WRITTEN SUPERVISORY PROCEDURES. SUPERVISORY CONTROL PROCEDURES October 2014

Transcription

1 WRITTEN SUPERVISORY PROCEDURES SUPERVISORY CONTROL PROCEDURES October 2014

2 GENERAL... 7 A. Supervisory System... 8 B. Format of Supervisory Procedures... 8 C. Actions to be Taken upon Discovery of Noncompliance or Other Violation... 8 II. SUPERVISORY SYSTEM... 8 A. Designation of Business Locations... 8 B. Designation of Principals and Other Supervisors; Chain of Supervision C. Delegation of Chain of Supervision Responsibilities D. Delegation of Chain of Supervision Responsibilities to the President E. Qualification of Supervisors F. Distribution of Supervisory Procedures Manual and Amendments G. Distribution of Compliance Procedures to Registered Representatives (RRs) H. Amending Supervisory Procedures and Compliance Manuals I. Annual Compliance Meetings J. Reviews of Business and Supervisory System K. Activity and Supervisor Reports and Forms L. Report Review M. Internal Review Process N. Review of Heightened Supervisory Procedures III. MEMBERSHIP AND REGISTRATION OF THE FIRM A. Maintaining Current Form BD and FINRA Membership Agreement B. Maintaining Required Registered Principals C. Registration Renewal Fees and Other Filings IV. MATTERS AND ACTIVITIES OF ASSOCIATED PERSONS A. Determination of Registration Status B. Background Investigations on Prospective Registered Persons C. Fingerprinting D. Examination and Initial Registration Requirements Compliance Department Page 2 of 98

3 E. Amendments to Form U-4 and Other Changes in Registration Status F. Dual Registration G. Continuing Education Requirements H. Compensation I. Outside Activities J. Termination of Registration K. Form U-4 and U-5 and Bad Acts Disclosure Review V. INSIDER TRADING VI. FINANCIAL, OPERATIONAL AND REPORTING ACTIVITIES A. Net Capital Requirements B. Financial Accounting C. Financial Reporting D. Financial Reporting Responsibility for General Ledger Accounts and Identification of Suspense Accounts E. Cash Transaction Reporting, Bank Secrecy Record Keeping F. Customer Complaint Handling F. Adverse Events Filings G. Reporting of Specified Events and Customer Complaints H. Books and Records I. Regulatory Inspections VII. DEALING WITH CUSTOMERS, OTHER BROKER/DEALERS AND SERVICE PROVIDERS A. Dealing with Customers B. Maintenance of Customer Account Files D. Review of Transactions E. Review of Customer Accounts F. Customer Funds and Securities G. Prohibition Against Guarantees H. Do Not Call I. Gifts and Gratuities Compliance Department Page 3 of 98

4 J. Business Arrangements with Others K. Extension of Credit to Customers VIII. COMMUNICATIONS WITH THE PUBLIC A. Securities Communications B. Speaking Engagements/Media Participation, Scripts or Outlines C. Outgoing Written Correspondence D. Incoming Written Correspondence E. Underwriting Activities F. Due Diligence G. Prospectus Delivery IX. TRADING AND MARKET MAKING ACTIVITIES X. FIXED INCOME SECURITIES XI. STRUCTURED PRODUCTS XII. MUNICIPAL SECURITIES XIII. DIRECT PARTICIPATION PROGRAMS A. Suitability B. Disclosure XIV. OPTIONS XV. BEST EXECUTION XVI. MUTUAL FUNDS AND UNIT INVESTMENT TRUSTS A. Prompt Transmission of Funds, Securities and Orders B. Mutual Fund Switching C. Breakpoints D. Fees and Charges XVII. VARIABLE PRODUCTS A. Product Committee Compliance Department Page 4 of 98

5 B. Compliance Department XVIII. REAL ESTATE INVESTMENT TRUSTS A. Suitability XIX. DEFERRED VARIABLE ANNUITIES A. Principal Review and Approval of Transactions B. Surveillance Procedures C. Firm Training Program XX. PRIVATE PLACEMENTS XX. BUSINESS CONTINUITY PLAN XXI. REMEDIAL ACTIONS A. Remedial Actions B. Response C. Action Plan D. Business Conduct Review Committee XXII. ANTI-MONEY LAUNDERING POLICY XXIII. REGULATION S-P XXIV. IDENTITY THEFT PROGRAM E. s for Identifying and Detecting Red Flags F. Preventing and Mitigating Identity Theft G. Updating the Program H. Reporting I. Oversight of Service Provider Arrangements J. Training of Identity Theft Program XXI. SUPERVISORY CONTROL PROCEDURES A. Designated Principals B. Testing and of Policies and Procedures Compliance Department Page 5 of 98

6 C. Report of Supervisory Controls D. Other Requirements of Rule XXII. ANNUAL COMPLIANCE AND SUPERVISION CERTIFICATION APPENDIX A APPENDIX B Compliance Department Page 6 of 98

7 GENERAL Updated September 2011 The Firm offers mutual funds, unit investment trusts, variable contracts as well as general equities, options, municipal securities, interests in limited partnerships, U.S. Treasuries, and debt instruments. The Firm sells these products through its registered representatives ( RRs ), many of whom are employees of CUNA Mutual or employees of a credit union or credit union service organization. The Firm is registered with the U.S. Securities and Exchange Commission ( SEC ) as a broker/dealer, pursuant to the provisions of the Securities Exchange Act of 1934 (the 1934 Act ), and is a member firm of the National Association of Securities Dealers, Inc. ( FINRA ). It is also registered with the securities commission in the states in which it operates. The Firm is subject to rules, regulations, policies, and guidelines adopted by the SEC, FINRA, and states for registered broker-dealers and FINRA members. The Firm has adopted policies and procedures that qualify it to rely on the net capital standard outlined in Rule 15c3-1(a) (2) (iv) under the 1934 Act as an introducing broker-dealer. Section 15(b)(4)(E) of the 1934 Act subjects a registered broker-dealer and its supervisors to liability if they fail to reasonably supervise a person associated with the broker-dealer ( associated person ). (An associated person of a broker-dealer means a person controlling, controlled by or under common control with, the brokerdealer. The term includes directors, officers, and employees of the broker-dealer, as well as its affiliates, such as parent and sister corporations. An associated person may be registered or exempt from registration under the FINRA s by-laws or rules.) A broker-dealer and/or its supervisors will not be deemed to have failed to reasonably supervise an associated person if: (1) The broker/dealer has established procedures for supervising the associated person; (2) The broker/dealer has established a system for applying such procedures, which would reasonably be expected to prevent and detect, insofar as practicable, any violation of these procedures by the associated person; (3) The broker/dealer or supervisor has reasonably tested or reviewed such procedures and system, identified any gaps within the procedures and system and outlined a plan to resolve any gaps; (4) The broker/dealer or supervisor has reasonably discharged the duties and obligations incumbent upon it, him or her by reason of such procedures and system, without reasonable cause to believe that the procedures and system were not being complied with. Rule 3010(b) of the FINRA Rules requires each member firm to establish, maintain and enforce written procedures to supervise the types of business in which it engages and to supervise the activities of registered representatives and associated persons that are reasonably designed to achieve compliance with applicable securities laws and regulations, and with the applicable Rules of this Association. The Firm has adopted the supervisory procedures set forth in this Manual and has designated a Chief Compliance Officer, who shall be responsible for maintaining these procedures and implementing additional procedures to carry out the supervisory responsibilities. In addition, MSRB Rule G-27 describes the Obligation to supervise the conduct of the municipal securities activities of the dealer and its associated persons. The policies and procedures within this manual include Compliance Department Page 7 of 98

8 municipal securities where applicable. (Sections regarding supervisory procedures, RR registration, customer complaints, transaction reviews, branch office reviews, books and records retention, correspondence review, annual review and updates to procedures, etc. ) A. Supervisory System The Firm s supervisory system consists of the following elements: these written supervisory procedures an internal examination and inspection program designation of supervisors and delegation of supervisory responsibilities to such supervisors use of activity and exception reports a system of supervisory control policies and procedures board oversight of supervisory program B. Format of Supervisory Procedures This Manual describes various regulatory requirements applicable to SEC-registered broker-dealers that are FINRA members. Where compliance with a requirement calls for the adoption and implementation of a procedure, this Manual identifies the Firm s procedure. For each procedure, this Manual explains the regulatory requirement intended to be addressed by the procedure, comments on what policies or procedures the Firm has adopted, and then describes the procedure or notes where it is contained. With regard to each procedure, this Manual identifies: the person responsible for ensuring that the procedure is followed, what specific steps the responsible person is required to take, and when those steps are to be taken. Further, because an essential aspect of a supervisory system is being able to evidence that a procedure has in fact been followed, this Manual discusses actions to document that the procedure was followed, and the maintenance and retention periods for such documents. C. Actions to be Taken upon Discovery of Noncompliance or Other Violation While it is the intention of the Firm to diligently pursue compliance with its policies and procedures, this Manual also includes guidance for addressing situations involving deficient compliance, noncompliance, or violations of law, regulations or policies. II. SUPERVISORY SYSTEM A. Designation of Business Locations Requirement: The FINRA rules are premised in part on the designation of the locations at which a member firm conducts its business. The FINRA rules recognize various types of offices: an office of supervisory jurisdiction ( OSJ ), a Branch Office, non-registered office, and locations of convenience. State securities commissions also may impose rules on registered broker/dealers based on their locations, as defined in their state Blue-Sky regulations. NASD Rule 3010(g)(1) defines an OSJ as a location where one or more of the following functions takes place: order execution and/or market making; structuring of public offerings or private placements; maintaining custody of customers funds and or securities; final acceptance (approval) of new accounts on behalf of the member; review and endorsement of customer orders; final approval of advertising or sales literature for use by persons associated with the member; or responsibility for supervising the activities of persons associated with the member at one or more other Branch Offices of the member. Every member firm must designate at least one OSJ. Compliance Department Page 8 of 98

9 Rule 3010(g)(2) defines a Branch Office as any location identified by any means to the public or customers as a location at which the member conducts a securities business. A non-registered office is a location that is not so identified and is not an OSJ. Rule 3010(g)(2) provides guidance for determining when a location is not identified to the public or customers. For instance, the rule excludes from the definition of Branch Office: (1) any location identified in a telephone directory line listing or on a business card or letterhead, which listing, card, or letterhead also sets forth the address and telephone number of the Branch Office or OSJ of the firm from which the person(s) conducting business at the non-branch locations are directly supervised; (2) any location referred to in a member advertisement (as defined in Rule 2210) by its local telephone number and/or local post office box, provided that the reference does not contain the address of the non-branch location and also sets forth the address and telephone number of the Branch Office or OSJ of the firm from which the person(s) conducting business at the non-branch location are directly supervised; and (3) any location identified by address in a member s sales literature (as defined in Rule 2210) provided that the sales literature also sets forth the address and telephone number of the Branch Office or OSJ of the firm from which the person(s) conducting business at the non-branch locations are directly supervised. Policy. The Firm has adopted the policy that activities and functions will be carried out so that only its home office in Waverly, Iowa ( Waverly OSJ ), the office located in Madison, Wisconsin ( Madison OSJ ), and designated field locations are Offices of Supervisory Jurisdiction. Office locations, including those located within credit union locations are registered as Branch Offices, provided they meet the requirements as outlined within Rule 3010(g)(2) as discussed above. Certain locations at which registered persons are located are to be operated so as to be treated as non-registered locations, or as appointment only (location of convenience) locations which are not held out as branches as defined by Rule 3010(g)(2) (although they will be registered with state securities commissions if required by applicable law). The Chief Compliance Officer is responsible for compliance with the policy and is directed to observe the following procedures: Compliance Department Page 9 of 98

10 OFFICE REGISTRATION PROCEDURES Designated Principal(s) Ensure that locations are properly designated and identified on Form BD Schedule E if applicable, and that activities conducted at each location are permissible given its designation. Consider OSJ and Branch Office requirements whenever a new location is established. Consider OSJ requirements when there is a change in responsibilities or functions for persons at a non-osj location. Consider requirements when there is a change in responsibilities or functions for persons at a non-registered location. List of offices maintained at the Waverly OSJ Reflected on filings made with FINRA and states Current list of locations maintained at the Waverly OSJ Historical records of designations maintained in Licensing Files Six years Corrective action taken by Chief Compliance Officer. Significant violations will be brought to the attention of the President. B. Designation of Principals and Other Supervisors; Chain of Supervision Requirement. NASD Rule 3010(a)(2) requires that a broker-dealer designate one or more appropriately registered principals with authority to carry out its supervisory responsibilities for each line of business in which it engages for which registration as a broker/dealer is required. In addition, NASD Rule 3010(a)(4) requires that each broker-dealer designate one or more principals in each OSJ with the authority to carry out the supervisory responsibilities of that office. A supervisor also must be appointed for every Branch Office and non-registered location maintained by the member firm. Whether that supervisor must be a principal for such locations depends on the factors outlined in Rule Applicable states Blue-Sky requirements also may dictate whether the appointed supervisor for a location must be a principal. Finally, NASD Rule 3010(a)(5) also requires that each registered person be assigned to a supervisor. NASD Rule 3010(b)(2) requires that each broker-dealer s written supervisory procedures set forth the titles, registration status and locations of the required supervisory personnel and the responsibilities of each supervisory person. In addition, the brokerdealer must maintain an internal record of the names of all supervisory personnel and the dates they became supervisors. Policy. The Firm has designated the following Principals for specific functions or areas: Appendix A identifies the individuals currently filling these positions. The Firm has adopted the following chain of supervision for the sales force: RRs Limited OSJ (where applicable) FCMs Manager, Field Compliance With regard to the chain of supervision, the Firm requires that all of the following persons in the chain register as Principals: (1) Limited OSJ (where applicable) (2) FCMs (3) Manager Field Compliance. The Chief Compliance Officer must also be a registered Principal. The Chief Compliance Officer is responsible for Compliance Department Page 10 of 98

11 ensuring the designation of principals and supervisors (subject in some cases to approval by the Board of Directors) to carry out the supervision and oversight of Firm policies and procedures. MAINTENANCE OF SUPERVISORS PROCEDURE Chief Compliance Officer (or designated principal) Verify that requisite principals are designated Identify supervisory responsibilities of each supervisor Maintain list of supervisors and their responsibilities Maintain written chain of supervision Upon inception of the Firm s operations Upon termination of a principal Upon appointment to fill position previously occupied by a principal changes in job responsibilities occur for a supervisor or principal the Firm s operations change or expand As otherwise necessary List of principals and chain of supervision Current designations of principals and chain of supervision included in this Manual. Three years after date of last use Corrective action taken by Chief Compliance Officer. Significant violations will be brought to the attention of President. C. Delegation of Chain of Supervision Responsibilities Requirement. NASD Rule 3010 requires that a member firm adequately supervise all of its personnel, including those who supervise the RRs. Firm Policy. The Firm has assigned designated principals to supervise Firm personnel. 1. Meetings The Chief Compliance Officer or principals on his or her staff is directed to meet periodically with the FCMs and Supervising Principals to review the policies and procedures in this Manual and the Compliance Manual. Compliance Department Page 11 of 98

12 PROCEDURE Chief Compliance Officer (or designated principal) Meet with Supervising Principals Discuss compliance issues with Supervising Principals, obligations of the Supervising Principals under the Firm s supervisory system and the procedures and policies instituted there under and any compliance problems, issues or questions. At least once per year or more frequently when directed by the Chief Compliance Officer. Meeting records (e.g schedule and notes) Calendar entries, notes, etc. One year Corrective action taken by Chief Compliance Officer. Significant violations will be brought to the attention of President. 2. On-Site Reviews On-Site Inspection Plan Per NASD Rule 3010(c) Internal Inspections, a FINRA member shall establish and maintain a system to supervise the activities of each registered representative and associated person that is reasonably designed to achieve compliance with applicable securities laws and regulations, and with applicable FINRA Rules. Final responsibility for proper supervision shall rest with the member. Rule 3010(c)(2) states that a member must reduce each office inspection to a written report. The report must include testing and verification of the member s policies and procedures. It is noted that the supervision of customer accounts serviced by branch office managers, the validation of customer address changes and changes to other customer account information is not performed at branch locations. The validation of and supervisory controls and testing for these functions is performed at the Firm s Home Office. The Firm has directed the designated Compliance Dept. staff to perform announced inspections of each registered OSJ, registered Limited-OSJ, registered branch location and unregistered branch, otherwise known as a location of convenience. The following procedures are to be observed for each site location. (Note the Firm may not have all four types of locations.) Compliance Department Page 12 of 98

13 Registered OSJ Inspection Plan Designated staff: Manager of Field Compliance Manager, Field Compliance Managers, or Compliance Specialist Conduct on-site reviews of OSJ office and files Submit report describing scope of review of OSJ offices, findings of fact, conclusions, and recommendations to Chief Compliance Officer or designated staff. Annually Written reports submitted to OSJs for follow up by the OSJ Supervising Principal with a copy maintained in the Compliance Dept. Electronic copy maintained by the CBSI Compliance Dept. Three years Corrective action taken by Chief Compliance Officer Registered Limited-OSJ Inspection Plan Designated staff: Manager of Field Compliance Manager, Field Compliance Managers, or Compliance Specialist) The designated staff member must be someone other than one which could be considered a conflict of interest. uses an independent dealer model for some of its branch office locations, which consists of small or single-person offices reporting directly to an OSJ Supervisory Principal, who is usually also the branch manager as well. Per the FINRA Supervisory Control Amendments Phone in Workshop 12/16/04, dated 1/11/2005, a member firm in this instance may use the Rule 3010 exception, relating to limited size and resources. Conduct on-site reviews of OSJ office and files Submit report describing scope of review of OSJ offices, findings of fact, conclusions, and recommendations to Chief Compliance Officer or designated staff. Annually Written reports submitted to OSJs with a copy retained by the Compliance Department. Copy maintained by the CBSI Compliance Dept. Three years Corrective action taken by Chief Compliance Officer. Compliance Department Page 13 of 98

14 Registered Branch Inspection Plan Designated staff: Manager of Field Compliance Manager, Field Compliance Managers, Supervising Principals, or Compliance Specialists Conduct on-site reviews of branch office and files Submit report describing scope of review of branch office, findings of fact, conclusions, and recommendations to Chief Compliance Officer or designated staff. A minimum of once every three years. Branch offices shall be inspected based on a risk criteria compilation. The risk criteria compilation will be used to determine how often branch offices will be inspected and whether the inspection will be announced or unannounced. Virginia branch offices will be inspected annually per state requirement. Other branches may also be selected for review if other oversight is deemed necessary. Other RRs will generally be inspected biannually. No RR branch office will be inspected less than once every three years. Written reports submitted to branch location with a copy retained by the CBSI Compliance Dept. Electronic copy maintained by the CBSI Compliance Dept Three years Corrective action taken by Chief Compliance Officer. Unregistered Branch Inspection Plan Locations of Convenience Designated staff: Manager of Field Compliance Manager, Field Compliance Managers, Supervising Principals, or Compliance Specialists Conduct on-site reviews of location Submit report describing scope of review of location, findings of fact, conclusions, and recommendations to Chief Compliance Officer or designated staff. A minimum of once every five years. Written reports submitted to registered person conducting business at location with a copy maintained by the CBSI Compliance Dept. Copy maintained by the CBSI Compliance Dept. Five years or until next inspection report is created; three years if LOC is closed after last inspection. Corrective action taken by Chief Compliance Officer. Compliance Department Page 14 of 98

