Skip Header

Federal Deposit
Insurance Corporation

Each depositor insured to at least $250,000 per insured bank

Home > Regulation & Examinations > Bank Examinations >Trust Examination Manual

Trust Examination Manual

Section 11- Management


As is the case with every other area of a bank's operations, the quality of management is often the most important contributing factor in providing securities transfer services. Bank management should be aware of its responsibilities to the issuers and holders of securities for whom it provides securities transfer services, as well as to the investing public in generalThis is equally true of banks who limit securities transfer activity to own-bank or parent holding company securities, since the institution's own securityholders also require prompt turnaround of securities transfers and accurate recordkeeping.

Supervision of the transfer agent area by the Board and senior management does not necessarily indicate a role in day-to-day operations.  Rather, the Board of Directors, as the ultimate source of authority and responsibility in the bank, including securities transfer operations, must ensure that sound policies and comprehensive procedures governing securities transfer activities are adopted and enforced.  Management must likewise provide for the effective supervision of transfer agent operations. Of particular importance is ensuring that the securities transfer function is adequately staffed with well trained personnel. It is the failure to discharge these supervisory responsibilities that often leads to inefficient operations, violations of laws and regulations and losses to shareholders that must be compensated out of bank capital.

The sophistication and complexity of senior management and Board oversight, however, depends on the volume and complexity of securities transfer activities.  Many bank transfer agents supervised by the FDIC limit securities transfer activity to the transfer of own-bank or parent holding company stock; and the volume of items transferred tends to be relatively small.  Management and Board oversight in these smaller transfer agents may be informal, whereas banks with larger, more complex securities transfer activities will have more formalized management reporting and tracking processes.  Management oversight responsibilities may be delegated to subcommittees or lower levels of management, provided that the Board and senior management review the actions of those to whom it has delegated such responsibility.

Securities Transfer Policies

The sophistication and level of detail provided in the policies governing securities transfer activity will vary depending on the size and complexity of operations.  Generally, policies governing the securities transfer  function should include the following areas:

  • Procedures for accepting accounts.
  • Procedures for complying applicable regulations, especially compliance with SEC rules and regulations.
  • Standards for the acceptance of signature guarantees.
  • Procedures for maintaining securities transfer performance standards, including actions required when standards are not met.
  • Standards for documentation, including retention requirements.
  • Procedures for internal routine and control.
  • Audits of transfer agent operations
  • Procedures governing any over-issuances of securities and buy-ins.
  • Standards for fingerprinting of personnel.
  • Standards for the cancellation, storage, transportation and destruction of securities certificates.
  • Operational procedures for the transfer of securities. Such procedures, however, may be maintained in a separate procedural manual.


Management and the Board should be aware of the earnings implications of offering securities transfer services. This does not mean that the securities transfer function must be profitable or that income and expense tracking systems must be sophisticated or elaborate.  In fact, many small transfer agents' securities transfer services are not profitable.  These are typically banks that limit securities transfer activity to own-bank, affiliate or parent holding company stock and view the transfer agent function as a service to the institution. Federal Reserve Act Section 23B applies to bank transfer agents and, therefore, a bank transfer agent performing securities transfer services for its parent holding company or an affiliate must be compensated for its services.  Being aware of the costs of providing stock transfer services permits an institution to decide whether it should continue to provide stock transfer services or whether the bank, parent holding company or affiliates thereof should outsource the stock transfer function. 

Transfer agents providing securities transfer services to non-affiliated entities normally do so to earn a profit. In such cases, management should monitor the profitability of the securities transfer function to determine whether earnings are being realized.  For these transfer agents, the earnings analysis should include budgeting, allocating expenses, verifying the fees charged to outside accounts are collected, reviewing the appropriateness of any fee waivers, and assessing the overall profitability of securities transfer services against the risk of offering such services. Based on the results of the earnings analysis, management may decide to continue to transfer securities, outsource some or all of the transfer agent function, or cease transfer agent operations entirely.

