Each depositor insured to at least $250,000 per insured bank



Home > Regulation & Examinations > Bank Examinations >Trust Examination Manual




Trust Examination Manual

Section 11 - Internal Controls

FDIC supervised financial institutions that conduct securities transfer activities in the trust department have adopted the Statement of Principles of Trust Department Management, which requires the Trust Department to implement adequate internal controls.  Even for those institution's that do not conduct transfer agent activities in a Trust Department, the implementation of an effective system of internal controls is an essential element in ensuring the satisfactory and efficient performance of securities transfer activities.  While not specifically required by SEC rules and regulations, except for required controls protecting funds related to securities transferred, it is difficult to envisage effective compliance with SEC operational requirements without effective internal controls.  Therefore, part of the Board's responsibility to ensure compliance with applicable rules and regulations includes the maintenance of an effective internal control environment.  In effect, the adoption and implementation of a system of internal controls appropriate for the volume and complexity of securities transfer activities represents a standard industry practice.

In the context of securities transfer activities, a system of internal controls comprises methods and techniques designed to prevent and detect errors, omissions and irregularities in the processing of securities transfers, to ensure the accuracy and integrity of the books and records relating to securities transfer activity, to protect funds related to securities transfer (e.g. funds for dividend and interest payments) and to provide for the physical protection of both blank and cancelled securities certificates.  In addition, effective internal controls promote operational efficiency and facilitate compliance with applicable laws and regulations.

Controls Governing the Processing of Securities Transfers

The issuance, transfer and cancellation of securities involves complex legal considerations.  Transferring recorded ownership of a security from one person to another is effected by the delivery of the security accompanied with a proper assignment by the appropriate person.  In the case of book-entry only issues, the transfer is initiated by an instruction by the appropriate person. An instruction is an order to the issuer of a book-entry security requesting the transfer, pledge or release from pledge of a book-entry security.  For example, a Stock Power or a Bond Power is a form used to instruct the transfer of ownership of a security from the registered owner to a third party.  Stock and Bond Powers are frequently used to instruct the transfer of book-entry securities, or in those cases where the back of the securities certificate is not used for endorsement. It is important to note that for the purposes of the Uniform Commercial Code (UCC) an "issuer" means a person on whose behalf transfer books are maintained, i.e., the registered transfer agent.

The transfer agent acts on behalf of the security issuer and verifies that all the legal requirements for the transfer are satisfied. For the most part, the legal requirements governing securities transfers are contained in Article 8 of the UCC.  Section 8-208 of the Code states:

(1) a person placing his signature upon a security as authenticating trustee, registrar, transfer agent or the like warrants to a purchaser for value without notice of the particular defect that:

  • the security is genuine; and
  • his own participation in the issue of the security is within his capacity and within the scope of the authorization received by him from the issuer; and
  • he has reasonable grounds to believe that the security is in the form and within the amount the issuer is authorized to issue.

A transfer of ownership which does not satisfy all the legal requirements, or a transfer based on an improper endorsement, results in liability for the transfer agent for any damages caused by the improper transfer.  Similarly, processing errors that result in the overissuance of securities potentially make the transfer agent liable for purchasing and retiring shares in the amount that the shares were overissued. Therefore, controls designed to ensure that presentors of securities for transfer are authorized to request the transfer of ownership, that the endorsements provided are genuine and accompanied by appropriate documentation and that the details of the transfer agree with the transfer agent's existing records are essential for controlling the risk of improper transfer.

Appropriate Person

An endorsement of a certified security in registered form is made when the appropriate person signs on it, or on a separate document, an assignment or transfer of the security or a power to assign or transfer it, or his signature is written without more on the back of the security.  Section 8-308 of the UCC defines appropriate persons as:

For certificated securities, i.e., securities represented by a printed certificate, the appropriate person is the person specified on the certificate or by a special endorsement to be entitled to the security.  A special endorsement specifies to whom the security is to be transferred, or who has the power to transfer it.   A special endorsement contrasts with an endorsement in blank, which is an endorsement to bearer.  An endorsement in blank may be converted into a special endorsement.

For uncertified securities, essentially securities in book-entry form, the appropriate person is the registered owner, if the security is not subject to a registered pledge.  If subject to a registered pledge, the appropriate person is the registered pledgee.

In addition, the following are defined as appropriate persons:

  • if the person designated is described as a fiduciary but is no longer serving in the described capacity, either that person or his successor;
  • if the persons designated are described as more than one person as fiduciaries and one or more are no longer serving in the described capacity, the remaining fiduciary or fiduciaries, whether or not a successor has been appointed or qualified;
  • if the person designated is an individual and is without capacity to act by virtue of death, incompetence, infancy, or otherwise, his executor, administrator, guardian, or like fiduciary;
  • if the persons designated are described as more than one person as tenants by the entirety or with right of survivorship and by reason of death all cannot sign, the survivor or survivors;
  • a person having power to sign under applicable law or controlling instrument; and
  • to the extent that the person designated or any of the foregoing persons may act through an agent, his authorized agent.

The UCC clarifies that "whether the person signing is appropriate is determined as of the date of signing and an endorsement made by or an instruction originated by him does not become unauthorized for the purposes of this Article by virtue of any subsequent change of circumstances.

When the appropriate person is a fiduciary the Code states that the "failure of a fiduciary to comply with a controlling instrument or with the law of the state having jurisdiction of the fiduciary relationship, including any law requiring the fiduciary to obtain court approval of the transfer, pledge, or release, does not render his endorsement or an instruction originated by him unauthorized for the purposes of this Article."

Consequences of Unauthorized Endorsements or Instructions

A transfer agent that registers the transfer of a certificated security upon an unauthorized endorsement or registers the transfer, pledge, or release of a book-entry security upon an unauthorized instruction must, upon demand, issue a like security to the true owner, or for a book-entry security restore the true owner's recorded ownership, unless doing so would result in an overissuance of the security.  If an overissuance would result, then the true owner of the security may:

  • If an identical security which does not constitute an overissuance is reasonably available for purchase, compel the transfer agent to purchase the security for him; or
  • If an identical security is not available for purchase, recover from the transfer agent the price that the true owner or the last purchaser paid for the security, along with interest from the date that the true owner makes the request.

An important point to note is that neither the true owner of a security nor the transfer agent can recover the improperly transferred security from a person who purchased the security for value and without notice of adverse claims. An "adverse claim" includes a claim that a transfer was or would be wrongful or that a particular adverse person is the owner of or has an interest in the security.   The true owner, and the transfer agent as subrogee, may recover a security from any person who was not entitled to receive it, i.e., a person who did not acquire it for value or who acquired it with knowledge of adverse claims.

Signature Guarantees

In view of the potential liability that a transfer agent assumes when securities are transferred on the basis of improper endorsements, i.e., endorsements or instructions provided by persons other than the appropriate person(s), institutions need controls designed to prevent the unauthorized transfer of securities for which the institution serves as transfer agent.  One control that is almost universal among transfer agents is the requirement that a signature guarantee accompany all endorsements.    Article 8-312 of the UCC governs signature, endorsement and instruction guarantees.

The guarantor of a signature of an endorser of a securities certificate warrants that at the time the security certificate or documents related thereto were signed:

  • the signature was genuine;
  • the signer was an appropriate person to endorse; and
  • the signer had the legal capacity to sign.

