The Supervisory System Foundation
Quick Answer
The FINRA supervisory system requirement requires every member firm to establish, maintain, and enforce a supervisory system that is reasonably designed to achieve compliance with securities laws and FINRA rules. The system has seven structural pillars, layered Written Supervisory Procedures (WSPs), and must be scaled to the firm's size, business, and red-flag history under the reasonable-review standard.
The supervisory system requirement is the fountainhead of broker-dealer supervision. Every other requirement in this unit (internal-controls testing, CEO certification, business-continuity planning) presumes that a supervisory system is already in place. A failure-to-supervise charge under FINRA enforcement almost always points back to a defect in the supervisory system.
The Seven Pillars of the Supervisory System
The supervisory system requirement obligates every firm to maintain a supervisory system that includes, at a minimum, seven specific elements. Memorize these as the structural floor:
| # | Pillar | What It Requires |
|---|---|---|
| 1 | Written procedures | Establish and maintain WSPs (the manual itself) |
| 2 | Designation of registered principals | Assign a principal with authority over each type of business the firm engages in |
| 3 | Office classification | Register each location as an Office of Supervisory Jurisdiction (OSJ), branch, or non-branch |
| 4 | On-site principal at each OSJ and branch | Designate one or more principals responsible for on-site supervision at every OSJ and non-OSJ branch |
| 5 | Assignment of each registered person | Tie every registered person to an appropriately registered representative or principal for supervision |
| 6 | Reasonable efforts to qualify supervisors | Confirm supervisors are qualified by experience or training |
| 7 | Annual compliance meeting | Hold at least one annual meeting that every registered representative and principal participates in (in person or via interactive electronic means) |
Think of it this way: the seven pillars build the org chart of supervision. Pillar 1 writes down the rules; pillars 2 through 6 assign humans to enforce them; pillar 7 confirms once a year that everyone heard the message.
Exam Tip: Gotchas
- The annual compliance meeting is mandatory for every registered representative and principal, not just supervisors. A representative who skips it (and is not made up via interactive electronic means) puts the firm in violation of pillar 7.
- Interactive electronic means satisfies the meeting requirement, but a recorded video that representatives watch on demand does not. The interaction (live chat, Q and A) is the trigger.
Written Supervisory Procedures (WSPs)
The WSP layer is the second leg of the supervisory system. The firm must establish, maintain, and enforce WSPs that:
- Describe the supervisory system
- Identify supervisors by title or registered name
- List the supervisory steps to be taken
The WSPs must address, at a minimum, six categories of activity:
- General supervision of associated persons
- Correspondence review of incoming and outgoing written and electronic communications with the public
- Internal-communications review
- Customer-complaint review
- Transaction review for insider trading and manipulation
- Supervision of supervisors: documentation and oversight of supervisory personnel
Exam Tip: Gotchas
- WSPs are not just a written manual. The WSP layer requires the firm to establish, maintain, AND enforce them. A firm with perfect WSPs on paper that does not actually follow them violates the WSP requirement just as if the WSPs did not exist.
- WSPs themselves supervise the supervisors. The supervision-of-supervisors pillar is the often-missed sub-requirement: the WSPs must describe how the firm supervises its principals, not only its representatives.
Amendments and Distribution
WSPs are living documents. The rule requires:
- Amendments to be made within a reasonable time after changes occur in applicable laws, rules, or the firm's business
- Prompt communication of amendments to all associated persons to whom they apply
- A copy of WSPs (and amendments) to be kept at each OSJ and at every location where supervisory activities are conducted
The reasonable-time standard is fact-specific: a WSP update reflecting a new SEC rule that takes effect in 60 days should be in place before the effective date, not months after.
Standards for Reasonable Review
The reasonable-review standard is the scaling rule for supervisory procedures. There is no one-size-fits-all WSP. The supervisory procedures must take into account, at minimum:
- The firm's size, organizational structure, and scope of business
- Number and location of the firm's offices
- Nature and complexity of products and services offered
- Volume of business done
- Number of associated persons assigned to each location
- Disciplinary history of registered representatives and associated persons
- Indicators of irregularities or misconduct (the red flags)
A firm must be especially diligent in reviews of non-branch locations where a registered representative engages in securities activities. When red flags surface during a remote inspection, the firm may need additional procedures, more frequent monitoring, or a subsequent physical, on-site visit (announced or unannounced).
Think of it this way: the reasonable-review standard is the regulator saying "you cannot copy and paste another firm's WSPs." A 5-person firm and a 5,000-person firm have wildly different risk profiles. A 5-person firm doing only mutual fund business does not need a 200-page WSP modeled on a wirehouse; a single-product firm needs a WSP that covers that product well.
Exam Tip: Gotchas
- A reasonable supervisory system is firm-specific. The reasonable-review standard explicitly requires scaling the system to size, complexity, and business mix. The exam will sometimes test whether a small firm's narrow procedures are reasonable for its scope (often the answer is yes, the firm is in compliance).
- Red flags trigger a heightened response. Once the firm sees indicators of irregularities, doing the same level of review as before is a supervisory-system violation. The firm must escalate (more procedures, more frequent reviews, or an on-site visit).