NASD ADOPTS CCO DESIGNATION REQUIREMENT WITH A COMPLIANCE DATE OF DECEMBER 1, 2004; ANNUAL CEO CERTIFICATION REQUIRED STARTING IN 2005

[18185] November 11, 2004 TO: CHIEF COMPLIANCE OFFICER COMMITTEE No. 21-04 COMPLIANCE ADVISORY COMMITTEE No. 106-04 SEC RULES COMMITTEE No. 88-04 SMALL FUNDS COMMITTEE No. 48-04 RE: NASD ADOPTS CCO DESIGNATION REQUIREMENT WITH A COMPLIANCE DATE OF DECEMBER 1, 2004; ANNUAL CEO CERTIFICATION REQUIRED STARTING IN 2005 Effective December 1, 2004, members of the NASD are required to be in compliance with the portion of newly adopted NASD Rule 3013 that requires each member to designate and identify to the NASD on Schedule A of Form BD a principal to serve as the member’s Chief Compliance Officer (CCO).1 The rule also requires a member’s CEO to make an annual certification regarding the member’s compliance efforts, though the CEO has one year from December 1, 2004 to execute the first such certification. THE MEMBER’S CCO With respect to the designation of the member’s CCO, Interpretive Material (IM) adopted along with the new rule, IM-3013, clarifies that such person may hold any other position within the member, including CEO. According to the IM, the designated CCO should be “the primary advisor to the member on its overall compliance scheme” and “should have expertise” in the following processes: • Gaining an understanding of the products, services, or line functions that need to be the subject of written compliance policies and supervisory procedures; • Identifying the relevant rules, regulations, laws, and standards of conduct applicable to the member’s business based on the CCO’s experience and/or consultation with 1 See NASD Notice to Members 04-79 (November 2004), which is available on the NASD’s website at: http://www.nasd.com/stellent/idcplg?IdcService=SS_GET_PAGE&ssDocName=NASDW_011956&ssSourceNodeI d=467. The NASD first proposed this rule for comment in 2003. See Institute Memorandum to Compliance Advisory Committee No. 42-03, SEC Rules Committee No. 52-03, and Small Funds Committee No. 19-03 [16160], dated June 4, 2003, discussing NASD Notice to Members 03-29 (June 2003). 2 those persons who have a technical expertise in the various areas of the member’s business; • Evidencing the supervision by the line managers who are responsible for the execution of compliance policies; and • Developing programs to test compliance with the member’s policies and procedures. As discussed in the IM, the CCO is expected to meet with the member’s CEO on compliance issues in order to provide the member’s CEO “a reliable basis upon which the [CEO] can execute the [annual] certification” required by Rule 3013. ANNUAL CEO CERTIFICATION As mentioned above, Rule 3013 additionally requires that a member’s CEO execute an annual certification. This annual certification is not required to be submitted to the NASD but must be maintained in the member’s files for inspection. The contents of this certification, which are set forth in IM-3013, are as follows: (1) The member has in place processes to: • establish, maintain, and review policies and procedures reasonably designed to achieve compliance with applicable federal laws and regulations and rules of the NASD and MSRB; • modify such policies and procedures as business, regulatory, and legislative changes and events dictate; and • test the effectiveness of such policies and procedures on a periodic basis; (2) The CEO has conducted one or more meetings with the member’s CCO in the preceding 12 months to: discuss and review the matters that are the subject of the certification; discuss and review the member’s compliance efforts; and identify and address significant compliance problems and plans for emerging business areas; (3) The member’s processes ((1), above) are evidenced in a report reviewed by the CEO, CCO, and such other officers as the member may deem necessary, and submitted to the member’s board of directors and audit committee;2 and (4) The CEO has consulted with the CCO and other officers, employees, outside consultants, lawyers, and accountants, to the extent deemed appropriate, in order to attest to the statements made in the certification. 2 The IM provides that this report must document the member’s processes for establishing, maintaining, reviewing, testing, and modifying the member’s compliance policies, and it should include the manner and frequency with which the processes are administered as well as the identification of officers and supervisors who have responsibility for such administration. It is not required “to contain any conclusions produced as a result of following the processes set forth therein.” The report must be produced prior to execution of the annual certification and reviewed by the CEO, CCO, and others as appropriate prior to being presented to the member’s board and audit committees. 3 According to the IM, executing the certification does not, by itself, establish the CEO’s business line responsibility. Instead, the NASD Board of Governors recognizes that accountability for the discharge of the member’s compliance and supervisory obligations lies with those supervisors with business line responsibility. As such, the signatory to the certification is only certifying that the member has “processes in place to establish, maintain, review, test and modify the member’s written compliance and supervisory policies and procedures.” Tamara K. Salmon Senior Associate Counsel