The guarantor of a signature of the originator of an instruction warrants that at the time of signing:

  • the signature was genuine;
  • the signer was an appropriate person to originate the instruction if the person specified in the instruction as the registered owner or registered pledgee of a book-entry security was, in fact, the registered owner or registered pledgee.  The guarantor of the signature provides no guarantee that the signer is in fact the registered owner or registered pledgee;
  • the signer had the legal capacity to sign; and
  • the taxpayer identification number, if any, appearing on the instruction as that of the registered owner or registered pledgee was the taxpayer identification number of the signer or of the owner or pledgee for whom the owner was acting.

Specially guaranteeing the signature of the originator of an instruction to transfer provides the warranty, in addition to the signature warranties provided, that:

  • the person specified in the instruction as the registered owner or registered pledgee of the uncertificated security will be the registered owner or registered pledgee; and
  • the transfer, pledge, or release of the uncertificated security requested in the instruction will be registered by the issuer free from all liens, security interests, restrictions, and claims other than those specified in the instruction

The guarantor of an signature does not otherwise warrant the rightfulness of a particular securities transfer, pledge, or release.  Guaranteeing the endorsement of a securities certificate, rather than just the signature on the certificate, warrants the rightfulness of a particular transfer in all respects.   Guaranteeing an instructions similarly warrants the rightfulness of a particular transfer, pledge or release in all respects. Note: notarization of a signature by a Notary Public does not qualify a signature guarantee.

Transfer agents may require a signature guarantee as a condition for processing a securities transfer.  Transfer agents, however, may not require a special signature guarantee or a guarantee of endorsement or instruction as a condition for processing the transfer, pledge or release of a security.

The guarantor is liable to any person dealing with the security in reliance on the warranties provided by the guarantor.  The transfer agent can seek to recover any losses resulting from a breach of the warranties given from the guarantor.

Medallion Guarantees

A person or organization providing a signature guarantee promises to reimburse the transfer agent for losses that result if the endorser's signature is not genuine, if the endorser is not an appropriate person to endorse, or lacks the legal capacity to endorse a certificate or make a transfer instruction.  As a result, transfer agents were often reluctant to accept signature guarantees from persons or organizations whose financial ability to honor its guarantees was not well established or otherwise in doubt.  In response, Medallion signature guarantee programs (so called due to the medallion stamp that is placed next to the signatures being guaranteed) were established.  The organization sponsoring a medallion signature program guarantees the financial performance of the individual guarantors participating in the program.  Transfer agents accepting signature guarantees issued under a medallion program greatly reduce the risk of loss from signature guarantors failing to honor signature guarantees.  

Although a transfer agent may accept a signature guarantee from any person or organization, it has become an industry practice to accept signature guarantees only from participants in a medallion signature guarantee program.  The SEC, which has established rules governing transfer agents' acceptance of signature guarantees, discussed below, permits registered transfer agents to reject signature guarantees from guarantors that are not participants in an SEC approved medallion program.   As described below, the Securities Transfer Association, a trade organization for transfer agents, runs two medallion signature guarantee programs, the STAMP and SEMP programs.  The New York Stock Exchange runs another program, MSP.

  • STAMP - Securities Transfer Agents Medallion Program.   This program is open to all eligible guarantors which includes commercial banks, credit unions, savings associations, trust companies and broker-dealers.
  • SEMP - Stock Exchanges Medallion Program.  This program is open to members of the American, Boston, Midwest, Pacific and Philadelphia stock exchanges and clearing and trust companies.
  • MSP - New York Stock Exchange Inc. Medallion Signature Program.   This program is open to all members of the New York Stock Exchange.
  SEC Requirements for Signature Guarantees

The SEC does not require registered transfer agents to require signature guarantees as a condition for processing securities transfer requests.  Rather, the SEC permits registered transfer agents to require a signature guarantee as a condition of effecting a securities transfer, as does the UCC, and allows transfer agents to limit signature guarantees to guarantors that participate in an approved signature guarantee program, i.e. one of the Medallion programs described above.   A registered transfer agent may process securities without a signature guarantee; may require a signature guarantee for every transfer; or may process some transfers without a signature guarantee for some transfers and require a signature guarantee for others. 

SEC Regulation 17 C.F.R. 240.17Ad-15, Signature Guarantees, basically requires that, in deciding to accept or reject a signature guarantee, registered transfer agents must treat eligible guarantor institutions or class of institutions equitably.  The SEC implemented Rule 17Ad-15 in response to the discriminatory treatment that many registered transfer agents practiced with respect to the signature guarantees of savings associations and credit unions.  In the past, transfer agents routinely accepted signature guarantees from broker-dealers and commercial banks, but normally rejected the signature guarantees of savings banks, savings and loan associations and credit unionsUnder Rule 17Ad-15 an Eligible Guarantor Institution means:

  • Banks;
  • Brokers, dealers, municipal securities dealers, municipal securities brokers, government securities dealers and government securities brokers:
  • Credit Unions;
  • National securities exchanges, registered securities associations, clearing agencies; and
  • Savings associations.

It should be noted that all of the eligible guarantor institutions may participate in one of the medallion signature guarantee programs.

Standards and Procedures for Signature Guarantees

All registered transfer agents are required to have the following:

  • Written standards for the acceptance of guarantees of securities transfers form eligible guarantor institutions; and
  • Procedures, including written guidelines where appropriate, to ensure that those standards are used in determining whether to accept or reject guarantees from eligible guarantor institutions

The transfer agent's standards and procedures may not treat eligible guarantor institution's inequitably, or result in the rejection of a guarantee from an eligible institution because it falls into one on the categories of eligible guarantor institution listed in Rule 17Ad-15.

Written policies and standards are required of all registered transfer agents, even those that do not require signature guarantees.

Rule 17Ad-15 provides, however, that a transfer agent is in compliance with the standards and procedures requirements if the transfer agent:

  • Rejects signature guarantees from guarantor institutions that do not participant in a signature guarantee program; or
  • Accepts signature guarantees from eligible guarantor institutions  that, at the time the guarantee is issued, is an participant in a signature guarantee program.

Since all eligible guarantor institutions may participate in a medallion guarantee program, accepting signature guarantees only from program participants does not result in inequitable treatment.  As a result, it has become an industry practice to accept signature guarantees only from medallion program participants.

The term "signature guarantee program" is defined in Rule 17Ad-15 as a program which the transfer agent determines accomplishes the following:

  • Facilitates the equitable treatment of eligible guarantor institutions; and
  • Promotes the prompt, accurate and safe transfer of securities by:
    • Adequately protecting the transfer agent against risk of financial loss in the event persons have no recourse against the eligible guarantor institution; and
    • Adequately protects the transfer agent against the issuance of unauthorized guarantees.

Rule 17Ad-15 provides for a transition period for transfer agents who change their written Signature Guarantee policies to include a signature guarantee program requirement.  For six months following such a change in policy, a transfer agent may not reject a requested transfer because the signature guarantee was from a guarantor institution that does not participate in a signature guarantee program unless the transfer agent provides 90 days written notice of its intent not to accept signature guarantees form non-participating guarantor institutions.

