Financial Information Forum
September 27, 2002
Via E-Mail to email@example.com
Financial Crimes Enforcement Network
Via E-Mail to firstname.lastname@example.org
Re: Proposed Rule to Implement USA Patriot Act Section 326 - Customer Identification Program for Broker-Dealers
Dear Sir or Madam,
The Financial Information Forum (FIF) appreciates the opportunity to comment on the proposed rule issued by the Department of Treasury and the Securities and Exchange Commission under Section 326 of the USA Patriot Act. FIF was formed in 1996 to provide a centralized source of information regarding events and issues that affect the securities processing and market data communities. Through topic-oriented working groups, FIF participants focus on critical issues and productive solutions to technology developments, regulatory changes, and other industry changes. One such group is the FIF Service Bureau and Clearing Firm Committee.
The FIF Service Bureau and Clearing Firm Committee was formed to pro-actively address the implementation of industry changes from a multi-client perspective. Approximately eighty percent of U.S. broker/dealer firms use service bureaus for back office processing and order routing systems so it is important to consider these entities when designing and implementing rules or processes for firms. The committee has previously worked closely with regulators on technical implementation considerations for such projects as OATS and INSITE.
The FIF Service Bureau Committee fully supports the objectives of the Act and understands the urgency in implementing the changes as soon as possible. The committee also agrees with each of the points made in the SIA's comment letter dated September 10, 2002.
The FIF Service Bureau Committee would like to expand particularly on the SIA's request for more time to make the necessary preparations following the final rule determination, as multi-client environments are unique in ways that expand the impact of an abbreviated timeframe.
The progression of the implementation of a rule change that requires automation and programming changes is as follows:
Once the final rules are published, the service bureau project managers or business analysts prepare functional specifications. It is important to understand that, while the changes are regulatory in nature and are written as such, the efforts required to implement them are largely technical and operational. The FIF Service Bureau Committee is primarily concerned with these technical and operational aspects of the implementation. The challenge in extrapolating functional and technical requirements from legal documents should not be under-estimated, and it is important to understand that, although the preliminary documents and rules may have been available for many months, it is not possible to construct meaningful technical specifications until after the final rules are completed.
The service bureau programs internally to its technical specifications based on the functional requirements prepared from an interpretation of the final rule filing. Internal testing is followed by one or more program code modifications or "tweaking" before the testing can begin with the clients. The service bureau then begins a period of testing with their individual clients, taking into account the differences in interfaces, services, and third party service providers unique to each client situation. This testing too tends to be iterative, frequently requiring more program modifications. The trickle down effect continues if a service bureau client is a clearing firm. This situation introduces another layer of project change since, once the testing is completed between the service bureau and the clearing firm, the clearing firm must then perform testing with their correspondents. Once all testing is complete, a roll out or implementation schedule is agreed upon and carried out, often in a phased approach depending on readiness of all the interdependent parties.
Complications also increase when a firm uses more than one service bureau or clearing firm. The reporting and verification responsibilities must be established and verified in advance of program changes and coordinated testing must be completed between the parties.
Because the business of a service bureau is to automate processes and function for client firms, it is imperative that the service bureau can identify and automate the sources of information that must be checked. For example, it will be important to know which of the government lists must be used for verification and at what frequencies, and to establish electronic, automated means to obtain and update these lists on a regular basis. The explicit definition of "customer" is also vital to any automation effort.
The FIF Service Bureau Committee acknowledges the importance of the Patriot Act legislation and recognizes that the speed of implementation is critical. However, without sufficient time to adequately prepare requirements, code programs, test, and implement the changes, the results are likely to be less effective than intended with broad inconsistencies among organizations. Due to the increasing number of regulatory changes in the securities industry and in light of the accompanying resource and time constraints, the Committee would like to suggest that when practical and possible, the implementation dates be grouped. In the case of the Patriot Act implementation, the committee suggests that the implementation date be timed to coincide with the new Books and Records requirements approved on October 26, 2001 and effective May 2, 20031, which affect many of the same applications and systems.
The FIF Service Bureau Committee appreciates the opportunity to provide comment, and wishes to make itself available at any time the Commission seeks input on the operational and technical impact of proposed rules or legislation. The committee believes that addressing some of the practical operational and technical issues early on in the planning process will assist the industry in complying with regulatory changes in smooth and timely way.