View Whole SectionText only Print Print Manager Link
Previous Next

13-31 FINRA Highlights Examination Approaches, Common Findings and Effective Practices for Complying With its Suitability Rule

View PDF


Regulatory Notice
Notice Type

Suggested Routing

Senior Management
Key Topics

Referenced Rules & Notices

FINRA Rule 2111
FINRA Rule 3270
FINRA Rule 4512
NASD Rule 3010
Regulatory Notice 11-02
Regulatory Notice 11-25
Regulatory Notice 12-25
Regulatory Notice 12-55

Executive Summary

This Notice provides observations from recent FINRA examinations and highlights firms' experiences with FINRA Rule 2111 (Suitability), which became effective on July 9, 2012. It does not create new or alter the existing questions and answers, guidance or interpretations of FINRA Rule 2111 contained in prior Notices.

The effective practices highlighted in this Notice are provided to help firms enhance compliance and supervision under the suitability rule. Adopting practices discussed in this Notice will not ensure rule compliance or result in a safe harbor, but we believe they are positive steps in building a strong compliance environment.

Questions regarding this Notice may be directed to

•   Daniel M. Sibears, Executive Vice President, Regulatory Operations/ Shared Services at (202) 728-6911; or
•   Michael Rufino, Senior Vice President and Acting Head of Regulatory Operations/Sales Practice, at (212) 858-4487.


FINRA Rule 2111 generally is modeled after former NASD Rule 2310, incorporates related case law, and includes a few new or modified obligations. The details of the rule requirements and related guidance are available in Regulatory Notices 11-02, 11-25, 12-25 and 12-55.

The rule requires a firm or associated person to "have a reasonable basis to believe that a recommended transaction or investment strategy involving a security or securities is suitable for the customer, based on the information obtained through the reasonable diligence of the member or associated person to ascertain the customer's investment profile." Firms and associated persons generally must attempt to obtain and analyze customer-specific information—such as customer's age, investment experience, time horizon, liquidity needs and risk tolerance—when making recommendations to customers. The rule also recites the three main suitability obligations:

•   reasonable-basis (requires a firm or associated person to perform reasonable diligence to understand the nature of a recommended security or investment strategy involving a security, as well as its potential risks and rewards, and determine whether the recommendation is suitable for at least some investors based on that understanding);
•   customer-specific (requires a firm or associated person to have a reasonable basis to believe that a recommendation is suitable for a particular customer based on that customer's investment profile); and
•   quantitative (requires a firm or associated person who has actual or de facto control over a customer account to have a reasonable basis for believing that a series of recommended transactions, even if suitable when viewed in isolation, are not excessive).

The rule added recommended investment strategies involving a security or securities, including explicit recommendations to "hold" a security or securities.

For an investment strategy that involves both a security and non-security component, a firm's suitability obligations apply to the security component but its suitability analysis must be informed by a general understanding of the non-security part of the strategy. A firm's general understanding of the non-security product would depend on the facts and circumstances; but ordinarily a firm would need to have only basic knowledge of the non-security product. In the case of a recommended investment strategy involving a security and an outside business activity, a firm's general understanding of the non-security component will be informed by the information and considerations required as part of a notice of an outside business activity pursuant to FINRA Rule 3270 (Outside Business Activities of Registered Persons).

FINRA Rule 2111(b) provides an exemption to customer-specific suitability for recommendations to institutional customers if three criteria are satisfied. First, the customer must meet the FINRA Rule 4512(c) definition of "institutional account." Second, the firm must have "a reasonable basis to believe the institutional customer is capable of evaluating investment risks independently, both in general and with regard to particular transactions and investment strategies involving a security or securities." Third, the institutional customer must affirmatively indicate "that it is exercising independent judgment in evaluating the member's or associated person's recommendations." In relation to the third requirement, negative consent will not suffice; but the affirmative indication does not necessarily have to be in writing. A firm may use a risk-based approach to document compliance with the institutional-customer exemption.

