FINRA Annual Compliance Review Checklist — Rule 3120/3130 Supervisory System

Rule 3120(b) requires a written report that includes: a description of the testing and verification procedures performed, the results of the testing, any exceptions noted, and any proposed additions or changes to the supervisory control system. The report must be reviewed by senior management and retained as a FINRA record. Common testing areas: order review and approval procedures, suitability/Reg BI review, margin calls, outside business activities, communications review, and continuing education tracking.

The CEO (or President or equivalent) must certify annually that the process for supervising the firm's business activities is reasonably designed to achieve compliance. The certification must be obtained by the CCO or another designated principal. Document how the CEO was briefed on compliance matters prior to signing the certification — regulators expect meaningful engagement, not a rubber stamp. Retain the signed certification.

WSPs must be updated to reflect current business activities, personnel, systems, and regulatory requirements (Rule 3110(b)). Annual review should cover: changes in FINRA rules since the last update, new business lines or product types, personnel changes affecting supervisory authority, new or changed information systems, and areas cited in prior FINRA examinations or internal findings. Document the review and update process with dates and the name of the person conducting the review.

Rule 3110(c) requires an annual review of the member's business activities to detect and prevent violations of applicable securities laws and regulations. The review should cover all business lines including: retail brokerage, institutional trading, advisory services, investment banking, principal transactions, and any new activities started during the year. Document the review with findings and any corrective actions taken.

Rule 3310 requires an annual independent test of the AML program for adequacy — the tester must be independent of the AML compliance function (can be internal but must report to senior management not to the AML officer). The review must assess: the AML policies and procedures, training adequacy, suspicious activity monitoring system effectiveness, SAR filing accuracy, CIP procedures, and ongoing due diligence for existing customers. Document the review findings and any remediation.

Reg BI requires broker-dealers to act in the best interest of retail customers when making recommendations of securities transactions or investment strategies. Annual review should assess: documentation of best interest analysis for recommendations, Form CRS accuracy and delivery records, conflict of interest mitigation procedures, compensation structure reviews, and supervisory procedures for Reg BI compliance. FINRA has consistently cited Reg BI supervisory failures in examinations since 2021.

All broker-dealers and registered investment advisers must deliver Form CRS (Customer Relationship Summary) to retail investors before or at the time of recommending a securities transaction or opening an account. Annual review should verify: all new retail accounts received Form CRS before account opening, Form CRS was updated within 30 days of material changes, delivery records include date and method, and current Form CRS reflects the firm's actual services and fee structure.

FINRA Rule 3270 requires registered representatives to provide written notice before engaging in outside business activities. Rule 3280 requires pre-approval for private securities transactions. Annual review should compare registered representatives' disclosed OBAs against any new activities identified through independent sources (LinkedIn, social media, public filings). Undisclosed OBAs are a significant liability — they can constitute an independent violation and may trigger selling away concerns.

Rule 2210 imposes content standards and pre-approval requirements for communications with the public. Annual review should assess: social media posts by registered representatives, third-party testimonials and endorsements (new Rule 2210 requirements effective 2023), performance advertising claims, hypothetical performance disclosures, and digital asset communications. Document the review and any content modified or removed.

FINRA Rule 1240 requires registered representatives to complete Regulatory Element CE annually (implemented as annual CE requirement effective January 1, 2023) and Firm Element CE annually. Verify that all registered representatives completed both CE components. Inactive or delinquent CE can result in registration restrictions. Verify FINRA's BrokerCheck for any registration issues. Document CE completion in your books and records.

Rule 3110 requires reasonable supervision at all branch and non-branch locations. Annual review should cover: on-site inspections of OSJs (at least annually), inspections of non-OSJ branches (at least every 3 years), and review of remote office locations. Document all inspections including the supervisor who conducted them, the date, findings, and any follow-up. Personnel changes requiring OSJ re-designation must be reflected in FINRA registration systems.