15 3. Heightened Inspection Procedures Requirement. NASD Rule 3010(c)(3) requires a member to have in place procedures that are reasonably designed to provide heightened office inspections if two conditions are met: The person conducting the inspection reports to the branch office manager s supervisor or works in an office supervised by the branch manager s supervisor, and The branch office manager generates 20 percent or more of the revenue of the business units supervised by the branch office manager s supervisor. Policy. The Firm has adopted guidelines for reviewing revenue of producing managers to determine if/when heightened office inspections are necessary. For the purpose of calculating the a producing manager s 20% revenue threshold, revenue from first year securities revenue of the producing manager is compared with the total first year securities revenue of all representatives within the producing manager s supervisor s business unit. The Firm s business unit is defined as all registered representatives assigned to the Field Compliance Manager/Supervising Principal who supervises the producing manager. Review of the sales ratio may be periodically but will be no less than annually, which will include review of the prior 12 months sales activity. QUALIFICATION PROCEDURES Designated Compliance Department Associate: Manager of Field Compliance Manager, Field Compliance Managers, or Compliance Specialist Review prior 12 months producing manager sales ratio compared to business unit, no less than annually District Summary with Rep Detail reviewed periodically, no less than annually Electronic copy maintained by the CBSI Compliance Department Compliance Department Page 15 of 98

16 HEIGHTENED INSPECTION PROCEDURES Designated Compliance Department Associate: Manager of Field Compliance Manager, Field Compliance Managers, or Compliance Specialist Develop and implement Heightened Inspection Plan if the two conditions noted above are met Heightened Inspection Plan may include: Increased review of inspections of branch offices: physical visit or review of inspection reports Unannounced review of producing manager s OSJ location and/or branches supervised by producing manager Periodic sampling of transactions which appear on exception reports by the Home Office Compliance Department Other additional oversight as directed by the Chief Compliance Officer Heightened Inspection performed periodically, no less than annually District Summary with Rep Detail reviewed periodically, no less than annually Electronic copy maintained by the CBSI Compliance Department D. Delegation of Chain of Supervision Responsibilities to the President Requirement. NASD Rule 3010 requires that a member firm establishes a system of supervision and assigns supervisory responsibilities to each supervisor in the system. Firm Policy. The Firm has assigned the President the responsibility to supervise the Chief Compliance Officer, and has directed that the President periodically meet with the Chief Compliance Officer. SUPERVISION PROCEDURE President Meet with the Chief Compliance Officer Discuss compliance of OSJs Supervising Principal and RRs, the role of the Chief Compliance Officer under the Firm s compliance system and any compliance problems, issues or questions. At least once per year or more frequently Meeting notes President s or Chief Compliance Officer s File One year President to take corrective action Compliance Department Page 16 of 98

17 E. Qualification of Supervisors Requirement. NASD Rule 3010(a)(6) requires that each broker/dealer make reasonable efforts to determine that all supervisory personnel are qualified by virtue of experience or training to carry out their assigned responsibilities. The FINRA has explained that a qualified person should be knowledgeable with respect to both regulatory requirements and the firm s product line, experienced in the activities that take place in the office he or she is supervising and capable of exercising authority over his or her subordinates. In addition, factors such as relevant industry experience, previous employment, and disciplinary history should be taken into account. Policy. The Firm has adopted qualification requirements for supervisors. The Chief Compliance Officer is responsible for reviewing and updating these requirements in accordance with these procedures and for ensuring all applicants meet the applicable standards: QUALIFICATION PROCEDURES Chief Compliance Officer (or designated principal) Review and update qualification requirements Verify that each applicant and supervisor satisfies the Firm s qualification requirements Upon change in business operations or regulatory pronouncement impacting qualification standards. changes in persons or job responsibilities occur Appendix A In the Written Supervisory Procedures (WSP) F. Distribution of Supervisory Procedures Manual and Amendments Updated February 2013 Requirement. NASD Rule 3010(b)(4) requires that a copy of a member firm s supervisory procedures be maintained in each OSJ and at any other location where supervisory activities are conducted on behalf of a member firm. Policy. The Firm requires that a copy of this Manual be provided to every supervisory principal. The Compliance Manager or Manager of Field Compliance Managers (or principal designated by either Manager) is responsible for implementing the policy and is directed to observe these procedures: Compliance Department Page 17 of 98

18 COMPLIANCE PROCEDURE Compliance Manager or Manager of Field Compliance Managers (or principal designated by either Manager) Provide or direct that a copy of this Manual be given to supervisory personnel Distribute updates to appropriate persons Upon designation of a supervisor in supervising chain Upon pertinent updates Dates of updated material with this document Posting to compliance center on Firm s web site Compliance Department Records Three years after date of last use Corrective action taken by Chief Compliance Officer. Significant violations will be brought to the attention of President. G. Distribution of Compliance Procedures to Registered Representatives (RRs) Updated February 2013 Requirement. An effective supervisory system depends in part on the observance by all registered persons of the firm s policies and procedures. Thus, it is critical to communicate compliance requirements to all RRs. Policy. The Compliance Department has designed Compliance Manuals that reflect certain policies and procedures of the Firm. The Compliance Department associates, as needed, update the Compliance Manuals, to reflect changes in applicable rules or regulations or changes to the Firm s business or operations. RRs are directed to the Firm s Compliance Manuals upon association with the Firm and when material updates are issued. COMPLIANCE PROCEDURE Compliance Specialists Design and update Compliance Manuals Direct Compliance Manuals to RRs Maintain File of original manual and updates to the manual In response to changes in applicable law, the Firm s business or operations or upon a review of current policies and procedures Dates of updated material with the Compliance Manual. Compliance Department Files: Manuals Three years after last use Corrective action taken by Chief Compliance Officer. Compliance Department Page 18 of 98

19 COMPLIANCE PROCEDURE Training Principal (or his/her designated associate) Conduct training for new RRs Consider training needs and conduct training as needed In response to changes in business, personnel, updates to the Compliance Manual or as directed by Compliance Department Record of RRs attending training Training Materials Record and Training Materials Maintained in Training Files Three years Corrective action taken by Chief Compliance Officer. H. Amending Supervisory Procedures and Compliance Manuals Requirement. A firm is required to amend its written supervisory procedures as appropriate within a reasonable time after changes occur in applicable securities laws and regulations or its supervisory system. Such changes must also be communicated to appropriate persons within the organization. As discussed above, firms also distribute compliance manuals to their registered personnel and these also should be updated to reflect changes in securities laws or regulations or Firm policies and procedures. Policy. It is the Firm s policy to monitor and keep abreast of changes in the law, and of any rules, regulatory interpretations, court decisions and changes in the securities industry that may require changes to this Manual, other Firm manuals or to any Firm policy or procedure, and to implement, or direct and verify the implementation of, any such changes. COMPLIANCE PROCEDURE CBSI Compliance Manager, Manager of Field Compliance or Compliance Specialist Stay abreast of changes in applicable laws and regulations or interpretations by checking or directing registered principals on his or her staff to check the FINRA Regulation website periodically and reviewing applicable FINRA Notices soon after issuance Prepare modifications to manuals to reflect such changes Distribute updates to appropriate persons Amend when appropriate This Manual and the relevant compliance manuals, plus all updates and/or memoranda regarding changes Where Compliance Department Files: Manuals Three years after last use Report to the Chief Compliance Officer Compliance Department Page 19 of 98

20 I. Annual Compliance Meetings Requirement. NASD Rule 3010(a)(7) requires a member firm to conduct, no less than annually, meetings or interviews with its registered representatives and principals to discuss compliance matters relevant to the activities of the representatives and principals. The meeting may occur in conjunction with the discussion of other matters or with other meetings. Policy. Associates of the Compliance Department are assigned responsibility for developing the agenda and materials for these meetings. The Chief Compliance Officer or designated principals are responsible for conducting the meetings for applicable registered persons. COMPLIANCE PROCEDURE Designated Compliance Dept. Associate(s) Annually Agenda and training material Written records of the date, place, person(s) conducting the meeting, the agenda, documents disseminated at the meeting and a list of attendees (evidence that each individual was present at the meeting) Records of agenda, training material and meetings maintained in Annual Compliance Meeting (ACM) File Three years Corrective action taken by Chief Compliance Officer. Annually COMPLIANCE PROCEDURE Chief Compliance Officer or Designated Principal Schedule meeting with RRs, Principals Conduct annual compliance meeting with RRs, Principals, based on agenda and materials provided by Compliance Department Collect evidence of persons attending meeting Forward copies of dated attendance list to Chief Compliance Officer for record retention Annually List of attendees (evidenced by each individual present at the meeting) Copies of agenda and any materials provided Records of meetings maintained in ACM File maintained by CBSI Compliance Dept. Three years Corrective action taken by Chief Compliance Officer. Significant violations will be brought to the attention of the President Compliance Department Page 20 of 98

21 J. Reviews of Business and Supervisory System Requirement. NASD Rule 3010(c) requires each member to conduct a review, at least annually, of the businesses in which it engages. The review must be reasonably designed to assist in detecting and preventing violations of and achieving compliance with applicable securities laws and regulations and the FINRA Rules and is to include an inspection of each OSJ. Policy. The Firm has designated the Compliance Department to conduct the required reviews. REVIEW PROCEDURES CBSI Compliance Manager, Manager of Field Compliance, or Compliance Specialist Conduct a review of the Firm s business(s) Update, if necessary, the Firm s Written Supervisory Procedures (WSP) Annually Updated Written Supervisory Procedures document or other notes to files WSP - Policies and Procedures Files Three years Chief Compliance Officer to take corrective action. REVIEW PROCEDURES CBSI Compliance Manager, Manager of Field Compliance or Compliance Specialist Conduct inspection of OSJs Submit report to Chief Compliance Officer, describing scope of review, findings of fact, conclusions, and recommendations Annually Written Report In Inspections Files Three years Chief Compliance Officer to take corrective action. K. Activity and Supervisor Reports and Forms Requirement. From time to time, securities regulators have identified different transactions or patterns that should be monitored through reports generated by the systems utilized by the firm to process its business. Securities regulators have recognized that these activity and exception reports can enable compliance departments to detect unusual events in a broker-dealer s business activities, including transactions with customers. Compliance Department Page 21 of 98

22 Policy. The Firm relies upon various reports. Associates in the Compliance Dept. are responsible for developing and refining the parameters of the Firm s activity reporting system and developing and updating other forms and report formats. REVIEW PROCEDURES CBSI Compliance Manager or Compliance Specialist Review parameters for activity and exception reports Develop and review format of forms and reports Maintain list/records of report formats and forms Determine whether to recommend any changes or new forms or formats As needed (in response to regulatory or business needs) Exception Report Parameters Updated forms, reports Compliance Department Files 18 months based upon SEC Books and Records Rules adopted, May 2003 Report to Chief Compliance Officer L. Report Review Requirement. FINRA rules contemplate that a firm will have a process for reviewing and acting upon reports. Policy. Designated principals in the Compliance Department are responsible for the initial review of all activity and exception reports generated or other reports submitted to the Compliance Department. Where a responsive action may impact the registration status or review procedures for a RR or supervisor in the chain of supervision, these principals are to observe the Internal Review Process. REVIEW PROCEDURES Compliance Specialist Review activity and exception reports generated or received Activity reports Memoranda regarding action items developed in response to red flags discovered by reports Compliance Department Files 18 months based upon SEC Books and Records Rules adopted, May 2003 Report to Chief Compliance Officer Compliance Department Page 22 of 98

23 M. Internal Review Process Updated February 2013 Requirement. The securities regulators have indicated that individuals with a history of customer complaints, disciplinary actions or adverse arbitration decisions should be subject to Heightened Supervisory Procedures. The principal means of identifying sales RRs as persons who may require special supervision is a thorough review of all relevant customer complaints, disciplinary actions and arbitration s disclosed on Forms U-4 and U-5. A firm also is required to closely monitor complaints and activity reports for purposes of identifying such persons. Other circumstances may develop that warrant a review of a particular registered person for purposes of making a hiring or termination decision or a decision to institute special supervisory procedures or to take remedial action or resolve a complaint. Policy. The Firm has adopted a process (the Internal Review Process ) for the review of matters in which educational, remedial or corrective action, the institution of heightened supervisory procedures or a termination of registration may be appropriate. It is the Firm s policy that registered persons are considered for heightened supervisory procedures or other action upon notice of red flags involving a registered person or indication of a violation of Firm policies and procedures or other irregularities. The Licensing Department is directed to refer applicants or registered persons to designated Compliance Department Associate(s) if, in the course of processing applications, Form U-4 amendments, Form U-5 termination notices or fingerprint cards, a red flag is uncovered. The Supervising Principal and other principals are required to refer to the Chief Compliance Officer any RR under their direct or indirect supervision who should be considered for remedial action. A number of procedures included in this manual direct various supervisors and principals to follow the Internal Review Process upon discovery of an irregularity or consideration of other matters in the course of their duties (such as in the case of handling a complaint). The Internal Review Process is initiated with a referral to the Compliance Department. The Compliance Department Associate is responsible for reviewing the situation referred and making recommendations as to responsive action to the Chief Compliance Officer. The Chief Compliance Officer is responsible for determining whether to approve or modify the recommendation or refer a recommendation to the BCRC. Responsive actions can range from educating the registered person to remedial action such as rejecting an application, imposing heightened supervisory procedures, termination or taking other remedial action or take no action. Heightened supervisory procedures may include: thoroughly reviewing the RRs customer account activity; requiring the RRs supervisor to sign-off on daily activity; restricting the RRs activities; assigning a mentor; providing additional training; speaking to customers; independently verifying customer information on account forms; prohibiting certain transactions; requiring supervisory approval of certain or all transactions in advance of execution; attending Compliance Department Page 23 of 98

24 meetings with customers; requiring approval of all correspondence prior to use; restricting use of certain types of communication; and other similar procedures. The Compliance Department Associate will oversee implementation of procedures that are approved by the Chief Compliance Officer or the BCRC, as applicable. REVIEW PROCEDURES Compliance Department Associate Review matter Consider whether Form U-4, U-5 or BD disclosure is warranted Consider whether responsive action should be taken If heightened supervisory procedures are recommended, develop procedures that are appropriate to the situation, considering such factors as the triggering actions, current supervisory procedures, the Firm s business, size and structure, procedural safeguards and the level of supervision required. The procedures developed should indicate the frequency and the scope of any reviews If responsive action should be taken, refer to Chief Compliance Officer with recommended responsive action Implement and document decision made by the Chief Compliance Officer or BCRC, as applicable As matter is referred to Compliance Department Associate Memoranda to Registered Representative File (Letters of Education, Letters of Discipline) Heightened Supervision or other directive by the Chief Compliance Officer: Compliance Dept. records (Education log, Disciplinary action log, Heightened Supervision log and files) Registered Representative File (see above) Compliance Dept. records (see above) Representative File: Three years after termination of Registered Person Compliance Dept. File: Three years Refer to Chief Compliance Officer Compliance Department Page 24 of 98

25 IMPLEMENTATION Chief Compliance Officer (or designated principal) Review matter or individuals referred by Compliance Department Associate Consider whether to accept, modify or reject recommendation Communicate decision to Compliance Department Associate Upon a referral from a Compliance Department Associate Documentation of recommendation and decision Registered Representative File; Compliance Dept. Files (Heightened Supervision Records, Education log, Disciplinary Action log, etc. (if applicable)) Registered Representative File: Three years after termination of RR; Compliance Dept. Files: Three years Corrective action taken by Chief Compliance Officer. Significant violations will be brought to the attention of the President BCRC Review referrals submitted by Chief Compliance Officer In conjunction with Chief Compliance Officer, discuss corrective action to be taken Make decision whether to accept, reject or modify the recommendations Communicate decision to Chief Compliance Officer Upon a recommendation by the Chief Compliance Officer Documentation of decision BCRC Minutes Three years N. Review of Heightened Supervisory Procedures Requirement. FINRA rules require firms implementing heightened supervisory procedures to monitor them for effectiveness. Policy. The Firm relies on its Internal Review Process to determine if heightened supervisory procedures should be instituted. If they are, the plan for the procedures establishes the parameters for monitoring the deployment of the procedures. In the ordinary case, the following process is followed: Compliance Department Page 25 of 98

26 REVIEW PROCEDURES Compliance Department Associate Review or direct the appropriate Supervising Principal to review evidence of the deployment of heightened supervisory procedures to assess whether they are working appropriately If no, refer to Chief Compliance Officer As warranted Written notes and/or documentation in file In Heightened Supervision File Three years Report to Chief Compliance Officer III. MEMBERSHIP AND REGISTRATION OF THE FIRM A. Maintaining Current Form BD and FINRA Membership Agreement Requirement. Rule 15b3-1 under the 1934 Act requires a registered broker/dealer to amend its Form BD when the information contained therein becomes inaccurate. State securities commissions have adopted similar updating requirements. FINRA rules require a member firm to keep its membership application (essentially the Form BD and related materials submitted with the application) current and to amend it not later than 30 days after learning of facts or circumstances giving rise to the amendment. FINRA membership rules provide for the execution of a membership agreement between the FINRA and each member firm. Policy. The Compliance Department is responsible for maintaining the Firm s current registration. In the routine course, the Chief Compliance Officer should receive information concerning developments impacting the Firm s Form BD disclosures. In the event of changes or developments warranting a FINRA filing, the designated Compliance Department Associate will be responsible for coordinating such filing. Compliance Department Page 26 of 98

27 FORM BD UPDATING PROCEDURES Compliance Department Associate Prepare, finalize and file upon Chief Compliance Officer s approval, appropriate amendment to Form BD Prepare, finalize and file upon Chief Compliance Officer s approval, applicable application for approval of changes in membership agreement restrictions or other material changes in operations, control or ownership Respond to and resolve FINRA issues arising from filing Upon receipt of information concerning reportable adverse events Upon a change in the information disclosed on Form BD and other FINRA membership materials Upon a management decision to change business operations or other material changes in the Firm After Firm board meeting for any change in officers Copies of Form BD, membership agreement, amendments and other materials as filed with regulatory agencies FINRA CRD System Life of the Firm Report to Chief Compliance Officer B. Maintaining Required Registered Principals Requirement. NASD 1021 requires a member firm to have at least two registered principals at all times. In addition, a member firm is required to have a duly registered Financial and Operations ( FinOp ) Principal at all times unless an exemption from this requirement has been granted and continues to be in effect. A member firm is also required to designate an executive representative who is the person designated to represent, vote and act for the member in all affairs relating to the FINRA. The executive representative must be a registered principal and ordinarily is the president or a senior executive officer. Policy. The Firm s policy is to have at least two Registered Principals, and at least one registered FinOp principal, at all times. Compliance Department Page 27 of 98

28 MINIMUM PRINCIPAL PROCEDURES Compliance Department Associates Stay alert to the number of OSJ principals to ensure that the Firm has at least two duly Registered Principals, and at least one registered FinOp principal at all times Stay alert to the designated Executive Representative to ensure that this position remains filled Within 30 days of a change in Principals (due to promotion, job transfer, retirement, death, or termination of service) Within 30 days of a change in operations At time of annual renewals List of Designated Principals for business functions maintained in Appendix A Filings with FINRA and copies of Executive Representative designation form filed with the FINRA Appendix A of this manual Three years Report to Chief Compliance Officer C. Registration Renewal Fees and Other Filings Requirement. FINRA member firms are required to file annual assessment reports and pay related fees. State securities commissions also may require periodic filings and registration fees to renew registrations and licenses for broker/dealer firms. Policy. The Designated Principal responsible for registration is responsible for compliance with these requirements of the FINRA and state securities commissions. REGISTRATION RENEWAL PROCEDURES Designated Principal in Licensing Dept. Review, finalize and file periodic membership and registration renewals and reports As required when due Licenses and other registration documentation Copies of reports and forms as submitted to regulatory agencies Canceled checks or other evidence of fee payment In Licensing Files Six years Report to Chief Compliance Officer Compliance Department Page 28 of 98