It is important to note that Rule 17Ad-15 prohibits the inequitable rejection of signature guarantees based solely on the basis of type or class of eligible guarantor institution.  A transfer agent may reject a signature guarantee from an eligible guarantor institution for reasons not solely related to the type or class of eligible guarantor institution that issued the guarantee.  A transfer agent may reject a signature guarantee for the following reasons:

  • For reasons unrelated to acceptance of the guarantor institution, such as:
    • the transfer of the security would be wrongful;
    • a signature is believed to have been forged;
    • the transfer would violate laws requiring the collection of transfer taxes;
    • the transfer agent has knowledge that the security to be transferred is subject to adverse claims;
  • The person acting on behalf of the guarantor institution is not authorized by that institution to act on its behalf, provided that the transfer agent maintains a list of people authorized to act on behalf of that guarantor institution;
  • The eligible guarantor institution is neither a member of a clearing corporation or maintains net capital of at least $100,000.

Therefore, a transfer agent's signature guarantee policy may address individual considerations not related to the type of eligible guarantor institution, such as those listed above.  While not required, written signature guarantee policies may provide for some non-medallion guarantees, such as those from Federal Reserve Banks and the Depository Trust Company.  Also, while the signature guarantee requirement is accepted industry practice, transfer agents may decide to waive signature guarantee requirements limited circumstances, such as:

  • Small transfers;
  • The securityholder requesting the transfer is well-known to the transfer agent or has a well-established business relationship (e.g. loans or deposits) with the transfer agent;
  • For military personnel stationed overseas and unable to utilize an eligible U.S. guarantor.

Upon request, a registered transfer agent must, within three business days, provide the requesting party a copy of its signature guarantee policies and procedures. The transfer agent must keep a copy of its signature policies and procedures in an easily accessible place.

Rejection of Signature Guarantees

A transfer agent may reject a signature guarantee from an eligible guarantor institution only if the signature guarantee fails to satisfy the transfer agent's written signature guarantee policies and procedures, e.g. if the guarantee is from a non-medallion program participant and the transfer agent's policy allows only for medallion program participant guarantees.

When a registered transfer agent rejects a signature because it does not satisfy the transfer agent's written standards and procedures, the transfer agent must notify both the presentor of the security to be transferred and the guarantor of the presentor's signature of the reasons for the rejection.  Notification must be made within two business days.  The transfer agent may notify the guarantor by telephone, fax, or ordinary mail.  The transfer agent may notify the presentor by returning the rejected item to the presentor.

Registered transfer agents are required to maintain and retain records relating to rejected signature guarantees.  The transfer agent's records must include:

  • the date the item was rejected;
  • the reason for the rejection;
  • the identity of the guarantor; and
  • whether the guarantor failed to meet the transfer agent's standards and procedures. 

The records must be retained for three years following the date the signature was rejected.

Liability for Unreasonable Rejection of Signature Guarantees

Section 8-401 of the UCC requires transfer agents to register the transfer, pledge or release of a security presented to the transfer agent if:

  • the security is endorsed or the instruction was originated by the appropriate person or persons;
  • reasonable assurance is given that those endorsements or instructions are genuine and effective:
  • the transfer agent has no duty as to adverse claims or has discharged the duty;
  • applicable laws relating to the collection of taxes have been satisfied; and
  • the transfer, pledge, or release is in fact rightful or is to a bona fide purchaser.

The transfer agent is liable to persons presenting certificates or transfer instructions for losses resulting from any unreasonable delays in registration or from a failure or refusal to register the transfer, pledge, or release. In view of this liability, registered transfer agent should implement sufficient internal controls to ensure that securities transfers are not delayed by the rejection of acceptable signature guarantees. One example of an appropriate internal control is to have an appropriate level of transfer agent management review all rejected signature guarantees and any related follow-up thereto.

Controls Over the Overissuance of Securities

A transfer agent that transfers a security to a purchaser for value warrants that the number of shares or, in the case of bonds, par value of bonds is within the amount of securities the issuer is authorized to issue.  When an issue of securities exceeds the amount that the issuer has the corporate power to issue, an overissuance has occurred.  Recall that it is the express duty of the stock registrar to verify that the transfer of a security or securities does not result in an overissuance.  See Stock Registrar or Bond Registrar.   A transfer agent that effects a transfer of securities that causes an overissuance risks having to buy-in the amount of securities overissued if the overissuance can not otherwise be eliminated.

Internal controls designed to prevent the overissuance of securities include procedures as elementary as verifying that the number of shares, or the par value of bonds, issued in a transfer match the number of shares, or par value of bonds, presented for transfer.  Any differences should be adequately explained and reconciled before completing the transfer.  Simply put, before making an item available, the transfer agent (registrar) should confirm that an overissuance of securities will not result, i.e. that the number of shares, or par value of bonds, agree with the amount authorized to be issued.  For such procedures to be effective, transfer agents need to post securities transfers to its related records in a prompt and accurate manner.  Adequate reconcilement practices are needed to ensure that securities transfer records, such as control books and master securityholder lists, continue to be accurate and promptly updated.  As described in greater detail below, the SEC has implemented regulations governing the prompt posting of transfer agent records, the resolution of out-of-proof conditions and the duty to buy-in the amount of overissued securities, as well as required reporting when such events occur.

Prompt Posting of Securities Transfer Related Records

Failure to promptly post changes in certificate detail increases the risk that out-of-proof conditions will occur and remain outstanding, with the related risk that an overissuance of securities may occur due to inaccurate recordkeeping.  SEC Rule 17Ad-10 requires recordkeeping transfer agents to promptly post securities related transactions to transfer agent related records.  A "recordkeeping transfer agent" is the registered transfer agent that maintains and updates the master securityholder file (See below). A recordkeeping transfer agent contrasts with a "named transfer agent", which is a registered transfer agent engaged by a securities issuer to act as transfer agent, but that engages a service company to perform some or all of the named transfer agent's duties. A "service company" is defined as a registered transfer agent engaged by a named transfer agent to perform transfer agent functions for the named transfer agent.

Securities related records that must be posted promptly are:

Master securityholder file - The master securityholder file is the official list of individual securityholder accounts.  For mutual funds, the master securityholder file may consist of multiple, but linked, automated files.  Transfer agents must promptly post certificate detail to the master securityholder file.  Certificate detail consists of:

  • The certificate number, except for uncertificated securities;
  • The number of shares for equity securities or the principal dollar amount for debt securities;
  • The securityholder's registration;
  • The address of the registered securityholder;
  • The issue date of the security;
  • The cancellation date of the security;
  • In the case of redeemable securities of investment companies (i.e. mutual funds), an appropriate description of each debit and credit (e.g. purchase or sale); and
  • Any other identifying information about securities and securityholders the transfer agent reasonably deems essential to its recordkeeping system for the efficient and effective research of record differences. 

Note: A "file" includes both automated and manual records.

If the security to be transferred or redeemed contains certificate detail that is different from the certificate detail on the master securityholder file, then a "record difference" has occurred, see below.  In such a case, the recordkeeping transfer agent must post a credit to the master securityholder file, i.e. record the new certificate detail in the master securityholder file.  The corresponding debit, i.e. cancellation of certificate detail from the master securityholder file, however, shall be recorded in a subsidiary file, e.g. suspense account, until the record difference is resolved.  Once posted to a suspense account, the transfer agent must be diligent in its effort to resolve the record difference, and, once resolved, must promptly debit the master securityholder file.  Recordkeeping transfer agents must maintain a record of all certificate detail deleted, i.e. debited, from the master securityholder file for six years following the date the certificate detail was debited.

