FINRA Broker-Dealer Compliance 2026: Registration Requirements, Core Obligations, and Enforcement Actions

Last updated: 2026-05-04 — ComplianceStack Editorial Team

Every firm that effects transactions in securities for the accounts of others — or buys and sells securities for its own account as part of a regular business — must register as a broker-dealer with the SEC under Section 15 of the Securities Exchange Act of 1934 (15 U.S.C. §78o) and become a member of FINRA. FINRA is the largest self-regulatory organization for securities firms in the United States, overseeing approximately 3,400 broker-dealer firms and 624,000 registered representatives. In 2025, FINRA brought 549 disciplinary actions resulting in $88.4 million in fines and $22.1 million in restitution to harmed investors. The compliance obligations are extensive — supervisory systems, recordkeeping, Regulation Best Interest, anti-money laundering, continuing education, and capital requirements — and the enforcement consequences for failures are severe. This guide covers the core obligations that every broker-dealer compliance program must address. For the complete SEC/FINRA regulatory framework, see the SEC/FINRA Compliance Guide 2026.

Broker-Dealer Registration: SEC and FINRA Requirements

The Securities Exchange Act of 1934 requires two separate registrations for firms engaging in the securities business:

SEC Registration (Section 15, 15 U.S.C. §78o): A firm must register with the SEC by filing Form BD (Uniform Application for Broker-Dealer Registration) through the Central Registration Depository (CRD) system. Form BD requires disclosure of the firm's business activities, disciplinary history, control persons, direct owners, and executive officers. Registration becomes effective 45 days after filing unless the SEC institutes proceedings to deny registration.

FINRA Membership: Under Section 15(b)(8) of the Exchange Act, registered broker-dealers must become members of a national securities association (FINRA) or effect transactions solely on a national securities exchange of which they are a member. The FINRA membership application (Form NMA) is a detailed submission requiring disclosure of the firm's business plan, supervisory structure, financial resources, compliance infrastructure, and associated persons. FINRA membership review typically takes 6–12 months and involves an onsite examination.

State Registration: In addition to federal registration, broker-dealers must register in each state where they conduct business. State registration is filed through the CRD system and is governed by each state's securities laws (blue sky laws). Most states require a surety bond.

Associated Person Registration: Individuals associated with a broker-dealer who engage in the securities business must pass qualifying examinations. Key examinations include the Series 7 (General Securities Representative), Series 63 (Uniform Securities Agent State Law), Series 24 (General Securities Principal), and Series 79 (Investment Banking Representative). Registration is maintained through the CRD system and requires ongoing continuing education. For the full regulatory framework, see the SEC/FINRA Compliance Guide 2026.

Supervisory Requirements: FINRA Rules 3110 and 3120

FINRA Rule 3110 (Supervision) is the foundation of broker-dealer compliance. It requires every member firm to establish, maintain, and enforce a system of supervision, including written supervisory procedures (WSPs), reasonably designed to achieve compliance with applicable securities laws and FINRA rules.

Written Supervisory Procedures (WSPs): WSPs must be tailored to the firm's specific business activities — not generic templates. They must identify the supervisory personnel responsible for each type of activity, describe how supervision is conducted, and specify the frequency and methods of supervisory review. FINRA examiners evaluate whether WSPs are actually followed, not just whether they exist.

Designated Supervisory Personnel: Each registered representative must be assigned to a qualified supervisor. Supervisors must be registered as a General Securities Principal (Series 24) or other applicable principal registration. A supervisor who is responsible for activity they are not qualified to supervise violates Rule 3110.

Review of Correspondence and Communications: FINRA Rule 3110(b)(4) requires firms to establish procedures for the review of incoming and outgoing written and electronic correspondence relating to the firm's securities business. Correspondence review must be conducted by a registered principal. The firm must retain correspondence in compliance with SEC Rule 17a-4 and FINRA Rule 4511.

Branch Office Supervision: Rule 3110(c) requires registered branch offices to be inspected at least annually by a registered principal (who is not assigned to the office being inspected for certain high-risk locations). Non-branch locations must be inspected on a cycle determined by risk assessment — typically every one to three years. Inspections must be documented and deficiencies must be tracked to remediation.