29 IV. MATTERS AND ACTIVITIES OF ASSOCIATED PERSONS A. Determination of Registration Status Requirement. Rule 1021 of the FINRA by-laws define a Principal to mean persons associated with a member who are sole proprietors, officers, partners, managers of OSJ s or directors of corporations and who are actively engaged in the management of the member s investment banking or securities business, including supervision, solicitation, conduct of business or the training of persons associated with a member for any of these functions. Policy. The Firm requires that all personnel who are actively engaged in the management of the member s securities business, including supervision, solicitation, conduct of business or the training of persons associated with a member for any of these functions to be registered as Principals. Each person who wants to sell securities products must be registered as a representative with the FINRA. Associates of the Compliance Department are assigned the responsibility for determining whether any other person associated with the Firm is required to register with the FINRA or, if registered as a representative, are required to register as a Principal because of his or her job responsibilities. REGISTRATION COMPLIANCE PROCEDURES Compliance Specialist Verify that persons in the designated positions are properly registered If questions arise concerning whether a person should be registered as a Principal, ascertain such person s job responsibilities by communicating with the person (or his/her supervisor or others, if necessary) and analyze under FINRA Rule 1021 As persons assume positions for which Principal registration is required under Firm policy As issues arise as to whether a person is properly registered Upon a change in responsibilities assigned to or a change in the activities authorized for Associated Persons Memoranda regarding a person s role and responsibilities Copy of Form U-4s In Registered Representative Files Retain six years after termination of Registered Person Report to the Chief Compliance Officer B. Background Investigations on Prospective Registered Persons Updated September 2011 Requirement. NASD Rule 3010(e) requires a member firm to investigate the good character, business repute, qualifications and experience of an applicant prior to submitting an application for the applicant to become registered with the firm. FINRA Notice to Members Compliance Department Page 29 of 98

30 recommends that member firms take certain specified steps known as best hiring practices in addition to reviewing an applicant s Form U-4 and U-5, review the applicant s history in FINRA s Central Registration Depository ( CRD ) system, and contact the applicant s previous employers. These investigations are key to identifying individuals with a history of customer complaints and disciplinary action(s) or arbitration(s). If the applicant was registered previously with another member, the member is required to obtain a copy of the Form U-5 filed by the previous employer, as well as any amendments. Policy. The Firm will submit a Form U-4 for registration of an applicant only after satisfactory completion of a background investigation and determination that the applicant meets the qualification standards for his/her position with the Firm. Under the Firm s procedures, the designated resourcing associate is directed to conduct the background investigation in accordance with the procedure outlined below. (If a third party is hired by the Firm to conduct any part of the background investigation, the Chief Compliance Officer is also responsible for such third party and is required to supervise and review its work product.) Investigations resulting in certain determinations are required to be addressed through the Firm s Internal Review Process. BACKGROUND INVESTIGATION PROCEDURE Designated Licensing Associate Review answers to an applicant s Form U-4 and supplemental questionnaires (pertaining to any pending proceedings, customer complaints, regulatory investigations, or arbitration proceedings not listed on the Form U-4 and U-5) Request and review Form U-5 if applicant was previously associated with another member firm Obtain a fingerprint card Contact the individual s prior employers or Broker/Dealer for prior three years Evaluate under the Firm s qualification standards for the appropriate job description If there are any yes answers on an applicant s Form U-4 or U-5, supplemental questionnaires, obtain explanations of such matters from the applicant and forward applicant s file to the designated Compliance Specialist Upon application by an individual prior to registration and at the time of any amendment to Form U-4 Copies of Forms U-4/U-5 Notes of meetings or conference calls with applicant or other references Compliance Specialist review In Registered Personnel File Six years after termination of Registered Person Report to Chief Compliance Officer Compliance Department Page 30 of 98

31 BACKGROUND INVESTIGATION PROCEDURE Designated Resourcing Associate If previously registered with another member firm, conduct an interview (which may be by telephone) of applicant to ascertain securities knowledge; review background investigation; evaluate under the Firm s qualification standards for the appropriate job description Upon application by an individual prior to registration Notes of meetings or conference calls with applicant or other references In Registered Personnel File Six years after termination of Registered Person Report to Chief Compliance Officer C. Fingerprinting Requirement Act Rule 17f-2 requires that the directors, officers and employees of a broker/dealer be fingerprinted in accordance with the requirements of the rule. In addition, a completed fingerprint card must be filed with each application for registration with the FINRA. Exemptions from the fingerprinting requirement apply to certain individuals who do not have involvement with the handling of money; securities or original books and records or who do not have supervisory responsibilities over such persons. Policy. The Firm requires all directors, officers and persons involved with the handling of money; securities or original books and records or who have supervisory responsibilities over such persons to submit to fingerprinting. The Licensing Department is responsible for collecting fingerprints in accordance with the following procedures: COMPLIANCE PROCEDURES Licensing Department Obtain fingerprints from required persons Concurrent with registration/association of the individual Copies of fingerprint cards In Registered/Associated Personnel Files Each Registered/Associated Person s file retained for at least six years after termination of Registered Person Refer to designated Compliance Specialist if applicant refuses to submit fingerprint cards or red flags arise from fingerprinting process Compliance Department Page 31 of 98

32 COMPLIANCE PROCEDURES Compliance Specialist Review information re: failure to submit fingerprint cards or any red flags noted from the Licensing Dept. forwarded by Licensing Dept. Memoranda of review In Registered/Associated Personnel Files Each Registered Person s file retained for at least six years after termination of Registered/Associated Person Refer to Chief Compliance Officer D. Examination and Initial Registration Requirements Requirement. Article V of the FINRA s by-laws provides that no member shall permit any person associated with that member to be involved in its securities business unless the member determines that such person satisfies the qualification requirements that have been established by the FINRA and is not subject to certain regulatory disqualifications. In order to qualify for registration, an associated person must satisfy FINRA standards with regard to training, experience and competency for registered persons. Currently, an associated person can meet these standards by satisfying applicable examination requirements and demonstrating that the applicant has not committed certain bad acts that would disqualify the applicant for registration. The examination requirements distinguish between Principals and Representatives and are tailored to the type of securities business in which the member firm and the individual will be involved. Registration with State Securities Commissions also may be required. Registration of a representative with FINRA and most states is accomplished by filing Form U-4, the Uniform Application for Securities Industry Registration or Transfer, for the rep on the CRD system, paying required fees, submitting fingerprint cards and demonstrating satisfaction of required examination requirements. FINRA Rule 1010 imposes requirements on the Principal responsible for CRD filings to maintain appropriate records of the electronic filing. Policy. Designated associates of the Licensing Department are responsible for verifying that all CUNA Brokerage Principals and RRs are appropriately licensed. The Licensing Department is directed to observe these procedures: Compliance Department Page 32 of 98

33 EXAMINATION AND REGISTRATION PROCEDURES Licensing Department Identify relevant examinations that applicant must satisfy Review Form U-4 for each applicant to ensure that form is properly completed Obtain signature/signoff from designated individual File Form U-4 and related materials with FINRA Notify applicant of effectiveness of registration Upon commencement of a person s association with Firm Upon receipt of confirmation of effectiveness from FINRA and states Documentation of RR association process Signed Form U-4 FINRA and state correspondence, confirmation of filing and effectiveness notices In Registered Personnel File Six years after termination of Registered Person Report to Compliance Specialist COMPLIANCE PROCEDURES Compliance Specialist Review any red flags noted from the Licensing Dept. forwarded by Licensing Dept. Memoranda of review In Registered Personnel Files Each Registered Person s file retained for at least six years after termination of Registered Person Refer to Chief Compliance Officer E. Amendments to Form U-4 and Other Changes in Registration Status Updated October 2011 Requirement. FINRA rules require that a registered person s Form U-4 be amended whenever the information reported therein changes. Changes in a registered person s responsibilities or securities activities may trigger additional examination and qualification requirements. Policy. Policies and other communications provided to Registered Personnel instruct them to promptly notify the Firm of any changes in the information on their Form U-4 so that an Compliance Department Page 33 of 98

34 amendment can be prepared and filed. Changes in a Registered Person s responsibilities or location also should trigger consideration of whether additional examination requirements apply. Designated associates of the Licensing Department or Compliance Dept. are responsible for filing amendments and are directed to observe these procedures: FORM U-4 UPDATING PROCEDURES COMPLIANCE PROCEDURES F. Dual Registration Licensing Department Associates and/or Compliance Specialist Determine whether event triggering amendment involves DRP disclosure or as a yes answer If yes (Licensing Specialist), forward to Compliance Specialist for review and defer proceeding to next step until receive signoff and disclosure instructions from Compliance Department If no, proceed with next step Prepare amendment to a RRs Form U-4 File amendment with FINRA Schedule examination if applicable Notify Registered Person of effectiveness of amendment to registration amended Form U-4 submitted for review Upon receipt of confirmation of effectiveness from FINRA and states Copy of Form U4 amendment In Registered Personnel File Six years after termination of Registered Person Report to Compliance Specialist (Compliance Officer if action taken by Compliance Specialist) Compliance Specialist Review any yes answers noted from the Licensing Dept. forwarded by Licensing Dept. Memoranda of review In Registered Personnel Files Each Registered Person s file retained for at least six years after termination of Registered Person Refer to Chief Compliance Officer Compliance Department Page 34 of 98

35 Requirement. Dual registration means being registered with two or more unaffiliated broker/dealers. Policy. Because of some state law requirements as well as supervisory and regulatory implications, the Firm generally prohibits dual registration of RRs. Dual registration must be approved by the Chief Compliance Officer. This policy is set forth in the Compliance Manual. Designated associates of the Licensing Dept. are responsible for maintaining compliance with the policy and are directed to observe these procedures: DUAL REGISTRATION PROCEDURE Licensing Department Confirm that RRs are registered only with the Firm Upon initial registration with the Firm Upon notification from the FINRA Annually through a compliance questionnaire Registered Personnel File Completed firm questionnaire Registered Personnel File Annual Compliance Questionnaire File Registered Person File: six years after termination Compliance Questionnaire: three years Report to Compliance Specialist COMPLIANCE PROCEDURES Compliance Specialist Review dual registration information request from the Licensing Dept. Determine if dual registration is acceptable Communicate decision to Licensing Dept. forwarded by Licensing Dept. Memoranda of review In Registered Personnel Files Each Registered Person s file retained for at least six years after termination of Registered Person Refer to Chief Compliance Officer G. Continuing Education Requirements Updated February 2013 Compliance Department Page 35 of 98

36 FINRA Rule 1250 requires registered personnel to comply with continuing education ( CE ) requirements. The Rule contemplates two elements: a Regulatory Element and a Firm Element. 1. Regulatory Element Requirement. The Regulatory Element ( RE ), which is set forth in Rule 1250(a), requires a RR to attend a Regulatory Element session within 120 days of the second anniversary of their registration and every three years thereafter. An individual who has not satisfied the Regulatory Element is specifically prohibited from performing his or her duties as a RR. Policy. The Firm will not knowingly permit a person to continue in his/her responsibilities if he/she has not satisfied the Regulatory Element. Designated associates of the Licensing Dept. are responsible for monitoring registered personnel compliance and are directed to observe these procedures: REGULATORY ELEMENT COMPLIANCE Designated associate of the Licensing Dept. Designate a contact person with FINRA for the purpose of receiving notifications from the CRD system re: regulatory CE requirements. Monitor FINRA CE Firm communications and queues Note FINRA registration dates and RE due dates and windows Notify all registered personnel when they must attend FINRA s RE training Review verification of attendance provided by the FINRA Review FINRA CE Firm Queues to confirm RE due dates for Registered Personnel Check periodically to identify registered personnel currently subject to RE requirements Send reminder notices to registered personnel Reports available from FINRA regarding RE compliance As part of FINRA Procedures in Licensing Department In Registered Personnel File Registered Personnel File six years after termination of Registered Person Notify Compliance Specialist if a Registered Person fails to satisfy the RE requirement so his or her activities can be restricted Follow up with the Registered Person and/or such person s supervisor, as appropriate Compliance Department Page 36 of 98

37 COMPLIANCE PROCEDURES 2. Firm Element Compliance Specialist Review activities of Registered Person during inactive dates to determine if any securities-related activities took place. failure notice forwarded by Licensing Dept. Memoranda of review Memoranda of any violations and remedial action in Registered Person file If no violation, memoranda of review in Compliance Dept. files Remedial action documentation in Registered Person s file retained for at least six years after termination of Registered Person Three years for memoranda of review and no violation found Refer to Chief Compliance Officer Requirement. The Firm Element ( FE ), which is set forth in Rule 1250(b), applies to any registered person who has direct contact with a member firm s customers and to the immediate supervisors of such persons (collectively, covered persons ). The member firm must maintain a continuing and current education program for its covered persons to enhance their securities knowledge, skill, and professionalism. At least annually, each member firm must evaluate and prioritize its training needs and develop a written training plan. At a minimum the plan must cover the general investment features and associated risk factors, suitability and sales practice considerations, and applicable regulatory requirements for the securities products, services and strategies offered by the member firm. A member must administer its CE programs in accordance with its annual evaluation and written plan and must maintain records documenting the content of the programs and completion of the programs by covered persons. Policy. The Firm has adopted a CE program. A designated Compliance Department Associate is responsible for administering the training program and is directed to observe these procedures: Compliance Department Page 37 of 98

38 FIRM ELEMENT COMPLIANCE Compliance Specialist Note status of registered persons as covered persons Notify registered persons of Firm Element training Verify completion Annually Records and reports maintained by the Firm Notices sent to covered persons In Broker/Dealer Files Three years Notify Chief Compliance Officer if a covered person fails to satisfy the Firm Element requirement Follow up with the covered person and/or such person s supervisor as appropriate H. Compensation Requirement. FINRA Rules regulate compensation paid to registered persons with respect to particular securities. In addition, the FINRA has taken the position that no person can be paid transaction-based compensation unless registered and unless qualified to engage in the underlying securities transactions. The FINRA and the SEC also take the position that a registered person cannot assign or share securities compensation to or with a person that is not also registered as a broker-dealer or registered person associated with a broker/dealer. FINRA Rules 2800 address special products and generally prohibit anyone other than the member firm from paying cash or noncash compensation for the sale of special products to a RR associated with a member firm. Noncash compensation is permitted only if certain conditions are met. Record keeping requirements apply. Policy. The Firm prohibits Registered Persons from sharing compensation with unregistered persons. This prohibition is set forth in agreements and in the Compliance Manual. The Legal Department is responsible for review of compensation arrangements for compliance with FINRA rules, and is responsible for periodically monitoring compensation arrangements for variable products to ensure compliance with the Firm s policy and FINRA s Rules. 1. Legal Review of Arrangements. The Legal Department is directed to review all forms of RR agreements and compensation programs for compliance with applicable compensation rules. Compliance Department Page 38 of 98

39 COMPLIANCE PROCEDURES Law Specialist or designated associate of Legal Operations Review forms of agreements and compensation schedules Review any proposed amendments or modifications to agreements or schedules As Form Agreements and Compensation Schedules or programs are developed or requests for modifications arise Contracting Dept. Files Contracting Dept. File Life of Contract Report to the Chief Compliance Officer 2. Maintenance of Agreements. The Contracting and Compensation Depts. are responsible for retaining signed RR or Credit Union/Credit Union Service Organization agreements where applicable. COMPLIANCE PROCEDURES Contracting and Compensation associates Maintain signed agreements and compensation schedules As contracts are executed Copy of contract Contracting Files (RR), Compensation Files, (CU/CUSO) Six years after termination of agreement Report to Chief Compliance Officer I. Outside Activities Updated January 2013 Requirement. There are rules that apply to other activities, business interests and investments a registered person may have outside the Firm s business. Depending on the nature of the activity, interest, or investment, notification or approval requirements may be triggered. FINRA Rule 3270 states that a registered person is prohibited from being an employee, independent contractor, sole proprietor, officer, director or partner of another person, or being compensated, or having the reasonable expectation of compensation, from any other person as a result of any Compliance Department Page 39 of 98

40 business activity outside the scope of the relationship with his or her member firm, unless he or she has provided prior written notice to the member, in such form as specified by the member. Passive investments and activities subject to the requirements of NASD Rule 3040 shall be exempted from this requirement. NASD Rule 3040 prohibits an associated person from participating in any manner in a private securities transaction except with the approval or acknowledgment of the member. In the case of an approved transaction, the member is required to supervise the participation and record the transaction on its books and records. A private securities transaction is defined as any securities transaction outside the regular course or scope of the associated person s employment with a member. Excluded from the definition are transactions among immediate family members for which no associated person receives any selling compensation, personal transactions in investment company and variable annuity securities, and transactions subject to the notification requirements of Rule 3050 (that is, transactions effected through an account with another member firm). If a transaction is a private securities transaction, the associated person must obtain member approval if selling compensation will be received and member acknowledgment if no selling compensation will be received. Selling compensation is defined as any compensation paid directly or indirectly from whatever source in connection with or as a result of the purchase or sale of a security, including, though not limited to, commissions, finders fees, securities or rights to acquire securities, rights of participation in profits, tax benefits or dissolution proceeds as a general partner or otherwise or expense reimbursements. Private securities transactions include offering variable products or effecting transactions in other securities (including limited partnership interests) through another broker/dealer firm or on behalf of an issuer or sponsor of the security. Private securities transactions may also include certain investment advisory activities. Finally, NASD Rule 3050 requires that registered persons report to their firm all personal brokerage accounts and accounts in which they have a beneficial interest or discretionary authority to their firm. This requirement is not applicable to accounts solely for variable products, open-end mutual funds, and unit investment trusts. Policy. The Firm has adopted policies prohibiting any Registered Person from engaging in any outside business activity or private securities transactions in any capacity without prior approval from the Firm. FINRA a Registered Person may not participate in any business activity outside the scope of the relationship with the Firm unless he or she has provided prior written notice to the Firm. NASD 3040 the firm prohibits any Registered Person from engaging in private securities transactions in any capacity other than for personal investment purposes and then only with prior written approval of the Firm. NASD 3050 if a Registered Person has established brokerage accounts with other firms prior to associating with the Firm, they must notify the Compliance Department of such account. If a Registered Person elects to establish an account with another firm after joining the Firm, notification should be directed to the Compliance Department upon establishment of the account. Compliance Department Page 40 of 98

41 REVIEW PROCEDURES Designated Compliance Department Associate Review pertinent submitted correspondence or form and determine applicable FINRA or NASD Rules and next steps If correspondence pertains to Outside Business Activities: Determine whether outside business activities are consistent with Registered Person s duties and Firm policies (i.e. no conflict of interest). Follow-up action for untimely notices will be addressed case by case. Communicate reasons for rejection or restrictions/limitations placed on a proposed activity to the Registered Person. If correspondence pertains to private securities transactions: Decide whether to approve or disapprove private securities transaction Communicate approval or disapproval to Registered Person Instruct appropriate persons to supervise and record transactions on the Firm s books and records if approved Maintain file of all correspondence submitted re: private securities transactions noting the submitting person, the Registered Person requesting permission to take certain action, findings and disposition If correspondence pertains to an outside brokerage account: Request duplicate statements from the executing member per Firm s procedures Review account statements to ascertain that trading does not appear to violate securities regulations If acceptable, initialize account statements or other reports If not acceptable, communicate to registered person stating that trading must end, noting the reasons why the trading violates applicable law or Firm policy Maintain record of all Registered Personnel for whom account statements are being reviewed As Registered Person submits pertinent correspondence Upon becoming aware that a Registered Person is engaging in triggering activities Correspondence, account statements, or reports Communications to Registered Personnel Compliance Department files Rep Personnel File Outside Business Activity: Three years Outside Account Reviews: Prior quarter s statements Report to Chief Compliance Officer if any red flags arise from review Compliance Department Page 41 of 98

