Management
As is the case with every other area of a bank's operations,
the quality of management is often the most important contributing factor in providing securities transfer services. Bank management should be aware of its responsibilities to the issuers and holders of securities for whom it provides securities
transfer services, as well as to the investing public in general. This is equally true of banks who limit securities transfer activity
to own-bank or parent holding company securities, since the institution's own
securityholders also require prompt turnaround of securities transfers and accurate
recordkeeping.
Supervision of the transfer agent area by the Board and senior
management does not necessarily indicate a role in day-to-day operations. Rather,
the Board of Directors, as the ultimate source of authority and responsibility in the
bank, including securities transfer operations, must ensure that sound policies and
comprehensive procedures governing securities transfer activities are adopted and
enforced. Management must likewise provide for the effective supervision of
transfer agent operations. Of particular importance is ensuring that the securities
transfer function is adequately staffed with well trained personnel. It is the failure to
discharge these supervisory responsibilities that often leads to inefficient operations,
violations of laws and regulations and losses to shareholders that must be compensated out
of bank capital.
The sophistication and complexity of senior management and
Board oversight, however, depends on the volume and complexity of securities transfer
activities. Many bank transfer agents supervised by the FDIC limit securities
transfer activity to the transfer of own-bank or parent holding company stock; and the
volume of items transferred tends to be relatively small. Management and
Board
oversight in these smaller transfer agents may be informal, whereas banks with larger,
more complex securities transfer activities will have more formalized management reporting
and tracking processes. Management oversight responsibilities may be delegated to
subcommittees or lower levels of management, provided that the Board and senior management
review the actions of those to whom it has delegated such responsibility.
Securities Transfer Policies
The sophistication
and level of detail provided in the policies governing securities transfer activity will
vary depending on the size and complexity of operations. Generally, policies
governing the securities transfer function should include the following areas:
Earnings
Management and the Board should be aware of the earnings
implications of offering securities transfer services. This does not mean that the
securities transfer function must be profitable or that income and expense tracking
systems must be sophisticated or elaborate. In fact, many small transfer agents'
securities transfer services are not profitable. These are typically banks that
limit securities transfer activity to own-bank, affiliate or parent holding company stock
and view the transfer agent function as a service to the institution. Federal Reserve Act
Section 23B applies to bank transfer agents and, therefore, a bank transfer agent
performing securities transfer services for its parent holding company or an
affiliate
must be compensated for its services. Being aware of the costs of providing stock
transfer services permits an institution to decide whether it should continue to provide
stock transfer services or whether the bank, parent holding company or affiliates thereof
should outsource the stock transfer function.
Transfer
agents providing securities transfer services to non-affiliated entities normally do so to
earn a profit. In such cases, management should monitor the profitability of the
securities transfer function to determine whether earnings are being realized. For
these transfer agents, the earnings analysis should include budgeting, allocating
expenses, verifying the fees charged to outside accounts are collected, reviewing the
appropriateness of any fee waivers, and assessing the overall profitability of securities
transfer services against the risk of offering such services. Based on the results of the
earnings analysis, management may decide to continue to transfer securities, outsource some
or all of the transfer agent function, or cease transfer agent operations entirely.
Management of Transfer Agent Activities
In addition to the quality of Board and senior
management oversight, the knowledge, experience and capabilities of the day-to-day
management and staff of the transfer agent function is a crucial element, in the safe and
sound provision of securities transfer services. Given the absolute imperatives
contained in the SEC's operational requirements, at a minimum, those responsible for the
day to day management of transfer agent activities, must be well versed in the rules and
regulations governing securities transfer. In addition, operational managers in the
transfer agent area should be familiar with common industry practices and standards.
The evaluation of the adequacy of operational managers or employees should give
necessary consideration to the volume and complexity of the individual institution's
securities transfer business. Smaller transfer agents, for example those who qualify
for the "small transfer agent" exemption, will have operation managers with less
formal training and experience. For these transfer agents, the most important
consideration is the capability to ensure satisfactory performance of securities transfer
services and compliance with all applicable laws and regulations.