FINRA Rule 3120 (Supervisory Control System): Requires firms with designated examining authority to designate a chief compliance officer and establish a supervisory control system that includes testing and verification of supervisory procedures, procedures for review of customer complaints, and annual reporting to senior management. The ComplianceStack Gap Analyzer can assess your supervisory structure against FINRA requirements.

Regulation Best Interest (Reg BI): The Standard of Conduct for Broker-Dealers

Regulation Best Interest (17 CFR §240.15l-1), effective June 30, 2020, established a new standard of conduct for broker-dealers and their associated persons when making recommendations to retail customers. Reg BI replaced the prior suitability standard under FINRA Rule 2111 with a higher obligation.

The Four Component Obligations:

1. Disclosure Obligation (17 CFR §240.15l-1(a)(2)(i)): Before or at the time of a recommendation, the broker-dealer must provide the retail customer with full and fair disclosure of all material facts relating to the scope and terms of the relationship, including: compensation received, fees and costs, the type and scope of services provided, material limitations on recommendations, and all material conflicts of interest associated with the recommendation.

2. Care Obligation (17 CFR §240.15l-1(a)(2)(ii)): The broker-dealer must exercise reasonable diligence, care, and skill when making a recommendation. This requires understanding the potential risks, rewards, and costs of the recommendation; having a reasonable basis to believe the recommendation is in the best interest of the particular retail customer based on that customer's investment profile; and having a reasonable basis to believe that a series of recommended transactions is not excessive.

3. Conflict of Interest Obligation (17 CFR §240.15l-1(a)(2)(iii)): The broker-dealer must establish, maintain, and enforce written policies and procedures reasonably designed to identify and disclose or eliminate all conflicts of interest associated with recommendations. Sales contests, quotas, bonuses, and non-cash compensation that are based on the sale of specific securities or types of securities must be eliminated.

4. Compliance Obligation (17 CFR §240.15l-1(a)(2)(iv)): The broker-dealer must establish, maintain, and enforce written policies and procedures reasonably designed to achieve compliance with Reg BI as a whole.

Form CRS (Customer Relationship Summary): In conjunction with Reg BI, broker-dealers must deliver Form CRS (17 CFR §240.17a-14) to retail investors, summarizing the services offered, fees and costs, conflicts of interest, and disciplinary history. Form CRS must be filed with the SEC and FINRA and delivered to each retail investor before or at the time of a recommendation.

For the complete SEC/FINRA regulatory landscape including Reg BI enforcement trends, see the SEC/FINRA Compliance Guide 2026.

Recordkeeping: SEC Rules 17a-3 and 17a-4, and FINRA Rule 4511

Broker-dealer recordkeeping requirements are among the most detailed and heavily enforced in financial regulation. Three overlapping rule sets govern what records must be created and how long they must be retained:

SEC Rule 17a-3 (17 CFR §240.17a-3) — Records to Be Made: Broker-dealers must create and maintain specified records including: blotters (daily records of purchases, sales, receipts, and deliveries), general ledgers, customer account records, order tickets, trade confirmations, written communications, customer complaint records, and associated person employment records. Rule 17a-3 was amended effective January 3, 2023 to modernize requirements and align with electronic recordkeeping practices.

SEC Rule 17a-4 (17 CFR §240.17a-4) — Records to Be Preserved: Specifies retention periods for each record type. Key retention periods: general ledgers and journals — life of the firm plus six years; customer account records — six years after account closure; order tickets and confirmations — six years; correspondence — three years (first two years in an accessible place); written supervisory procedures — three years after last use; customer complaints — four years. The 2022 amendments to Rule 17a-4 replaced the prior electronic storage requirements with technology-neutral provisions.

FINRA Rule 4511 — General Requirements: Requires members to make and preserve books and records as required by FINRA rules, the Exchange Act, and applicable rules thereunder. FINRA Rule 4511 extends beyond SEC requirements to include records specific to FINRA supervision — including supervisory review documentation, branch inspection reports, and continuing education records.

Electronic Storage: The 2022 amendments to Rules 17a-3 and 17a-4 eliminated the prior requirement for write-once, read-many (WORM) storage for electronic records. Broker-dealers may now use any electronic storage system that meets the conditions specified in the rule — including maintaining an audit trail and complying with SEC and FINRA examination requests. However, the firm must still designate a third-party with access to records in case of firm default.