Management of Transfer Agent Activities

In addition to the quality of Board and senior management oversight, the knowledge, experience and capabilities of the day-to-day management and staff of the transfer agent function is a crucial element, in the safe and sound provision of securities transfer services.  Given the absolute imperatives contained in the SEC's operational requirements, at a minimum, those responsible for the day to day management of transfer agent activities, must be well versed in the rules and regulations governing securities transfer.  In addition, operational managers in the transfer agent area should be familiar with common industry practices and standards.   The evaluation of the adequacy of operational managers or employees should give necessary consideration to the volume and complexity of the individual institution's securities transfer business.  Smaller transfer agents, for example those who qualify for the "small transfer agent" exemption, will have operation managers with less formal training and experience.  For these transfer agents, the most important consideration is the capability to ensure satisfactory performance of securities transfer services and compliance with all applicable laws and regulations.

Organization and Staffing

Securities transfer activity may be conducted through an institution's trust department, if the institution offers other fiduciary services, or through a separate department, e.g., the corporate secretary's office. Furthermore, various areas of the securities transfer function may be outsourced to third party services providers, e.g. data processing services.  In some instances the entire transfer agent function may be outsourced, an arrangement referred to as private label servicing.  Regardless of the organizational structure of the securities transfer function, the transfer agent area should be adequately staffed with knowledgeable and trained employees.  Although not essential for small transfer agents with limited securities transfer activity, an organizational chart and position descriptions should be established and kept current.  Periodic training should be provided to ensure that securities transfer personnel remain conversant, as necessary, with existing laws, regulations, industry practices and standards, and are informed of changes and on-going developments impacting securities transfer services.  Cross-training and the availability of back-up personnel, including the fingerprinting of such employees, are other important considerations, especially in small transfer agent operations with limited personnel.  Management needs to ensure that adequate staff is available so that satisfactory securities transfer services will continue to be provided in the event that regular staff members become unavailable through illness or other circumstances.

Parent Holding Company or Affiliate Support Services

An evaluation of securities transfer services management includes an assessment of any support or other services provided by the registered transfer agent's parent holding company or by other affiliated entities within the organization.  Examples of services that might be provided by the parent holding company or affiliates include data processing services, audit services, staff support, training and technical support.  Transfer agent management should, however, monitor the performance of such services and at all times ensure that securities transfer services are performed in a satisfactory manner and in conformance with applicable laws and regulations.

Acceptance of New Accounts

One of the most important responsibilities assumed by the Board and senior management is the decision to accept an appointment as the transfer agent or registrar, in the case of bonds.  This is the case for those transfer agents whose activity includes serving as transfer agent or registrar for outside securities issues.  However, even those transfer agents who limit securities transfer services to own-bank or parent holding company securities must consider whether, at a minimum, they have the necessary knowledge, expertise, and systems to perform securities transfer activities in conformance with applicable laws, regulations and industry standards.  Those transfer agents who accept outside appointments to perform securities transfer services assume even higher levels of reputational, operational, and strategic risks, and must, therefore, assess whether they can adequately manage these risks and earn an appropriate return for assuming a higher level of risk. 

New accounts should be reviewed and approved by the Board of Directors, or a designated subcommittee thereof.  Each new account should receive a due diligence review.  Generally, the due diligence review should include:

  • An analysis of the issuer.  The analysis should consider the following:

    • The financial condition of the issuer at the time of acceptance;

    • The size and character of the issue, including the volume of securities transfers, the type of security, e.g. stock, bond or mutual fund, and any legal restrictions that may impact the issue, e.g., Section 144 stock;

    • The reputation of the issuer;

    • The existence of, or potential for, conflicts of interest;

    • The capabilities of the securities transfer agent to perform all securities transfer services in a satisfactory manner and in full conformance with applicable laws, regulations and industry standards;

    • The prospects for earning a profit during the term of the appointment that adequately compensates the transfer agent for the level of risk assumed;

    • The adequacy of operational and informational systems.

  • Fees.  Except in the case where the institution serves as transfer agent for own-institution securities, a fee should be assessed for providing securities transfer services.  When providing securities transfer services to the parent holding company or affiliated entities, Section 23B of the Federal Reserve Act requires that all terms governing the appointment be comparable as those with non-affiliated entities.