42 J. Termination of Registration Updated October 2011 Requirement. Article V, Section 3 of the FINRA by-laws requires member firms to file a Form U-5, the uniform termination notice for securities industry registration, within thirty days after the termination of a registered person. If the individual is terminated for reasons other than death or voluntary resignation, a narrative explanation is required. Policy. Termination can result from a number of factors. Sales managers or support team members or Supervising Principals are required to notify the Licensing Department if a RR subject to their supervision resigns or becomes unavailable. A RR licensed with the employing insurance company may be terminated which may trigger an automatic termination of registration with the Firm. The insurance company is obligated to notify the Firm upon the termination of any agent who is a RR. The Firm itself may take action to terminate the registration of a RR due to lack of production or failure to comply with the securities regulations or the Firm s rules. Any such action would involve the Compliance Department. Upon receiving notice of a termination, the Licensing Department is responsible for filing a Form U-5 with the CRD system. If the termination is for cause, an associate of the Compliance Department shall investigate the matter in accordance with procedures for Form U4 and U5 and Bad Acts Disclosure Review. TERMINATION REPORTING PROCEDURES Sales Manager, Licensing Dept. and/or Compliance Dept. Associate Determine reason for termination. If for cause, a Compliance Department Associate shall review and provide instructions for filing the U5. If not for cause, proceed with next step Prepare, review and finalize Form U-5 Report If the RR terminated is a Principal or Supervisor of the Firm, inform appropriate Waverly OSJ Supervisor so that a replacement is designated Upon receiving notice of a termination of a Registered Person, to be completed within 30 days of termination Copy of Form U-5 as filed with the CRD System Confirmation of filing from the CRD In Registered Person s Personnel File Six years after termination of Registered Person Report to Chief Compliance Officer K. Form U-4 and U-5 and Bad Acts Disclosure Review Updated June Compliance Department Page 42 of 98

43 Requirement. FINRA rules require member firms to disclose on a registered person s Form U-4 or U-5 certain information relating to disciplinary, investigation, litigation, termination or certain other adverse matters. Certain bad acts may also trigger immediate reporting requirements under Rule Policy. It is the Firm s policy for the Compliance Department Associate to review a situation for possible disclosures. 1. Compliance Department Associate Review DISCLOSURE REVIEW PROCEDURES Designated Compliance Department Associate Review situation possibly meriting U-4, U-5 or bad act disclosure Investigate all terminations for cause or permitted to resign cases Prepare material and review with Chief Compliance Officer Direct approved updates made to CRD and/or 4530 Application Upon receiving notice of potential disclosure item. Within 30 days for required update to Form U4 or U5. Within 30 calendar days after the member knows or should have known of an applicable event. Notes to File; Forms U4, U5, 4530 filings In Registered Person s Personnel File FINRA CRD System Six years after termination of Registered Person Report to Chief Compliance Officer Compliance Department Page 43 of 98

44 2. Chief Compliance Officer DISCLOSURE APPROVAL PROCEDURE V. INSIDER TRADING Chief Compliance Officer (or designated principal) Review and approve Forms U4; U5 disclosures for cause, permitted to resign and bad act disclosures Upon receiving recommendation from Compliance Department Associate; to be completed within 30 days of event Initial or signature on applicable document In Registered Person s Personnel FINRA CRD System Six years after termination of Registered Person Report to the President Requirement. SEC Rule 10b-5 under the 1934 Act makes it unlawful for any person to misuse, either directly or indirectly, any material, non-public information. Material, non-public information is any information which has not been publicly disseminated and which a reasonable investor might consider important in making an investment decision. Examples of the types of information likely to be deemed material include but are not limited to, the following: Dividend increases or decreases Earnings estimates or material changes in previously released earnings estimates Significant expansion or curtailment of operations; Significant increase or decline in revenues Significant merger or acquisition proposals or agreements, including tender offers Significant new products or discoveries Extraordinary borrowing or liquidity problems Major litigation; Extraordinary management developments; and The purchase and sale of substantial assets. The Insider Trading and Securities Fraud Enforcement Act of 1988 (the Insider Trading Act ) effectively makes an organization liable for the misuse of material, non-public information by its associated persons if the organization does not have policies and procedures designed to detect and prevent the misuse of material, non-public information. Policy. The Firm has adopted a policy prohibiting its associated persons who are in possession of any material, non-public information relating to a security from: Purchasing or selling such securities for their own accounts, for accounts in which they have a beneficial interest or over which they have the power, directly or indirectly, to make investment decisions; or Compliance Department Page 44 of 98

45 Disclosing such information or conclusions based thereon to any other person, in or outside the Firm. INSIDER TRADING PROCEDURE Designated Compliance Department Associate Discuss any transaction that may appear to violate the Firm s Insider Trading policy with the Compliance Manager and/or CCO. Distribute Insider Trading Policy periodically As account statements or other information is received Periodic distribution of Insider Training Policy Initialing reviews on duplicate account statements or other reports Communications to persons Account statements, other reports, letters and any other communications in file of relevant Registered Person Account statements or reports are retained until the following quarter s statements are reviewed Registered Person s Personnel File retained for six years after termination Chief Compliance Officer VI. FINANCIAL, OPERATIONAL AND REPORTING ACTIVITIES A. Net Capital Requirements Updated February 2013 Requirement. SEC Rule 15c3-1 imposes net capital requirements on broker/dealers. Unless the broker/dealer is operating under the Alternative Standard, the firm must satisfy two tests: a minimum dollar amount of net capital; and a maximum ratio of aggregate indebtedness to net capital. SEC Rule 17a-11 requires a broker/dealer to give notice to the SEC the same day if its net capital falls below minimum requirements. Policy. The Firm calculates its initial net capital using the Aggregate Indebtedness Standard in Rule 15c3-1(a)(1)(v) under the 1934 Act. All the necessary reports relating to the Firm s net capital is preformed under the general supervision of the FinOp Principal. Both manual and system processes are used in the financial account. Specific procedures are maintained and retained in the Finance area. The FinOp Principal or designated person on his/her staff are directed to observe the following procedures in complying with net capital requirements: Compliance Department Page 45 of 98

46 NET CAPITAL PROCEDURE Financial Accounting Technician-Broker Dealer, FinOp Calculates a modified cash basis net capital daily. Review proofs of money balances in ledger accounts and computations of aggregate indebtedness and net capital Review net capital computations for FOCUS Reports Informs the FinOp Principal if net capital falls below 120% of the minimum or the indebtedness ratio. FinOp will make contact pursuant to 1934 Act Rule 17a-11, if warranted. At least monthly As needed for SEC Rule 17a-11 FinOp initials the monthly Net Capital Calculation Records of computations In Financial Operations Reports File Three years Report to President and Chief Compliance Officer if any filings pursuant to 1934 Act Rule 17a-11 need to be made or if any other net capital or financial problems arise B. Financial Accounting Updated February 2013 Requirement. SEC Rules 17a-3 and 17a-4 require broker/dealers to maintain various blotters, ledgers, and other accounts relating to their business activities. Policy. The Firm s financial accounting relates primarily to recording dealer concession in connection with the sale of variable products, commissions paid, and miscellaneous business expenses. Accounting procedures include manual and system processes. Specific procedures for the functions are maintained and retained in the Finance area. This accounting is performed under the general supervision of the FinOp Principal. The FinOp Principal is directed to observe the following procedures: Compliance Department Page 46 of 98

47 ACCOUNTING PROCEDURES FinOp Principal, Finance associates, and/or Internal Auditing, CBSI Operations staff Review reports and perform analysis of financial results Quarterly Internal Auditing and Internal Operations reviews Routine reconciliation and analytical reviews In Financial Operations Dept. records In Operations records Three years Report to President and Chief Compliance Officer C. Financial Reporting Requirement. The 1934 Act imposes extensive financial reporting requirements on registered broker-dealers. The FOCUS Report is the primary report form. Under SEC Rule 17a-5, brokerdealers subject to limited net capital requirements are required to file FOCUS Reports quarterly and FINRA Rule 4524 requires supplemental information be filed. In addition, audited financial statements must be filed annually. Broker-dealers must also file notification of their outside auditor. Rule 17a-5 also requires certain broker-dealers to provide financial statements to its customers. As a fully disclosed, introducing broker-dealer, is exempted from this disclosure requirement under Rule 17a-5(c)(1)(i). Policy. The Firm observes a fiscal year based on the calendar year. The Firm files FOCUS Reports quarterly and its financial statements annually. The Firm is required to file FOCUS Reports and financial statements with the FINRA. The FinOp Principal is responsible for generating the required reports. The Firm intends to rely on the exemption in Rule 17a-5(c)(1)(i) and not send financial statements to its customers. If circumstances change, and an exemption is no longer applicable for any reason, the Firm will comply with the disclosure requirements. The FinOp Principal is directed to observe the following procedures: Compliance Department Page 47 of 98

48 FOCUS REPORTING PROCEDURES FinOp Principal Review, finalize and file all reports with appropriate regulatory agencies FOCUS Reports are due quarterly Annual audited financial statements are due 60 days after fiscal yearend Copies of reports as filed with regulators including the FINRA website. Notes of review of reports In Financial Operations Files Three years Report to President and Chief Compliance Officer D. Financial Reporting Responsibility for General Ledger Accounts and Identification of Suspense Accounts Updated February 2013 Requirement. FINRA Rule 4523 requires an associated person of the Firm be designated as the person responsible for each general ledger bookkeeping account and account of like function used by the member firm. Such associated person shall control and oversee entries into each such account and shall determine that the account is current and accurate as necessary to comply with all applicable FINRA rules and federal securities laws governing books and records and financial responsibility requirements. The name of the designated person must be retained for a period not less than six years. Each member must record, in an account identified as a suspense account, money charges or credits and receipt or deliveries of securities whose ultimate disposition is pending determination. A record must be maintained of all information known for each item. Policy. The Firm will designated an associated person responsible for each general ledger bookkeeping account and account of like function (if used). S/he shall control and oversee entries into each account and shall determine, to the best of his/her knowledge that the account is current and accurate as necessary to comply with all applicable rules and laws governing financial responsibility requirements. The name of the designated person shall be listing in the Firm s Appendix A. (Currently the person responsible for Financial Reporting.) Compliance Department Page 48 of 98

49 RESPONSIBILITY FOR GENERAL LEDGER ACCOUNTS PROCEDURES Designated Associated Person (Person responsible for Financial Reporting) Control and oversee entries into general ledger accounts, including a suspense account as noted in the requirements. As frequently as necessary considering the account, but at least monthly Notes of review of accounts or reports In Financial Operations Files Six years Report to President and Chief Compliance Officer E. Cash Transaction Reporting, Bank Secrecy Record Keeping Requirement. Rule 17a-8 under the 1934 Act requires every registered broker-dealer that is subject to the requirements of the Currency and Foreign Transactions Reporting Act of 1970 (the Currency Act ) to comply with the reporting, record keeping, and record retention requirements of Part 103 of Title 31 of the Code of Federal Regulations. Among other things, 31 C.F.R. 103 generally requires a broker-dealer to report within 15 days any currency transactions (e.g., cash purchase payments) in excess of $10,000 on any single business day by any particular customer or for any particular account. The Bank Secrecy Act requires broker-dealers to collect and maintain (for at least five years) certain specified information concerning the transmitter and recipient of funds when transmitted in amounts of $3,000 or more. No reporting is required under the Bank Secrecy Act, although broker-dealers are directed to contact appropriate regulators or law enforcement agencies if there is any suspicion of illicit or other reportable activity. Policy. The Firm has adopted a policy prohibiting the Firm and its RRs from accepting any cash or currency as payment for any security purchase. All checks received for payment must be payable either to the product sponsor, the Clearing Firm; however, pursuant to, and in accordance with Rule 15c3-3(k)(2)(I) under the 1934 Act, the Firm may accept wire orders or checks made out in its name. Should any transaction be subject to the Currency and Foreign Transaction Reporting Act of 1970, the following procedures apply: Compliance Department Page 49 of 98

50 CASH REPORTING PROCEDURES Cashiering Principal or designated Cashiering Associates Review, finalize and file reports as required Review records of funds transmitted Within 15 days following the transaction Copy of each report filed under the Currency Act Maintenance of required information under the Bank Secrecy Act In Currency Reports File Notations in Customer Accounts File Life of the Firm under the Currency Act Five years from the date of funds transmission under the Bank Secrecy Act Report to Chief Compliance Officer F. Customer Complaint Handling Requirement. FINRA Rule 4513 requires members to maintain files regarding customer complaints. Policy. The Compliance Manual instructs RRs to route or otherwise promptly report all complaints received to the Compliance Department. The Compliance Department has overall responsibility for reviewing the tracking system to identify complaints relating to the Firm or its Registered Personnel, and to investigate and respond to those complaints. The Firm maintains records of all written complaints received, and records relating to the resolution of the matter. It also maintains a log of all customer complaints. The Compliance Department Associate is responsible for following the complaint handling procedures described below: Compliance Department Page 50 of 98

51 COMPLAINT HANDLING PROCEDURES Compliance Department Associate Investigate and respond to complaint Maintain a log of customer complaints, investigations, actions taken, and other relevant information As complaints are received Copies of written complaints, copies of any reports and notes relating to the investigation Complaints Log Complaint Files Complaint Log Four years Refer to Chief Compliance Officer F. Adverse Events Filings Updated June 30, 2011 Requirement. FINRA Rule 4530 requires a member firm to promptly report certain adverse events. Certain adverse events also must be reported on a firm s Form BD. In order to ensure that a firm complies with the requirement, it must have in place a procedure for collecting and retaining information that could potentially be reportable. Policy. The Firm has assigned the Compliance Specialists the responsibility to collect and review information relating to adverse events. COMPLIANCE PROCEDURES Compliance Specialist Determine whether an adverse event or action triggers reporting obligations under Rule 4530 and/or effects amendment to the Firm s Form BD As information of adverse events, actions, and/or developments is received By copies of information relating thereto FINRA CRD System Compliance files Six years Report to the Chief Compliance Officer G. Reporting of Specified Events and Customer Complaints Compliance Department Page 51 of 98

52 Requirement. FINRA Rule 4530(a) requires a member firm to promptly report, but no later than 30 calendar days, certain specified events after the member knows or should have known of the existence of the events noted in the Rule. Section 4530(b) requires a firm to promptly report to FINRA, but no later than 30 calendar days after the firm has concluded, or reasonably should have concluded, on its own that the firm or its associated person has violated any securities-, insurance-, commodities-, financial- or investment-related laws, rules, regulations or standards of conduct of any domestic or foreign regulatory body or SRO. Note that the firm must report only conduct (by the firm or associated person(s)) that has widespread or potential widespread impact to the firm, it customers or the markets. Rule 4530 also requires a member firm to report to the FINRA statistical and summary information regarding customer complaints for the previous quarter if the Firm received customer complaints during the quarter. Each member must file with FINRA copies of certain criminal actions, civil complaints and arbitration claims. Amendments to the Firm s Form BD or a registered person s Form U-4/U5 also may be warranted. Policy. The Firm has directed the Compliance Specialist to prepare and file reports or updates to Forms BD/U4/U-5 and/or the 4530 Application as appropriate that are required under these reporting requirements. The Chief Compliance Officer shall be responsible for determining when an internal conclusion of violation(s) requires reporting under Rule 4530(b). REPORTING PROCEDURES Compliance Specialist Prepare and file any event reports and any customer complaint reports Consider whether Form BD, U-4, U-5 disclosures should be filed or whether a 4530 Application filing is warranted. Provide copies to FINRA of applicable actions, complaints, claims. Upon being informed of reportable event, with reports to be filed: Within 30 days after the Firm learns of an event By the 15th day of following quarter in the case of summary customer complaint report Copies of reports/reviews FINRA CRD System, if applicable Registered Person s Personnel File, if applicable Compliance Files Six years Report to the President Compliance Department Page 52 of 98

53 H. Books and Records Requirement Act Rules 17a-3 and 17a-4 impose extensive record keeping requirements on broker/dealers. See also Financial Accounting in this Manual. FINRA Rule 4511 is the primary rule setting forth FINRA record making and record keeping requirements. Policy. The Firm has established the files identified in Appendix B to this Manual and has directed that various departments and supervisors maintain specified records. CUNA Mutual Group maintains certain books and records although the Firm remains responsible for their maintenance. The Compliance Department is responsible for overseeing the maintenance of books, records and files by the Firm s various departments and will coordinate with CUNA Mutual. Monitoring procedures are described below: RECORD KEEPING PROCEDURES Designated Department Managers/Principals per Appendix B Ensure that the books and records required by applicable 1934 Act and FINRA rules are appropriately maintained As required Per Appendix B Per Appendix B As required Report to the Chief Compliance Officer I. Regulatory Inspections Requirement. The FINRA, SEC and state securities commissions have authority to examine a broker/dealer s operations. Examinations may result in recommended or required changes. Policy. The Firm s policy is to cooperate in such examinations. The Chief Compliance Officer or designated principal is directed to coordinate the examination, and the Firm s response to requests or deficiency letters, following these procedures: Compliance Department Page 53 of 98

54 EXAMINATION PROCEDURES Chief Compliance Officer (or designated principal) Coordinate regulatory examination Cooperate and respond to requests and comments from examiners Report examiners comments to President Develop action plan for implementing changes in response to examiner comments in accordance with the time lines set by the regulatory agency As needed Audit Report from examiner Firm Response In Examination File Three years Report to the President VII. DEALING WITH CUSTOMERS, OTHER BROKER/DEALERS AND SERVICE PROVIDERS A. Dealing with Customers Requirement. FINRA Rule 2010 requires a member to observe, in the conduct of business, high standards of professional honor and just and equitable principles of trade. Formal FINRA interpretations under this rule prohibit member firms from engaging in certain types of trading practices (e.g., free-riding and withholding, trading ahead of customer limit orders, frontrunning, trading ahead of research reports, intimidation/coordination) which are deemed to violate the general proposition of Rule 2010 requiring a member to observe high standards of commercial honor and just and equitable principles of trade. Policy. The Firm has adopted a policy to deal fairly with its customers. This standard shall inform and guide Registered Persons as they address issues for the Firm. B. Maintenance of Customer Account Files Requirement. FINRA Rule 4512 and SEC Books & Records Rules require each member to maintain, for each customer account, specific information. Certain additional record keeping requirements apply to discretionary accounts. Policy. The application forms developed for use by RRs solicit the required information. Customer account data is maintained in the back office system at the Waverly OSJ. RRs also are instructed to report updated active account information to the Waverly OSJ as necessary. The Firm has charged the New Accounts Area(s) with the responsibility to ensure that the required information is collected. Compliance Department Page 54 of 98

55 CUSTOMER RECORDS New Accounts Area Principals Review and accept or deny new account Supervise New Accounts associates obtain required customer information and maintain required data in the back office system As appropriate Appropriate customer record New Accounts Blotter Customer Account File For life of account plus six years Report to Chief Compliance Officer D. Review of Transactions Updated July 2012 Requirement. NASD Rule 3010(d) requires a registered principal to review and endorse securities transactions affected through a member firm. If the transaction is recommended by a member, FINRA Rule 2111 states a member or an associated person must have a reasonable basis to believe that a recommended transaction or investment strategy involving a security or securities is suitable for the customer, based on the information obtained through the reasonable diligence of the member or associated person to ascertain the customer s investment profile as defined in the Rule. Policy. The Firm requires all RRs to determine that a transaction is suitable for a customer prior to making a recommendation and submitting a securities transaction. The Firm has designated principal(s) to review transactions for suitability in accordance with the following procedures: PRINCIPAL REVIEW AND ENDORSEMENT PROCEDURES Designated Principal(s) Review orders appearing on exception reports for suitability in accordance with Firm policies and procedures Request additional information from RR if any questions or discrepancies During blotter reviews Principal s initials or ID number on blotter and exception transactions Daily transaction blotters Exception transactions Compliance Department Page 55 of 98

