On June 23, 2016, the Securities and Exchange Commission ("SEC") announced a new initiative focused on potential violations of Rule 15c3-3 under the Securities Exchange Act of 1934 ("Rule 15c3-3" or the "Customer Protection Rule"). In connection with the new initiative, the SEC also announced on June 23rd its settlement with Merrill Lynch, Pierce, Fenner & Smith Inc. and Merrill Lynch Professional Clearing Corp. (collectively, "Merrill Lynch") for violations of the Customer Protection Rule.

The Customer Protection Rule

Adopted in 1972, the Customer Protection Rule seeks to ensure that broker-dealers safeguard customer funds and securities. There are two parts to the Customer Protection Rule. First, Rule 15c3-3 requires a broker-dealer that maintains custody of customer securities and cash (a "carrying broker-dealer") to maintain physical possession or control over customers’ fully-paid and excess margin securities. The broker-dealer must hold its customer securities in one of several locations provided for in Rule 15c3-3 and free of any liens or any other interest that could be exercised by a third party to secure an obligation of the broker-dealer. Second, a carrying broker-dealer must maintain a reserve of cash or qualified securities in an account at a bank that is at a minimum equal in value to the net amount owed to its customers. The amount the broker-dealer must maintain is calculated using the customer reserve formula set forth in Exhibit A to Rule 15c3-3.

The Customer Protection Rule Initiative

The SEC’s new initiative is intended to address historical and ongoing instances of noncompliance with the Customer Protection Rule. Broker-dealers that have any historical or ongoing instances of noncompliance with the Customer Protection Rule are encouraged to self-report any violations by November 1, 2016. The SEC’s Division of Enforcement, in a coordinated effort with the Division of Trading and Markets and the Office of Compliance Inspection and Examinations, plans to conduct a risk-based sweep of certain broker-dealers to identify noncompliance with the Customer Protection Rule. This sweep could lead to a request for additional documents, an examination of the firm’s compliance with the rule, or the initiation of an enforcement investigation.

The SEC noted in its announcement that self-reporting firms may receive favorable settlement terms if the self-report results in an enforcement action. Importantly, this initiative does not apply to individuals that have been found to have aided and abetted or caused a broker-dealer’s violation of the Customer Protection Rule, and the SEC offers no assurances of favorable settlement terms to those firms that fail to self-report.

In the Matter of Merrill Lynch

In the corresponding enforcement case, the SEC alleged that from 2009 to 2012 Merrill Lynch violated the Customer Protection Rule by engaging in "complex options trades that lacked economic substance and artificially reduced the required deposit of customer cash in the reserve account," freeing up billions of dollars per week that was then used by Merrill Lynch to finance its own trading activity. During the period spanning 2009 to 2015, Merrill Lynch also held fully-paid customer securities in accounts subject to general liens in violation of the rule.

In the settlement order, Merrill Lynch acknowledged that it willfully violated the federal securities laws and agreed to pay $415 million in civil monetary penalty, disgorgement, and prejudgment interest. The SEC also announced a litigated administrative proceeding against William Tirrell, Merrill Lynch’s financial and operations principal, or "FINOP," and Head of the Regulatory Reporting Department, for willfully aiding and abetting the firm’s violations.

Compliance Considerations

In light of the SEC’s increased focus on Rule 15c3-3 compliance, as evidenced by its new initiative and the steep fine imposed on Merrill Lynch, we suggest that fully computing firms consider reviewing compliance with the Customer Protection Rule. It is important that such a review be conducted now, so if an issue is discovered, an informed decision can be made regarding the necessity to self-report prior to the November 1, 2016 cut-off date. A review at this time will also reflect the robustness of a firm’s compliance program and may serve as a benchmark of compliance with the Customer Protection Rule if, in the future, the SEC reviews the firm’s compliance with Rule 15c3-3.

In conducting this review, firms should perform a comprehensive walkthrough of their processes and procedures for complying with the rule. Before commencing the review, you should ask whether you have sufficient expertise in-house to make the assessments required. In many cases, the people involved in making the day-to-day decisions related to the Customer Protection Rule are not the ideal people to conduct the review. A set of fresh eyes can help detect potential issues and can provide integrity to the review. For these reasons, and in order to properly establish the attorney-client privilege, you should consider whether experienced outside counsel should be retained to oversee the review.