  • Account Documentation. Accepting an appointment as securities transfer agent for the securities of outside organizations requires various documentation. Corporate and other resolutions, contracts, and similar documents setting forth the duties and responsibilities of each party are standard. Documentation will, however, differ according to the type of security, the issuer, and the registrant's duties and responsibilities. While not specifically required in the SEC regulation, the following types of documentation are normally required:

  • Official resolution of the issuer authorizing the transfer appointment;
  • Issuer's charter or articles of incorporation, with all amendments;
  • Issuer's bylaws, with all amendments;
  • Evidence that the securities have been registered with, or approved by, regulatory authorities such as the SEC or state securities departments, utilities commissions, banking agencies etc;
  • Opinion of the issuer's attorneys that the securities are validly issued and that all required actions have been completed;
  • Specimen securities certificates, certified by the issuer's secretary;
  • Certified specimen signatures of current officers of the issuer who are authorized to sign securities;
  • Printer's certificates or other documentation evidencing the number of unissued certificates received by the registrant;
  • If appointed as successor transfer agent/registrar for an issue which is out-of-proof at acceptance, an indemnification agreement obtained from either the previous transfer agent/registrar or the issuer.
  • Closed Accounts

    The Board, or a duly designated subcommittee, should review all closed accounts. The goal of the closing review is to ensure that the institution has fulfilled its responsibilities as transfer agent and that the administration of the account has been satisfactory. The institution can also verify that all required depository notifications have been made, and, if the institution has no remaining transfer agent responsibilities, that a deregistration form has been mailed to the appropriate regulatory authority.

    A significant increase in closed accounts may indicate operational or managerial deficiencies. The Board should review the reason why the account was closed. Formal acknowledgement of all closed accounts should be noted in the Board or appointed subcommittee's minutes.

    Account Administration

    The Board and senior management are responsible for ensuring that securities transfer activities are performed in a satisfactory manner and in full compliance with applicable laws, regulations and industry standards.  The development and implementation of appropriate policies and comprehensive operating procedures are important elements for ensuring proper administration of all transfer agent accounts.  

    Account Reviews

    In addition to policies and procedures, an annual account review is essential for verifying the proper conduct of securities transfer services and compliance with laws and regulations.  An annual review of the performance of each transfer agent appointment allows for the early identification of operational or compliance problems and allows management and the Board to intervene promptly to ensure correction of any deficiencies revealed by the account review. 

    Account reviews should be conducted annually.  Those FDIC regulated institutions that conduct securities transfer activities in the Trust Department have adopted the Statement of Principles of Trust Department Management which requires an annual review of all accounts.  However, even those institutions that do not conduct securities transfer activity via the Trust Department should implement an annual account review program.  Account reviews should be conducted by individuals who are independent of the transfer agent function, i.e., not involved in the operational aspects of securities transfer operations.  In small institutions with limited staff, transfer agent personal can conduct the account review, but should not be involved in the administration of the specific account.

    The scope of the annual account review will vary depending on the volume and complexity of securities transfer.  In all cases, however, the scope should include compliance with all applicable SEC operational requirements, including fingerprinting requirements and internal policies and procedures.  The annual account review may include, but is not limited to the following items:

    • Account documentation
    • Fingerprinting of Personnel
    • Turnaround Performance, including SEC notifications and limitations on growth in those cases where SEC turnaround performance has not been satisfied
    • Out-of-Proof Conditions and Buy-ins
    • Signature Guarantee Policies and Procedures
    • Master Securityholder file, including certificate detail and prompt posting thereto
    • Inquiries, including turnaround performance and monthly logs thereof
    • Control Book, including adequacy of documentation supporting changes to
    • Daily and Monthly Logs
    • Internal Controls, including controls of cancelled and unissued certificates
    • Regulatory Reports, including amendments to TA-1, accuracy and timeliness of TA-2, and depository notifications
    • Eligibility for small transfer agent exemption, including documentation supporting the continued eligibility for the exemption
    • Reporting of Lost, Missing or Stolen Securities
    • Fees, including the accuracy and prompt collection of
    • Complaints, including the adequacy and timeliness of response thereto
    • Criticisms by auditors and regulatory agencies

    Examiners should be flexible in assessing the adequacy of an institution's annual review process.  An evaluation of an institution's review process should focus on the effectiveness of the process, rather than the manner in which it is conducted.  Flexibility is required when evaluating the review process for small transfer agents that limit securities transfer activity to own-bank or parent holding company stock and may have a relatively small volume of transfers.  The objective of any account review program, regardless of the volume of activity and complexity of operations, is to promptly identify instances of operational deficiencies and noncompliance with laws and regulations, and to promote the timely correction thereof.