56 Daily transactions blotters: six years Exception Reports: 18 months Report to Chief Compliance Officer E. Review of Customer Accounts Requirement. NASD Rule 3010(c) requires each member to conduct a periodic examination of customer accounts to detect and prevent irregularities or abuses. Policy. The Firm has directed the Compliance Department to conduct periodic examinations of customer accounts, observing these procedures: IMPLEMENTATION Compliance Specialists and/or Supervising Principals Review sample of customer account Files for compliance with Firm policies and procedures : blotter reviews, internal reviews, branch inspections, ad hoc reviews Internal review reports Branch office inspections Other ad hoc customer file notations Branch office inspection files Three years Report to Chief Compliance Officer F. Customer Funds and Securities Updated June 30, 2011 Requirement. FINRA Rule 2330(a) prohibits any member firm or person associated with a member firm from making improper use of a customer s securities or funds. Rule 2330(b) requires adherence to the provisions of SEC Rule 15c3-3 with respect to obtaining possession and control of securities and the maintenance of appropriate cash reserves. A broker-dealer complying with the $50,000 net capital standard set forth in SEC Rule 15c3-1(a)(2)(iv) is prohibited from holding customer funds or securities beyond noon of the business day following receipt. A broker or dealer is deemed to promptly transmit all funds and to promptly deliver all securities within the meaning of paragraphs (a)(2)(i) and (a)(2)(v) of this section where such transmission or delivery is made no later than noon of the next business day after the receipt of such funds or securities; provided, however, that such prompt transmission or delivery shall not be required to be effected prior to the settlement date for such transaction. Rule 2330(c) prohibits members from lending, either to itself or to others, securities carried for the account of any customer without the customer s written authorization. Rule 2330(d) requires members to segregate and identify securities held for the account of any customer. FINRA Rule 2150 (c) Compliance Department Page 56 of 98

57 prohibits members or associated persons thereof from sharing in the profits or losses in any customer account except under limited circumstances. (Updated September 18, 2014) State of Oklahoma Department of Securities specifically requires us to note that all securities and funds received from a person for the purpose of being deposited into a customer account, once it is opened should be treated as securities and funds of a customer. Policy. The Firm has adopted procedures to ensure that customer funds or securities are promptly forwarded to the issuer or (the Firm s clearing broker/dealer). The Compliance Manual advises RRs of this duty to forward customer funds or securities. Designated principals are responsible for compliance with the policy and are directed to follow the procedures below. Reviews of RR activity and inspections of RR offices will include reviews of their operations to ascertain compliance with this policy. INSPECTION PROCEDURE Designated Principal(s) and designated associates Monitor the submission of applications, payments and refunds to ascertain timeliness As fund direct applications are processed As brokerage account funds are received for deposit During RR reviews and branch office exams Notations in customer file Branch office inspection file Electronic check blotter Customer account file Inspection file Electronic check blotter Three years Report to Chief Compliance Officer G. Prohibition Against Guarantees Requirement. FINRA Rule 2330(e) prohibits any member or associated person thereof from guaranteeing a customer against loss in any securities account of such customer carried by the member or in any securities transaction effected by the member with or for such customer. Policy. The Firm prohibits RRs from making guarantees by the Firm. This policy is set forth in the Compliance Manual. H. Do Not Call Updated February 2013 Requirement. FINRA Rule 3230 governs telemarketing. Generally, this rule prohibits any member or associated person thereof from (a) calling any residence for the purpose of soliciting Compliance Department Page 57 of 98

58 the purchase of securities or related services after 9:00 p.m. in the evening or before 8:00 a.m. in the morning with some exceptions. Policy. RRs are to follow the Firm s Do Not Call policies and procedures contained on the advisor website. Additional information can be found in the Compliance Manual. The Firm has assigned the Field Compliance Managers and/or Supervising Principals for reviewing compliance with Rule 3230 in their oversight of RRs activities. COMPLIANCE PROCEDURE Field Compliance Managers, Supervising Principals Review for compliance with policy and procedures during branch office exams Ongoing Corporate Do Not Call System Branch office inspection Corporate Do Not Call System Branch office inspection Three years Report to Chief Compliance Officer I. Gifts and Gratuities Requirement. FINRA Rule 3220 prohibits payments, directly or indirectly, to the Firm s associated persons by another broker/dealer, or by the Firm to another member s associated persons. Gifts and non-cash compensation, such as meals and or travel reimbursements, is also addressed in this Rule. Policy. The Firm has developed guidelines for RRs regarding cash, non-cash compensation and receipt of gifts or gratuities from sources such as other broker-dealers and vendors of the Firm. The Compliance Department is responsible for communicating the policy and is directed to observe these procedures: IMPLEMENTATION Compliance Department Associate Advise RRs of policy Answer questions about policy Review RR requests for compensation, reimbursements; gifts received or given Compliance Department Page 58 of 98

59 Written copy of cash/non-cash policy Logs of compensation/reimbursement/gifts Policy: Compliance Manual Logs: Compliance Dept. electronic files Compliance Manual: Three years after last use (Compliance Manual retention period) Logs: Six years Report to Chief Compliance Officer Peridically J. Business Arrangements with Others Requirement. Broker-dealer firms customarily enter into business arrangements with other organizations, such as service providers or other broker-dealer firms. NASD Rule 2420 prohibits member firms from sharing compensation for securities transactions with non-member firms. Some business arrangements between member firms are subject to specific Conduct Rules. For example, clearing arrangements must comply with FINRA Rule 4311, and selling agreements between member firms may be subject to Conduct Rules governing the security at issue, such as the FINRA Rule 2320 for variable contracts and FINRA Rule 2342 for mutual funds and other investment company securities. Policy. The Firm has adopted a policy of not sharing compensation with a non-member firm in violation of NASD Rule 2420 or other pertinent regulatory guidance. (This Manual also addresses procedures for complying with FINRA Rules regarding Special Products.) The Legal Operations area is responsible for reviewing business arrangements for compliance with the Firm s policy and applicable rules and is directed to observe these procedures: IMPLEMENTATION Legal Operations Associate Review contractual arrangements for compliance with FINRA rules As they are being negotiated Approval of contract In Corporate Contract Records Six years after termination of arrangement Report to Chief Compliance Officer K. Extension of Credit to Customers Compliance Department Page 59 of 98

60 Requirement. FINRA Rule 4210 regulates the extension of credit by a broker/dealer to its customers. Regulation T, adopted by the Board of Governors of the Federal Reserve System, also regulates the extension of credit by broker/dealers. Policy. The Firm has adopted a policy prohibiting the extension of credit to customers (other than the availability of margin accounts through the clearing firm). This policy is set forth in the Compliance Manual. VIII. COMMUNICATIONS WITH THE PUBLIC Updated February 2013 FINRA and SEC rules relating to communications with the public apply to materials the Firm produces in connection with its activities, including recruiting agents, training agents, and updating policyholders. A. Securities Communications Requirement: All securities-related communications must be produced, reviewed and filed in accordance with FINRA Rule The material must follow the regulations regarding content and be reviewed and approved by the designated advertising compliance unit in the home office prior to use with the public and, unless exempted by rule, filed with the FINRA. Retail Communication is defined as any written (including electronic) communication that is distributed or made available to more than 25 retail investors within any 30 calendar-day period. Institutional Communication is defined as any written (including electronic) communication that is distributed or made available only to institutional investors. It does not include a broker-dealer s internal communications. Institutional investors are defined in Rule 2210 and in Rule 4512(c). No communication may be labeled an institutional communication is there is reason to believe that the communication or any part of it will be forwarded or otherwise made available to any retail investor. Correspondence is defined as any written (including electronic) communication that is distributed or made available to 25 or fewer investors within a 30 calendar day period. Specific policies regarding communications with the public in general are contained in the Compliance Manual for RRs and in the Supervising Principals Manual for supervisors. Policy. The Firm has established institution and retail communications review program. Retail communications are much more prevalent in the Firm s business at this time. However, there may be institutional communications from time to time. The Compliance Department is responsible for the program and is directed to observe these procedures: Compliance Department Page 60 of 98

61 RETAIL AND INSTITUTIONAL REVIEW PROCEDURES How Evidences Where maintained If irregularities are found Review procedure Advertising Compliance Specialist Review all retail and institutional communications produced or used by the Firm for compliance with applicable regulatory requirements as well as factual accuracy prior to its use Ensure that materials intended solely for internal use have appropriate legends Verify that no prohibited statements are made and that the identification of non-registered business locations (e.g., in telephone directories, on business cards and letterhead) is accompanied by all necessary disclosures Maintain records of all material submitted to for approval, noting date, submitting person, identifying title or number, intended use and ultimate disposition File with the FINRA if applicable Communicate comments and approval or disapproval to submitting person Maintain file of material filed with FINRA, including correspondence Material must be approved by Compliance Department in advance of use or filing with the FINRA As submitted for review Initial and date or otherwise indicate approval on each item of sales literature or advertising approved for use Initial, date, indicate disapproval and reason for disapproval on each item of sales literature or advertising rejected for use If filed with FINRA, FINRA written responses Communication to submitting person clearing or rejecting piece for use In Advertising Compliance System; Final Copy at branch location Three years after last use of item Report to Chief Compliance Officer B. Speaking Engagements/Media Participation, Scripts or Outlines Requirement. The text, script, or outlines for speaking engagements are treated as retail communications (unless it is easily determined the audience is institutional investors) and must be approved prior to use and filed with the FINRA if necessary. Policy. The Firm recognizes that its RRs may from time to time speak on various aspects of the Firm s business to groups or individuals or perhaps on the radio or television. The Compliance Manual instructs RRs that they are to provide the Compliance Department in advance in writing. Compliance Department Page 61 of 98

62 SPEAKING ENGAGEMENT REVIEW PROCEDURES Compliance Department Review material provided by RR for approval If applicable, file with FINRA Communicate approval or disapproval to RR Notes in Advertising System As submitted for review and approval Initial and date the approved outlines/agendas along with written information provided by the RRs involved Communication to RR regarding approval or disapproval Notations in Advertising System Advertising Files Three years after date of communication Report to Chief Compliance Officer C. Outgoing Written Correspondence Requirement. Rule 3010(d) requires that a member firm establish procedures for the review by a registered principal, in writing, of written correspondence (paper or electronic) of its registered representatives with the public relating to the securities business of the member. (Note that form letters are considered retail or institutional communications.) Policy. The Compliance Manual states the Firm s policy and procedures regarding customer correspondence. The Firm s policy requires RRs to maintain a correspondence log and states procedures for the handling of outgoing correspondence. The Supervising Principals are responsible for reviewing the correspondence. The Designated Principal for each home office area is responsible for reviewing outgoing correspondence generated from his/her area. Compliance Department Page 62 of 98

63 OUTGOING WRITTEN CORRESPONDENCE REVIEW PROCEDURES Supervising Principal Identify what communications should be deemed to constitute written correspondence of the Firm Review each item of outgoing written correspondence for compliance with applicable FINRA, SEC and federal and state securities laws and regulations, and Firm policy Approve correspondence if standards are met Communicate approval or disapproval to RR As applicable correspondence is generated Communication to RR Copies of approved outgoing (paper) written correspondence retained by RRs Correspondence Log Correspondence Log Branch Correspondence File Three years Report to Chief Compliance Officer OUTGOING ELECTRONIC COMMUNICATIONS REVIEW PROCEDURES Supervising Principal, Designated Home Office Principal Review communications for compliance with the retention option of the applicable registered and associated persons. Via review system according to Firm procedures review system reviewed status review system Three years Report to the Chief Compliance Officer D. Incoming Written Correspondence Updated January 2008 Requirement. Rule 3010(d) mandates that broker-dealers establish procedures for the review of incoming, written business-related correspondence (paper or electronic) from the public directed to a registered representative with the firm. These procedures are to assist the firm with the identification and handling of customer complaints and to ensure that customer funds and Compliance Department Page 63 of 98

64 securities are handled in accordance with firm procedures. Rule 3010 also requires that a member firm establish procedures for the review by a registered principal, in writing, of incoming written correspondence to its registered representatives from the public relating to the securities business of the member. Policy. The Compliance Manual states the Firm s policy and procedures regarding customer correspondence. The Firm s policy requires RRs to maintain a correspondence log and states procedures for the handling of incoming correspondence. The Supervising Principals are responsible for reviewing the correspondence. The Designated Principal for each home office area is responsible for reviewing incoming correspondence that is received at either the Waverly OSJ or the Madison OSJ. 1. Supervising Principal Review INCOMING WRITTEN CORRESPONDENCE REVIEW PROCEDURES Supervising Principal, Designated Home Office Principal Review correspondence that is received from RRs on a monthly basis Forward any item of incoming written correspondence containing evidence of complaints, indications of improper handling of customer funds, selling away, outside business activities or other violations of Firm policies and procedures to the Chief Compliance Officer Review incoming correspondence during office visits Home Office Principals review correspondence received at the Home Office and forward any item containing evidence of complaints, improper handling of customer funds, selling away, outside business activities or other violations of Firm policies and procedures to the Chief Compliance Officer Upon receipt following month end During office visits Home Office Principals review correspondence as it is received and processed Correspondence Log Home Office Principal s initials Branch Correspondence File Correspondence Log Home Office: Customer File Three years Report to the Chief Compliance Officer INCOMING ELECTRONIC COMMUNICATIONS REVIEW PROCEDURES Supervising Principal, Designated Home Office Principal Review communications for compliance with the retention option of the applicable registered and associated persons. Via review system according to Firm procedures Compliance Department Page 64 of 98

65 review system reviewed status review system Three years Report to the Chief Compliance Officer E. Underwriting Activities A number of FINRA and SEC rules apply to the underwriting of securities. As the principal underwriter of variable products and certain mutual funds, the Firm is subject to some but not all of the requirements set forth in the FINRA Rules. The procedures set forth below address the applicable requirements. F. Due Diligence Requirement. Section 12 of the Securities Act of 1933 states that anyone who offers to sell a security that violates Section 5 or includes untrue statements or material facts or omits material facts shall be liable to the person purchasing the security from him. Policy. The Firm conducts a due diligence review of each product sponsor in connection with entering into a selling or distribution agreement. The purpose of the review is to assess the overall fairness of the terms of the product(s). PRODUCT REVIEW Product Review Committee Determine Firm s standards for fairness of products and offerings Review product against Firm standards Re-evaluate Firm standards periodically As new selling agreements are received material changes occur to existing selling agreements Periodic due diligence meetings Signed selling agreement Due diligence meeting notes Product Files Termination of agreement Report to Chief Compliance Officer G. Prospectus Delivery Requirement. Section 5(b)(1) of the Securities Act of 1933 (the 1933 Act ) generally makes it unlawful for any person to use written or other published materials to offer to sell a security unless such material is accompanied or preceded by a statutory prospectus that is included in a registration statement on file with the SEC. Section 5(b)(2) of the 1933 Act makes it unlawful Compliance Department Page 65 of 98

66 for any person, including the Firm, to deliver a security for the purpose of sale or after sale (i.e., a confirmation) unless accompanied or preceded by a final prospectus included in an effective registration statement on file with the SEC. Policy. The Firm requires that a prospectus for registered products be delivered to a prospect at or prior to point of sale. This policy is set forth in the Compliance Manual. IX. TRADING AND MARKET MAKING ACTIVITIES There are special FINRA Rules governing trading and market making activities by a member firm. Inasmuch as CUNA Brokerage does not undertake any market making activities, these rules generally do not apply. Thus, no supervisory procedures have been adopted. X. FIXED INCOME SECURITIES seeks to find competitive bids, offers or yields on fixed income products according to the needs of our customers through various vendors. SUPERVISORY PROCEDURE Designated Trading Principal(s) Supervise activities of Traders for compliance with Department policies such as CBSI mark-up/down policy, trade reporting, etc. As transaction report/ticket is received Periodic trade reports Initialed transaction report/ticket Daily work files Six years Report to Compliance Dept. Associate if review reveals transaction appears unsuitable Follow up with the appropriate RR and/or RRs Supervising Principal Report to Trading Manager if any irregularities found XI. STRUCTURED PRODUCTS Structured Products are complex products which are not always easy to understand. In accordance with FINRA rules, generally only offers Market Linked CD structured products to our customers. SUPERVISORY PROCEDURE Designated Trading Principal(s) Supervise activities of Traders for compliance with Department guidelines such as Equity Linked CD guidelines As transaction report/ticket is received Initialed transaction report/ticket Compliance Department Page 66 of 98

67 Daily work files Six years Report to Compliance Dept. Associate if review reveals transaction appears unsuitable Follow up with the appropriate RR and/or RRs Supervising Principal Report to Trading Manager if any irregularities found XII. MUNICIPAL SECURITIES Requirement. MSRB Rule G-27 requires that each broker, dealer and municipal securities dealer shall supervise the conduct of the municipal securities activities of the dealer and its associated persons to ensure compliance with Board rules and the applicable provisions of the Act and rules thereunder Policy. It is the policy of to conduct reasonable investigations into the municipal securities products it offers to customers. CBSI may contract with a third party due diligence firm to assist in performing this responsibility. The Firm s policy also expects RRs to utilize the appropriate tools including the EMMA tool provided by the MSRB to review the official statement for primary offerings and review material events on secondary offerings. SUPERVISORY TRADING PROCEDURE Designated Municipal Principal(s) Supervise activities of Traders for compliance with Department policies such as CBSI mark-up/down policy, trade reporting, etc. As transaction report/ticket is received Periodic trade reports Initialed transaction report/ticket Daily work files Six years Report to Compliance Dept. Associate if review reveals transaction appears unsuitable Follow up with the appropriate RR and/or such RRs Supervising Principal Report to Trading Manager if any irregularities are found Officer SUPERVISORY PROCEDURE Municipal Principal Review municipal transactions (including 529 Plan investments) During Blotter Review Initial/signature on Blotter Compliance Department Page 67 of 98

68 Blotter Files Six years Follow up with the appropriate RR and/or such RRs Supervising Principal XIII. DIRECT PARTICIPATION PROGRAMS FINRA Rule 2310 specifically governs Direct Participation Programs. A. Suitability Requirement. Rule 2310(b)(2) addresses responsibilities of a member or person associated with a member regarding suitability. Policy. It is the firm s policy that all properly registered representatives of the firm prior to the discussion of a DPP with a customer gather information concerning his/her suitability for the product. SUPERVISORY PROCEDURE Compliance Department Associate (Principal) Review suitability requirements of the program Review customer s suitability information DPP is submitted Initialed blotter Daily Transaction Blotter Six years Report to Chief Compliance Officer B. Disclosure Requirement. Rule 2310(b)(3) requires that members have reasonable grounds to believe material facts regarding DPPs are adequately and accurately disclosed and may rely upon research conducted by a third party. Policy. Is it the policy of to conduct reasonable investigations into the DPP products it offers to customers. CBSI may contract with a third party due diligence firm to assist in performing this responsibility. Compliance Department Page 68 of 98

69 SUPERVISORY PROCEDURE Product Due Diligence Committee Review at a minimum the following information regarding each DPP under consideration: 1. Items of compensation 2. Physical properties 3. Tax aspects 4. Financial stability and expertise of sponsor 5. Program s conflict and risk factors 6. Appraisals and other reports considering a selling agreement with a particular DPP Due diligence information Signed selling agreement Selling Agreement Files Expiration of agreement Report to Chief Compliance Officer XIV. OPTIONS A. Opening Options Accounts Requirement. FINRA Rule 2360 discusses approval and diligence required in opening an option account. Policy. It is the Firm s policy a current disclosure document is delivered at the time the Option Agreement Form is delivered. The Option Agreement form documents the customer received (and read) the disclosure. It is also the Firm s policy to obtain required information regarding an option customer s suitability on the new application form. The customer receives a copy of this document. Upon review of the customer account information, the designated Options Principal approves or disapproves the account for option trading. Compliance Department Page 69 of 98

70 SUPERVISORY PROCEDURE Options Principal Review customer s suitability information Review customer s option agreement form for customer s signature and other investment experience and financial information. option agreement form is submitted Signed/initialed option agreement form Customer File Six years after the account is closed Report to Chief Compliance Officer B. Registered Options and Security Futures Principal Requirement. FINRA Manual Rule 2360(20) states members must develop and implement a written program providing for the supervision of all of its customer accounts and orders in such accounts that relate to option contracts. Policy. The Firm will identify a Registered Options Principal who shall have no sales functions. The ROP shall be the principal supervising the options transactions submitted by registered representatives located at the Firm s various branch offices. Compliance Department Page 70 of 98