Organization and Staffing
Securities transfer activity may be conducted
through an institution's trust department, if the institution offers other fiduciary
services, or through a separate department, e.g., the corporate secretary's office. Furthermore, various areas of the securities transfer function may be outsourced to third
party services providers, e.g. data processing services. In some instances the entire transfer
agent function may be outsourced, an arrangement referred to as private label
servicing. Regardless of the organizational structure of the securities transfer
function, the transfer agent area should be adequately staffed with knowledgeable and
trained employees. Although not essential for small transfer agents with limited
securities transfer activity, an organizational chart and position descriptions should be
established and kept current. Periodic training should be provided to ensure that
securities transfer personnel remain conversant, as necessary, with existing laws,
regulations, industry practices and standards, and are informed of changes and on-going
developments impacting securities transfer services. Cross-training and the
availability of back-up personnel, including the fingerprinting of such employees, are
other important considerations, especially in small transfer agent operations with limited
personnel. Management needs to ensure that adequate staff is available so that
satisfactory securities transfer services will continue to be provided in the event that
regular staff members become unavailable through illness or other circumstances.
Parent Holding Company or Affiliate Support Services
An evaluation of securities transfer services
management includes an assessment of any support or other services provided by the
registered transfer agent's parent holding company or by other affiliated entities within
the organization. Examples of services that might be provided by the parent holding
company or affiliates include data processing services, audit services, staff support, training and
technical support. Transfer agent management should, however, monitor the
performance of such services and at all times ensure that securities transfer services are
performed in a satisfactory manner and in conformance with applicable laws and
regulations.
Acceptance of New Accounts
One of the most important responsibilities
assumed by the Board and senior management is the decision to accept an appointment as the
transfer agent or registrar, in the case of bonds. This is
the case for those transfer agents whose activity includes serving as transfer
agent or registrar for outside securities issues. However, even those transfer
agents who limit securities transfer services to own-bank or parent holding company
securities must consider whether, at a minimum, they have the necessary knowledge,
expertise, and systems to perform securities transfer activities in conformance with
applicable laws, regulations and industry standards. Those transfer agents who
accept outside appointments to perform securities transfer services assume even higher
levels of reputational, operational, and strategic risks, and must, therefore, assess whether
they can adequately manage these risks and earn an appropriate return for assuming a
higher level of risk.
New accounts should be reviewed and approved
by the Board of Directors, or a designated subcommittee thereof. Each new account
should receive a due diligence review. Generally, the due diligence review should
include:
An analysis of the issuer. The analysis should consider the following:
The financial condition of the issuer
at the time of acceptance;
The size and character of the issue,
including the volume of securities transfers, the type of security, e.g. stock, bond or
mutual fund, and any legal restrictions that may impact the issue, e.g., Section 144 stock;
The reputation of the issuer;
The existence of, or potential for, conflicts
of interest;
The capabilities of the securities transfer
agent to perform all securities transfer services in a satisfactory manner and in full
conformance with applicable laws, regulations and industry standards;
The prospects for earning a profit during
the term of the appointment that adequately compensates the transfer agent for the level
of risk assumed;
The adequacy of operational and informational
systems.
Fees. Except in the case where the institution serves as
transfer agent for own-institution securities, a fee should be assessed for providing
securities transfer services. When providing securities transfer services to the
parent holding company or affiliated entities, Section 23B of the
Federal Reserve Act requires that all terms
governing the appointment be comparable as those with non-affiliated entities.
Account Documentation. Accepting an appointment as
securities transfer agent for the securities of outside organizations requires various
documentation. Corporate and other resolutions, contracts, and similar documents setting
forth the duties and responsibilities of each party are standard. Documentation will,
however, differ according to the type of security, the issuer, and the registrant's duties
and responsibilities. While not specifically required in the SEC regulation, the following
types of documentation are normally required:
Official resolution of the issuer
authorizing the transfer appointment;
Issuer's charter or articles of incorporation, with all
amendments;
Issuer's bylaws, with all amendments;
Evidence that the securities have been registered with, or
approved by, regulatory authorities such as the SEC or state securities departments,
utilities commissions, banking agencies etc;
Opinion of the issuer's attorneys that the securities are
validly issued and that all required actions have been completed;
Specimen securities certificates, certified by the issuer's
secretary;
Certified specimen signatures of current officers of the issuer
who are authorized to sign securities;
Printer's certificates or other documentation evidencing the
number of unissued certificates received by the registrant;
If appointed as successor transfer agent/registrar for an issue
which is out-of-proof at acceptance, an indemnification agreement obtained from either the
previous transfer agent/registrar or the issuer.