    The results of the annual review should be periodically reported to the Board, or a designated committee thereof, and senior management.  The Board and senior management should ensure that all deficiencies noted in the annual review are addressed and monitor the progress of corrective action taken.

    Risk Management

    For many small transfer agents that limit securities transfer activity to own-bank or parent holding company stock and process a relatively small volume of transfers, the risk management program will be informal in nature and consist principally of implementing sound polices and procedures and providing for annual account reviews and audits.  For larger, more complex transfer agents, a formal risk management program should be established to identify and control the risks of providing securities transfer services.  An effective risk management program guards against the legal liability that can result from poor operational practices and noncompliance with applicable laws and regulation by identifying areas where there is significant exposure.   Strong internal controls, sound policies and practices, and appropriate management information systems provide the basis for an effective risk management program.  The sophistication of the department's risk management program should be developed according to the complexity and size of securities transfer services offered.  Risk tolerance levels should be clearly set and monitored by both senior management and the Board of directors.  The program should be periodically reviewed and revised to address significant changes in the risk profile of securities transfer activity.  Generally, an effective risk management program should:

    • Identify the various risks associated with the institution’s securities transfer activities. This includes an analysis of insurance coverage and the impact of fiduciary risk on capital adequacy. Litigation risks should also be analyzed.
    • Establish the level of risk that management is willing to assume. Examiner emphasis should be placed on reviewing the planning process and new services.
    • Supervise the management of current operations. Guidelines should address the structure of day-to-day management of transfer agent operations, the effectiveness of operating policies and procedures, and the effectiveness of compliance programs and internal controls.
    • Implement adequate controls and monitoring systems. This includes establishing a system of checks and balances, reviewing audit coverage, the compliance management system, and the overall scope and reliability of existing management information systems.

    Securities transfer activities expose the bank to many of the same risks encountered in the commercial business. Operating or transaction, strategic, legal, compliance, and reputational risks are found in varying degrees within many departments.

    Emergency Preparedness

    In addition to managing the risks inherent in offering securities transfer services, including compliance with applicable laws and regulations, management must manage the risks of securities transfer activities being interrupted, hindered, delayed or rendered impracticable due to natural disasters or, given the indispensability of automated systems in conducting securities transfer activities, computer system failures.

    Storms, floods, earthquakes and other natural disasters may render a transfer agent's facilities unserviceable for extended periods of time. Computer systems may crash, communication lines may fail or vital electronic data may be lost or damaged.  Management should anticipate such contingencies by developing emergency preparedness and business resumption plans.  Among the areas that such plans should address are:

    • Business resumption in the event of natural disaster or civil disturbances. Areas that should be addressed include: the availability of back-up facilities; the evacuation of affected personnel; management succession; the availability of required supplies, for example blank securities certificates; back-up records, both computer and manual; and communications with clients. 
    • Recovery of data processing functions in the event of a computer system failure, communications failure, or the loss or corruption of vital electronic records. Such plans generally address the back-up and off-site storage of critical data files; arrangements for back-up data processing facilities; the availability of back-up communication lines; as well as on-site data security and protection procedures.

    Institutions with large, complex transfer agent operations may have disaster recovery/business resumption plans specifically designed for the securities transfer area.  Institutions with small, non-complex transfer agent operations, may, instead, develop institution-wide disaster recovery/business resumption plans.  In such cases, examiners should determine that the institution's plans adequately address the business resumption requirements of the transfer agent area.  Examiners, as part of their pre-examination planning, can review previous Safety and Soundness and Information Technology (IT) Reports of Examination to obtain information about the institution's disaster recovery/business resumption plans and data security/data back-up policies.  When the Registered Transfer Agent examination is conducted concurrent with Safety and Soundness or IT, the EIC is encouraged to coordinate the review of emergency preparedness with the other EIC's in order to avoid duplication of effort.

    Disaster recovery/business resumption plans should be review and tested periodically to ensure that the plans continue to adequately address current conditions.  For example, where the institution has contracted or otherwise arranged back-up facilities from third parties, the institution should ensure that third parties continue to be able to provide the services promised. The results of periodic tests should be documented in writing and reviewed by the Board, or a designated committee thereof, which should monitor the progress of any remedial action resulting from the test.

