) has adopted this Code of Ethics in recognition of the principle that all Supervised Persons (as defined below) of the Company have a fiduciary duty
More informationZero Deficiencies: Closing the Gap
Zero Deficiencies: Closing the Gap By Francois Cooke July 2012 INTRODUCTION Broker-dealers face constant regulatory risks that continue to increase. These risks have short-term and long-term ramifications.
More informationUNITED STATES OF AMERICA
UNITED STATES OF AMERICA Before the SECURITIES AND EXCHANGE COMMISSION INVESTMENT ADVISERS ACT OF 1940 Release No. 3993 / January 13, 2015 SECURITIES EXCHANGE ACT OF 1934 Release No. 74044 / January 13,
More informationForm ADV Part 2A Brochure March 30, 2015
Item 1 Cover Page Form ADV Part 2A Brochure March 30, 2015 OneAmerica Securities, Inc. 433 North Capital Avenue Indianapolis, Indiana, 46204 Telephone: 877-285-3863, option 6# Website: www.oneamerica.com
More informationCorporate Governance. Document Request List Funds
Document Request List Funds Please provide documents noted below, as applicable, in English. For new funds or existing funds where requested documents are currently being developed, please provide draft
More informationSecurities Broker/Dealer, Registered Representative And Registered Investment Advisor Professional Liability Application
Securities Broker/Dealer, Registered Representative And Registered Investment Advisor Professional Liability Application This is an Application for a claims made and reported policy. Please read the entire
More informationHALOZYME THERAPEUTICS, INC. CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS ORGANIZATION AND MEMBERSHIP REQUIREMENTS
HALOZYME THERAPEUTICS, INC. CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS I. STATEMENT OF POLICY The Audit Committee (the Committee ) of the Board of Directors (the Board ) of Halozyme Therapeutics,
More informationDEALERSHIP IDENTITY THEFT RED FLAGS AND NOTICES OF ADDRESS DISCREPANCY POLICY
DEALERSHIP IDENTITY THEFT RED FLAGS AND NOTICES OF ADDRESS DISCREPANCY POLICY This Plan we adopted by member, partner, etc.) on Our Program Coordinator (date). (Board of Directors, owner, We have appointed
More informationOCIE CYBERSECURITY INITIATIVE
Topic: Cybersecurity Examinations Key Takeaways: OCIE will be conducting examinations of more than 50 registered brokerdealers and registered investment advisers, focusing on areas related to cybersecurity.
More informationTHE COMMONWEALTH OF MASSACHUSETTS
THE COMMONWEALTH OF MASSACHUSETTS OFFICE OF CONSUMER AFFAIRS AND BUSINESS REGULATION DIVISION OF INSURANCE Report on the Comprehensive Market Conduct Examination of The Paul Revere Variable Annuity Insurance
More informationVendor Management Challenges and Solutions for HIPAA Compliance. Jim Sandford Vice President, Coalfire
Vendor Management Challenges and Solutions for HIPAA Compliance Jim Sandford Vice President, Coalfire Housekeeping You may submit questions throughout the webinar using the question area in the control
More informationF I R M B R O C H U R E
Part 2A of Form ADV: F I R M B R O C H U R E Dated: 03/24/2015 Contact Information: Bob Pfeifer, Chief Compliance Officer Post Office Box 2509 San Antonio, TX 78299 2509 Phone Number: (210) 220 5070 Fax
More informationDesigning a Social Media Policy
Designing a Social Media Policy Executive Summary Unlike broker/dealers, the social media content and communications of registered investment advisers or their investment advisory representatives through
More informationAUDIT COMMITTEE OF THE TRUSTEES TEXAS PACIFIC LAND TRUST CHARTER
Amended and Restated: February 24, 2010 AUDIT COMMITTEE OF THE TRUSTEES OF TEXAS PACIFIC LAND TRUST CHARTER PURPOSE The primary function of the Committee is to assist the Trustees of the Trust in discharging
More informationElements of an Effective Compliance System
Registrant Outreach Seminar June 23 and 25, 2015 Elements of an Effective Compliance System Presenters: Trevor Walz, Dena Di Bacco and Stratis Kourous Compliance and Registrant Regulation Branch Disclaimer
More informationClient Alert March 25, 2014
Client Alert March 25, 2014 Broker-Dealer Compliance Officers and Counsel Take Note: NEW FINRA SUPERVISION RULES APPROVED BY SEC Effective Date December 1, 2014 Background FINRA s new Consolidated Supervision
More informationSEC Adopts Rules on Compliance Programs for Funds & Advisers
Investment Management Group Legal Update: SEC Adopts Rules on Compliance Programs for Funds & Advisers If you have questions or would like additional information on the material presented herein, please
More informationHOURLY CONSULTING AGREEMENT
4245 Kemp Blvd., Suite 1007 Wichita Falls, Texas 76308 HOURLY CONSULTING AGREEMENT This is an agreement between Personal Money Planning ( Advisor ), and ( Client ). By this agreement, Client retains Advisor
More informationCHECKLIST ISO/IEC 17021:2011 Conformity Assessment Requirements for Bodies Providing Audit and Certification of Management Systems
Date(s) of Evaluation: CHECKLIST ISO/IEC 17021:2011 Conformity Assessment Requirements for Bodies Providing Audit and Certification of Management Systems Assessor(s) & Observer(s): Organization: Area/Field
More informationPART I ARTICLE. apply to all insurers domiciled in this State unless exempt. (b) The purposes of this article shall be to:
THE SENATE TWENTY-EIGHTH LEGISLATURE, 0 STATE OF HAWAII A BILL FOR AN ACT RELATING TO INSURANCE BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF HAWAII: PART I SECTION. Chapter, Hawaii Revised Statutes,