71 SUPERVISORY PROCEDURE Registered Options Principal Supervise option account and transaction review including: The compatibility of option trades with the customer s investment objective and type of options for which the account was approved; The size and frequency of options trades; Commission activity in the account; Profit or loss in the account; Undue concentration in any option class; Compliance with Reg T. During review of accounts Notes to customer file Customer File Three years Report to Chief Compliance Officer XV. BEST EXECUTION Requirement. FINRA requires that there be written supervisory procedures concerning a firm s best execution efforts. Policy. It is the Firm s obligation to periodically examine equity and options orders to ensure customers receive best execution on their orders. SUPERVISORY PROCEDURE Trading Principal or designated principal check selected transactions and verify purchase prices available for the security, date and time. Reports, notes from review Best Execution Files located in Trading Dept. 3 years Report to Chief Compliance Officer Compliance Department Page 71 of 98

72 XVI. MUTUAL FUNDS AND UNIT INVESTMENT TRUSTS A number of FINRA rules apply to sales of mutual fund securities and unit investment trusts by a member firm. The Firm is generally subject to these requirements to the extent that the mutual fund and/or unit investment trust products it offers have features that fall within the scope of each of these rules. The Firm s policy is to comply with these requirements A. Prompt Transmission of Funds, Securities and Orders Requirement. Several rules govern the transmission of funds and orders. Taken together, these rules distinguish between member firms that accept checks that are made payable to the firm or hold customer funds or securities or otherwise act as a dealer (i.e. act as a principal in buying or selling securities) and those member firms that take orders and payments purely on a broker basis, (i.e. where the firm, acting as agent for its customers, takes a customer s check made payable to the issuer and executes transactions). Nevertheless, under the Customer Protection Rule promulgated pursuant to the 1934 Act, even a member firm that conducts its business solely on an application way basis is required to transmit all funds and deliver all securities received in connection with its business activities by noon of the next business day following receipt of such funds or securities. Policy. It is the Firm s policy not to hold customer checks beyond the next business day following receipt of such funds or securities; provided, however, that such prompt transmission or delivery shall not be required to be effected prior to the settlement date for such transaction. SUPERVISORY PROCEDURE Fund Services Principal(s), Cashiering Principal(s) Supervise procedures for prompt delivery of checks and securities As part of normal daily operations Checks and securities logs Cashiers daily work files Fund Services daily work files Three years Report to Chief Compliance Officer B. Mutual Fund Switching Requirement. Certain FINRA Notice to Members discuss the obligations that broker/dealers have to evaluate the impact of a proposed switch on a customer and to allow only those switches that are beneficial to the customer. In addition, these Notices to Members discuss a member s responsibility to have supervisory and compliance procedures that can monitor switching of customers among funds and to document the reasons for switching a customer from one fund to another one. Compliance Department Page 72 of 98

73 Policy. It is the Firm s policy to allow switching of funds recommended by a RR only if there is a good faith belief that the transaction is in the customer s overall best interest. SUPERVISORY PROCEDURE C. Breakpoints Compliance Specialists, Supervising Principals Review exceptions to identify potential mutual fund switches Review selected switch transactions to determine suitability of mutual fund switch Ad hoc review of transactions (Compliance Specialists, Supervising Principals) As part of internal blotter and/or transaction review As part of branch office inspections As part of ad hoc transaction review Inspection file Internal blotter Exceptions Inspection file Internal blotter Inspection file: three years Exception Reports: 18 months Follow up with the RR to resolve outstanding questions, cancel trade if necessary Requirement. FINRA Rule 2342 discusses the obligations that broker/dealers have in connection with mutual fund breakpoints. Certain Notices to Members also address breakpoint obligations when recommending the purchase of unit investment trusts. For instance, broker/dealers are prohibited from selling mutual fund shares in amounts below breakpoints if such sales are made so as to share in higher sales charges and must advise customers of the impact of particular breakpoints on a contemplated transaction. Policy. It is against Firm policy to encourage, recommend or allow customer transactions so as to share in higher sales charges. RRs must advise customers of the impact of particular breakpoints on proposed transactions. Compliance Department Page 73 of 98

74 SUPERVISORY PROCEDURE D. Fees and Charges Compliance Specialists, Supervising Principals Review exceptions to identify potential missed mutual fund breakpoints Review selected transactions to determine if sales charge was appropriate Blotter review Ad hoc review of transactions As part of internal blotter review As part of branch office inspections As part of ad hoc transaction review Inspection Report Internal Blotters Exceptions Inspections File Internal Blotter File Inspection file: three years; Exception Reports: 18 months Follow up with the RR to resolve outstanding questions; cancel transaction if necessary; correct trade if necessary Requirement. FINRA Rule 2342 and certain Notices to Members limit the amount of fees and charges that can be levied in connection with the sale of mutual fund shares. For instance, there are limits on the amount of front-end and/or deferred sales charges that can be levied in various circumstances. In addition, no member may offer or sell shares of a mutual fund that has assetbased sales charges or service fees above a specified amount. Policy. It is the Firm s policy that each offer or sale of a mutual fund complies with the restrictions on fees and charges that appears in Rule The Product Committee and Legal Operations are responsible for compliance with this policy and are directed to observe these procedures: Compliance Department Page 74 of 98

75 SUPERVISORY PROCEDURE Product Committee and Legal Operations Verify that mutual fund products offered by Firm comply with FINRA Rule 2342, FINRA guidance and Firm policy on mutual fund fees and charges Consult with legal counsel if appropriate Upon review of selling agreement Upon notice of updated fee structure Execution of selling agreement Selling Agreement Files Termination of arrangement Report to Chief Compliance Officer XVII. VARIABLE PRODUCTS Updated August 2011 Requirement. FINRA Rule 2320 governs sales of variable products by a member firm. Rule 2320(c) states that no member shall participate in the offering or sale of a variable contract on any basis other than at a value to be at a value determined following receipt of payment. Rule 2320(d) requires member firms to transmit promptly applications and purchase payments to the issuer of the variable contract. Rule 2320(f) prohibits a member firm from selling a variable contract unless the issuer undertakes to make redemption s in accordance with the terms of the contract, the prospectus, and the Investment Company Act of 1940 ( 1940 Act ). Section (g) addresses compensation to member firms and associated persons including non-cash compensation. Policy. The Firm shall participate in the offering or sale of variable contracts according to the provisions of Rule Supervision of applicable sections is as follows. Compliance Department Page 75 of 98

76 A. Product Committee REVIEW PROCEDURE Designated member(s) of Product Committee Review selling agreement for compliance with Rule 2320 agreement is signed Execution of selling agreement Selling Agreements File Termination of arrangement Report to Chief Compliance Officer B. Compliance Department REVIEW PROCEDURE Compliance Department Associates Sample transactions to determine prompt delivery of applications and/or purchase payments to issuing company. During transaction reviews; branch inspections Transaction review notes; Inspection records Transaction Exception Notes; Inspections File Transaction Exception Notes: 18 months Inspection Files: Three years or until next inspection report Report to Chief Compliance Officer XVIII. REAL ESTATE INVESTMENT TRUSTS Updated April 2009 FINRA rules require each member establish and maintain a system to supervise the activities of its registered and associated persons that is reasonably designed to achieve compliance with applicable securities laws and regulations and FINRA Rules. The Firm has established a policy for its registered representatives to follow when recommending a Real Estate Investment Trust to meet the financial goals of their clients. A. Suitability Requirement. recommending a REIT to a client, the Firm requires registered representatives to determine overall suitability of the product for the customer prior to recommending a Real Estate Investment Trust. Compliance Department Page 76 of 98

77 Policy. recommending a REIT to a client, the Firm requires registered representatives to determine, in addition to general suitability of the product for the customer, that the investment shall not exceed a specific percentage of the client s liquid net worth (as stated in the CBSI Compliance Manual). SUPERVISORY PROCEDURE Compliance Department Associate (Principal) Review customer s suitability information to determine if investment exceeds the Firm s stated percentage of the customer s liquid net worth (in addition to general suitability for the customer). All REITs are reviewed for suitability Daily blotter Daily blotters; Compliance Dept. General Supervision Files 18 months Report to Chief Compliance Officer XIX. DEFERRED VARIABLE ANNUITIES Updated February 2010 In addition to the general supervisory and recordkeeping procedures required by FINRA Rules, FINRA Rule 2330 requires firms to establish and maintain written supervisory procedures reasonably designed to achieve compliance with the standards set form in the Rule. A. Principal Review and Approval of Transactions Requirement. All Principals designated to review deferred variable annuity transactions must review the purchase and exchange of a deferred variable annuity and determine whether to approve the transaction before sending the client s application to the insurer for processing. The Principal can approve the transaction only if s/he reasonably believes that it is suitable based on the factors that RRs must consider. The Principal shall document his/her approval or rejection of the transaction and sign. Policy. Designated Principals shall review the initial purchase and exchange transactions and approve it if s/he has a reasonable basis to believe the transaction is suitable based on the factors outlined in the Firm s Registered Representatives Deferred Variable Annuity requirements. The following documents may be reviewed in determining suitability of the transaction: Customer New Account Application, product application documents, VA Checklist and RR signed determination document. (These four items shall collectively be known as the RRs determination. ) The Principal shall note his/her approval or rejection and sign or initial. Compliance Department Page 77 of 98

78 SUPERVISORY PROCEDURE Compliance Department Associate (Designated Principal) Review customer account information as documented on the customer s New Account Application; review product application documents, VA Checklist, RRs signed determination document and any other applicable documents. Daily Principal electronic annotation to the VA Checklist or other Principal notes; Notes in the customer file when applicable Customer File 3 years Report to Chief Compliance Officer Annual B. Surveillance Procedures Requirement. Amendments to FINRA Rule 2330 (formerly NASD Rule 2821) can be referenced in Notice to Members Specific changes concerning deferred variable annuity exchanges require member firms to have surveillance procedures in place to identify high rates of effecting deferred variable annuity exchanges that raise for review whether such rates of exchanges evidence conduct inconsistent with the applicable provisions of this Rule, other applicable NASD rules, or the federal securities laws ( inappropriate exchanges ). Member firms must also implement corrective action toward associated persons who engage in inappropriate exchanges. Policy. As a result of these amendments, the Firm has adopted the following policies: the Field Compliance Manager (FCM) will review exception reports for his/her territory on a quarterly basis. The exception report will be used to detect variable annuity exchange trends and to identify associated persons with possible inappropriate exchanges. Activity that might be brought to the attention of the Manager and may require additional analysis includes, but is not limited to: Variable annuity exchanges, by an individual associated person, with a minimum of 4 replaced contracts per quarter Cookie Cutter sales practices such as, a concentration of exchanges into one variable annuity company/product with identical riders and sub-accounts. Variable annuity exchanges, by new associated persons from another firm, which exceed the average rate of exchanges by 12.5% within the FCM s entire territory. Additional review may require examination of individual customer files, which include the customer s financial situation and registered representative s determination surrounding the exchange. The following are questions the reviewer might consider, but is not limited to: Is financial information consistent? Compliance Department Page 78 of 98

79 Given the customers' financial situations, needs, and investment objectives would the client benefit from the exchange, i.e. enhanced death benefit, riders options, sub-account choices? Has the customer exchanged another variable annuity within the past 36 months? is the cost to the customer, i.e. incurred surrender charges, new surrender period, M&E fee comparison? Are the sub-accounts and features suitable for the customer Are they dissimilar to the previously held annuity? Comparison of death benefit Upon review completion, the Manager and Field Compliance Manager will determine if corrective action is necessary. Detailed information about the Firms disciplinary procedures can be found in section XXII. Notification of Noncompliance. REVIEW PROCEDURES Supervising Principal Review exception report for detection of Variable Annuity exchange trends and identification of representatives with possible inappropriate exchanges and/or outside of established baseline level. Quarterly Spreadsheet sent to Mgr. of Field Compliance with referral to Chief Compliance Officer, if necessary Compliance Department 3 years Report to Compliance Officer to determine corrective action. Reviewing exception reports, customer files, make inquiries to associated person C. Firm Training Program Requirement. The Broker/Dealer must develop and document specific training policies or programs reasonably designed to ensure that associated persons who effect and Principals who review transactions in deferred variable annuities comply with the requirements of Rule 2330 and that they understand the material features of deferred variable annuities. Policy. The Firm shall incorporate into its training program for RRs and Designated Principals information regarding the sales and suitability of deferred variable annuities. It shall identify appropriate training items to periodically deliver to the RRs and Principals. SUPERVISORY PROCEDURE Compliance Department Associate (Designated Principal) Identify training needs and opportunities; identify and distribute solutions Compliance Department Page 79 of 98

80 Training program document; communications, meeting agendas Training Program files 3 years Report to Chief Compliance Officer Annual XX. PRIVATE PLACEMENTS Created October 21, 2010 Requirement: FINRA guidance (NTM 10-22) states that a broker-dealer conduct a reasonable investigation of the issuer and the securities they recommend for private placement offerings. A broker/dealer has anti-fraud and suitability obligations in connection with any private placement it recommends. Broker-dealers must perform an investigation, in part, to determine if the issue is suitable for at least some investors. Some of the factors considered during the investigation may include: Issuer and its management Business prospects of the issuer Assets held by or acquired by the issuer Claims being made Intended use of the proceeds of the offering. The recommendation of a private placement shall meet suitability requirements under NASD Rule 2310 and Firm policy. The use of any sales material or advertising shall be submitted for review and approval according to existing Firm policy. (Firm policies for registered representatives are documented in the Compliance Manual.) The supervision and oversight of private placement sales is included in the applicable Written Supervisory Procedures contained in this manual. (Note FINRA Rule 5122 addresses private placements of securities issued by members. At this time, the Firm does not intend to issue a private placement nor offer for sale a private placement from an affiliated issuer, but to offer for sale private placements of other issuers. The Firm will not prepare or participate in the preparation of the private placement memorandum.) Policy: The firm will conduct a due diligence review of each private placement to meet the antifraud and suitability obligations. The scope of the review will be based upon facts and circumstances such as the number and nature of the advisors recommending the products, the offerees, the Firm s knowledge of the issuer, the size and experience of the issuer, the presence of red flags, etc. Should the Firm engage an expert to assist in its reasonable investigation obligation, the Firm will carefully review the qualifications and competency of the expert. The Firm shall consider if the expert s review completes the Firm s due diligence obligation; further review may be required. Compliance Department Page 80 of 98

81 The Firm shall retain records documenting the process and results of its due diligence. The firm will limit the purchase of private placements to only accredited investors. Although the customer is an accredited investor, the Firm will make reasonable efforts to gather and consider appropriate information (described in the Compliance Manual) to determine the suitability of the offering for the customer. PRIVATE PLACEMENT REVIEW Product Review Committee Review information provided by the issuer for suitability standards. Note any information that could be considered a red flag and conduct further inquiry into the particular matter. An independent review may be necessary. (Red flags might arise from information that is publicly available or discovered during the course of the investigation. Some red flag examples may include: an issuer s refusal to provide the Firm with information that is necessary for the Firm to meet its responsibilities in performing its due diligence; An issuer is not forthcoming with information requested or provides out-of-date information. The absence of an offering memorandum may be a red flag.) As new products are presented to the Product Committee material changes occur Due diligence meeting notes, documents Signed Selling Agreement Product Files Termination of the agreement If Irregularities found Contact the CCO XX. BUSINESS CONTINUITY PLAN Updated February 2010 Requirement. FINRA Rule 4370 require member firms to establish and maintain a Business Continuity Plan to address situations where the firm encounters a Significant Business Disruption as defined within the rule. Policy. It is the Firm s policy to respond to a Significant Business Disruption by safeguarding employees lives and firm property, make appropriate financial and operational assessments, quickly recover and resume operations, protect the firms books and records, and allow our customers to transact business. The respective CBSI Home Office Principals or designated managers are responsible for maintaining their respective business recovery plans in accordance with the following procedures. Compliance Department Page 81 of 98

82 Establish & Business Continuity Plan Home Office Principals and/or Designated Managers Establish and maintain a Business Continuity Plan Maintain back up copies in a secure location Distribute a summary to customers at account opening Post on website Amend when appropriate Review at least annually and obtain signature of a member of the senior management team on the summary Business Continuity Plan document. Corporate Business Recovery System Ongoing Report to the Chief Compliance Officer Process Review XXI. REMEDIAL ACTIONS Annually A. Remedial Actions Updated October 2011 The Firm s policies and procedures are designed to prevent and detect compliance issues and problems. The discovery of instances of non-compliance and the need to remedy such matters is a natural extension of these policies and procedures. It may be as a result of a determination made during an annual inspection that a procedure was not followed or fully followed, or a realization that an RR did not comply with a policy, rule or procedure, or a deficiency noted by a regulatory examiner during an inspection. A representative with a rate of variable annuity exchanges that is inconsistent with FINRA rules or federal laws may be subject to remedial action. A customer complaint could trigger a need to re-examine operations. It is important that the Firm approach each of these situations in a consistent, constructive manner, with a view to returning the Firm to a compliant position. This section provides guidance for persons who are addressing a situation calling for remedial action. B. Response Securities regulators have indicated in various public forums that they are as interested in how a broker-dealer firm responds to a matter of noncompliance as they are in why the noncompliance occurred in the first place. Accordingly, it is important that persons respond in an appropriate, consistent fashion, and that they document their response. The following outlines a general recommended approach for addressing a matter of noncompliance. 1. If appropriate, remedy the situation. For example, if the noncompliance stems from a failure to file a required report, take steps to file the report as soon as possible. Compliance Department Page 82 of 98

83 2. If appropriate and not prejudicial to the Firm, discuss the matter of noncompliance with the person. This response ordinarily is particularly appropriate in the case of a first offense. 3. Review existing supervisory procedures to ascertain whether any changes should be made or steps taken to prevent a recurrence of the noncompliance. In other words, did the noncompliance result because the existing procedures overlooked a red flag? 4. If appropriate, develop an action plan for implementing changes that would prevent the recurrence of the situation. 5. If the matter entails a recurrent violation, consideration should be given to whether disciplinary action should be taken against the non complying person. Certain matters of noncompliance can entail serious violations of law. For example, fraud and forgery are serious crimes, and in many cases need to be reported to government authorities. As another example, violation of the net capital requirement triggers immediate and serious regulatory reporting requirements. C. Action Plan In certain situations, an action plan may be appropriate. Action plans are generally appropriate for addressing changes recommended in an annual inspection report or a regulatory examiner s deficiency report. An action plan should be tailored to the situation, but generally should identify the following: Matter intended to be addressed, corrected, or resolved Identification of the steps or actions to be implemented Identification of person(s) responsible for implementing the steps or actions Identification of person(s) responsible for monitoring, evaluating and affirming the implementation process Time-lines for implementing the steps or actions and for reporting to the monitoring party Final review by Chief Compliance Officer or a principal designated by the Chief Compliance Officer In addition, consideration should be given to evaluating the efficacy of the action plans during the next annual inspection. D. Business Conduct Review Committee The Firm has established a CBSI Business Conduct Review Committee to be convened at the direction of the Chief Compliance Officer to review an occurrence where a CBSI Registered representative may have violated his/her obligations, and, if necessary, administer disciplinary measures. A description of the Committee and its operations is contained the Firm s Compliance Manual. XXII. ANTI-MONEY LAUNDERING POLICY Updated August 2011 Compliance Department Page 83 of 98