To assist firms in preparing for the amended rule, FINRA issued Regulatory Notice 11-02, which announced the SEC's approval of the amendments, provided an initial effective date and discussed its requirements. Subsequently, firms posed a number of questions regarding the rule, leading FINRA to extend the effective date to July 9, 2012, and issue additional guidance in Regulatory Notices 11-25, 12-25 and 12-55. FINRA also prepared a New Account Application Template as a resource for firms and conducted a free webinar on April 18, 2012.

Moreover, a consolidated suitability frequently asked questions (FAQ) document organized by topic is available at

To further support compliance with the rule, this Notice provides information concerning FINRA's examination approach, common findings and observations of effective practices implemented by firms. Effective practices predominantly implemented by smaller firms are also identified throughout this Notice.

Examination Approach

Examinations for compliance with the suitability rule typically begin with an analysis of a firm's controls. This is largely based on interviewing principals responsible for preparing the firm's policies and procedures for this area and, considering the products the firm sells and the types of customers with which the firm conducts business, assessing the firm's readiness to control risks related to suitability.

FINRA examiners tested supervisory and compliance systems and determined that firms, in general, implemented reasonable approaches regarding suitability. The depth and breadth of FINRA examiner testing is generally determined by the supervisory systems and controls the firm developed, the products and strategies the firm recommends, the firm's business activities, the firm's customer base, and other relevant information considered by FINRA staff during the examination planning and execution process.

During examinations, FINRA typically asks firms to respond to the following types of questions and information requests and to provide supporting documents:

•   What employee training has the firm implemented regarding changes to the suitability rule?
•   Does the firm offer training for associated persons to address investment strategies and hold recommendations?
•   How does the firm define investment strategies, including hold recommendations, and how are these topics supervised?
•   Describe the firm's supervisory and compliance procedures for reasonable-basis, customer-specific and quantitative suitability, such as:
•   the manner in which the firm reasonably detects and prevents transactions in accounts for which customer investment profile information is unavailable or incomplete. To the extent that customer investment profile factors are not incorporated into account documentation, FINRA examiners may ask the firm to explain its efforts to obtain the profile information before making new recommendations to customers and, if any of the information is unavailable, how the firm determines whether there is a reasonable basis to believe that a recommendation is suitable;
•   the way the firm identifies and supervises accounts using strategies, or accounts with concentrations of particular types of securities, that may not align with the customer's investment profile; and
•   the manner in which the firm supervises explicit hold recommendations, including the method of documentation the firm uses when documentation occurs, as well as the information the firm considers in conducting the review.
•   What tools (e.g., exception reports) does the firm use to identify in-and-out trading and high turnover rates and commission-equity ratios?
•   How does the firm determine whether customers meet the definition of "institutional account" and are capable of evaluating investment risks independently?
•   What protocols does the firm use to obtain an affirmative acknowledgement that an institutional customer is exercising independent judgment in evaluating the firm's or associated person's recommendations?
•   If the firm uses portfolio analytic tools or models, how does the firm determine whether the tools or models make recommendations subject to the suitability rule or meet the criteria for the safe harbor in Rule 2111.03?
•   Who develops these tools?
•   Who uses them (clients, representatives or both)?
•   How does the firm periodically review and test the effectiveness of the tools?
•   If the tools or models make recommendations subject to the suitability rule, how are those recommendations supervised?

After the information is obtained, FINRA examiners conduct a review of internal firm controls to determine whether firm procedures are followed. Examinations are expanded where material deviations are found between procedures and practices. In addition, examiners review transactions and related suitability documentation that raise red flags about potential unsuitable recommendations. Examples of red flag transactions include:

•   those that appear to deviate from the firm's internal suitability guidelines for a particular security;
•   a long-term investment for an investor with a short-term horizon;
•   a speculative investment or strategy held in the account of an investor with a conservative investment objective; and
•   the same security held in the account or strategy implemented for multiple investors of a particular representative despite customer profiles that differ.

While examiners review documents used by firms to supervise suitability decisions and rule requirements, FINRA reminds firms that Rule 2111 generally does not impose explicit documentation requirements. As stated in Regulatory Notices 11-25, 12-25 and 12-55, firms may take a risk-based approach to document compliance with the suitability rule. The complexity and risks associated with a particular security or investment strategy will impact the level of documented analysis. Documented analysis may consist of the information obtained by the firm or associated person regarding a particular recommended security or investment strategy to ascertain the suitability of the investment based on the customer's investment profile. Another example of documented analysis could include the source materials obtained to assess potential risks and rewards associated with a recommended security or strategy. Similarly, documented analysis may include those records used to determine whether the recommendation is suitable for at least some investors.