Certificate detail must remain posted on the master securityholder file until a debit to a securityholder's account is appropriate.   Transfer agents must maintain accurate master securityholder files for the securities for which it is the recordkeeping transfer agent. Transfer agents that assume the maintenance and updating of master securityholder files from predecessor transfer agents, establish a new master securityholder file for an issue or convert from a manual to an automated system must carry over the existing certificate detail.

  • Control book - The control book is the record or any other document that shows the total number of shares (in the case of equity securities) or the principal dollar amount (in the case of debt securities) authorized and issued by the issuer. A recordkeeping transfer agent must maintain a current and accurate control book for each issue of securities.  Changes to the control book require written authorization from a duly authorized agent of the issuer.
  • Subsidiary files - A subsidiary file is any list or record of accounts, securityholders or certificates detailing debits and credits that have not been posted to the master securityholder file.   Subsidiary files must be current and accurate.
Prompt Posting Criteria

SEC Rule 17Ad-10 requires the posting of applicable records within the following timeframes:

  • Recordkeeping transfer agents that have qualified as exempt transfer agents must post applicable records within 30 calendar days;
  • Recordkeeping transfer agents that transfer only own-bank, parent holding company or affiliated company securities and that use a batch posting method must post applicable records within ten business days;

The SEC considers a batch posting system to be one in which posting is done daily to a front-end subsidiary file, with less frequent batch updating to master securityholder files.

  • All other recordkeeping transfer agents must post applicable records within five business days.  Securities transferred or issued prior to record date, but posted after the record date, must be posted as of the record date.

The timeframes detailed above do not apply to recordkeeping transfer agents' posting of mutual fund transfers.  The timeframes refer to the number of days following the issuance, purchase, transfer or redemption of a security.   In those cases where the recordkeeping transfer agent receives certificate detail for posting from a "co-transfer agent", the timeframes commence on the date when the recordkeeping transfer agent receives the records from the co-transfer agent.  A "co-transfer agent" is registered transfer agent that transfer securities, but does not maintain and update the master securityholder file.   Co-transfer agents are required to dispatch or mail a record of debits and credits for each security transferred or issued within two business days of transfer or issue, except when the transfer or issue occurs with five business days of record date, which must be dispatched or mailed to the recordkeeping transfer agent daily.  When a recordkeeping transfer agent inquires of a con-transfer agent concerning records that the co-transfer agent was required to dispatch or mail to the recordkeeping transfer agent, the co-transfer agent must respond to the recordkeeping transfer agent within five business days of receipt of such inquiries.

Failure to Promptly Post

Recordkeeping transfer agents that fail to meet prompt posting requirements must immediately report such failure to its appropriate regulatory agency, along with a report stating the measures that are, have been, or will be taken to correct the recordkeeping transfer agent's failure to promptly post required records.   SEC Rule 17Ad-11 requires such reports when a recordkeeping transfer agent has any debits or credits for securities transferred, purchased, redeemed or issued that remain unposted for more than five business days after the date when the debits and credits were required to be posted to the master securityholder file or to a subsidiary file.  A copy of such reports must be retained for at least three years, the first year in an easily accessible place.

Aged Record Differences

A "record difference" occurs when either:

  • The total number of shares or total principal dollar amount of securities in the master securityholder file does not equal the number of shares or principal dollar amount in the control book; or
  • The security transferred or redeemed contains certificate detail different from the certificate detail currently on the master securityholder file and where the difference cannot be resolved immediately.

An "aged record difference" is a record difference that has existed for more than thirty calendar days.  Subject to certain criteria, SEC Rule 17Ad-11 requires recordkeeping transfer agents to report aged record differences to issuers and to the appropriate regulatory agency.   Whether aged record differences must be reported depends on the aggregate market value of the aged record differences and the issuer capitalization.  Different reporting thresholds apply to required reports to interested parties than to required reports to the appropriate regulatory agency.

Reports to Issuers

Recordkeeping transfer agents must report to issuers aged record differences that, as of the end of each month, exceed the thresholds detailed in the table below.

Issuer Capitalization

Aggregate Market Value of Aged Record Differences Exceeds

For Equity Securities

For Debt Securities

$5 Million or Less $50,000 $100,000
Greater than $5 Million but less than $50 Million $250,000 $500,000
Greater than $50 Million but less than $150 Million $500,000 $1,000,000
Greater than $150 Million $1,000,000 $2,000,000

Issuer capital is the market value of the issuer's authorized and outstanding equity securities.  For an issuer of municipal securities issuer capital is the market value of all debt issues for which the transfer agent performs recordkeeping functions.  The market value of debt securities is determined by reference to the control book and current market prices.

Aged record differences are aggregated for all securities of a particular issuer, and not across all issuers.  Thus, to determine if an aged record difference must be reported, the aggregate of aged record differences for a particular issuer is compared to the capitalization of that issuer.

Recordkeeping transfer agents must report aged record differences to the following parties:

  • The official performing corporate secretary functions for the issuer of the securities for which the aged record difference exists;
  • For municipal securities, the chief financial officer of the issuer of the securities for which the aged record difference exists;
  • The named transfer agent, if the recordkeeping transfer agent acts as a service company.

Note: A recordkeeping transfer agent that transfers only its own securities does not have to report aged record differences to issuers, but does have to make the required reports to regulatory agencies.

A named transfer agent engaged by an issuer to maintain and update the master securityholder file must report aged record differences to the following:

  • The official performing corporate secretary functions for the issuer of the securities for which the aged record difference exists;
  • For municipal securities, the chief financial officer of the issuer of the securities for which the aged record difference exists;

The reports must be made within 10 days of the end of the month in which the aged record difference exists.  A report must be sent for each month in which a record difference exists.  The required reports must contain the following information:

  • The reasons for the aged record difference; and
  • The steps being taken or to be taken to resolve the aged record difference.
Reports to Appropriate Regulatory Agencies

Recordkeeping transfer agents must report to the appropriate regulatory agency aged record differences that, as of the end of each calendar quarter, exceed the thresholds detailed in the table below.

Aggregate Market Value of Aged Record Differences

Number of Issues Acting as Recordkeeping Transfer Agent

$300,000 5 or fewer
$500,000 6-24
$800,000 25-49
$1,000,000 50-74
$1,200,000 75-99
$1,400,000 100-499
$1,600,000 500-999
$2,600,000 1,000-1,999
An additional $1 million for each additional 1,000 issues

The reports must be made within 10 days of the end of the calendar quarter in which the aged record difference exists.  A report must be sent for each calendar quarter in which a record difference exists.  The required reports must contain the following information:

  • The reasons for the aged record difference; and
  • The steps being taken or to be taken to resolve the aged record difference.

Reports must be retained for at least three years, the first year in an easily accessible place.

Buy-Ins

When a registered transfer agent causes a physical overissuance of securities and can not recover the physical certificates that created the overissuance, the transfer agent must purchase securities in an amount equal to the overissuance.  Essentially, the transfer agent "buys-in" the amount of securities overissued in order to return the number of shares, or par value of bonds, to the authorized amount, as documented in the control book.  Buy-ins are only required when: 1) there has been a physical overissuance of securities, as opposed to an out-of-proof condition with respect to book-entry securities; and 2) the registered transfer agent's acts, of omission or commission, caused the physical overissuance. A transfer agent is not required to buy in a physical overissuance caused by a predecessor transfer agent.