More informationRisk Management of Outsourced Technology Services. November 28, 2000
Risk Management of Outsourced Technology Services November 28, 2000 Purpose and Background This statement focuses on the risk management process of identifying, measuring, monitoring, and controlling the
More informationWritten Information Security Programs: Compliance with the Massachusetts Data Security Regulation
View the online version at http://us.practicallaw.com/7-523-1520 Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation Melissa J. Krasnow, Dorsey & Whitney LLP
More informationCHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS OF EVERBANK FINANCIAL CORP
CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS OF EVERBANK FINANCIAL CORP 1 EverBank Financial Corp Charter of the Audit Committee I. PURPOSE OF THE COMMITTEE The purpose of the Audit Committee
More informationHIPAA COMPLIANCE PLAN. For. CHARLES RETINA INSTITUTE (Practice Name)
HIPAA COMPLIANCE PLAN For CHARLES RETINA INSTITUTE (Practice Name) Date of Adoption 1/02/2003 Review/Update 10/25/2012 Review/Update 4/01/2014 I. COMPLIANCE PLAN A. Introduction This HIPAA Compliance Plan
More informationCoverage is subject to a Deductible
Frank Cowan Company Limited 75 Main Street North, Princeton, ON N0J 1V0 Phone: 519-458-4331 Fax: 519-458-4366 Toll Free: 1-800-265-4000 www.frankcowan.com CYBER RISK INSURANCE DETAILED APPLICATION Notes:
More informationAlert. Client PROSKAUER ROSE LLP. Regulation of Non-U.S. Investment Advisors and Portfolio Managers Doing Business in the United States
PROSKAUER ROSE LLP Client Alert Regulation of Non-U.S. Investment Advisors and Portfolio Managers Doing Business in the United States A number of non-u.s. investment counseling firms and investment dealer
More informationAttachment A. Identification of Risks/Cybersecurity Governance
Attachment A Identification of Risks/Cybersecurity Governance 1. For each of the following practices employed by the Firm for management of information security assets, please provide the month and year
More informationTime Warner Cable Inc. Audit Committee Charter. Effective February 14, 2013
Time Warner Cable Inc. Audit Committee Charter Effective February 14, 2013 The Board of Directors of Time Warner Cable Inc. (the Corporation ; Company refers to the Corporation and its consolidated subsidiaries)
More informationWRITTEN SUPERVISORY PROCEDURES. SUPERVISORY CONTROL PROCEDURES October 2014
WRITTEN SUPERVISORY PROCEDURES SUPERVISORY CONTROL PROCEDURES October 2014 GENERAL... 7 A. Supervisory System... 8 B. Format of Supervisory Procedures... 8 C. Actions to be Taken upon Discovery of Noncompliance
More informationCVS HEALTH CORPORATION A Delaware corporation (the Company ) Audit Committee Charter Amended as of September 24, 2014
CVS HEALTH CORPORATION A Delaware corporation (the Company ) Audit Committee Charter Amended as of September 24, 2014 Purpose The Audit Committee (the Committee ) is created by the Board of Directors of
More informationPROCUREMENT POLICY FOR INVESTMENT CONSULTANTS
PROCUREMENT POLICY FOR INVESTMENT CONSULTANTS Purpose The Board of Trustees ( Board or Trustees ) of the Public School Teachers Pension and Retirement Fund of Chicago ( CTPF or the Fund ) establishes the
More informationPart 2A of Form ADV: Firm Brochure
Part 2A of Form ADV: Firm Brochure Item 1 Cover Page A. VL Capital Management LLC 55 West Church Street Orlando, FL 32801 Mailing Address: P.O. Box 1493 Orlando, FL 32802 Phone: (407) 412-6298 Effective
More informationAccountable Care Organization. Medicare Shared Savings Program. Compliance Plan
Accountable Care Organization Participating In The Medicare Shared Savings Program Compliance Plan 2014 Corporate Location: 3190 Fairview Park Drive Falls Church, VA 22042 ARTICLE I INTRODUCTION This Compliance
More informationCHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS OF INTERCONTINENTAL EXCHANGE, INC.
CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS OF INTERCONTINENTAL EXCHANGE, INC. I. PURPOSE The Audit Committee (the Committee ) of the Board of Directors (the Board ) of Intercontinental Exchange,
More informationINSTITUTIONAL COMPLIANCE PLAN
INSTITUTIONAL COMPLIANCE PLAN Responsible Party: Board of Trustees Contact: Institutional Compliance Office Original Effective Date: 02/16/2012 Last Revised Date: 10/13/2014 Contents I. SCOPE OF THE PLAN...
More informationILLINOIS STATE BOARD OF INVESTMENT Request for Competitive Proposal: Investment Advisory Services
ILLINOIS STATE BOARD OF INVESTMENT Request for Competitive Proposal: Investment Advisory Services OVERVIEW: The Illinois State Board of Investment (the Board or ISBI ) hereby issues a request for competitive
More informationWebster Wealth Advisors, Inc.
Webster Wealth Advisors, Inc. 195 Danbury Road, Suite 220 Davenport Building Wilton, CT 06897 (888) 862 9644 www.websterwealthadvisors.com March 30, 2015 This Brochure provides information about the qualifications
More informationOperations. Group Standard. Business Operations process forms the core of all our business activities
Standard Operations Business Operations process forms the core of all our business activities SMS-GS-O1 Operations December 2014 v1.1 Serco Public Document Details Document Details erence SMS GS-O1: Operations
More informationWritten Information Security Programs: Compliance with the Massachusetts Data Security Regulation
View the online version at http://us.practicallaw.com/7-523-1520 Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation MELISSA J. KRASNOW, DORSEY & WHITNEY LLP
More information