Closed Accounts
The Board, or a duly designated subcommittee, should
review all closed accounts. The goal of the closing review is to ensure that the
institution has fulfilled its responsibilities as transfer agent and that the
administration of the account has been satisfactory. The institution can also verify
that all required depository notifications have been made, and, if the institution has no
remaining transfer agent responsibilities, that a deregistration form has been mailed to
the appropriate regulatory authority.
A significant increase in closed accounts may
indicate operational or managerial deficiencies. The Board should review the reason
why the account was closed. Formal acknowledgement of all closed accounts should be
noted in the Board or appointed subcommittee's minutes.
Account Administration
The Board and senior management are responsible for ensuring
that securities transfer activities are performed in a satisfactory manner and in full
compliance with applicable laws, regulations and industry standards. The development
and implementation of appropriate policies and comprehensive operating procedures are
important elements for ensuring proper administration of all transfer agent accounts.
Account Reviews
In addition to policies and procedures, an annual account
review is essential for verifying the proper conduct of securities transfer services and
compliance with laws and regulations. An annual review of the performance of each
transfer agent appointment allows for the early identification of operational or
compliance problems and allows management and the Board to intervene promptly to ensure
correction of any deficiencies revealed by the account review.
Account reviews should be conducted annually. Those FDIC
regulated institutions that conduct securities transfer activities in the Trust
Department
have adopted the Statement of Principles of Trust Department Management which requires an
annual review of all accounts. However, even those institutions that do not conduct
securities transfer activity via the Trust Department should implement an annual account
review program. Account reviews should be conducted by individuals who are
independent of the transfer agent function, i.e., not involved in the operational aspects
of securities transfer operations. In small institutions with limited staff,
transfer agent personal can conduct the account review, but should not be involved in the
administration of the specific account.
The scope of the annual account review will vary depending on
the volume and complexity of securities transfer. In all cases, however, the scope
should include compliance with all applicable SEC operational requirements, including
fingerprinting requirements and internal policies and procedures. The annual account
review may include, but is not limited to the following items:
- Account documentation
- Fingerprinting of Personnel
- Turnaround Performance, including SEC notifications and
limitations on growth in those cases where SEC turnaround performance has not been
satisfied
- Out-of-Proof Conditions and Buy-ins
- Signature Guarantee Policies and Procedures
- Master Securityholder file, including certificate detail and
prompt posting thereto
- Inquiries, including turnaround performance and monthly logs
thereof
- Control Book, including adequacy of documentation supporting
changes to
- Daily and Monthly Logs
- Internal Controls, including controls of cancelled and unissued
certificates
- Regulatory Reports, including amendments to TA-1, accuracy and
timeliness of TA-2, and depository notifications
- Eligibility for small transfer agent
exemption, including documentation supporting the continued eligibility
for the exemption
- Reporting of Lost, Missing or Stolen Securities
- Fees, including the accuracy and prompt collection of
- Complaints, including the adequacy and timeliness of response
thereto
- Criticisms by auditors and regulatory agencies
Examiners should be flexible in assessing the adequacy of an
institution's annual review process. An evaluation of an institution's review
process should focus on the effectiveness of the process, rather than the manner in which
it is conducted. Flexibility is required when evaluating the review process for
small transfer agents that limit securities transfer activity to own-bank or parent
holding company stock and may have a relatively small volume of transfers. The
objective of any account review program, regardless of the volume of activity and
complexity of operations, is to promptly identify instances of operational deficiencies
and noncompliance with laws and regulations, and to promote the timely correction thereof.
The results of the annual review should be periodically
reported to the Board, or a designated committee thereof, and senior management. The
Board and senior management should ensure that all deficiencies noted in the annual review
are addressed and monitor the progress of corrective action taken.