For example, a physical overissuance of securities might result from:

  • the transfer of securities subject to an existing stop-transfer order.  See Lost, Stolen or Missing Securities;
  • errors in which the number of shares, or par value of bonds, represented by a newly issued certificate exceeds the number of shares, or par value of bonds, represented by the corresponding certificate that was cancelled.  Note that the stock registrar or bond registrar has the duty to guard against such occurrences.
  • errors in which the wrong class or series of security, e.g. the conversion of debentures into preferred stock instead of common stock.

Note: A difference in the amount of securities, representing either shares of stock or the face value of bonds, actually issued and the amount of securities indicated by the control book as being authorized gives rise to an "out-of-proof" condition.  An out-of-proof condition constitutes a record difference, but not all record differences represent an out-of-proof conditions.  In addition, an out-of-proof condition can represent an underissuance of securities.  Although an underissuance is not subject to buy-in requirements, it represents a potential liability to the transfer agent.  For example, as a result of a transfer agent's failure to issue or record the proper number of shares, or par value of bonds, a securityholder may not receive dividends, interest, corporate distributions, redemptions or stock splits to which the securityholder is entitled, with the transfer agent potentially liable for the losses it has caused.  

SEC Buy-In Requirements

SEC Rule 17Ad-10(g) requires registered transfer agents that have both caused a physical overissuance of securities and know that an overissuance has occurred to buy-in securities equal to the number of shares in the case of securities or the principal dollar amount in the case of debt securities.  The transfer agent must buy-in the securities within 60 days of the date it discovers the physical overissuance. The transfer agent "discovers" an overissuance when the transfer agent identifies the erroneously issued certificate(s) and the registered securityholder(s).

Within the 60 day timeframe, the transfer agent must work diligently to resolve the overissuance and recover the certificates involved.  In the following cases, however, the transfer agent does not have to buy-in physically overissued securities:

  • The transfer agent has obtained a letter from the holder of the overissued certificates in which the holder confirms that the overissued certificates will be returned to the transfer agent within 30 days.  If the overissued certificates are not returned within this 30 days period the transfer agent must immediately buy in the overissued securities.
  • The overissued certificates are covered by a surety bond indemnifying the transfer agent for all expenses resulting from the overissuance.   The transfer agent is required, however, to act diligently in resolving the overissuance and recovering the overissued certificates.
Required Reports Reports to Issuers

A transfer agent must report to issuers buy-ins executed pursuant to SEC Rule 17Ad-10(g).  Recordkeeping transfer agents must report as follows:

  • The official performing corporate secretary functions for the issuer of the securities for which the aged record difference exists;
  • For municipal securities, the chief financial officer of the issuer of the securities for which the aged record difference exists;
  • The named transfer agent, if the recordkeeping transfer agent acts as a service company.

Note: A recordkeeping transfer agent that transfers only its own securities does not have to report aged record differences to issuers, but does have to make the required reports to regulatory agencies.

A named transfer agent engaged by an issuer to maintain and update the master securityholder file must report buy-ins to the following:

  • The official performing corporate secretary functions for the issuer of the securities for which the aged record difference exists;
  • For municipal securities, the chief financial officer of the issuer of the securities for which the aged record difference exists;

Required reports must be sent within ten business days following the end of the month in which the buy-in occurred.  Named transfer agents that have engaged a service company must send the report within ten days following the date on which the named transfer agent receives a report from the service company that the service company has bought in securities.  SEC Rule 17Ad-10(c) requires co-transfer agents to report buy-ins to the named fiduciary within three business days following the month in which the buy-in occurred.  The reports must contain the following information:

  • The principal dollar amount of debt securities and the related market value or the number of shares and related market value of securities that were bought in. Note: Co-transfer agents are required to include this information in the report they are required to make to named transfer agents;
  • The party that executed the buy-in; and
  • The reason for the buy-in. Note: Co-transfer agents are required to include this information in the report they are required to make to named transfer agents.
Reports to Appropriate Regulatory Agencies

Buy-ins must be reported to the appropriate regulatory agency when the aggregate market value of all buy-ins executed in a calendar quarter exceeds $100,000.  The information reported is the same as that reported to issuers.  Reports to the appropriate regulatory agency must be made within 10 business days following the end of the calendar quarter in which aggregate buy-ins exceeded $100,000. 

Note: The market value of an issue is determined as of the last business day on which market value information is available during the reporting period.

Reports must be retained for at least three years, the first year in an easily accessible place.

Safeguarding of Funds and Securities

SEC Rule 17Ad-12 requires registered transfer agents having custody or possession of funds or securities related to transfer agent activities to assure that:

  • Securities are kept and handled in a manner to reasonably safeguard them from destruction, theft or other loss; and
  • Funds are protected from misuse.

The regulations does not detail any specific internal controls required for the protection of securities and funds held as a result of transfer agent activities, but simply requires that the protection afforded to securities and funds must be adequate in light of all facts and circumstances.  Rule 17Ad-12 states, however, that the cost of various safeguards and procedures and the degree of potential financial exposure are two relevant factors in evaluating internal controls and procedures governing the protection of securities and funds held as transfer agent. 

Small transfer agents will normally require fewer and less elaborate internal controls and procedures than larger, more complex transfer agent operations. For example, a transfer agent that qualifies for the small transfer agent exemption generally will have less sophisticated internal controls and procedures than a transfer agent processing a large volume of items for various outside securities issuers.   Discussed in greater detail below are various internal control concepts that are applicable to both large and small transfer agents.

Physical Security Controls

An effective control for preventing the misappropriation of securities certificates and transfer agent related funds is the establishment of controlled access to those areas of the institution where securities transfer activities are conducted, including access to personal computers and other computer systems used to process securities transfer activities.  Controlled access can be via coded access, special keys and badges or other means of preventing entry by and identifying individuals not authorized to enter areas where securities transfer activity is conducted.  In addition, fire proof filing cabinets and safes protect transfer agent records, certificates and supplies from loss due to fire damage or other nature disasters, as well as preventing misappropriation.  To be effective, keys, combinations and codes to file cabinets and safes must be effectively controlled at all times.  Access to vaults and safes should be subject to joint custody, i.e. two or more people are accountable for access and thus required to be present when vaults and safes are accessed.   Access logs should be maintained and should identify the persons gaining access, the reasons for accessing, and the assets or records accessed. Access codes and combinations should be promptly cancelled or changed when individuals are no longer employed with the institution or are no longer involved in securities transfer activities. 

Many small financial institutions with registered transfer agent operations, however, lack the space for establishing a separate secure area for securities transfer activity. For these institutions, the use of secure storage areas, such as vaults, safes and fireproof file cabinets, along with appropriate controls thereto, will assume an even greater importance.

Segregation of Duties

One of the most fundamental methods of internal control is the segregation of duties. The participation of two or more persons effecting the transfer of a security causes the work of one to serve as proof for the accuracy of another. Additionally, when two or more persons are involved in a process, the possibility of fraud diminishes considerably. Ideally, duties should be arranged so that no one person dominates any transaction from inception to termination.  A single individual should not be responsible for receiving and logging items presented for transfer; canceling certificates presented and issuing new certificates (or entering debits and credits in the case of book-entry securities); and updating or reconciling related records. EDP service center personnel should not initiate transactions or correct data except when such activity may be required to complete processing in a reasonable period of time (if this unusual situation arises, transactions should be approved by appropriate levels of management at the data center and at the serviced institution). EDP systems should be protected by password or other systems access controls and individual system operators should be individually identified.