See the SEC/FINRA Compliance Guide 2026 for the full recordkeeping compliance framework. Track regulatory changes to recordkeeping rules through the SEC Compliance Pulse.

Anti-Money Laundering (AML) and Customer Identification Program (CIP)

Every broker-dealer must establish and implement an anti-money laundering (AML) compliance program under the Bank Secrecy Act (BSA) as implemented by FinCEN and enforced through FINRA Rule 3310.

FINRA Rule 3310 — AML Compliance Program: Every member firm must develop and implement a written AML program that includes: (1) policies, procedures, and internal controls reasonably designed to detect and report suspicious activity; (2) designation of an AML Compliance Officer (AMLCO) responsible for the program; (3) ongoing training for appropriate personnel; and (4) independent testing (audit) of the AML program at least annually — conducted by internal audit or a qualified outside party.

Customer Identification Program (CIP): Under 31 CFR §1023.220, broker-dealers must implement a CIP that includes: collecting identifying information from each customer (name, date of birth, address, taxpayer identification number); verifying the customer's identity through documentary or non-documentary methods within a reasonable time after account opening; checking the customer's name against government lists of known or suspected terrorists (OFAC SDN list, other FinCEN lists); and maintaining records of the information collected and verification methods used.

Suspicious Activity Reports (SARs): Broker-dealers must file SARs with FinCEN for any transaction or pattern of transactions that the firm knows, suspects, or has reason to suspect: involves funds derived from illegal activity; is designed to evade BSA reporting requirements; has no business or apparent lawful purpose; or involves the use of the broker-dealer to facilitate criminal activity. SARs must be filed within 30 calendar days of detection (60 days if no suspect is identified). The threshold for SAR filing is $5,000.

Currency Transaction Reports (CTRs): Broker-dealers must file CTRs for cash transactions exceeding $10,000 in a single business day (or structured transactions designed to evade the threshold).

Beneficial Ownership: Under the Corporate Transparency Act (effective January 1, 2024) and FinCEN's Customer Due Diligence (CDD) Rule (31 CFR §1010.230), broker-dealers must identify and verify the identity of beneficial owners of legal entity customers at account opening. See the Real Cost of Non-Compliance 2026 for AML enforcement penalty data.

FINRA Enforcement: Real Disciplinary Actions and Fines (2022–2026)

FINRA's enforcement program produces hundreds of disciplinary actions annually. Understanding the enforcement landscape reveals which compliance failures attract the most severe penalties:

Robinhood Financial LLC (2021 — $70 Million Fine): FINRA fined Robinhood $57 million and ordered $12.6 million in restitution — the largest FINRA fine against a single firm at the time. The action cited systemic supervisory failures including: providing customers with false or misleading information about their accounts, failing to supervise technology that caused outages during extreme market volatility, and approving thousands of customers to trade options without adequate evaluation of their experience and financial situation. The case demonstrated that technology failures are supervisory failures under Rule 3110.

Wells Fargo Clearing Services (2024 — $3.25 Million Fine): FINRA fined Wells Fargo for failing to establish a reasonable supervisory system for Regulation Best Interest compliance. The firm's automated tools for reviewing recommendations failed to flag transactions that did not meet the Care Obligation — specifically, the tools did not adequately evaluate whether a series of recommended transactions was excessive given the customer's investment profile.

Merrill Lynch (2023 — $1.5 Million Fine): FINRA sanctioned Merrill Lynch for recordkeeping violations — specifically failing to preserve business-related text messages and other electronic communications in compliance with SEC Rules 17a-3 and 17a-4. The firm failed to enforce its own policies requiring all business communications to occur through approved channels.

National Holdings Corporation (2023 — $4.75 Million): FINRA sanctioned National Holdings for widespread supervisory failures across multiple branch offices, including failure to conduct adequate branch inspections under Rule 3110(c) and failure to detect excessive trading in customer accounts.

Enforcement trends 2024–2026: FINRA's examination priorities for 2025–2026 emphasize Reg BI compliance (particularly the Care and Conflict of Interest obligations), cybersecurity (Regulation S-P amendments requiring incident response), off-channel communications (text messages, WhatsApp, Signal), and crypto asset activities. For ongoing enforcement data, see the SEC Compliance Pulse.