Risk Management
For many small transfer agents that limit securities transfer
activity to own-bank or parent holding company stock and process a relatively small volume
of transfers, the risk management program will be informal in nature and consist
principally of implementing sound polices and procedures and providing for annual account
reviews and audits. For larger, more complex transfer agents, a formal risk
management program should be established to identify and control the risks of providing
securities transfer services. An effective risk management program guards against
the legal liability that can result from poor operational practices and noncompliance with
applicable laws and regulation by identifying areas where there is significant exposure.
Strong internal controls, sound policies and practices, and appropriate management
information systems provide the basis for an effective risk management program. The
sophistication of the department's risk management program should be developed according
to the complexity and size of securities transfer services offered. Risk tolerance
levels should be clearly set and monitored by both senior management and the
Board of
directors. The program should be periodically reviewed and revised to address
significant changes in the risk profile of securities transfer activity. Generally,
an effective risk management program should:
- Identify the various risks associated with the
institutions securities transfer activities. This includes an analysis of insurance
coverage and the impact of fiduciary risk on capital adequacy. Litigation risks should
also be analyzed.
- Establish the level of risk that management is willing to
assume. Examiner emphasis should be placed on reviewing the planning process and new
services.
- Supervise the management of current operations.
Guidelines should address the structure of day-to-day management of transfer agent
operations, the effectiveness of operating policies and procedures, and the effectiveness
of compliance programs and internal controls.
- Implement adequate controls and monitoring systems. This
includes establishing a system of checks and balances, reviewing audit coverage, the
compliance management system, and the overall scope and reliability of existing management
information systems.
Securities transfer activities expose the bank to many of the
same risks encountered in the commercial business. Operating or transaction, strategic,
legal, compliance, and reputational risks are found in varying degrees within many
departments.
Emergency Preparedness
In addition to managing the risks inherent in offering
securities transfer services, including compliance with applicable laws and regulations,
management must manage the risks of securities transfer activities being interrupted,
hindered, delayed or rendered impracticable due to natural disasters or, given the
indispensability of automated systems in conducting securities transfer activities,
computer system failures.
Storms, floods, earthquakes and other natural disasters may
render a transfer agent's facilities unserviceable for extended periods of time. Computer
systems may crash, communication lines may fail or vital electronic data may be lost or
damaged. Management should anticipate such contingencies by developing emergency
preparedness and business resumption plans. Among the areas that such plans should
address are:
- Business resumption in the event of natural disaster or civil
disturbances. Areas that should be addressed include: the availability of back-up
facilities; the evacuation of affected personnel; management succession; the
availability
of required supplies, for example blank securities certificates; back-up records, both
computer and manual; and communications with clients.
- Recovery of data processing functions in the event of a computer system
failure, communications failure, or the loss or corruption of vital electronic records.
Such plans generally address the back-up and off-site storage of critical data
files; arrangements for back-up data processing facilities; the availability of back-up
communication lines; as well as on-site data security and protection procedures.
Institutions with large, complex transfer agent operations may
have disaster recovery/business resumption plans specifically designed for the securities
transfer area. Institutions with small, non-complex transfer agent operations, may,
instead, develop institution-wide disaster recovery/business resumption plans. In
such cases, examiners should determine that the institution's plans adequately address the
business resumption requirements of the transfer agent area. Examiners, as part of
their pre-examination planning, can review previous Safety and Soundness and Information
Technology (IT) Reports of Examination to obtain information about the institution's disaster
recovery/business resumption plans and data security/data back-up policies. When the
Registered Transfer Agent examination is conducted concurrent with Safety and Soundness or
IT, the EIC is encouraged to coordinate the review of emergency preparedness with the
other EIC's in order to avoid duplication of effort.
Disaster recovery/business resumption plans should be review
and tested periodically to ensure that the plans continue to adequately address current
conditions. For example, where the institution has contracted or otherwise arranged
back-up facilities from third parties, the institution should ensure that third parties
continue to be able to provide the services promised. The results of periodic tests should
be documented in writing and reviewed by the Board, or a designated committee thereof,
which should monitor the progress of any remedial action resulting from the test.