    The disaster recovery/business resumption requirements for a small, non-complex transfer agent that limits securities transfer activity to own-bank stock and employs a manual or simple PC-based operation will be much less extensive and complex than institutions that transfer securities for third party issuers and maintain more sophisticated automated systems.

    Fingerprinting of Personnel

    The Board of Directors and senior management are responsible for protecting the financial institution from fraud and other acts of dishonesty.  12 U.S.C. 1829 requires financial institutions to take steps to avoid hiring an individual convicted of dishonest actsAn important step in protecting the financial institution from potential fraud is the pre-screening of employees.  Some prospective employees, however, provide false information or references which cannot be substantiated. The repercussions of employing such individuals may be serious. In addition, current employees may have committed acts of dishonesty or breaches of trust during their tenure at the bank.  An effective way of identifying current and prospective employees with criminal records is by fingerprinting employees and submitting the fingerprints to the FBI for analysis.   It's been estimated that 10 percent of the fingerprint cards submitted uncover a criminal record.  As discussed below, the fingerprinting of employees who are directly or indirectly involved in handing securities certificates is an important requirement for registered transfer agents.

    Securities and Exchange Commission rules require that every partner, director, officer and employee of a registered transfer agent be fingerprinted. The fingerprinting requirement is implemented by SEC Regulation 240.17f-2. As discussed in more detail below, certain individuals may be exempted from being fingerprinted. Once fingerprinted, the registered transfer agent must submit the fingerprints to the Attorney General of the United States or its designee for processing and identification.  In practice, fingerprint cards are submitted to the FBI which does a search in order to determine if the individual whose fingerprints have been submitted has a criminal record.  The FBI, however, will not accept fingerprint cards submitted directly by banks.  Instead, an authorized intermediary must be used.   The only intermediary authorized by both the FBI and the SEC is the American Bankers Association (ABA). The ABA has a program in place to handle the submission of fingerprint cards to the FBI.  Bank transfer agents needing more information about administering a fingerprinting program can contact the ABA.

    If there is a criminal record, termed a "hit", both the fingerprint card and the criminal identification card, i.e., "rap sheet", are returned.  Sometimes fingerprint cards received by the FBI cannot be classified and thus can not be searched by characteristics of the fingerprint. In such cases, a name check (based on the information on the fingerprint card) is performed. If the name check is positive, the fingerprints will be verified against the subject's fingerprints already on file, and a copy of that record will be returned directly to the bank. If the name check is negative, the bank will be notified.

    Sometimes, an individual can not be successfully fingerprinted, i.e., a legible set of fingerprints can not be obtained.  In such cases, a minimum of three attempts must be made to obtain legible fingerprints.  All three attempts to obtain legible fingerprints, however, must be performed by an individual competent to roll fingerprints (this might be someone in the institution's security department, the local police or sheriff's department or the state police). If all three attempts are unsuccessful, no further fingerprinting of the individual is necessary.   The transfer agent must, however, retain all three fingerprint cards that the FBI returned as illegible in order to document that the three required attempts to fingerprint were performed.

    The fingerprinting requirement can be satisfied if the officer or employee has already been fingerprinted pursuant to another law, provided that the fingerprints were submitted to and processed by the FBI and the fingerprint cards and related documents are retained as required by Rule 17f-2.

    Exemptions from Fingerprinting

    While Rule 17f-2 states that all directors, officers and employees must be fingerprinted, the regulation permits registered transfer agents to exempt   personnel not directly or indirectly involved in transfer agent operations.  Essentially, only those directors, officers and employees who handle securities certificates, related funds (e.g. dividend or interest checks) or are involved in maintaining transfer agent books and records, or who supervise those that do, must be fingerprinted.  Examples of personnel that must be fingerprinted include

    • Transfer agent personnel, clerks and secretaries;
    • Supervisors of transfer agent personnel;
    • Persons countersigning securities certificates, e.g. directors or senior management;
    • Employees with access to the locations where transfer agent activity is performed.

