Building a Robust Broker-Dealer Compliance Framework

Key Considerations for a Strong Compliance Program

By Len Derus

Framing like the frame of a robust compliance platform

The Importance of the Broker-Dealer Compliance Program

Building an effective broker-dealer compliance program is crucial for maintaining regulatory compliance and fostering trust with clients and regulators. There are many attributes to consider when building a new compliance program or enhancing your current compliance processes to ensure you are meeting the requirements of today, and in the future.

It is vital that you understand all of the regulatory requirements that impact your firm. There are a myriad of intertwined laws and regulations stemming from the U.S. Securities and Exchange Commission (SEC), the states in which you operate and federal laws. For broker-dealers, there is an added level of scrutiny from the Financial Regulatory Authority (FINRA), and the many stock and option exchanges of which a broker-dealer may be a member.  

Develop the Right Policies and Procedures

Once you fully understand the regulatory landscape affecting your firm, you can start building or enhancing your compliance program. Your compliance manual’s policies and procedures should be tailored to your firm, reflecting how you operate, your firm’s lines of business and products, and the way you interact with customers and potential investors.

Policies and procedures should not be aspirational; they should accurately reflect how your firm conducts business, how your firm supervises, and how your firm tests that supervision.

Each procedure should identify who is responsible, what they are required to do, the frequency with which they are required to complete the task and how they will document that the task was completed. For each procedure, the individual responsible for implementing the procedure must be aware of and provided with the information and tools necessary to effectively carry out the tasks.

Supervision: FINRA Rules 3110 and 3120

Aside from developing the proper policies and procedures, you must determine how your firm will ensure they are being implemented properly. This includes having a robust supervision structure in place, controls testing and verification.

FINRA Rule 3110, one of FINRA’s most important rules, requires a member firm to establish and maintain a system to supervise the specific activities of its associated persons that is reasonably designed to achieve compliance with the applicable securities laws and regulations and FINRA rules.  In other words, you must have a way to ensure that your policies and procedures are being followed.

Conduct a Risk Assessment

Understanding the risks affecting your organization is the key to prioritizing your controls. A comprehensive risk assessment will help determine how and when to implement the processes that prevent or detect risk. The current regulatory environment places significant emphasis on customizing certain aspects of your compliance program based on the risks associated with your business model. A formal risk assessment allows for compliance and supervision efforts to be more targeted to the higher-risk issues, protecting the firm as well as the investors.

Once the risks are identified and prioritized, consider the following:

  • Does your firm have a procedure that helps mitigate that risk?
  • Do you have a system in place that mitigates that risk?
  • How strong is that control or mitigation?

Once you have a compliance risk assessment, knowing which risk controls to test and how often is the next step to strengthening your compliance program.

Testing Requirements

There are a number of annual testing requirements for broker-dealers including, but not limited to, supervisory testing, AML testing, email reviews and branch exams.    

A comprehensive risk assessment can help prioritize your testing. Below are some general examples of areas firms should consider when creating their testing program:

  • Areas of significant risk of investor harm
  • Major areas of firm business
  • Areas of deficiency identified in recent testing or regulatory exams
  • Regulator priorities
  • Applicable areas identified in regulators’ disciplinary reports
  • Compliance with new rules
  • Areas that have not been reviewed in several years


You should consider the value of training your whole team regarding the regulatory requirements under which your firm operates. For broker-dealers, training of registered personnel and those supporting them is required in the form of Regulatory Element training and Firm Element training.  That said, additional training should be considered as new products are introduced, new regulatory requirements are put in place and firm procedures and controls change.

Regulatory Element Training

Regulatory Element training includes information on significant rule changes and other regulatory developments relevant to each registration type. Registered individuals must complete the Regulatory Element by Dec. 31 each year. 

Firm Element Training 

Broker-dealers must also provide “Firm Element” training tailored to the firm’s specific needs. The Firm Element requires broker-dealers to conduct a Needs Analysis to develop a written plan for training. They are to then maintain records documenting the content and completion of the program.

Additional Training

Consider whether it makes sense to also train a broader spectrum of people at your firm to understand how the legal and regulatory framework that your firm faces affect what can or cannot be done on a company-wide basis. Developing this understanding can help you build a positive culture of compliance across your organization. When your entire team understands the purpose and end goals of your regulatory program, your firm can more easily meet your regulatory obligations and protect your customers.

Keep Your Program Current

Your compliance program must stay current. A strategy for how you will keep your regulatory program up to date is necessary to ensure you do not miss important amendments or new regulations.  A change management plan should also be in place, specific to your firm and available resources. Consider the following:  

  • How will you receive information regarding new or amended rules from all of the regulatory bodies that affect the firm? Would a vendor that can provide automated reporting of information be better able to meet your needs?
  • How will your team track dates of implementation?
  • Who will be responsible for understanding the impacts, defining what policies, procedures and testing need to be implemented?
  • Does your team have the bandwidth to implement the new processes developed around new rules and regulations?

For easier adoption and minimal disruption, firms strive for seamless integration of new rules into their compliance programs. This can be challenging and time-consuming without expert guidance. Many firms find that outsourcing new rule implementations can help eliminate compliance gaps and risks.  

Compliance Technology Solutions

Technology solutions to meet your regulatory obligations and internal requirements can enhance your program and make it more efficient.  That said, any technology chosen must be tailored to your firm’s needs. A very simple solution may not get you the efficiency you need, but a system that is too complex may create inefficiencies. Take care when evaluating any systems you may want to use to ensure they meet your needs and, importantly, fit into your supervisory regime.

Empower Your Team With Comprehensive Compliance

With the implementation of increasingly complex legal and regulatory requirements, developing and maintaining your compliance program is more important than ever. Taking time to review and critique what has been done by your firm historically to meet its obligations is a key to ensuring your compliance program is built for today’s requirements and ready for tomorrow’s changes.

Oyster Consulting’s broker-dealer compliance consultants understand the complexity of achieving compliance with FINRA Rule 3110. We are former regulators and industry leaders who know the issues you face, and provide reasonable, practical compliance solutions.

About The Author
Photo of Len Derus

Leonard Derus

Leonard Derus is a seasoned financial services professional with over 20 years of experience in Compliance and Risk Management, Control Process Development and Implementation, as well as Program Development,  Management and Training.