FINRA Broker-Dealer Compliance Checklist

WSPs must describe supervisory procedures for every business activity the firm conducts. Generic industry templates are routinely cited in FINRA exams — your WSP must reflect your firm's actual products, platforms, and workflows. Review and update after every new product launch or business line change.

Every registered representative must be supervised by a registered principal with the appropriate license for that activity (Series 24, Series 9/10, Series 4, Series 23, etc.). Document the supervisory chain for each business line. Supervisory gaps are a primary FINRA exam finding.

For any recommendation to retail customers, you must: make reasonable care that it is in the customer's best interest, mitigate conflicts of interest, document compliance, and provide Form CRS. Reg BI applies to recommendations of securities, investment strategies, account types, and rollovers.

Form CRS must be delivered to retail customers before or at the time a recommendation is made. It must be filed with FINRA, posted on your website, and updated within 30 days of a material change. The SEC has brought enforcement actions for late filing and inadequate content.

Broker-dealers must maintain a minimum net capital of 50,000 (general broker-dealers) or the alternative method minimum. Compute net capital daily. File FOCUS Reports (Form X-17A-5) quarterly and annually. Net capital deficiencies must be reported to FINRA within 24 hours.

Every FINRA member must have a written AML program that includes: customer identification procedures, risk-based customer due diligence, monitoring for suspicious activity, SAR filing within 30 days of detection, independent testing annually, and designation of an AML Compliance Officer.

Any person engaging in the securities business must be appropriately registered. Common errors: representatives performing activities before exam completion, principals not registered for all activities they supervise, gaps in registration for new products (e.g., crypto-related activities). Use the CRD/IARD system to verify current registration.

Broker-dealers must surveil for wash trades, layering, spoofing, front-running, and marking the close. FINRA's Market Regulation surveillance program cross-checks member firm activity. Document your surveillance methodology and review results at least monthly.

All customer communications must be supervised. Electronic communications (email, text, social media, chat platforms) require a review program. Firms allowing registered persons to use personal devices must have a bring-your-own-device (BYOD) policy and be able to capture and archive all business communications.

FOCUS Part II (general broker-dealers) or FOCUS Part IIA (introducing brokers) must be filed within 17 business days of quarter end. Firms with net capital under 50,000 file monthly. Year-end FOCUS must be accompanied by audited financial statements within 60 days.

Required records for each customer account include: name, address, date of birth, social security number, employment, annual income, net worth, investment objectives, and risk tolerance. Records must be collected at account opening and updated within 36 months or upon material change.

Initial margin requirements are set by Reg T (50% for equities). FINRA Rule 4210 sets maintenance margin requirements (25% for long positions). Margin calls must be met within specified timeframes. Portfolio margin accounts have different requirements. Pattern day trader rules apply to accounts with >3 day trades in 5 business days.

Complex products — structured products, non-traded REITs, leveraged ETFs, variable annuities, options, and digital assets — require heightened suitability analysis. Document the basis for the recommendation, the customer's investment profile, and why the product is in their best interest.

Firms must hold annual compliance meetings covering: regulatory changes, examination findings from the prior year, WSP updates, AML reminders, and current FINRA examination priorities. Document attendance and topics covered. Failure to conduct annual meetings is a recurring exam finding.

Your BCP must cover: data backup, business operations at alternative locations, customer access to funds and securities, regulatory reporting, and communication with FINRA. File your emergency contact information and BCP summary with FINRA. Update the plan after material business changes.

All registered persons must disclose outside business activities. Principals must approve or deny each OBA and document their review. Private securities transactions (selling away) require pre-approval and, if approved, supervisory oversight. Undisclosed OBAs are among the most common FINRA disciplinary findings.

All applicants for registration must disclose criminal history, regulatory actions, civil litigation, customer complaints, and financial matters on Form U4. The firm must verify disclosures and conduct a background investigation. Failure to conduct background checks before allowing unregistered activity is a violation.

Gifts exceeding 00 per year per recipient (from persons other than customers) are prohibited. Business entertainment must be reasonable and directly related to business purposes. Document all gifts and entertainment in a log reviewed by compliance. Firm events, meals, and event tickets must be pre-approved.

Broker-dealers must retain: trade blotters, customer account records, order tickets, confirmations, correspondence, and financial records. Exchange Act Rule 17a-4 specifies retention periods (3-6 years) and requires WORM (write once, read many) storage for electronic records. The SEC has issued B+ in 17a-4 fines for WhatsApp/text message retention failures.

When a registered person departs, the firm must file a Form U5 within 30 days of termination. If the person was terminated for cause, the U5 must accurately reflect the reason. Material inaccuracies in a U5 expose the firm to defamation claims and FINRA enforcement.

Representatives and firms facilitating digital asset transactions may need additional FINRA registration. FINRA Regulatory Notice 23-08 requires members to notify FINRA before engaging in digital asset business. Crypto asset recommendations to retail customers are subject to Reg BI.