    In addition to personnel who are directly involved in securities transfer activities, other bank personnel may be involved in handling securities certificates and or records.  These personnel should be fingerprinted and include:

    • Internal auditors;
    • Mail room personnel, who initially receive certificates mailed to the transfer agent;
    • Internal messengers delivering and picking up certificates;
    • Data processing personnel who process transfer agent records or print dividend and interest checks. 

    Registered transfer agents that claim an exemption under 17f-2, must maintain a Notice Pursuant to Rule 17f-2, discussed below. Transfer agents that perform securities transfer services only for its own securities and process fewer than 500 items during any six consecutive month period, i.e., transfer agents eligible for the "small transfer agent" exemption, are exempted from maintaining the Notice Pursuant to Rule 17f-2.

    Note:  "Own securities" normally means just the bank's own stock. Parent holding company stock may be considered to qualify as "own securities.  The SEC has indicated that parent holding company stock will be considered "own" securities if the parent holding company is a one-bank holding company, and:

    • owns 100 percent of the bank's stock; or

    • owns all of the bank's stock except directors' qualifying shares required under state law or regulation.

    Notice Pursuant to Rule 17f-2

    A registered transfer agent that claims an exemption for its personnel from the fingerprinting requirements of 17f-2 must prepare a Notice Pursuant to Rule 17f-2. The Notice must be kept current at all times.  The Notice Pursuant to Rule 17f-2 must contain the following:

    • The name of the organization and a statement that the organization is a registered transfer agent
    • A list of all persons who have been fingerprinted pursuant to Regulation 17f-2.  Persons fingerprinted can be listed by division, department, class or individual name.  Note: Since the Notice must be kept current at all times, it is not advisable to list persons fingerprinted by individual name, which would required updating the Notice every time there is a change in personnel.  Listing persons fingerprinted by broad categories, such as department or division, facilitates the maintenance of the Notice.  For example, if all transfer activity is conducted in Department X, the notice could list "Persons in Department" in the Notice.
    • A list of all persons, by individual name, who could not be fingerprinted, i.e. for whom legible fingerprints could not be obtained.   Note: broad categories are not permitted for these persons, who must be designated by name.
    • A list of all persons whom the registered transfer agent claims to be exempt from the fingerprinting requirement of Regulation 17f-2.  Persons for whom exemption is claimed can be listed by division, department, class or individual name.   As detailed in the note in the second bullet, broad designations rather than individual designations facilitate keeping the Notice current and accurate.

      The persons so identified in the Notice are exempted from the fingerprinting requirements of Rule 17f-2 unless the institution is notified to the contrary by the Securities and Exchange Commission.

    • A generic description of the duties of the persons and/or the nature of the functions and operations of the divisions and departments identified as exempt.
    • A description of the security measures utilized to ensure that only those persons who have been fingerprinted pursuant to Rule 17f-2, or who could not be fingerprinted due to the inability to obtain a set legible fingerprints, have access to the keeping, handling or processing of securities and the monies or the original books and records related thereto.
    Retention of Fingerprint Cards and Related Information

    Fingerprint cards must be retained for a period of three years following the date that the individual fingerprinted terminates his/her employment or relationship with the registered transfer agent.  When a fingerprint card is not returned to the bank by the FBI, any substitute record sent to the bank by the FBI must be retained for a period of three years following termination of employment or relationship with the transfer agent.  Every substitute record must include the name of the person fingerprinted, the name of the registered transfer agent that submitted the fingerprint card, the name of the person or organization that rolled the fingerprints, and the date that the fingerprint card was submitted.

    Fingerprint cards and substitute records must be kept in an easily accessible place at the registered transfer agent's principal office, and must be made available upon request to the Securities and Exchange Commission or the registered transfer agent's primary Federal regulator.

    Records relating to the fingerprinting of personnel may be maintained on microfilm.  If the microfilmed records replace hardcopy records the institution must provide for the following:

    • Facilities for easily reading projection of the microfilm and the production of easily readable and legible facsimile enlargements;
    • Filing and indexation so that individual records can be quickly located and retrieved;
    • Provision, upon request, to the SEC or applicable regulatory agency of facsimile enlargements of such records; and
    • Storage of a copy of microfilmed records in a separate location from the original microfilmed records, i.e. offsite storage of a backup copy.


        Last Updated 05/10/2005

    Skip Footer back to content