Common Findings

The suitability rule amendments are still relatively new so many firms have not received a cycle examination or had a cycle examination conclude since the rule went into effect. Of the firms examined, most had updated policies, procedures and systems, trained staff and obtained additional customer investment profile information. Nonetheless, a small percentage of firms examined did not take a comprehensive approach to best ensure compliance with the rule.

Among firms where FINRA found deficiencies, inadequate procedures for hold recommendations (e.g., how the firm supervises and, when necessary, documents such recommendations) was the most frequent deficiency. FINRA disposed of the vast majority of examinations with deficiencies through a Cautionary Action that cited firms for inadequate supervisory procedures under NASD Rule 3010 (Supervision). These informal dispositions reflect FINRA's commitment to recognize reasonable, good faith efforts by firms to update and remediate supervisory and compliance systems. FINRA would, of course, consider disciplinary action for more serious violations, such as unsuitable recommendations.

A few examination findings were referred to FINRA's Enforcement Department and those matters involved suitability violations that were actionable under the predecessor suitability rule.

Observations of Effective Practices

The observations regarding effective practices discussed below recognize that there is no one-size-fits-all approach to compliance and supervision. Rather, the cited practices highlight measures that could bolster a firm's suitability-focused supervisory and compliance procedures. The relevance and feasibility of particular practices vary depending on factors such as a firm's size, business model, products offered and customer base. Firms are not bound by the practices discussed in this Notice and may employ other methods to achieve compliance with the suitability rule.

Reasonable-Basis Suitability

As referenced above, reasonable-basis suitability requires a firm or associated person to perform reasonable diligence to understand the nature of a recommended security or investment strategy involving a security, as well as its potential risks and rewards, and to determine whether the recommendation is suitable for at least some investors based on that understanding. FINRA observed during examinations that many firms have in place a new product vetting process that assists them in executing reasonable diligence obligations. While many large firms have extensive frameworks for assessing products, even smaller firms established investment committees to vet complex or risky products to determine whether the product met the reasonable-basis suitability standard for retail customers, and if so, the type of customer profile for which the product would be suitable if recommended.

A firm's vetting of new products does not, standing alone, satisfy the need for associated persons to understand the securities and investment strategies they recommend to customers.1 In this regard, some firms post due diligence on products (and accompanying documents) to an internal website that associated persons can access when recommending a product. Such information includes audited financial statements, notes of interviews with key individuals of the product sponsor or issuer, and other information relevant to understanding the product and its features. Some firms use the vetting process to aid in product-focused training of their associated persons, supervisors and compliance staff.

A number of firms require associated persons to complete instructor-led or online training prior to engaging in the sale of an approved product. Several firms also require associated persons to pass a test at the conclusion of product training. As an added feature, some firms also implement a mandatory waiting period before an associated person can retake a test that he has failed. Firms also routinely update associated persons on product features during sales meetings to communicate new information regarding the product.

Customer-Specific Suitability

Under the customer-specific suitability standard, the rule requires a broker-dealer or associated person to use reasonable diligence to obtain and analyze a customer's age, investment experience, time horizon, liquidity needs and risk tolerance, in addition to the customer-specific factors from the predecessor rule (other holdings, financial situation and needs, tax status and investment objectives).2 The rule requires a firm to seek to obtain and analyze the customer-specific factors listed in the rule when it makes recommendations of securities or investment strategies involving securities to new or existing customers, unless there is a documented reasonable basis to believe that one or more of the factors are not relevant to a customer's investment profile under the circumstances. When customer information is unavailable despite a broker-dealer's reasonable diligence, the firm must carefully consider whether it has a sufficient understanding of the customer to properly evaluate the suitability of a recommendation.

Many firms began collecting the additional information for new customers and supplementing existing customer investment profile information prior to the effective date of the amended rule by updating account forms and using electronic customer relationship management systems to capture this information. Overall, firms made significant technological changes to internal systems to capture the added customer profile data.

