Registration, ongoing obligations, recordkeeping, and exam preparation — covering everything that keeps RIAs and broker-dealers in good standing with federal regulators.
The US financial services industry is regulated by two distinct but overlapping bodies. Understanding who regulates what is the first step to building a compliant program.
Independent federal agency established by the Securities Exchange Act of 1934. Regulates investment advisers (RIAs) with $100M+ AUM, securities offerings, public company disclosures, and market participants. Enforces federal securities laws including the Investment Advisers Act of 1940.
Self-regulatory organization (SRO) authorized by Congress, overseen by the SEC. Regulates broker-dealers and their registered representatives. Every broker-dealer operating in the US must be a FINRA member. Conducts examinations, enforces rules, and licenses individuals via the Series exams.
Key distinction: Investment Advisers register with the SEC or state. Broker-Dealers join FINRA. Many firms are both — "dually registered" — and face overlapping obligations from both regulators simultaneously.
Registration obligations depend on your AUM, your business model, and whether you execute trades or provide advisory services — or both.
Dual registration note: Being an RIA does not exempt you from FINRA if you also execute trades. Dually registered firms face overlapping obligations from both the SEC and FINRA and must maintain compliance programs that satisfy both regulators.
These are the foundational obligations every RIA and broker-dealer must have documented and operational.
RIAs file Form ADV with the SEC or state; broker-dealers file Form BD with FINRA. Both forms must be updated annually and promptly when material changes occur. Failure to maintain current registration is itself a violation.
Rule 206(4)-7 requires RIAs to adopt and implement written policies reasonably designed to prevent violations of the Advisers Act. FINRA Rule 3110 requires similar written supervisory procedures. Your CCO must review them annually for adequacy and effectiveness.
Every SEC-registered adviser and every FINRA member must designate a Chief Compliance Officer responsible for administering the compliance program. The CCO must be a "qualified" individual with adequate authority and resources. A CCO in title only — without real authority — is itself an exam finding.
A written annual review documenting the review of the compliance program, including any exceptions found and remediation steps taken. The review must be documented — examiners will ask to see it. "We reviewed everything" without documentation is not sufficient.
Maintain client records, correspondence, trade records, and compliance records for 5–7 years. SEC Rule 17a-4 governs broker-dealers (requires WORM-compliant electronic storage); Rule 204-2 governs RIAs. Records must be readily accessible for the first 2 years.
RIAs with custody of client assets must maintain assets with a qualified custodian, provide quarterly statements to clients, and undergo an annual surprise examination by an independent public accountant. Inadvertent custody (e.g., standing letters of authorization) triggers the same obligations.
Update Form ADV Part 1A within 90 days of fiscal year end. Form ADV Part 2A (the client brochure) must be delivered to all existing clients annually. Promptly amend for material changes. Stale or inaccurate Form ADV is one of the most common SEC exam deficiencies.
Reg BI (broker-dealers): must act in the "best interest" of retail customers at the time of a recommendation; disclose conflicts via Form CRS. Fiduciary duty (RIAs): must always act in the client's best interest, disclose all material conflicts, and avoid placing your interests above the client's.
FINRA members must have a written AML compliance program approved by senior management, Customer Identification Procedures (CIP/KYC) to verify customer identity, and file Suspicious Activity Reports (SARs) with FinCEN. Annual independent testing of the AML program is required.
Regulatory Element: All registered persons must complete FINRA's computer-based CE training every 3 years (or within 120 days of the second anniversary of registration). Firm Element: Firms must provide annual training covering products, compliance, and regulatory topics. Failure to complete CE results in automatic suspension of registration.
Regulators treat securities violations seriously. Penalties extend beyond fines to industry bars and criminal prosecution.
Per violation for individuals. Up to $1,035,909 per violation for firms. Amounts adjusted annually for inflation.
Fines scale with severity. Expulsion from FINRA membership for egregious violations. Hearings are public record.
Both SEC and FINRA can bar individuals from working in the securities industry. A bar effectively ends careers.
Securities fraud: up to 20 years prison under SOX; up to 25 years under Dodd-Frank. SEC refers criminal cases to DOJ.