84 Requirement. The Federal Government requires broker dealers to establish policies and procedures to comply with the provisions of the USA Patriot Act and Office of Foreign Asset Control requirements as they relate to activities. In addition to Federal requirements, FINRA Rule 3310 requires a member firm have an Anti-Money Laundering Compliance Program. Policy. The Firm s policy is to resist money laundering and any activity that would facilitate funding of terrorist or criminal activities. The Chief Compliance Officer is designated as the Money Laundering Compliance Officer and program leader for policy and procedural development for Firm compliance with these laws and regulations. The Compliance Department is responsible for overseeing compliance with the policy and procedures by the Firm s various departments. Monitoring procedures are described below: ANTI MONEY LAUNDERING COMPLIANCE PROGRAM Where Maintained Retention Period If Irregularities Are Found Review Procedure Designated Principals & Compliance Associates Coordinate and facilitate internal anti-money laundering policy and procedural development Adopt know your customer requirements suitable to our context as a provider of products and services to credit unions and members Establish an ongoing employee training program Coordinate reporting of transactions involving currency, certain monetary instruments, and suspicious activity Utilize technology to assist identification of suspicious or money laundering activity Establish an independent audit function to annually test the adequacy and effectiveness of our compliance program Designate and identify to FINRA (by name, title, mailing address, address, telephone number, and facsimile number) an individual(s) responsible for implementing and monitoring the day-to-day operations and internal controls of the program and provide prompt notification to FINRA regarding any change in such designation(s); and As required AML policies and procedures Exception documents In Anti-Money Laundering Files As required Report to Chief Compliance Officer Compliance Department Page 84 of 98

85 XXIII. REGULATION S-P Updated February 2013 Requirement: Under the Gramm-Leach-Bliley Act of 1999 (GLBA), broker-dealers are required to develop privacy policies with respect to consumer nonpublic information. Broker-dealers may not share nonpublic personal information of consumers with nonaffiliated third parties, except under limited exceptions, unless: (1) the broker-dealer provides notice of its privacy policy and practices; (2) the broker-dealer provides consumers with the ability to opt out of the sharing; and (3) the consumers do not opt out. Broker-dealers also must provide consumers who are customers with an initial privacy notice, and thereafter, annual privacy notices. Policy: The Firm has adopted a policy prohibiting the sharing of non-public personal information with nonaffiliated third parties or other third parties with whom no networking agreement is in place except to continue service to the account and customer as regulations allow. Registered Representatives shall deliver the appropriate state version of the Firm s Privacy Policy prior to obtaining any customer information. Additionally, there will be annual notices sent to customers regarding the Firm s Privacy Policy. Periodic training regarding the Firm s Privacy Policy shall be held. The Firm shall periodically monitor and/or test the controls used by the Firm. Retention If Irregularities are found Compliance Department Associates Communicate privacy procedures with the RR, including providing a privacy notice during the initial appointment with prospect/customer as well as physical and electronic safeguards of nonpublic information. Review networking agreements for appropriate sharing of nonpublic information (FINRA Rule 3160) Provide periodic training regarding Firm s Privacy Policy. Provide annual notice to customers of Firm s Privacy Policy. Monitor for any new developments regarding regulations. Ongoing Signed Account Application noting receipt of Privacy Policy. Training materials. Communications, other memoranda. Networking agreements Branch Office Inspection Report Customer File Compliance Dept. Files Three years Report to the Chief Compliance Officer Compliance Department Page 85 of 98

86 Monitoring and/or testing controls for the protection of customer data Compliance Department Associates Obtain and review tests and reviews of corporate technology for safeguarding data housed internally Physical inspection of branch offices and review policies and procedures with registered representative Internal review of corporate controls: periodically at least annually Branch locations according to inspection schedule Corporate controls: Compliance Dept. files Branch locations: Branch inspection files Three years Report to the Chief Compliance Officer Process Review Annually XXIV. IDENTITY THEFT PROGRAM Created April 2009 Requirement: At the end of 2007, the Federal Trade Commission (FTC) and federal bank regulatory agencies jointly issued rules and guidelines implementing sections 114 and 315 of the Fair and Accurate Credit Transactions Act. Under these regulations, the Red Flag Rule was adopted which requires the development, implementation, and maintenance of an Identity Theft Prevention Program by covered companies. The Program must be appropriate to the Firm s size and complexity and the nature and scope of its business. FINRA Regulatory Notice provides information, not interpretation or rule making, about the federal regulations. Policy: The Firm has adopted an Identity Theft Program to reasonably detect, prevent and mitigate identity theft. The Program includes four general elements: Identify red flags appropriate to the Firm s business and incorporate into procedures, Detect red flags that are included in the Firm s program, Respond appropriately to any red flags that are detected, Update the Program periodically to reflect changes in regulation, guidance and/or reflect the risk to the customer or to the safety of the Firm from identity theft. The Firm has existing policies and procedures that assist in identifying and preventing identity theft. They include: FINRA Know Your Customer guidance including documenting required customer account information and gathering appropriate information to determine a suitable recommendation. Anti-money Laundering Policy Customer Identification Procedures Privacy Procedures Compliance Department Page 86 of 98

87 E. s for Identifying and Detecting Red Flags Retention If Irregularities are found Compliance Department Associate Identify relevant red flags for Procedures considering the following: Risk factors: - Types of accounts offered - Methods of opening new accounts - Methods of access to customer accounts - Previous experience with identity theft Sources of red flags: - Incidents of identity theft experienced - Methods of identity theft identified - Applicable supervisory guidance Identify relevant ways for applicable associates to detect red flags. ; at least annually Procedures Compliance Manual Three years Report to the Chief Compliance Officer F. Preventing and Mitigating Identity Theft Designated Principals - Review any Red Flags brought to the Department s attention. - In determining appropriate response, consider factors that may heighten the risk of identity theft, such as: A data security incident that results in authorized access to a customer s account or account records Notice that information about customer accounts has been provided to someone fraudulently claiming to represent CBSI or CMG. - Appropriate responses may include: Monitoring an account for evidence of identity theft Contacting the customer Changing any passwords that permit access to an account Assigning a new account number to a customer s account Not opening an account Closing an existing account Not attempting to collect an outstanding debt in any account (via request for payment or selling securities) Notifying law enforcement Determining no response is warranted a Red Flag is brought to Designated Principal s attention Red Flag notes/documentation Customer Files Retention Three years If Irregularities are found Report to the Chief Compliance Officer Compliance Department Page 87 of 98

88 G. Updating the Program Designated Compliance Department Associate(s) Update the Program (including Procedures and/or Red Flags) to reflect changes in risks to customers or to the safety of the Firm s business model from identity theft, based on factors such as: - The experiences of the Firm with identity theft - Changes in methods of identity theft - Changes in methods to detect, prevent, and mitigate identity theft - Changes in the types of accounts CBSI offers or maintains - Changes in the Firm s business arrangements such as mergers, acquisitions, joint ventures or service providers. Updates to Program Document and/or Identity Theft Procedures in Compliance Manual Program Document and/or Compliance Manual Retention Three years If Irregularities are found Report to the Chief Compliance Officer H. Reporting Retention If Irregularities are found Designated Compliance Department Associate(s) Provide a report to the Chief Compliance Officer addressing material matters such as: - The effectiveness of the policies and procedures in addressing the risk of identity theft in opening accounts and maintaining accounts. - Service provider arrangements - Significant incidents involving identity theft and the responses - Recommendations, if any, for material changes to the Program. At least Annually Program Report Compliance Dept. Files Three years Report to the Chief Compliance Office, may escalate to Board of Directors Compliance Department Page 88 of 98

89 I. Oversight of Service Provider Arrangements Compliance Department Associates For service providers who perform an activity in connection with customer accounts, the Firm will take steps to ensure that activity of the service providers is conducted in accordance with reasonable policies and procedures designed to detect, prevent and mitigate risk of identity theft. For example: - Determine if the service provider has policies and procedures in place to detect relevant red flags - Require the service provider report relevant red flags identified to the Firm so it may take appropriate action. Department communications Compliance Dept. Files Retention Three years If Irregularities are found Report to the Chief Compliance Office J. Training of Identity Theft Program Compliance Department Associates and/or designated Training personnel Train appropriate staff when relevant information is obtained or procedures are updated. Retention If Irregularities are found Note that staff already trained regarding CIP, Bank Secrecy Act, data protection, privacy policies, etc. need not be retrained only as necessary. Department Communications Compliance Dept. Files Three years Report to the Chief Compliance Office Compliance Department Page 89 of 98

90 XXI. Supervisory Control Procedures Updated February 2013 FINRA Rule 3012 requires member firms establish, maintain and enforce written supervisory control policies and procedures that: Test and verify that the member s supervisory procedures are reasonably designed with respect to the activities of the firm and its registered representatives and associated persons to achieve compliance with applicable securities laws and regulations, and with applicable NASD or FINRA rules, and Create additional or amend supervisory procedures where the need is identified by such testing and verification. A. Designated Principals Each member shall designated and specifically identify to FINRA one or more principals who shall establish, maintain, and enforce a system of supervisory control procedures. Designated Principal of Supervisory Control Procedures Chief Compliance Officer Direct CBSI Compliance Dept. associates (designated principals) to establish, maintain and enforce the Firm s supervisory control procedures. Ongoing, as the Firm s business warrants new policies or updates to existing policies. Updates to supervisory control procedures Electronic copy maintained by the CBSI Compliance Dept. Three years Corrective action taken by Chief Compliance Officer B. Testing and of Policies and Procedures Designated principals of CBSI shall test or otherwise verify CBSI s supervisory procedures are reasonably designed with respect to the activities of CBSI and its registered representatives and associated persons to be in compliance with applicable securities laws and regulations and with applicable NASD/FINRA rules. Some examples of items for consideration in the Firm s test plans include: Consideration of the businesses or activities in which the Firm engages and the applicable rules, guidance, laws, etc. relevant to the activities. o Were there changes to either the business activities, rules or both? Consideration of CBSI policies regarding the activities in which it engages. At times, CBSI policy may be more restrictive that law or rule. Review of the risk assessment for the activities. Compliance Department Page 90 of 98

91 Review of previous testing period results. Review any recent regulatory exam deficiency to ensure updates to policy or procedure were made if required. Review of complaint history, internal audit reports, other testing, etc. TESTING PROCEDURES CBSI Compliance Manager, Manager of Field Compliance or Compliance Specialist Create test plan based on reviews of current CBSI businesses and activities, the risk assessment of the Firm s activities, etc. Testing or review of policies and/or procedures shall be completed as assigned. Work with designated principal to create and amend, if necessary, supervisory procedures per results of testing Annually Written Report 3012 Testing Files Three years Chief Compliance Officer to take corrective action. C. Report of Supervisory Controls The designated principal(s) must submit to the member s senior management no less than annually, a report detailing: Each member s system of supervisory controls, The summary of the test results and any significant exceptions. Any additional or amended supervisory procedures created in response to the test results must also be included in the report. Report of Supervisory Controls Manger of Home Office Compliance Dept. Review testing results; finalize Report of Supervisory Controls and deliver to CCO At least annually Report Summary to CCO and CEO Electronic copy maintained by the CBSI Compliance Dept. Three years Corrective action taken by Chief Compliance Officer Compliance Department Page 91 of 98

92 D. Other Requirements of Rule 3012 In addition to the supervisory control system noted above, there are other specific items required in Rule 3012 as follows: 1. Producing Managers Requirement. NASD Rule 3012(a)(2)(A) states a firm s supervisory control policies and procedures include procedures that are reasonably designed to review and supervise the customer account activity conducted by the member s branch office managers, sales managers, regional or district sales managers, or any person performing a similar supervisory function. Rule 3012(a)(2)(A)(i) states a person who is either senior to, or otherwise independent of, the producing manager must perform such supervisory reviews. For the purpose of this Rule, an otherwise independent person: may not report either directly or indirectly to the producing manager being reviewed; must be situated in an office other than the office of the producing manager; must not otherwise have supervisory responsibility over the activity being reviewed (including compensation based in whole or in part generated by the activity to be reviewed); and must alternate such review responsibility with another qualified person every two years or less. Policy. The Manager of Field Compliance Managers and Field Compliance Managers are senior to branch office managers, sales managers, or any regional or district sales managers in the Firm s compliance or sales supervisory system and are responsible for assessing whether responsive action is advisable and making a decision as to whether action should be taken in response to such reports. Where a responsive action may impact the registration status or review procedures for a RR or supervisor in the chain of supervision, these principals are to observe the Internal Review Process of the Written Supervisory Procedures. 2. Customer Account Activity of Producing Managers The procedures shall be reasonably designed to review and supervise the customer account activity conducted by CBSI s branch office managers, sales managers, any regional or district managers or any other person performing a similar function. General Supervisory Requirement A person who is either senior to, or otherwise independent of, the producing manager must perform supervisory reviews. Compliance Department Page 92 of 98

93 Customer Account Activity of Producing Managers Field Compliance Managers (FCM) Review customer account activity of any producing manager assigned to the FCM. According to Firm s branch office inspection plan. General supervision activities also apply. Branch office inspection Electronic copy maintained by the CBSI Compliance Dept. Three years Corrective action taken by Chief Compliance Officer Policy. The Manager of Field Compliance Managers and Field Compliance Managers are senior to branch office managers, sales managers, or any regional or district sales managers in the Firm s compliance or sales supervisory system and are responsible for assessing whether responsive action is advisable and making a decision as to whether action should be taken in response to such reports. Where a responsive action may impact the registration status or review procedures for a RR or supervisor in the chain of supervision, these principals are to observe the Internal Review Process. (The Internal Review Process provides for progressive disciplinary actions up to and including termination of a registered representative s registration.) REVIEW PROCEDURES Manager of Field Compliance Managers, Field Compliance Managers Review customer activity via eblotter Review exception report transactions or other ad hoc reports Determine whether to initiate Internal Review Process generated; as received Exception and/or ad hoc report reviews Memoranda regarding action items developed in response to red flags discovered by reports Compliance Department Files 18 months based upon SEC Books and Records Rules adopted, May 2003 Report to Chief Compliance Officer 3. Heightened Supervisory Procedures for Producing Managers Requirement. NASD Rule 3012(c) requires members establish, maintain and enforce written supervisory procedures that are reasonably designed to provide heightened supervision over the activities of each producing manager who is responsible for generating 20% or more of the revenue of Compliance Department Page 93 of 98

94 the business units supervised by the producing manager s supervisor. For this purpose only, the term heightened supervision shall mean those supervisory procedures that evidence supervisory activities that are designed to avoid conflicts of interest that undermine supervision due to economic, commercial or financial interests the supervisor may have regarding the associated persons and activities being supervised. calculating the 20% threshold, all of the revenue generated by the producing manager or the manager s office shall be attributed as revenue generated by the business units supervised by the producing manager s supervisor no matter how the revenue is allocated. Policy. The Firm has adopted guidelines for reviewing revenue of producing managers to determine if/when heightened supervision of the manger is necessary. For the purpose of calculating the a producing manager s 20% revenue threshold, revenue from first year securities revenue of the producing manager is compared with the total first year securities revenue of all representatives within the producing manager s supervisor s business unit. The Firm s business unit is defined as all registered representatives assigned to the Field Compliance Manager/Supervising Principal who supervises the producing manager. As such, the Firm currently has no producing managers meeting the requirement. Heightened supervision may include: Increased review of inspections of branch offices: physical visit or review of branch inspection reports Unannounced review of producing manager s OSJ location Periodic sampling of additional customer account transactions, correspondence, check/securities blotter entries, advertising, etc. Other additional oversight as directed by the Chief Compliance Officer QUALIFICATION PROCEDURES If Irregularities are Found Designated Compliance Department Associate Determine if producing manager requires heightened supervision If yes, develop heightened supervision plan (see below) ; if supervisory structure changes Limited OSJ Production Review Log Heightened Supervision File Three years Corrective action taken by Chief Compliance Officer Compliance Department Page 94 of 98

95 HEIGHTENED SUPERVISION PROCEDURES If Irregularities are Found Designated Compliance Department Associate Develop and implement heightened supervision plan it is found a Producing Manager is responsible for 20% or more of revenue produced by the business units supervised by the producing manager s supervisor Heightened Supervision Log Heightened Supervision File Three years Corrective action taken by Chief Compliance Officer 4. Change of Customer Address; Investment Objective Updated August 28, 2007 Requirement. NASD Rule 3012(a)(2)(B)(ii) and (iii) state a firm s procedures be reasonably designed to review and monitor customer changes of address and the validation of such changes of address (ii) and customer changes of investment objectives and the validation of such changes of investment objectives (iii). The procedures must include a means or method of customer confirmation, notification or follow-up that can be documented. Policy. The Firm has procedures in place to review and monitor changes of addresses and investment objectives in customer accounts. Compliance Department Page 95 of 98

96 CHANGE OF CUSTOMER ADDRESS, CHANGE OF INVESTMENT OBJECTIVES New Accounts Principal(s) Oversee New Accounts Area associates handling of changes to mailing and/or legal addresses and changes of investment objectives on customer accounts Review samples of changes to mailing and/or legal address and changes of investment objective for compliance with procedures including documents received requesting change, updates to internal systems, confirmation of changes with customers Principal s initials/signature on correspondence received re: changes of mailing and/or legal address or changes of investment objective Principal s initials/signature on samples tested Customer Account File Three years Report to Chief Compliance Officer 5. Transmittal of Customer Funds and/or Securities to Third Party Accounts Updated October 2011 Requirement. NASD Rule 3012(a)(2)(B)(i) states a firm s procedures must include those that are reasonably designed to review and monitor all transmittal of funds (e.g. wires or checks, etc.) or securities from customers to third party accounts (i.e., a transmittal that would result in a change of beneficial ownership): from customer accounts to outside entities such as banks, investment companies, etc. from customer accounts to locations other than a customer s primary residence (e.g., post office box, in care of accounts, alternate address, etc.), and between customers and registered representatives, including the hand delivery of checks. The procedures must include a means or method of customer confirmation, notification or follow-up that can be documented. Policy. The Firm has procedures in place to review and monitor transmittal of funds and securities to a third party and/or to an alternate address. In addition, the Firm has procedures in place for registered representatives receiving customer funds and/or securities. Compliance Department Page 96 of 98

97 TRANSMITTAL OF FUNDS/SECURITIES TO THIRD PARTIES Designated Principal(s) Monitor compliance with Cashier Dept. procedures regarding transmittal of fund/securities to third parties and/or alternate address Review required documentation authorizing change of beneficial ownership of funds/securities, and/or Review required documentation authorizing transmittal of funds/securities to third party, and/or Review required documentation authorizing transmittal of funds/securities to address other than that on record Review a sampling of clearing firm notification to account owner of transmittal of funds to third party Generally within 2 to 4 days following the completion of the customer request review of clearing firm notification to account owner of transmittal of funds to third party Principal s initials or signature on documentation Customer File 3 years Report to Chief Compliance Officer TRANSMITTAL OF FUNDS/SECURITIES BETWEEN CUSTOMERS AND RRs Designated Principal(s) Review Registered Representatives handling of customer funds and securities per Firm policies during customer account review during branch inspection during review of checks/securities blotter Principal s initials/notations where applicable: customer file, inspection report, check/securities blotter Where applicable: Customer File Inspection File Checks/Securities Blotter 3 years Report to Chief Compliance Officer Compliance Department Page 97 of 98

98 XXII. Annual Compliance and Supervision Certification FINRA Rule 3130 (formerly NASD Rule 3013) requires the member s chief executive officer (or equivalent officer) execute an annual certification that the member has in place processes to establish, maintain, review, test and modify written policies and written supervisory procedures reasonably designed to achieve compliance with applicable NASD/FINRA rules, MSRB rules, and other applicable laws and regulations. The certification shall include language as stated in Rule Also included in the Rule s requirements is that the Chief Compliance Officer and chief executive officer (President) or other equivalent officer conduct one or more meetings to discuss and review: the matters that are subject of the certification the Firm s compliance efforts as of the date of such meeting identify and address any significant compliance problem plans for emerging business areas. Compliance Department Page 98 of 98