Some firms supplemented the technological upgrades with business processes that reassessed their entire client base and challenged its representatives to meet goals for completing customer reviews within a specified timeframe by, for example, periodically posting results by branch office or region. Other firms collected the enhanced customer profile information on a rolling basis as they made new recommendations or conducted quarterly or annual investment reviews with customers. A number of firms implemented systems that flag customer accounts that have recommended transactions but do not have a complete customer investment profile. Some small firms have policies that, although not required by Rule 2111, prohibit recommended transactions unless the customer fully completes or updates account information with all of the factors listed in the amended rule. Here, the firm will designate such an account as restricted to non-recommended transactions if the customer withholds investment profile information.

Some firms also bolstered compliance through heightened customer-specific suitability requirements or specific suitability profiles (e.g., customers who would qualify for complex options trading; customers who have a high-risk tolerance, low liquidity needs and substantial investment experience; customers where the recommended transaction represents a small percentage of a balanced portfolio). These heightened standards are designed to best ensure that a recommended security or strategy matches well with the customer's profile data. For example, some firms combine and assess more granular data focused on a customer's age, retirement status, limited investment experience and low dollar investments to determine whether a particular recommended security or strategy is appropriate or out of line.

In some cases, firms implemented new policies and exception systems that flag vulnerable investors, typically those unable to sustain more than limited losses, such as individuals near or in retirement or other investors who rely on an income stream from an investment portfolio. Exceptions usually take into account factors such as the customer's profile, investment strategies and securities holdings. Some small firms reported conducting targeted educational discussions with vulnerable customers regarding products, markets and risks, as well as more frequent portfolio assessments.

Quantitative Suitability

Quantitative suitability requires a firm or associated person who has actual or de facto control over a customer account to have a reasonable basis for believing that a series of recommended transactions, even if suitable when viewed in isolation, are not excessive. FINRA learned over the past year that it is typical for firms to rely on pre-rule amendment policies, procedures and systems to comply with this provision of the rule. In short, most firms already monitored customer accounts for churning and excessive trading.

Still, some firms updated surveillance and monitoring systems, and exception reports, by incorporating other aspects of the rule changes into data analysis and exception reports, such as the additional customer profile information. This approach bolstered compliance with the quantitative suitability requirement. FINRA believes that firms could also evaluate whether their compensation arrangements could incent a salesperson to engage in excessive trading that is unsuitable (or, generally, to make unsuitable recommendations).

Institutional-Customer Exemption

FINRA observed that some firms with an institutional customer base use tailored account opening documents while others use separate forms or certifications to facilitate compliance with the institutional-customer exemption. Through these documents, the institutional customer acknowledges in writing that it will exercise independent judgment in evaluating recommendations. Alternatively, firms contact institutional customers to discuss affirmative indications and document that conversation. Third-party vendors are used by some firms to verify the institutional status and sophistication of customers. Where institutional customers do not confirm a willingness or capability to exercise independent judgment, some firms take additional steps to adhere to suitability standards. Specifically, an institutional customer may indicate that it will exercise independent judgment only on a trade-by-trade or asset-class-by-asset-class basis. Here, some firms verify and document the circumstances under which an institutional customer exercises independent judgment and flag recommendations that are not covered. To avoid potential suitability breaches with institutional customers, some broker-dealers decide to service only those institutional customers that have made the affirmative indication in terms of all potential trading activity in an account or will designate the account as restricted to non-recommended transactions.

Hold and Other Investment Strategy Recommendations

Although FINRA discovered instances of deficiencies regarding hold recommendations, some firms we examined implemented systems to achieve compliance with the hold and other investment strategy recommendation requirements of the rule. These systems include the following:

•   a "hold ticket" or a "hold blotter" that captures hold and, in certain instances, other types of strategy recommendations;
•   notes of discussions with clients regarding explicit hold or other strategy recommendations by associated persons maintained in customer files;
•   firm branch office inspections focused on the documentation of hold and other strategy conversations with clients;
•   modified new account forms to include specific investment strategies (determined by the firm) that could be identified if an associated person recommends them at the time of account opening;
•   new or amended account opening forms that must be signed by the customer when associated persons recommend changes to a previously recommended account investment strategy; and
•   a prohibition on associated persons engaging firm clients in the associated persons' outside business activities.