The disaster recovery/business resumption requirements for a
small, non-complex transfer agent that limits securities transfer activity to own-bank
stock and employs a manual or simple PC-based operation will be much less extensive and
complex than institutions that transfer securities for third party issuers and maintain
more sophisticated automated systems.
Fingerprinting of Personnel
The Board of Directors and senior management are responsible
for protecting the financial institution from fraud and other acts of dishonesty. 12 U.S.C. 1829 requires financial institutions to take steps to avoid hiring an individual
convicted of dishonest acts. An important step in
protecting the financial institution from potential fraud is the pre-screening of
employees. Some prospective employees, however, provide false information or
references which cannot be substantiated. The repercussions of employing such individuals
may be serious. In addition, current employees may have committed acts of dishonesty or
breaches of trust during their tenure at the bank. An effective way of identifying current and prospective employees with
criminal records is by fingerprinting employees and submitting the
fingerprints to the FBI for analysis.
It's been estimated that 10 percent of the fingerprint cards submitted uncover a criminal
record. As discussed below, the fingerprinting of employees who are directly or
indirectly involved in handing securities certificates is an important requirement for
registered transfer agents.
Securities and Exchange Commission rules require that every
partner, director, officer and employee of a registered transfer agent be fingerprinted.
The fingerprinting requirement is implemented by SEC
Regulation 240.17f-2. As discussed in more detail below, certain individuals may be
exempted from being fingerprinted. Once fingerprinted, the registered transfer agent must
submit the fingerprints to the Attorney General of the United States or its designee for
processing and identification. In practice, fingerprint cards are submitted to the
FBI which does a search in order to determine if the individual whose fingerprints have
been submitted has a criminal record. The FBI, however, will not accept fingerprint
cards submitted directly by banks. Instead, an authorized intermediary must be used.
The only intermediary authorized by both the FBI and the SEC is the American
Bankers Association (ABA). The ABA has a program in place to handle the submission of
fingerprint cards to the FBI. Bank transfer agents needing more information about
administering a fingerprinting program can contact the ABA.
If there is a criminal record, termed a "hit", both
the fingerprint card and the criminal identification card, i.e., "rap sheet",
are returned. Sometimes fingerprint cards received by the FBI cannot be
classified and thus can not be searched by characteristics of the fingerprint. In
such cases, a name check (based on the information on the fingerprint card) is performed.
If the name check is positive, the fingerprints will be verified against the subject's
fingerprints already on file, and a copy of that record will be returned directly to the
bank. If the name check is negative, the bank will be notified.
Sometimes, an individual can not be successfully
fingerprinted, i.e., a legible set of fingerprints can not be obtained. In such
cases, a minimum of three attempts must be made to obtain legible fingerprints. All
three attempts to obtain legible fingerprints, however, must be performed by an individual
competent to roll fingerprints (this might be someone in the institution's security
department, the local police or sheriff's department or the state police). If all three
attempts are unsuccessful, no further fingerprinting of the individual is necessary.
The transfer agent must, however, retain all three fingerprint cards that the FBI returned
as illegible in order to document that the three required attempts to fingerprint were
performed.
The fingerprinting requirement can be satisfied if
the officer or employee has already been fingerprinted pursuant to another law, provided
that the fingerprints were submitted to and processed by the FBI and the fingerprint cards
and related documents are retained as required by Rule 17f-2.
Exemptions from Fingerprinting
While Rule 17f-2 states that all directors, officers
and employees must be fingerprinted, the regulation permits registered transfer agents to
exempt personnel not directly or indirectly involved in transfer agent
operations. Essentially, only those directors, officers and employees who handle
securities certificates, related funds (e.g. dividend or interest checks) or are involved
in maintaining transfer agent books and records, or who supervise those that do, must be
fingerprinted. Examples of personnel that must be fingerprinted include
- Transfer agent personnel, clerks and secretaries;
- Supervisors of transfer agent personnel;
- Persons countersigning securities certificates, e.g.
directors or senior management;
- Employees with access to the locations where transfer
agent activity is performed.