99 Designation of Principals & Other Supervisors Appendix A January 2014 Date of Designation General Compliance, Advertising Timothy Halevan, VP and Chief Compliance Officer* 06/01/2001 Supervisory Control Procedures and Timothy Halevan, VP and Chief Compliance Officer* 01/01/2005 Report to Senior Management Anti-money Laundering Compliance Timothy Halevan, VP and Chief Compliance Officer* 04/24/2002 Operations Principals Candy West, Sr. Business Consultant 11/02/2009 Jo Henn, Operations Manager* 11/02/2009 Municipal Principals Bob Laures, Compliance Specialist 07/26/2002 David Stern, Compliance Specialist 01/11/2003 Will Rutledge, Compliance Specialist 06/16/2003 Jo Henn, Operations Manager* 11/27/2003 Mike Trebon, Vendor Relationship Manager 06/04/2004 Gary Ewalt, Trading Support 07/27/2005 Kevin Patterson, Unit Manager* 08/09/2010 Government Securities Principal Bob Laures, Compliance Specialist 07/26/2002 David Stern, Compliance Specialist 01/11/2003 Will Rutledge, Compliance Specialist 06/16/2003 Jo Henn, Operations Manager* 11/27/2003 Mike Trebon, Vendor Relationship Manager 06/04/2003 Gary Ewalt, Trading Support 07/27/2005 Kevin Patterson, Unit Manager* 08/09/2010 DPP Principals Jo Henn, Operations Manager* 06/01/2010 Mutual Funds/ Variable Contracts Principals Jo Henn, Operations Manager* 06/01/2010 Options Principals Mike Trebon, Vendor Relationship Manager 01/27/2003 Gary Ewalt, Trading Support 09/05/2003 Kevin Patterson, Trading Manager* 11/1/2010 New Accounts Principals Tim Milks, Unit Manager* 08/20/2011 Kevin Patterson, Unit Manager* 08/20/2011 Laura Reyna, Unit Manager* 08/20/2011 Jo Henn, Operations Manager* 11/27/2003 Financial Reporting Nanette Strennen, Accounting Director 08/01/2013 Branch Activity Timothy Halevan, VP and Chief Compliance Officer* 09/27/2013 Training Ric Pearson, Sr. Manager, Rep Support Services 05/15/2007 Licensing & Contracting Christine Poppe, Manager 08/10/2007 Continuing Education Timothy Halevan, VP and Chief Compliance Officer* 06/01/2001 * Operations Professional Designation

100 Item # 1 17a-3(a)(1) 2 17a-3(a)(2) 3 17a-3(a)(3) 4 17a-3(a)(4) 5 17a-3(a)(5) Rule Record Maintained Contact Blotters (or records of original entry), itemized daily for: a) All securities purchased, sold b) All receipts and deliveries of securities c) All receipts and disbursements of cash d) All other debts and credits Ledgers or other records showing: a) Assets and Liabilities b) Income and Expenses c) Capital Accounts WSP Appendix B - BOOKS & RECORDS Ledgers or other records itemized separately showing: Cash accounts Margin accounts Record must show all purchases, sales, receipts and deliveries or securities, and all other debits and credits for each account Ledgers or other records reflecting: Securities in transfer Dividends and interest received Securities borrowed and Securities loaned Monies Borrowed and Monies Loaned Securities failed to receive and Securities failed to deliver Long and short securities record differences arising from examination, count, verification, etc. Repos and reverse repos Ledger or record reflecting for each security as of clearance dates, long or short positions carried by CBSI for each customer and showing the location of each security and showing the name of the account in which each position is carried. Hard copy - CBSI Compliance Dept. and archived prior to 4/22/09. Electronic storage beginning 4/22/09. CBSI Compliance Dept. - Chief Compliance Officer Hard copy on file in Waverly FIN area. Reports are also available electronically in Excel Business Finance Team - spreadsheets, stored on LAN WVNTS010 - Fin Op Gena Note: Accounts held by Pershing, LLC. Cashiers Logs - Cashiers Cashiers Logs - Cashiers CBSI does not hold customer securities. CBSI Cashiers - Cashiers Manager CBSI Cashiers - Cashiers Manager N/A 6 years; first 2 years in easily accessible place 6 years; first 2 years in easily accessible place 6 years; first 2 years in easily accessible place 3 years; first 2 years in easily accessible place 6 years; first 2 years in easily accessible place 6 17a-3(a)(6) (i) Memorandum of each order and/or any other instruction received, including time received, price at execution. (ii) This memorandum need not be made as to a purchase, sale or redemption of a security on a subscription way basis directly Trade reports - Trading; from or to the issuer, if the member, broker or dealer maintains a copy of the customer's subscription agreement regarding a purchase, or a copy of any other document required by the issuer regarding a sale or redemption. CBSI Trading - Trading Manager Branch Files - FCM 3 years; first 2 years in easily accessible place a-3(a)(7) MSRB G-8 (a)(i)(ii)(iii)(vi)(vii) 17a-3(a)(8) MSRB G-8(a)(ix) 9 17a-3(a)(9) a-3(a)(10) MSRB G-8(a)(v) 17a-3(a)(11) MSRB G-8(a)(x) Memo of each purchase and sale for the account of CBSI, including price at execution, time of execution and whether transaction is with a customer other than Trade reports - Trading. a broker/dealer. Copies of confirmations of all purchases and sales, and other debits and credits for MID and edoc Suite each account. Record of each cash and margin account showing: a) Name and address of beneficial owner b) For a margin account, the signature of the owner Clearing Firm system c) Whether beneficial owner objects to disclosure of his identity, address and positions Record of all puts, calls, spreads, straddles, other options in which CBSI has any direct or indirect interest, or which CBSI has granted and the record must include Trade reports - Trading the security involved and the number of units Record of all trial balances related to net capital and/or aggregate indebtedness Business Finance Team Records CBSI Trading - Trading Manager CBSI Mail/Imaging Unit Manager CBSI New Accounts - New Accounts Manager CBSI Trading - Trading Manager Business Finance Team - Fin Op 3 years; first 2 years in easily accessible place. Effective 6/16/12, muni order tickets must be retained four years. 3 years; first 2 years in easily accessible place 3 years; first 2 years in easily accessible place 3 years; first 2 years in easily accessible place 3 years; first 2 years in easily accessible place 12 17a-3(a)(12)(i) Employment applications/questionnaires for each associated person, approved in writing by an authorized rep of the member, containing the information noted in paragraphs A-H. Licensing and Contracting rep files Licensing Dept. - Manager per 17a-4(e)(1) 3 years after the associated person's employment and any other connection to the b/d ends a-3(a)(12)(ii) Record listing every associated person which shows every office of the member where person regularly conducts business. CRD # and rep # to be included. CMG Licensing & Contracting Dept. Licensing Dept. - Manager per 17a-4(e)(1) 3 years after the associated person's employment and any other connection to the b/d ends. Compliance Dept. April 2009 Internal Use Only 1 of 4

101 Item # 14 WSP Appendix B - BOOKS & RECORDS Rule Record Maintained Contact 17a-3(a)(13) 17f-2(d) 15 17a-3(a)(14) 16 17a-3(a)(15) 17f-2(e) 17a-3(a.13)Records required to be maintained pursuant to Rule 17f-2, para (d). Processed fingerprint card for persons required to be fingerprinted. Records and reports on Form X-17F-1A, Lost Stolen, Missing, Counterfeit securities pursuant to Rule 17f-1. Records to be maintained pursuant to Rule 17f-2, paragraph (e). Records of fingerprint notice if CBSI claims any exemptions under 17f-2. CMG Licensing & Contracting Dept. Licensing Dept. - Manager N/A as we do not hold customer securities. N/A N/A N/A - no exemption filed N/A N/A 17 17a-3(a)(16)(i) Records regarding any internal b/d system of which b/d is the sponsor. N/A N/A 18 17a-3(a)(17)(i)(A) MSRB G-8(a)(xi) Account of natural person as customer or owner: customer information (name, RID, address, phone, DOB, occupation, associated person, income, net worth, investment objective(s) a-3(a)(17)(i)(A) Record of associated person responsible for the account a-3(a)(17)(i)(A) Record of principal approval/acceptance of account a-3(a)(17)(i)(B)(1) Record of furnishing account record containing information as required in paragraph (a)(17)(i)(a) of this section. Pershing customer records for brokerage account customers. Back office system for fund direct customers. Rep of record information on respective account system. New Account Application for brokerage customer accounts. Electronic New Account Blotter for fund direct customer accounts. New Accounts procedure documents 22 17a-3(a)(17)(i)(B)(2) Record of notification furnished to customer of change in name or address. CBSI Cashiers procedure document a-3(a)(17)(i)(B)(3) Record of notification furnished to customer of change in investment objective. New Accounts procedure documents 24 17a-3(a)(17)(ii) a-3(a)(17)(iii) and MSRB G-8(a)(xi)(M) 17a-3(a)(18)(i) MSRB G-8(a)(xii) 27 17a-3(a)(18)(ii) For discretionary accounts, record of dated signature customer and person granted discretion. Record indicating customer was furnished with copy of written agreement. Or if customer requested a copy, the date it was furnished. Record of complaint. Record indicating customer has been provided notice containing address and phone number of department to whom complaints may be addressed. N/A New Accounts procedure documents Complaint Log and Compliant File. New Accounts procedure documents CBSI New Accounts - New Accounts Manager CBSI New Accounts - New Accounts Manager CBSI New Accounts - New Accounts Manager CBSI New Accounts - New Accounts Manager CBSI Cashiers - Cashiers Manager CBSI New Accounts - New Accounts Manager N/A CBSI New Accounts - New Accounts Manager CBSI Compliance Dept. - Chief Compliance Officer CBSI New Accounts - New Accounts Manager per 17a-4(e)(2) 3 years after termination or association of those persons required to be fingerprinted under 17f-2 3 years; first 2 years in easily accessible place per 17a-4(e)(5) Until at least 6 years after the earlier of the date the account was closed or the date on which the information was updated. per 17a-4(e)(5) Until at least 6 years after the earlier of the date the account was closed or the date on which the information was updated. per 17a-4(e)(5) Until at least 6 years after the earlier of the date the account was closed or the date on which the information was updated. per 17a-4(e)(5) Until at least 6 years after the earlier of the date the account was closed or the date on which the information was updated. per 17a-4(e)(5) Until at least 6 years after the earlier of the date the account was closed or the date on which the information was updated. per 17a-4(e)(5) Until at least 6 years after the earlier of the date the account was closed or the date on which the information was updated. per 17a-4(e)(5) Until at least 6 years after the earlier of the date the account was closed or the date on which the information was updated. per 17a-4(e)(5) Until at least 6 years after the earlier of the date the account was closed or the date on which the information was updated. 4 years; first 2 years in easily accessible place 3 years; first 2 years in easily accessible place Compliance Dept. April 2009 Internal Use Only 2 of 4

102 Item # 28 17a-3(a)(19)(i) 29 17a-3(a)(19)(ii) 30 17a-3(a)(20) WSP Appendix B - BOOKS & RECORDS Rule Record Maintained Contact 17a-3(a)(21) MSRB G-8(a)(xiv) 17a-3(a)(22); FINRA Rule 3010 Record of each associated person listing each purchase and sale of security attributable, for compensation persons, to that person. Include amount of Compensation records. compensation. Note: Record need not be made but can be produced upon demand. Record of all agreements re: relationship between associated person and member including a summary of the compensation arrangement (commission schedules Licensing and Contracting rep files and other factors upon which compensation is based.) Record that member has adopted policies/procedures designed to comply with rules which require advertising, sales literature or other communications with the Section 3 of CBSI Compliance Manual public be approved by a principal. Note this record need not be separate from the advertising, sales lit or communications. Record for each office listing, by name or title, each person at the office who can explain the types of records maintained by the firm and the information contained CBSI Compliance Manual therein. Record listing each principal responsible for establishing policies and procedures designed to ensure compliance with any applicable federal requirements or SRO rules that require acceptance/approval of a record by a principal. Also, FINRA Rule 3010: The member shall maintain on an internal record the names of all persons WSP Appendix A who are designated as supervisory personnel and the dates for which such designation is or was effective. Such record shall be preserved by the member for a period of not less than three years, the first two years in an easily accessible place a-4(b)(2) Checks, checkbooks, cancelled checks, bank statements, bank reconciliation Business Finance Team Records 34 17a-4(b)(3) Bills receivable, paid or unpaid, relating to the business of the member. Business Finance Team Records 35 17a-4(b)(4) Originals of communications received and copies of communications sent Correspondence - HO image system and (including approvals) relating to member's business including those subject to rules branch office files. of SRO a-4(b)(5) Trial balances, computations of aggregate indebtedness and net capital (and work Business Finance Team Records papers), financial statements, internal audit work papers. Guarantees or accounts, powers or attorney and other evidence of granting Individual powers of attorney, trading 37 17a-4(b)(6) discretionary authority for any account, and copies of resolutions empowering an agent to act on behalf of a corporation a-4(b)(7) Written agreements entered into by member relating to its business, including agreements with respect to any account. authorization documents granted by customers on file in respective customer file on image system. Contracts for services provided to CBSI - Legal. Selling agreements with product sponsors - CBSI Compliance Dept. Customer account agreements - Mail/Imaging a-4(b)(8) All FOCUS Reports and supporting documentation Business Finance Team - Fin Op 40 17a-4(b)(9) 15c3-3(d)(4) Records required pursuant to c3-3(d)(4) and (6)* 15c3-3(d)(4): B/D subject to requirements of 15c3-3 with respect to physical possession/control of fully paid N/A as CBSI does not hold customer funds or and excess margin securities shall prepare and maintain a current description of securities the procedures it uses to comply with possession/control requirements. *Note: There is no 15c3-3(d)(6). CMG Compensation Area - Kristi Austin, Dan Knights. Licensing Dept. - Manager CBSI Compliance Dept. - Chief Compliance Officer CBSI Compliance Dept. - Chief Compliance Officer CBSI Compliance Dept. - Chief Compliance Officer Business Finance Team - Fin Op Business Finance Team - Fin Op CBSI Compliance Dept. - Chief Compliance Officer Business Finance Team - Fin Op CBSI Mail/Imaging Unit - Manager Legal; CBSI Compliance Dept. - Chief Compliance Officer; Mail/Imaging Unit - Manager Business Finance Team - Fin Op 41 17a-4(b)(10) Records required to made pursuant to c3-4 and the results of periodic review conducted pursuant to c3-4(d). 15c3-4: An OTC derivatives dealer shall establish, document, and maintain a system of internal risk management controls to assist it in managing the risks associated with its business activities, including market, credit, leverage, liquidity, legal, and operational risks. 15c3- N/A N/A N/A 4(d):Management must periodically review, in accordance with written procedures, the OTC derivatives dealer's business activities for consistency with risk management guidelines a-4(b)(11) All notices relating to an internal b/d system provided to the customer of the b/d. N/A N/A N/A 43 17a-4[c] 44 17a-4(d) Every b/d subject to 17a-3 shall preserve for a period of not less than six years after the closing of any customer account any account cards or records relating to CBSI Imaging System the terms/conditions with respect to opening and maintaining account. Every b/d subject to 17a-3 shall preserve during the life of the enterprise or successor enterprise all articles of incorporation or charter and minute books. N/A CBSI Fund Services Dept. - Manager 3 years; first 2 years in easily accessible place 3 years; first 2 years in easily accessible place 3 years; first 2 years in easily accessible place 6 years; first 2 years in easily accessible place 6 years; first 2 years in easily accessible place 3 years; first 2 years in easily accessible place 3 years; first 2 years in easily accessible place 3 years; first 2 years in easily accessible place 3 years; first 2 years in easily accessible place 3 years; first 2 years in easily accessible place 3 years; first 2 years in easily accessible place 3 years; first 2 years in easily accessible place N/A Six years after account close CMG Corporate Secretary Jamie Weistzenkamp Lifetime of Corporation Compliance Dept. April 2009 Internal Use Only 3 of 4

103 Item # WSP Appendix B - BOOKS & RECORDS Rule Record Maintained Contact 45 17a-4(d) With above, Form BDs 46 17a-4(d) 47 17a-4(e)(6) 48 17a-4(e)(7) 49 17a-4(e)(8) c-2 51 AML Rules per NTM AML Rules 53 FINRA Rule 2210 CMG Legal Dept. prior to 1/1/04; CBSI Compliance Dept. from 1/1/04 to present CBSI Compliance Dept. - Chief Compliance Officer Lifetime of Corporation With above, all licenses or other documentation showing the registration of the b/d CMG Licensing & Contracting Dept. Licensing Dept. - Manager Lifetime of Corporation with any securities regulatory authority. Each report which a securities regulatory authority has requested the b/d furnish CBSI Compliance Dept. - 3 years after the date of pursuant to an order or settlement, and each securities regulatory authority exam CBSI Compliance Dept. Chief Compliance Officer report report until three years after the date of the report. Each compliance, supervisory and procedures manual, including updates/revisions, describing policies and practices of the b/d with respect to CBSI Compliance Dept. compliance with laws and rules and supervision of activities of persons associated with the b/d. Reports used to review unusual activity in customer accounts. Or can reproduce if CBSI Compliance Dept. data still available. The FUND must maintain a copy of the written agreement under paragraph (a)(2) that is in effect, or at any time within the past six years was in effect, in an easily accessible place. (Our copy will be filed in the selling agreements file.) Maintain copies of SARs CBSI Compliance Dept. CBSI Compliance Dept. Identification information must be retained for five years after the customer's account is closed. Records made about information verifying a customer's identity CBSI Compliance Dept. must be retained for five years after the record is made. A. Members must maintain all ads, sales lit, and independtly prepared reprints in a separate file for a period of three years from the date of the last use. The file must contain the name of the registered principal approving each item and date approva CBSI Compliance Dept. and Branch Offices was given. B. Members must maintain in a file the source of any statistical data/table, chart, graph or illustration used in communications with the public. CBSI Compliance Dept. - Chief Compliance Officer CBSI Compliance Dept. - Chief Compliance Officer CBSI Compliance Dept. - Chief Compliance Officer CBSI Compliance Dept. - Chief Compliance Officer CBSI Compliance Dept. - Chief Compliance Officer CBSI Compliance Dept. - Chief Compliance Officer 3 years after termination of the use of the manual 18 months n/a informational only 5 years 5 years 3 years from the date of last use 54 FINRA Rule 3010(b)(3) Member's written supervisory procedures shall set forth the supervisory system per 3010 (a) and shall include the titles, registration status and locations of the CBSI Compliance Dept. required supervisory personnel and the responsibilities of each supervisory person. CBSI Compliance Dept. - Chief Compliance Officer 3 years; first 2 years in easily accessible place FINRA Rule 3010(c)(2) FINRA Rule 3060 MSRB G-8(a)(xvii) Member must reduce each office inspection to a written report and keep it on file for a minimum of three years unless the inspection is being conducted pursuant to a regular periodic cycle for non-branch office locations and the regular periodic CBSI Compliance Dept. schedule is longer than a three-year cycle, in which case the member must keep the report on file at least until the next inspection report has been written. Record of gifts received/given CBSI Compliance Dept. 57 MSRB G-8(a)(xvi) Records concerning political contributions. Rule G-37 CBSI Compliance Dept. Notes MSRB G-8(d) Introducing b/ds who clear all transaction with and for customers on a fully disclosed basis with a clearing broker or dealer and which promptly transmits all customer funds and securities to the clearing broker or dealer which carries the accounts of such customers, shall not be required to make and keep such books and records prescribed in this rule as a customarily made and kept by a clearing broker or dealer and which are so made and kept. CBSI Compliance Dept. - Chief Compliance Officer CBSI Compliance Dept. - Chief Compliance Officer CBSI Compliance Dept. - Chief Compliance Officer 3 years; first 2 years in easily accessible place 6 years See Rule Compliance Dept. April 2009 Internal Use Only 4 of 4