Often, small transfer agent operations lack the staff necessary to implement a satisfactory segregation of duties.  In such cases, compensating controls should be implemented that will permit transfer agent management and personnel to identify and correct errors and irregularities promptly.   For example, when a single employee dominates a transaction, the transaction can be made subject to review by an independent employee.

When practicable, the planned and unannounced rotation of duties can compensate for a lack of segregation of duties, in addition to being an effective internal control in its own right. The rotation should be of sufficient duration to be effective. Rotation of personnel, besides being an effective internal check, can be a valuable aid in the bank's overall training program.

Vacation Policy

It is the FDIC's goal that all banks have a vacation policy which provides that active officers and employees be absent from their duties for an uninterrupted period of not less than two consecutive weeks. Such a policy is considered an important internal safeguard largely because of the fact that the perpetration of fraud of any substantial size usually requires the constant presence of the employee perpetrating the fraud in order to manipulate records, respond to inquiries from customers or other employees, and otherwise prevent detection. The benefits of such a vacation policy may be substantially, if not totally, lost if the duties performed by an absent individual are not assumed by someone else. In those cases where the bank does not require a continuous absence, compensating controls, such as the rotation of personnel among different duties or increased management review procedures, can constitute an acceptable alternative to a vacation policy requiring a continuous two week absence.

Reconciliation Procedures

As previously discussed, one of the major functions of a transfer agent is to transfer securities from a seller to a buyer after a purchase transaction.  Typically this takes place through the issuance of a new certificate to the purchaser and the cancellation of the old certificate.  With the growth of uncertificated (i.e. book-entry) recordkeeping functions by transfer agents, an increasing number of transactions are book-entry transfers.  Moreover, the current securities industry trend is towards a reduction in paper-based transaction flow, with greater utilization of direct registration systems that rely on account statements instead of negotiable certificates and automated links between securities depositories, broker-dealers and banks. In the absence of physical securities certificates, the integrity of a transfer agent's records, automated as well as paper based, is crucial.

Appropriate reconciliation procedures are an essential internal control element in ensuring the integrity of transfer agent records and the reliability of transfer agent recordkeeping systems.  In addition, sound reconciliation procedures promote compliance with SEC prompt posting requirements and the identification and timely resolution of record differences.  To be effective, reconciliations must be performed at appropriate intervals by individuals independent of the maintenance of the records being reconciled. Differences, errors and irregularities should be promptly investigated and resolved. Reconciliations should be reviewed by an appropriate level of transfer agent management, which should monitor the resolution of significant record differences.

Transfer agent related records and accounts that should be reconciled periodically include control books, which should be reconciled to the corresponding master securityholder file; ledgers, subsidiary ledgers and records related to interest and dividend payment accounts; accounts related to dormant funds and unclaimed property; inventories of blank securities certificates and interest/dividend checks.

Controls Over Securities Certificates Unissued Securities Certificates

Transfer agents must protect and control the supply of bank securities certificates that they hold in conjunction with the securities issues transferred.  The failure to control blank certificates could result in their being used for fraudulent purposes such as fraudulently serving as collateral.  With the exception of a reasonable working supply of  blank certificates, certificates should be kept in a secure location, such as a safe, vault or locked file cabinet.  Joint Custody of blank certificates further strengthens the effectiveness of controls over blank certificates, and is strongly recommended.  Working supplies of blank certificates should also be adequately controlled.  The use of blank certificates should be verified, and when pre-numbered or numerically sequenced certificates are used, with all breaks in numerical sequence adequately documented.  Blank securities certificates voided or spoiled should be adequately documented and disposed of or controlled.  The supply of blank securities certificates should be inventoried periodically, with any discrepancies promptly investigated and resolved.

SEC Rule 17f-1 was revised in 2004 to clarify that all certificates from the time printed (and unissued) until destroyed are covered by the rule.  An unissued, but printed certificate, includes the issuer's name, CUSIP number, certificate number, and authenticating signatures.  It does not have to include the registrant's name, the number of units, or the counter-signature of the transfer agent. 

Cancelled Securities Certificates

When a bond is redeemed or the ownership of a stock or debt security transferred, the corresponding security certificate is cancelled by the transfer agent.  For certificated securities, cancellation involves both a recordkeeping entry on the transfer agents books and the physical alteration of the certificate itself.   Cancelled certificates must then be stored for not less than six years following the date of cancellation. After six years cancelled certificates can be destroyed. See SEC Rule 17Ad-6(c) and 17Ad-7(d).  Refer also to Rule 17Ad-19.

The fraudulent use of cancelled securities certificates presents significant problems and potential costs, not only to transfer agents, but also to investors, creditors and broker-dealers. Securities certificates that have not been properly cancelled can be used to defraud the public and financial institutions.   Stolen certificates that were not properly cancelled have been subsequently sold to investors and used as collateral for loans.  Examples of frauds involving the use of cancelled securities certificates include:

  • In a 1992 case, approximately $111 billion face amount of cancelled bond certificates disappeared after being delivered from a transfer agent's warehouse to a certificate destruction vendor. The certificates, representing many well-known public companies, later began to resurface worldwide. A number of banks and brokers as well as individuals were defrauded through sales of the cancelled certificates for cash or through use of the cancelled certificates as loan collateral. The bulk of these cancelled certificates still remain unaccounted for and continue to resurface in the marketplace.

In this case the SEC brought an action against a transfer agent for its failure to report stolen certificates pursuant to Rule 17f-1, 17 CFR 240.17f-1, and for its failure to safeguard securities in its possession pursuant to Rule 17Ad-12, 17 CFR 240.17Ad-12. The transfer agent agreed to pay a civil penalty of $750,000 and to cease and desist from future violations of Sections 17(f)(1) and 17A of the Exchange Act and Rules 17f-1 and 17Ad-12 thereunder. See SEC v. Citibank, N.A., Civil Action No. 92-2833 (USDC, DC, 1992).

  • In a similar 1994 case, approximately $6 billion face amount of cancelled bond certificates disappeared after being delivered from a transfer agent's record center to two certificate destruction vendors. The cancelled certificates, which represented well-known companies, later began to circulate worldwide. Again, the bulk of these cancelled certificates remain unaccounted for and continue to resurface in the marketplace.

In 1994, the SEC and the OCC brought a joint action against a transfer agent for its failure to report stolen cancelled certificates pursuant to Rule 17f-1 and its failure to safeguard securities in its possession pursuant to Rule 17Ad-12. The transfer agent agreed to pay a civil penalty of $100,000 and to cease and desist from future violation of Sections 17(f)(1) and 17A of the Exchange Act and Rules 17f-1 and 17Ad-12 thereunder. As remedial measures, the transfer agent also agreed to mark cancelled certificates with the word "cancelled" and to adopt other safeguards. See The Chase Manhattan Bank, Administrative Proceeding No. 3-8518. Securities Exchange Act Release No. 34784 (October 4, 1994), 57 SEC Docket 2195.

  • In another instance, cancelled certificates were stolen from a transfer agent's shipping bags while in transit. The transfer agent regularly shipped cancelled certificates from the West Coast to a New York bank for processing. The transfer agent, however, did not record the contents of its shipments and, in effect, relied on its processing agent to do its bookkeeping. When the shipping bags were stolen, neither the transfer agent nor its processing agent realized that the certificates were missing. A number of the certificates resurfaced more than a month after the theft in off-market sales.

