SEC/FINRA Compliance in California: Federal Rules + DFPI Oversight

California is home to the largest concentration of registered investment advisors (RIAs) in the United States, regulated by both the SEC and California's Department of Financial Protection and Innovation (DFPI). California's DFPI enforces California's Corporate Securities Law and Investment Advisers Act, while the SEC and FINRA govern federally registered broker-dealers and larger investment advisors. California has also enacted its own investor protection laws through the DFPI Innovation Act, which extends protections to emerging financial products.

State Enforcement Agency: California Department of Financial Protection and Innovation (DFPI)
Regulates California-registered investment advisors (under $100M AUM), broker-dealers, and securities offerings; enforces CA Corporate Securities Law; investigates investor complaints; coordinates with SEC and FINRA

State Penalties: CA Corporate Securities Law violations: civil penalties; criminal penalties up to $1M and 10 years imprisonment for willful violations. DFPI administrative penalties per CA Financial Code.
Federal Penalties: SEC: disgorgement, civil penalties up to $1M+ per violation; criminal securities fraud up to 25 years. FINRA: fines up to $385,000 per violation plus suspension/bar from industry

How Federal + California Law Overlap

SEC regulates federally registered investment advisors ($100M+ AUM) and national broker-dealers. FINRA regulates broker-dealer conduct. California's DFPI regulates state-registered investment advisors and enforces California securities laws. Both levels apply simultaneously to California financial firms.

Additional California Requirements Beyond Federal Law

California Corporate Securities Law (Cal. Corp. Code §25000 et seq.) — DFPI registration and disclosure requirements for CA investment advisors
California Investment Advisers Act — state registration for advisors with AUM under the SEC registration threshold
DFPI Innovation Act (2020) — DFPI regulatory oversight of new financial products including crypto and earned wage access
California's Notice of Intention requirements for securities offerings — even exempt offerings may require CA notice filings
California Franchise Investment Law — franchise securities are subject to additional disclosure requirements
DFPI can revoke registrations, impose civil penalties, and pursue criminal referrals for securities violations

Key Compliance Requirements for California

State registration with DFPI if AUM is below the SEC registration threshold ($100M–$110M)
Regulation Best Interest (Reg BI): broker-dealers must document and disclose how recommendations are in retail customer's best interest
Form CRS: deliver Customer Relationship Summary to all retail investors before or at account opening
Regulation S-P WISP: written information security program required (amended rule effective 2024–2025)
Off-channel communications: implement policies prohibiting business use of unarchived personal messaging apps
DFPI notice filings for California securities offerings — even federally exempt offerings may require CA filings

Common Violations in California

Reg BI violations — recommending proprietary funds or higher-commission products without adequate suitability documentation
Form CRS delivery failures — not providing the Customer Relationship Summary at required trigger points
Off-channel communications archiving — WhatsApp and personal email use without retention policies
DFPI state registration failures — advisors exceeding CA thresholds not registering with DFPI
Inadequate Regulation S-P information security programs — written WISP requirements not met

Recent SEC/FINRA Enforcement in California

2023 — Multiple California RIAs

Regulation Best Interest (Reg BI) violations; recommending higher-cost products when lower-cost alternatives were available; inadequate Form CRS disclosure

Penalty: SEC enforcement actions; DFPI coordination on CA-registered advisors

Source: SEC / DFPI

2022 — California broker-dealers

Off-channel communication violations; use of WhatsApp and personal email for client communications without archiving

Penalty: FINRA fines and suspension; part of national off-channel communications sweep

Source: SEC / FINRA

2024 — California cryptocurrency firms

DFPI enforcement actions under DFPI Innovation Act for unlicensed digital asset activity; SEC parallel enforcement for unregistered securities offerings

Penalty: DFPI civil penalties; SEC cease and desist orders; disgorgement of profits

Source: DFPI / SEC

Check Your SEC/FINRA Readiness in California

Take our free compliance quiz to see how your organization stacks up against SEC/FINRA requirements in California.

Take the Free Quiz → Risk Calculator →

Frequently Asked Questions

Who regulates investment advisors in California?

Investment advisors in California are regulated at two levels. Advisors with AUM of $100M or more (or that qualify for other federal registration) must register with the SEC. Advisors with AUM below the federal threshold must register with California's DFPI. Both must comply with their respective standards of conduct, disclosure requirements, and examination schedules.

What is California's DFPI and what does it regulate?

The California Department of Financial Protection and Innovation (DFPI) is California's primary financial services regulator. It regulates California-registered investment advisors, broker-dealers, securities offerings under CA corporate securities law, and newer financial products under the DFPI Innovation Act. DFPI conducts examinations, investigates investor complaints, and can impose civil penalties and criminal referrals.

What is Regulation Best Interest (Reg BI) and does it apply in California?

Regulation Best Interest (effective June 2020) requires SEC-registered broker-dealers to act in the best interest of retail customers when making investment recommendations. It applies to all California broker-dealers serving retail customers. Broker-dealers must document how recommendations are in the customer's best interest, provide Form CRS, and maintain compliance policies. DFPI enforces the state equivalent for CA-only broker-dealers.

What is the Regulation S-P WISP requirement?

Regulation S-P requires broker-dealers and investment advisors to maintain a Written Information Security Program (WISP) to protect customer financial information. The 2024 amendments expanded requirements to include incident response plans, vendor oversight, and customer notification within 30 days of a data breach. Large firms had a compliance deadline of November 2024; smaller firms by May 2025.

Why are off-channel communications a major FINRA/SEC issue for California firms?

SEC and FINRA rules require broker-dealers and investment advisors to retain all business communications for examination. Using WhatsApp, Signal, personal email, or other unarchived messaging for client business violates recordkeeping rules. The SEC's 2022-2023 sweep resulted in over $1.8 billion in penalties nationally. California firms are not exempt — FINRA has issued significant fines to California broker-dealer personnel.