Table of Contents
SERIES 7 | SERIES 65 | FINANCIAL REGULATION COURSES
FINRA Rule 3130 — Annual Certification of Compliance and Supervisory Processes — requires the chief executive officer of every FINRA member firm to certify annually that the firm has in place processes to establish, maintain, review, test, and modify written compliance policies and written supervisory procedures reasonably designed to achieve compliance with applicable FINRA rules, Municipal Securities Rulemaking Board rules, and federal securities laws and regulations — and to attest that the chief executive officer has conducted one or more meetings with the firm's designated chief compliance officer during the preceding twelve months to discuss the firm's compliance and supervisory processes.
Rule 3130 is the governance accountability capstone of FINRA's supervisory framework — the rule that places personal responsibility for the adequacy of the firm's compliance and supervisory infrastructure directly on the shoulders of the firm's most senior executive and ensures that the CEO's engagement with the firm's compliance function is not merely nominal but substantive, documented, and personally certified under the regulatory framework. Where FINRA Rule 3110 establishes the supervisory system and FINRA Rule 3120 tests whether that system works, Rule 3130 requires the firm's chief executive to personally certify that those systems exist and function — creating executive accountability that cannot be delegated to compliance staff.
Before the annual certification can be made Rule 3130 requires every member firm to designate and identify to FINRA one or more chief compliance officers — the specifically titled compliance professionals responsible for the firm's compliance function and for consulting with the chief executive officer on the matters addressed in the annual certification.
The chief compliance officer must be a principal — a registered supervisory person with appropriate qualifications — who has the compliance expertise, organisational authority, and reporting relationships necessary to effectively oversee the firm's compliance function and to provide meaningful consultation to the chief executive officer on compliance and supervisory matters.
FINRA recognises that compliance expertise may be distributed across multiple functional areas of a large complex firm — and permits member firms to designate multiple chief compliance officers provided that each designated CCO is a principal, the firm precisely defines and documents the areas of primary compliance responsibility assigned to each, and collectively the designated CCOs have the responsibilities and expertise that enable them to consult with the chief executive officer on the totality of the subject matters required to be addressed in the certification.
The designated chief compliance officer must be identified on Schedule A to the firm's Form BD — the broker-dealer registration document — and must be reported through FINRA's contact system, ensuring that FINRA knows who is serving as the firm's primary compliance officer and can contact that individual directly in connection with regulatory examinations, inquiries, and communications.
The chief executive officer's annual certification under Rule 3130 addresses three specific matters that together constitute the CEO's personal attestation of the firm's compliance and supervisory system adequacy.
The first certification element is that the firm has in place processes to establish, maintain, review, test, and modify written compliance policies and written supervisory procedures reasonably designed to achieve compliance with applicable FINRA rules, MSRB rules, and federal securities laws and regulations. This element addresses the existence and functioning of the processes that create and maintain the firm's compliance and supervisory infrastructure — confirming that the firm has a living, actively maintained compliance programme rather than a static set of documents that were created at firm formation and have not been updated since.
The second certification element is that the firm has processes in place to modify those compliance policies and supervisory procedures in light of changes in applicable rules, laws, and regulations, and in light of changes in the firm's own business activities. This element addresses the dynamic adaptability of the firm's compliance programme — confirming that the firm has mechanisms for identifying when regulatory changes or business changes require updates to the WSP and for implementing those updates promptly. A compliance programme that does not evolve in response to regulatory and business change is not reasonably designed — and the CEO's certification that the required modification processes are in place attests to the programme's dynamic adequacy.
The third certification element — addressed through the CEO's attestation rather than the formal certification — is that the chief executive officer has conducted one or more meetings with the firm's chief compliance officer in the preceding twelve months specifically to discuss the firm's compliance and supervisory processes and the other matters addressed in the certification. This meeting attestation requirement ensures that the CEO's certification is not merely a perfunctory signature on a document prepared entirely by compliance staff — it requires genuine executive engagement with the firm's compliance function through a documented meeting with the CCO at which compliance matters are substantively discussed.
The certification required by Rule 3130 must be supported by an annual report that documents the firm's processes for establishing, maintaining, reviewing, testing, and modifying compliance policies and supervisory procedures — providing the substantive factual basis for the CEO's certification.
The annual report is prepared in advance of the CEO's certification — the report must be produced before the certification is executed — and must be reviewed by the chief executive officer, the chief compliance officer, and any other officers the member deems necessary to make the certification. This multi-review requirement ensures that the certification reflects the genuine collective assessment of the firm's senior compliance leadership rather than the unilateral judgment of any single individual.
After the certification is executed the annual report must be provided to the firm's board of directors and audit committee at the earlier of their next scheduled meetings or within forty-five days of the date of execution of the certification. This reporting to the board and audit committee ensures that the firm's governing bodies have access to the compliance and supervisory process documentation that the CEO has certified — enabling board-level governance oversight of the firm's compliance infrastructure and giving the board the information they need to fulfil their own oversight responsibilities.
Member firms that do not utilise a board of directors or audit committee in the conduct of their business — including many smaller broker-dealers organised as partnerships or limited liability companies — are not required to satisfy the board and audit committee reporting requirement, reflecting the practical reality that not all firm structures include these governing bodies.