Building Your Broker-Dealer Compliance Program

A comprehensive broker-dealer compliance program must address multiple overlapping regulatory requirements. The following framework covers the essential components:

Compliance Infrastructure: Designate a Chief Compliance Officer (CCO) who reports to senior management and has adequate authority, resources, and access to firm records. The CCO should not have production responsibilities that create conflicts with compliance oversight. Establish a compliance calendar tracking all regulatory deadlines — FOCUS reports, customer reserve computations, continuing education cycles, annual compliance meeting, branch inspection schedule.

Written Supervisory Procedures: Draft WSPs specific to each business line — retail equity and fixed income, options, mutual funds, variable annuities, alternative investments, and each product offered. Assign supervisory responsibility by name and describe the review methodology. Update WSPs within 90 days of any material regulatory change.

Reg BI Implementation: Establish written policies for each of the four Reg BI obligations. Implement disclosure procedures (Form CRS delivery, conflict disclosure). Build account review processes that evaluate the care obligation for each recommendation. Document conflict identification and mitigation procedures. Test compliance quarterly.

AML Program: Designate an AMLCO. Implement transaction monitoring calibrated to the firm's business lines and customer types. Establish SAR filing procedures with defined escalation paths and filing deadlines. Conduct independent AML testing annually. Document all training.

Cybersecurity: Regulation S-P (17 CFR §248.30) was amended in 2024 to require broker-dealers to adopt written policies for incident response programs, notify affected individuals within 30 days of a breach determination, and maintain cybersecurity programs that include access controls, encryption, and monitoring.

Net Capital: SEC Rule 15c3-1 (17 CFR §240.15c3-1) requires broker-dealers to maintain minimum net capital at all times. Net capital requirements vary by business activity — introducing brokers, clearing firms, and market makers each have different minimum requirements. Monitor net capital daily and establish early warning triggers.

For the full compliance framework, see the SEC/FINRA Compliance Guide 2026. Use the Compliance Gap Analyzer to identify gaps in your current program.

Frequently Asked Questions: FINRA Broker-Dealer Compliance

What is the difference between a broker and a dealer, and does it matter for compliance?
Yes. A broker is any person engaged in the business of effecting transactions in securities for the account of others (Section 3(a)(4) of the Exchange Act, 15 U.S.C. §78c(a)(4)). A dealer is any person engaged in the business of buying and selling securities for its own account through a broker or otherwise (Section 3(a)(5), 15 U.S.C. §78c(a)(5)). Most firms register as both broker and dealer ('broker-dealer'). The distinction matters for compliance because dealers face additional regulatory requirements — particularly net capital requirements under Rule 15c3-1 and financial responsibility rules that are more demanding for firms carrying customer securities. See the SEC/FINRA Compliance Guide 2026 for the full registration framework.

How often must a broker-dealer conduct branch office inspections?
FINRA Rule 3110(c) requires that each office of supervisory jurisdiction (OSJ) and registered branch office be inspected at least annually. Non-branch locations must be inspected on a regular periodic schedule based on a risk assessment — FINRA guidance suggests at minimum every three years, though higher-risk locations should be inspected more frequently. Inspections must be conducted by a registered principal who is not assigned to that location (for high-risk offices). Each inspection must be documented in writing and any deficiencies must be tracked through remediation. FINRA examiners frequently review branch inspection documentation during cycle examinations and cite firms that fail to conduct timely inspections or adequately document findings.

What are the continuing education requirements for registered representatives?
FINRA's continuing education (CE) program has two elements. The Regulatory Element requires registered persons to complete a computer-based training program within 120 days of their second registration anniversary and every three years thereafter. Content is prescribed by FINRA and covers regulatory developments, compliance topics, and ethical standards. Failure to complete the Regulatory Element by the deadline results in automatic suspension of the person's registration until completion. The Firm Element requires each member firm to develop and administer an annual training program for all covered registered persons. The firm must conduct a needs analysis to determine training content, which must cover the firm's business activities, regulatory developments, and any compliance deficiencies identified through supervision or examination. Firm Element training must be documented and records retained for the period required by FINRA Rule 4511. The Compliance Gap Analyzer can help identify training requirements based on your firm's registration categories.

More FINRA Resources

• FINRA Framework Guide
• Compliance Gap Analyzer (Free)
• Free 5-Minute Compliance Quiz
• Regulatory Deadline Tracker
• Remediation Action Plan ($49)
• Find a FINRA Compliance Consultant