Recent High-Profile Actions:
"The SEC doesn't just fine firms — they go after individuals personally. CCOs, portfolio managers, and principals have all faced personal liability."
Built for RIAs and broker-dealers who need to manage compliance without a full-time compliance team.
Track your ADV update deadlines, flag material changes that require prompt amendment, and manage disclosure documentation in one place.
Pre-built written compliance policies for RIAs and broker-dealers covering CCO responsibilities, AML, recordkeeping, supervisory procedures, and more.
Compliance calendar for FINRA and SEC exam readiness. Track annual review deadlines, Form ADV updates, CE requirements, and U4 amendment obligations.
Generally $100M in AUM (assets under management). Between $25M and $100M, you register with the state. Under $25M, you may be exempt from registration entirely. Certain multi-state advisers — those subject to registration in 15 or more states — may register with the SEC below the $100M threshold.
SEC rule effective June 30, 2020 requiring broker-dealers to act in the "best interest" of retail customers when making recommendations about securities or investment strategies. It is a higher standard than the old FINRA suitability rule, but lower than the fiduciary standard applied to RIAs. Requires disclosure of conflicts of interest via Form CRS and explicit consideration of costs when recommending products.
Customer Relationship Summary — a 2-page plain-language document all broker-dealers and RIAs must provide to retail customers. It describes the types of services offered, fees and costs, conflicts of interest, legal standards of conduct, and disciplinary history. Required since June 2020. Must be updated when material changes occur and provided to new retail customers before or at the time of first service.
FINRA conducts routine cycle examinations of all registered firms. Frequency depends on the firm's risk profile. High-risk firms may be examined annually. Lower-risk firms typically every 4–5 years. Examiners review books, records, compliance procedures, and supervisory systems. Firms may also receive for-cause examinations triggered by customer complaints or regulatory referrals — these can happen at any time.
Form U4 (Uniform Application for Securities Industry Registration) registers individual representatives with FINRA and applicable states. Required disclosures include: criminal history (including arrests), regulatory actions, civil judgments and liens, customer complaints and arbitrations, financial disclosures (bankruptcies, unsatisfied judgments, garnishments). Must be updated within 30 days of any reportable event.
Electronic records must comply with SEC Rule 17a-4: stored in WORM (Write Once Read Many) format, or with an audit trail that prevents alteration. Records must be accessible for immediate review. Retention periods: 3 years for most records (2 years in an easily accessible location), 6 years for blotters and general ledgers. Email, instant messages, and social media communications are all subject to retention requirements.
RIA (Registered Investment Adviser): provides ongoing investment advice for a fee, owes a fiduciary duty to clients, registered with SEC or state, governed by the Advisers Act. Broker-dealer: executes securities transactions, earns commissions and transaction-based fees, subject to Reg BI standard, must be a FINRA member, governed by the Securities Exchange Act. Many firms are both — "dually registered" — which means they must satisfy both sets of obligations for the respective activities they perform.
Yes. Every SEC-registered investment adviser must designate a CCO under Rule 206(4)-7. Every FINRA member must designate a CCO (and a Registered Options Principal if dealing in options). The CCO must have adequate authority and resources to implement the compliance program — and the SEC has taken action against firms where the CCO was a figurehead without real authority or budget.
Common triggers include: customer complaints (especially those going to arbitration), regulatory examination findings, failure to update Form U4/U5 timely, AML program deficiencies, unauthorized trading, churning (excessive trading), unsuitable or non-best-interest recommendations, failure to supervise registered persons, and insider trading. Off-channel communications (using personal devices for business communications) has become a major enforcement focus since 2022.
Before: Update Form ADV and ensure it is accurate, review and update compliance policies, ensure all records are organized and accessible, confirm annual review is documented, conduct a mock examination. During: Designate a single exam coordinator, produce requested documents promptly and completely, be honest with examiners — attempts to hide problems always make things worse. After: Respond to any deficiency letters within required timeframes, implement changes, and document remediation. The SEC views timely and thorough responses as a mitigating factor.
ComplianceStack helps RIAs and broker-dealers manage their compliance obligations in one place — from Form ADV management to exam readiness.
Start Your Free AssessmentNo credit card required. Results in under 5 minutes.