In 1994, the SEC and the OCC brought a joint enforcement action against a transfer agent and found that the transfer agent had violated Section 17(f)(1) of the Exchange Act and Rule 17f-1 thereunder for failing to report the missing securities to the Commission's Lost and Stolen Securities Program. The transfer agent agreed to cease and desist from any further violations of Section 17(f)(1) and Rule 17f-1 thereunder and agreed to pay a $75,000 civil penalty. See Seattle-First National Bank, Securities

The manner in which some transfer agents cancel securities certificates has contributed to the problem.  Some transfer agents cancel certificates by making pin-hole sized perforations which mark the cancellation date on the certificate, along with the transfer agents initials.  These perforations, however, were often so small as to be barely noticeable.  In some instances, the perforations have been interpreted by some as authenticating the certificate, rather than as evidence of the certificate's cancellation.  In some cases, transfer agents have failed to place any marking on the certificate to indicate that it had been cancelled. The potential for such fraud has grown in recent years, as many corporate bond issues have been redeemed many years prior to maturity, thereby increasing the volume of cancelled certificates that could potentially be used in fraudulent schemes if they are not properly cancelled.  The processing of cancelled securities certificates can involve significant warehousing costs, as they must be shipped, stored, safeguarded and tracked.

In view of the potential liability that securities transfer agents confront when they cancel, transport and store securities certificates that have been retired from circulation registered transfer agents should develop adequate policies and procedures governing cancelled certificates.  Canceling and retiring securities certificates from circulation has been largely governed by industry practices.  However, in 2004, the SEC issued Rule 17Ad-19, which outlines the proper procedures for cancellation. 

In 1994 the Securities Transfer Association (STA), the largest transfer agent trade association, adopted guidelines for dealing with cancelled securities which calls for marking cancelled certificates with the word "cancelled" and for security measures over the storage and destruction of certificates.  Examples of procedures governing the cancellation of securities certificates include the following:

  • Physically marking cancelled certificates in a manner that clearly indicates that the certificate no longer represents a claim against the issuer.   The STA guidelines call for marking the certificates with the word "Cancelled";
  • Maintaining certificate information in a reasonably retrievable manner, preferably electronically retrievable.  Certificate information that should be maintained includes:
    • CUSIP number;
    • Certificate number, with any prefix or suffix;
    • Denomination;
    • Registration;
    • Issue date; and
    • Cancellation date.

    Note: In some instances where cancelled certificates were stolen, the certificate information was of limited value in identifying the stolen certificates because they were manual, rather than electronic, and the certificate information was organized electronically by cancellation dates rather than by certificate numbers.  Thus, the necessary information could not be easily retrieved from the transfer agents records.

  • Maintaining controlled access to areas where cancelled securities are stored.  Controlled access generally means the practice of permitting only authorized personnel to areas where cancelled certificates are stored;
  • Requiring that the physical transportation of cancelled certificates be conducted in a secure manner and that a record of the CUSIP and certificate numbers of the certificates transported be maintained. When cancelled certificates are transported, the transfer agent dispatching the certificates should receive notice that the certificates were delivered.  In the case of non-delivery, the transfer agent should investigate the circumstances regarding the non-delivery.   If the non-delivery is not resolved, the certificates transported should be reported to the Securities Information Center as lost or missing securities. See SEC Rule 17f-1(c(2).

When a third-party servicer is used to physically destroy certificates, a transfer agent may decide to have an authorized person witness the physical destruction, or designate an outside party to do so.  In any event, the transfer agent should retain copies of all records relating to securities certificates that have been destroyed.

With respect to small transfer agent operations, especially those that limit securities transfer activity to own-institution or parent holding company securities and with a relatively small volume of transfers processed, the number and sophistication of procedures and controls over the cancellation, shipment and storage of certificates will be less than what is normally found in large, complex transfer agent operations.   Notwithstanding the size and complexity of transfer agent activity, the policies, procedures and internal controls over cancelled securities must provide adequate protection against the misappropriation and fraudulent use of securities certificates.  

Controls Over Funds and Disbursements

SEC Rule 17Ad-12 requires adequate safeguards for the protection of all funds held in connection with transfer agent activities. Transfer agents may hold considerable funds related to its securities transfer activities; for example, funds for the payment of dividends or interest to be paid to registered securities owners. In addition, it is not unusual for transfer agents to hold considerable funds in conjunction with dividend reinvestment programs, stock purchase programs and employee stock purchase programs.   

Appropriate internal controls and procedures for the protection of funds include the following:

  • Controls over unissued dividend and interest checks.   Common procedures for controlling unissued checks include:
    • Joint custody or dual control over blank dividend and interest checks;
    • Maintenance of blank checks in a secure location, such as vault or safe;
    • Use of prenumbered documents.  Supplies of blank checks should be inventoried periodically, with any breaks in the numerical sequence investigated and explained;
    • Working supplies of blank checks should be reasonable and appropriately controlled;
    • Controls over checks spoiled or voided during processing;'
    • Returned mail procedures, see below.
  • Maintenance of appropriate ledgers, subsidiary ledgers, suspense accounts and other records relating to dividend and interest payments, as well as funds held in conjunction with dividend reinvestment, stock purchase and employee stock purchase plans.  Ledgers, accounts and records should be:
    • Reconciled periodically, see discussion on reconcilement procedures elsewhere in this section;
    • Audited periodically, see discussion on audits;
    • Retained as required by applicable laws and regulations.
  • Controls over dormant funds and unclaimed property. Dividend and interest checks that remain uncashed or undelivered, as well as other funds and property that remain unclaimed, are subject to state unclaimed property laws, generally referred to as escheat laws.  As a result, the holders of unclaimed, i.e. dormant, funds are required to report such property to appropriate state authorities, and, after the passage of a statutory timeframe to turn (escheat) unclaimed funds and property over to state authorities.  Internal controls and procedures over dormant funds and unclaimed property should, at a minimum:
    • Identify dormant funds and unclaimed property;
    • Segregate dormant funds and unclaimed property from the funds and property of the institution;
    • Provide for the reporting of dormant funds and unclaimed property in accordance with applicable laws; and
    • Provide for the transfer of dormant funds and unclaimed property (escheatment) to the appropriate authorities within established statutory timeframes.

Rule 17Ad-12 does not mandate any particular internal control or procedure.  Rather, every transfer agent must implement internal controls and procedures, that, "in the light of all facts and circumstances" protect investor funds against misuse, e.g. embezzlement, misappropriation or misapplication.  In assessing the adequacy of internal controls, the cost of implementing various internal controls and procedures should be evaluated in light of the volume of investor funds held and the administrative complexity of handling such funds.

Mail Handling Procedures

Transfer agents both receive securities certificates for transfer via the mails and dispatch securities certificates upon effecting transfer of ownership.  In addition, transfer agents receive and dispatch funds via the mails, for example dividend checks mailed to owners of record and interest and dividend checks mailed and later returned as undelivered.  Therefore, the protection of securities certificates and funds should include internal controls and procedures governing the handling of securities certificates and funds received and transmitted via the mails.   Personnel who handle mail containing certificates or funds should be fingerprinted as required by SEC Rule 17f-2.  As previously noted, 12 U.S.C. 1829 requires financial institutions to take steps to avoid hiring an individual convicted of dishonest acts.  So, transfer agents have a duty to ensure that those who handle securities certificates and funds do not have a criminal history.

