FINRA recently fined a broker-dealer $60,000 and issued a censure after finding widespread breakdowns in its Regulation Best Interest (Reg BI) compliance program, Form CRS delivery, and supervisory controls. The firm was also required to certify remediation of the identified issues.

Reg BI Conflicts and Compliance Gaps

According to FINRA, the firm willfully violated Reg BI by failing to meet both the Conflict of Interest Obligation and the Compliance Obligation over a multi-year period.

Reg BI requires firms to identify, disclose, mitigate, and in some cases eliminate conflicts associated with recommendations to retail customers. In this case, FINRA found the firm lacked adequate processes to ensure those obligations were being met consistently or documented appropriately.

Form CRS Delivery Failures

FINRA also determined that the firm failed to deliver Form CRS to certain retail investors, depriving clients of required disclosures about services, fees, conflicts, and standards of conduct.

Form CRS delivery remains a recurring enforcement issue, particularly when firms rely on manual processes or lack controls to confirm delivery and timing requirements are met.

Supervisory Controls Were Not Tested

Beyond Reg BI and disclosure issues, FINRA found that the firm failed to complete annual supervisory control system (SCS) tests for several years.

SCS testing is designed to validate whether supervisory procedures are actually working as intended. Without these annual reviews, gaps in supervision can persist undetected, increasing regulatory risk across multiple compliance areas.

Compliance Takeaways for Firms

This enforcement action reinforces FINRA’s expectation that Reg BI compliance is active, documented, and continuously supervised, not a one-time implementation exercise.

For compliance teams, key lessons include:

  • Reg BI requires operational follow-through: Firms must be able to show how conflicts are identified, disclosed, and mitigated in practice, and how those steps are reviewed over time.
  • Form CRS delivery must be trackable: Firms should have controls in place to confirm when Form CRS is delivered to retail investors and retain evidence of that delivery.
  • Supervisory controls must be tested annually: Supervisory control system (SCS) testing is a core requirement designed to surface weaknesses early. Skipping these reviews allows compliance gaps to persist and compounds exam risk.
  • Firm size does not limit enforcement exposure: FINRA continues to bring Reg BI cases against smaller firms, particularly where foundational compliance processes are missing or inconsistently applied.

Taken together, this case highlights a familiar theme in FINRA enforcement: breakdowns in supervision, documentation, and testing often create more risk than the underlying business activity itself. Compliance teams that regularly validate their controls are far better positioned when regulators come knocking.