The attestation that the chief executive officer has conducted one or more meetings with the chief compliance officer during the preceding twelve months to discuss the firm's compliance processes is one of the most practically significant aspects of Rule 3130 — because it mandates substantive executive engagement with the compliance function rather than merely requiring that the compliance function exist.
The meeting between the CEO and the CCO is not a ceremonial or administrative formality — it is intended to be a substantive discussion of the firm's compliance and supervisory processes, the adequacy of the firm's compliance programme, areas of regulatory risk or concern, changes in applicable regulatory requirements, and any other matters relevant to the firm's compliance obligations. The meeting gives the CEO direct access to the CCO's professional assessment of the firm's compliance position — and gives the CCO direct access to the CEO's authority to allocate resources and direct operational changes to address compliance needs.
FINRA does not prescribe a specific format or minimum duration for the required CEO-CCO meeting — the adequacy of the meeting is assessed based on whether it provided a genuine opportunity for substantive discussion of the matters the certification requires the CEO to address. A meeting that consists solely of the CEO signing the certification document prepared by the CCO without any substantive discussion of the firm's compliance processes would not satisfy the engagement purpose of the meeting requirement.
The meeting must be documented — both to evidence that it occurred and to preserve the substance of the compliance matters discussed — creating a record that demonstrates to FINRA examiners that the required CEO engagement with the CCO actually took place and addressed the substantive compliance matters the rule requires.
The Rule 3130 annual report and the Rule 3120 annual report are distinct documents with distinct purposes that are frequently confused — making the ability to distinguish them a directly examination-relevant skill.
The Rule 3120 Report — described in the FINRA Rule 3120 entry of this dictionary — is prepared by the designated Rule 3120 principal and submitted to the firm's senior management. It documents the testing and verification of the firm's written supervisory procedures — summarising what was tested, what exceptions were identified, and what corrective actions were taken. The Rule 3120 Report is an operational document that evidences the functioning of the supervisory control testing process.
The Rule 3130 annual report is prepared in support of the CEO's certification and documents the firm's processes for establishing, maintaining, reviewing, testing, and modifying compliance policies and supervisory procedures. It is a process documentation document — describing the governance and operational framework through which the compliance and supervisory system is managed — rather than an account of specific testing findings and exceptions. The Rule 3130 report is submitted to the board of directors and audit committee alongside the CEO's certification — serving a governance function at the board level rather than an operational function at the senior management level.
The practical relationship between the two reports is that the Rule 3120 testing process described in the Rule 3120 Report is one of the processes that the Rule 3130 report documents and the CEO certifies are in place — the Rule 3130 certification encompasses the Rule 3120 testing function as one component of the broader compliance and supervisory process framework it addresses.
The fundamental purpose of Rule 3130 — beyond its specific procedural requirements — is to ensure that the chief executive officer of every FINRA member firm cannot disclaim personal responsibility for the adequacy of the firm's compliance and supervisory infrastructure.
Before Rule 3130 and its predecessor NASD Rule 3013 were adopted it was relatively common for senior executives of broker-dealer firms involved in significant compliance failures to claim ignorance of the compliance problems — asserting that they had delegated compliance responsibility to compliance staff and were not personally aware of the deficiencies that allowed misconduct to occur and persist. This claimed ignorance, while sometimes genuine, represented a failure of executive governance that FINRA determined warranted a regulatory response.
Rule 3130 eliminates the ability to make this defence by requiring personal CEO certification that the processes required to maintain an adequate compliance and supervisory programme are in place and functioning. A CEO who signs the annual certification without genuine engagement with the firm's compliance function has made a potentially false certification — itself a serious regulatory violation. A CEO who genuinely reviews the annual report, meets with the CCO, and certifies based on that engagement has fulfilled the rule's governance accountability purpose.
FINRA Rule 3130 is tested on the Series 7 and Series 65 examinations as the governance accountability capstone of the supervisory framework — specifically the CEO certification requirement, the CCO designation obligation, the annual meeting requirement, and the distinction from the Rule 3120 annual report.
The key points to retain are these.
FINRA Rule 3130 — Annual Certification of Compliance and Supervisory Processes — requires every member firm to designate one or more chief compliance officers identified on Form BD and in FINRA's contact system. The chief executive officer must annually certify that the firm has in place processes to establish, maintain, review, test, and modify written compliance policies and supervisory procedures reasonably designed to achieve compliance with applicable rules and laws — and must attest to having conducted at least one meeting with the CCO in the preceding twelve months to discuss compliance processes.
The annual certification must be supported by an annual report documenting the firm's compliance and supervisory processes — prepared before execution of the certification, reviewed by the CEO, CCO, and relevant officers, and provided to the board of directors and audit committee at the earlier of their next scheduled meetings or within forty-five days of certification execution. The Rule 3130 report is distinct from the Rule 3120 report — the Rule 3130 report documents compliance processes and supports the CEO certification at the board level, while the Rule 3120 report documents testing results and is submitted to senior management. Together Rules 3110, 3120, and 3130 form the complete supervisory governance framework — establish the system through Rule 3110, test it through Rule 3120, and certify its adequacy through Rule 3130.