Ideally, two persons should be present when mail containing certificates and funds is opened, much in the same manner that a bank controls the opening of the bank's night deposit.  Such a procedure lessens the risk of misappropriation of certificates and funds before their receipt can be recorded.  This is an important consideration in view of the amount of time that may elapse before the nonreceipt of such items is discovered.  Moreover, adequate separation of duties should be implemented: no single person should be responsible for receiving items via the mail, logging the receipt of items received via the mail, processing the items and subsequently mailing or otherwise disposition of them.  Mail returned as undeliverable should not be returned to and handled by those persons who dispatch certificates and funds via the mails, but should be received by and investigated by persons independent of mailing certificates and checks.  Small transfer agent operations that lack the staff necessary to implement adequate separation of duties governing the handing of mail should implement compensating controls that are adequate for protecting securities certificates and funds received or sent by mail from misappropriation or loss.

Lost Securityholders

A recordkeeping transfer agent's mail handling procedures should include procedures for identifying and searching for lost securityholders.  SEC Rule 17Ad-17 requires recordkeeping transfer agents to search for a lost securityholder's correct address and to maintain written procedures describing its methodology for searching for lost securityholders.  For the purposes of Rule 17Ad-17, a lost securityholder is:

  • A securityholder to whom correspondence has been mailed to the address contained in the master securityholder file and which correspondence has been returned to the transfer agent as undeliverable; and
  • The transfer agent has not received information concerning the securityholder's new address.

A recordkeeping transfer agent, however, is allowed to re-send undelivered correspondence to the lost securityholder within one month, in which case the securityholder will be considered a lost securityholder, if the re-sent correspondence is again returned as undeliverable.  Recordkeeping transfer agents often use the second mailing to test the possibility that the first return resulted from an error by the postal service.  Also, the transfer agent can attempt to obtain a current address by requesting an address correction from the postal service.  In the past, it has been estimated that between 10 percent and 50 percent of second mailings were successful.

Recordkeeping transfer agents are required to conduct two database searches to find a lost securityholder's correct address. The two required database searches must be conducted without charge to the securityholder. The database search must include one information database service.  To qualify as an information database service the following database service attributes are required:

  • The database service contains addresses from the entire United States;
  • The database service contains the names of at least 50 percent of the United States geographic areas;
  • The database service contains the names of at least 50 percent of the adult population of the United States;
  • The database is indexed by taxpayer identification number or name; and
  • The database is updated at least four time a year.

However, any service or combination of services producing results in locating lost securityholders comparable to the results produced by database services satisfying the above criteria, qualify as an information database service. 

Consumer credit reporting agencies, credit bureaus, maintain databases that satisfy the information database service requirements and are the most likely information database service providers to be utilized by transfer agents.   Professional search firms may also satisfy the database requirements, and may employ more extensive search techniques that can locate some securityholders that a credit bureau will not locate. Professional search firms, however, usually charge the securityholder a fee.  A recordkeeping transfer agent may use a professional search firm that satisfies the database requirements if the transfer agent pays the professional search firm's fee, rather than passing the fee onto the securityholder.  The cost of database searches performed after the first two required searches can be passed onto the securityholder.  So a recordkeeping transfer agent could use a professional search firm for a third or subsequent search.  A recordkeeping transfer agent is not required to make a third search, only two are required.

The two required database searches must be conducted within the following timeframes:

  • Between three and twelve months of the securityholder becoming a lost securityholder
  • Between six and twelve months after the transfer agent's first search

In the following cases, however, a recordkeeping transfer agent is not required to search for lost securityholders:

  • The transfer agent has received documentation of the securityholder's death;
  • The aggregate value of assets held in the securityholder's account, including funds and securities held of record by the securityholder, is less than $25; and
  • The securityholder is not a natural person, for example, when the lost securityholder is an estate.  Securityholders which are not natural persons are not easy to locate through the use of information databases services.

Note: The requirement to search for lost securityholders is not limited to securityholders who receive dividend and interest payments.  It also applies, for example, to securityholders receiving only annual meeting materials, who in the case that such materials are returned by the post office as undeliverable, become lost securityholders under Rule 17Ad-17.

The funds and securities of lost securityholders may, after the applicable statutory period, be subject to state unclaimed property and escheat laws, and should be properly accounted for and controlled  in order to ensure compliance with applicable state laws.

Annual Meeting and Proxy Processing Services

Since recordkeeping transfer agents maintain complete and accurate lists of the owner of record for each securities issue, the transfer agent may be involved in distributing corporate communications, such as the issuer's annual report and proxy statements, as well as processing proxy votes.  Annual meeting and proxy processing services offered by transfer agents include:

  • Compilation of record date listings of shareholders eligible to vote;
  • Broker search to determine the street name holders of the issuer's stock;

    SEC Regulation 240.14a-13, implementing provisions of the Shareholders Communication Act, requires issuers to contact brokers, dealers, banks, and other entities that may hold shares that are beneficially owned by other persons (i.e. street name holders) and, if shares are beneficially owned by other persons, to determine the number of copies of proxy materials, proxy statements, annual reports etc needed for distribution to beneficial owners. The issuer is required to reimburse the brokers, dealers, banks and other entities holding securities in street name for the cost of mailing or delivering the materials to the beneficial owners of the issuer's stock.  The issuer may opt to mail annual meeting materials, proxies etc. to beneficial owners who agree, or do not object, to disclosing their identities.  Refer to the Shareholder Communications Act and related SEC regulations which are presented in greater detail in the Trust Examination Manual.
  • Fulfillment services for annual meeting materials, proxies etc.   As discussed above. once street name holding entities have been identified, the issuer has the obligation to provide these materials for distribution via street name holding entities to beneficial owners.
  • Mailing services to registered holders.  Registered holders are listed directly on the master securityholder file of the issue, as opposed to beneficial owners whose shares are registered in the street name of a broker, dealer, bank or other entity.
  • Tabulation services.  The transfer agent receives votes cast by shareholders, both from direct registrants and votes sent in by brokers, dealers etc for beneficial owners, and tabulates the results.

Some larger transfer agents offer proxy solicitation services in which the transfer agent assists the issuer in planning and organizing a proxy solicitation campaign.  Such services might include devising proxy vote solicitation strategies; conducting a telephone campaign among registered holders and non-objecting beneficial owners; soliciting banks, brokers, agents, institutions and large shareholding individuals for votes; monitoring votes received to detect voting patterns among large shareholders and institutions. A conflict of interest may be present when the transfer agent both assists the issuer in a proxy solicitation and tabulates the proxies voted.

Transfer agents that provide annual meeting and proxy processing services should implement appropriate policies, internal controls and procedures to ensure the accurate and timely distribution of shareholder communications.   As noted previously, corporate communications returned as undeliverable by the post office are subject to the SEC's lost securityholders rule, 17Ad-17. When providing vote tabulation services, the transfer agent's internal controls and procedures should provide for the adequate control and processing of proxies votes received from direct registrants and street name holders returning votes cast by   beneficial owners of the issuer's stock.  The tabulation of proxies should be independent of all parties that have an interest in the outcome of the vote, and procedures and internal controls should ensure an accurate tabulation of votes.   Tabulation of proxy votes should be independent of personnel providing proxy solicitation services.

 

    Last Updated 05/10/2005

supervision@fdic.gov