In addition to personnel who are directly involved in
securities transfer activities, other bank personnel may be involved in handling
securities certificates and or records. These personnel should be fingerprinted and
include:
- Internal auditors;
- Mail room personnel, who initially receive
certificates mailed to the transfer agent;
- Internal messengers delivering and picking up
certificates;
- Data processing personnel who process transfer agent records or
print dividend and interest checks.
Registered transfer agents that claim an exemption
under 17f-2, must maintain a Notice Pursuant to Rule 17f-2, discussed below. Transfer
agents that perform securities transfer services only for its own securities and process fewer than 500 items during any six consecutive month period, i.e.,
transfer agents eligible for the "small transfer agent" exemption, are exempted
from maintaining the Notice Pursuant to Rule 17f-2.
Note: "Own securities" normally means
just the bank's own stock. Parent holding company stock may be considered to
qualify as "own securities. The SEC has indicated that parent holding company
stock will be considered "own" securities if the parent holding company is
a one-bank holding company, and:
Notice Pursuant to Rule 17f-2
A registered transfer agent that claims an exemption
for its personnel from the fingerprinting requirements of 17f-2 must prepare a Notice
Pursuant to Rule 17f-2. The Notice must be kept current at all times. The Notice
Pursuant to Rule 17f-2 must contain the following:
- The name of the organization and a statement that the
organization is a registered transfer agent
- A list of all persons who have been fingerprinted pursuant to
Regulation 17f-2. Persons fingerprinted can be listed by division, department, class
or individual name. Note: Since the Notice must be kept current at all
times, it is not advisable to list persons fingerprinted by individual name, which would
required updating the Notice every time there is a change in personnel. Listing
persons fingerprinted by broad categories, such as department or division, facilitates the
maintenance of the Notice. For example, if all transfer activity is conducted in
Department X, the notice could list "Persons in Department" in the Notice.
- A list of all persons, by individual name, who
could not be fingerprinted, i.e. for whom legible fingerprints could not be obtained.
Note: broad categories are not permitted for these persons, who must be
designated by name.
- A list of all persons whom the registered transfer agent claims
to be exempt from the fingerprinting requirement of Regulation 17f-2. Persons for
whom exemption is claimed can be listed by division, department, class or individual name.
As detailed in the note in the
second bullet, broad designations rather than individual designations
facilitate keeping the Notice current and accurate.
The persons so identified in the Notice are exempted from the fingerprinting requirements
of Rule 17f-2 unless the institution is notified to the contrary by the Securities and
Exchange Commission.
- A generic description of the duties of the persons and/or the
nature of the functions and operations of the divisions and departments identified as
exempt.
- A description of the security measures utilized to ensure that
only those persons who have been fingerprinted pursuant to Rule 17f-2, or who could not be
fingerprinted due to the inability to obtain a set legible fingerprints, have access to
the keeping, handling or processing of securities and the monies or the original books and
records related thereto.
Retention of Fingerprint Cards and Related
Information
Fingerprint cards must be retained for a period of
three years following the date that the individual fingerprinted terminates his/her
employment or relationship with the registered transfer agent. When a fingerprint
card is not returned to the bank by the FBI, any substitute record sent to the bank by the
FBI must be retained for a period of three years following termination of employment or
relationship with the transfer agent. Every substitute record must include the name
of the person fingerprinted, the name of the registered transfer agent that submitted the
fingerprint card, the name of the person or organization that rolled the fingerprints, and
the date that the fingerprint card was submitted.
Fingerprint cards and substitute records must be kept
in an easily accessible place at the registered transfer agent's principal office, and
must be made available upon request to the Securities and Exchange Commission or the
registered transfer agent's primary Federal regulator.
Records relating to the fingerprinting of personnel
may be maintained on microfilm. If the microfilmed records replace hardcopy records
the institution must provide for the following:
- Facilities for easily reading projection of the
microfilm and the production of easily readable and legible facsimile enlargements;
- Filing and indexation so that individual records can
be quickly located and retrieved;
- Provision, upon request, to the SEC or applicable
regulatory agency of facsimile enlargements of such records; and
- Storage of a copy of microfilmed records in a separate
location from the original microfilmed records, i.e. offsite storage of a backup copy.
|