12.5 Customer Protection Rules

SEC Rule 15c3-3 — The Customer Protection Rule

Rule 15c3-3 keeps customer property safe by forcing a broker-dealer to separate customer assets from firm assets. The firm must maintain physical possession or control of fully paid and excess-margin customer securities, and it must perform the customer reserve formula computation — at least weekly — to determine how much customer cash to hold in a Special Reserve Bank Account for the Exclusive Benefit of Customers. The goal: if the firm collapses, customer assets are identifiable and untouchable by the firm's creditors.

SIPC — Protection When a Firm Fails

The Securities Investor Protection Corporation (SIPC) is a nonprofit membership organization (not a government agency) that protects customers when a member broker-dealer fails and assets are missing. SIPC does not insure against investment losses from market declines.

SIPC protection is measured per separate capacity, so one person can be covered multiple times. An individual account, a joint account, an IRA, and a trust are each a separate capacity entitled to its own $500,000/$250,000 limits.

Anti-Money-Laundering (AML)

The Bank Secrecy Act, expanded by the USA PATRIOT Act, requires every firm to maintain a written AML program with four pillars: written policies, a designated AML compliance officer, ongoing employee training, and independent testing (typically annual).

Customer Identification Program (CIP)

Before opening an account, the firm must collect and verify four data points:

• Name
• Date of birth (for an individual)
• Physical address
• Identification number (SSN for U.S. persons; passport/tax ID for others)

SARs and CTRs

A firm must not tip off a customer that a SAR was filed (the "no-tipping" rule). Structuring — breaking a large cash deposit into sub-$10,000 pieces to dodge a CTR — is itself a reportable violation.

Privacy — Regulation S-P

Regulation S-P governs nonpublic personal information (NPI) such as account numbers, balances, Social Security numbers, and transaction history. Firms must deliver an initial privacy notice when the relationship begins and an annual notice thereafter, and must offer customers the right to opt out of sharing NPI with non-affiliated third parties (servicing exceptions apply).

Customer Complaints

A complaint is any written grievance alleging a sales-practice problem, theft, forgery, or rule violation. Firms must keep complaint records (commonly four years), have a principal review them, and report qualifying complaints on Form U4/U5.

SIPC Coverage Worked Examples

Apply the $500,000 total / $250,000 cash limits per separate capacity:

Watch the joint-account line: the $500,000 ceiling is absolute per capacity, so $530,000 of value is only protected to $500,000; the extra $30,000 becomes a general claim against the estate. Because the individual, joint, and IRA accounts are three separate capacities, the same person can receive up to three separate $500,000 protections.

Net Capital and Books-and-Records

Beyond customer-asset segregation, SEC Rule 15c3-1 (the Net Capital Rule) requires a broker-dealer to maintain minimum liquid net capital so it can promptly meet obligations and wind down without harming customers. Rules 17a-3 and 17a-4 prescribe the books and records a firm must create and how long to keep them — many records for six years (e.g., blotters, ledgers), others for three years, and certain documents (like the firm's organizational records) for the life of the firm. These rules work together: 15c3-3 protects assets, 15c3-1 keeps the firm solvent, and 17a-3/4 make the activity auditable.

The Four AML Pillars in Practice

The written program, AML compliance officer, training, and independent testing are reinforced by Customer Due Diligence (CDD) and beneficial-ownership rules: for legal-entity customers, firms must identify individuals who own 25%+ of the entity and one control person. Ongoing monitoring is expected — a sudden pattern of round-number wire transfers to a high-risk jurisdiction should trigger review and, if warranted, a SAR, filed confidentially within 30 days of detecting the suspicious activity.

On the Exam

Lock in $500,000 total / $250,000 cash, the separate-capacity multiplier, that SIPC never covers market losses, the four CIP data points, and the $5,000 SAR vs. $10,000 CTR distinction.