As referenced, some firms integrate explicit hold recommendation reviews into branch office inspections. This helps firms determine whether internal procedures regarding hold recommendations are implemented by a particular branch and whether various branches are operating as expected or in an inconsistent manner. If the latter, remedial actions may follow at a regional or national level to better ensure that explicit hold recommendations are properly made, supervised and, when necessary, documented.

Some small firms use clearing firm platforms to capture explicit hold recommendations or other strategies. The practice is for small firm representatives to rely on client notes capabilities offered by clearing firms. Notes capabilities permit registered representatives of small firms to capture the substance of conversations with clients at a granular level (e.g., substance and time of conversation, name of security or type of strategy) and thereby provide an audit trail. Moreover, some small firms counsel their registered representatives to use the notes functionality to capture whether recommendations were made relative to the transfer of positions from another broker-dealer. In particular, some small firms memorialize disclosures to customers that transferred securities—that the firm does not follow—will not be the subject of hold or sell recommendations.

Common feedback from firms is that the hold and strategy aspects of the rule create behavioral and cultural challenges since, historically, it was not customary for registered representatives to consider an explicit hold as a recommendation or to document a strategy. In response, many firms have provided initial training on these aspects of the rule and conducted ongoing training by way of periodic sales meetings, continuing education, annual compliance meetings, onsite inspections and compliance alerts to remind their representatives of procedures on when and how to document hold and other strategy recommendations.

FINRA reminds firms that Rule 2111 generally does not impose explicit documentation requirements. A firm may use a risk-based approach to documenting and supervising compliance with the suitability rule. The type or form of documentation that may be needed is dependent on the facts and circumstances of the investment strategy or hold recommendation, including the complexity and risks associated with the security or investment strategy at the time of the recommendation. Irrespective of the method a firm uses to capture hold and other strategy recommendations when necessary, the firm must have a supervisory system in place to adequately supervise investment strategies.


FINRA examiners observed that firms use various approaches to establish and implement a system of reasonable supervision and compliance over the areas covered by the suitability rule. Examinations show that effective procedures delineate who is responsible for conducting a specific review, what will be reviewed, the frequency of reviews and required documentation to evidence the review. A notable practice is a standardized approach to monitoring and updating policies and procedures as functions, personnel and systems change within a firm.

When customer accounts are following a particular investment strategy, firms take the strategy into consideration when determining the suitability of transactions meant to implement the strategy. This approach helps firms identify potential misalignments of strategies, recommendations and securities positions. To detect potential red flags based on securities positions, some small firms look beyond an individual customer's account. Firms look for concentrated positions of a security in the accounts serviced by specific registered representatives, or look across customer accounts or branch offices for an accumulation of a security that is not readily explained (e.g., a security not followed by the firm). These red flags then become the subject of review by the firm.


Examinations indicate that firms for the most part adopted policies, procedures and systems to address the requirements of the suitability rule. Ongoing and future examinations will determine whether this trend continues.

Importantly, firms have responded to feedback received through examinations by addressing deficiencies. This leads to stronger internal controls around suitability practices. FINRA encourages firms to carefully consider the effective practices cited in this Notice in the near term rather than wait for a regulatory examination. In this manner, firms can determine whether additional efforts are warranted to improve approaches to suitability determinations and the supervision of recommendations. The combination of executive leadership, policies, procedures, suitability-related technologies, training and new product vetting will help ensure that customers are well served when recommendations are made and that the suitability rule serves its intended investor protection purpose.

1 See Regulatory Notice 11-25 (May 2011) (FAQ 11).

2 See FINRA Rule 2111(a) and Regulatory Notice 11-02 (January 2011) (discussion on SEC approved FINRA Rule 2111 and additional customer investment profile information that should be gathered and analyzed as part of a suitability analysis). As noted in Regulatory Notice 11-25 (May 2011) (additional guidance provided to firms on suitability and customer's investment profile),firms were not required to seek to obtain all the customer-specific factors listed in the rule by its implementation date.

Previous Next