How Often Should a Broker-Dealer Review Its Written Supervisory Procedures

FINRA Rule 3110 requires member firms to maintain written supervisory procedures reasonably designed to achieve compliance with applicable securities laws and FINRA rules. The rule does not say "review annually." It says "reasonably designed" — which means the answer to how often you should review your WSPs is: as often as the regulatory environment and your business require.

For most broker-dealers, an annual formal review is the baseline. But annual-only review is rarely sufficient.

What FINRA Rule 3110 Actually Requires

Rule 3110 requires each member firm to establish and maintain written supervisory procedures covering the supervision of each type of business it conducts. The firm must designate appropriately registered principals to supervise each business type and conduct regular reviews to ensure compliance. The "reasonably designed" standard is the critical phrase — examiners look at your firm's business, the regulatory environment, and your WSPs and ask whether a reasonable compliance officer would consider them adequate.

What Triggers an Out-of-Cycle WSP Review

Five categories of events should trigger an immediate WSP review regardless of where you are in the annual cycle:

1. New FINRA or SEC Rule

When a new rule takes effect, your WSPs must reflect the new requirement on or before the compliance date. If FINRA adopts a rule with a six-month implementation period, the WSP update should happen well before the deadline.

2. Rule Amendment

Amendments to existing rules are treated the same as new rules from a WSP perspective. Pay particular attention to amendments that change definitions, expand scope, or add new procedural requirements.

3. Relevant Enforcement Action

When FINRA takes an enforcement action against another firm for a specific violation, that action signals an active examination priority. If your WSPs do not address the practice at issue, update them — and document why you reviewed your procedures in response.

4. New Business Activity

If your firm launches a new product or begins a new type of customer activity, your WSPs must cover supervision of that activity before it begins. Firms add products or services and the WSP update lags months behind — this is a common examination finding.

5. Internal Compliance Finding

If compliance monitoring identifies a gap between what your WSPs require and what is happening in the business, the WSP needs updating — whether the gap is in the procedure or in the practice.

What the Annual Review Should Cover

The annual WSP review should compare the firm's current procedures against the current regulatory environment — working through every section and asking whether it reflects current rules, current FINRA guidance, current enforcement priorities, and current business activities. Most annual reviews also involve checking rule citations. A WSP that cites a superseded rule number tells an examiner that nobody has reviewed that section in years.

Document the annual review. Create a written record showing who conducted it, what sources were checked, what changes were made, and what was determined not to require changes and why.

Common WSP Deficiencies Found in FINRA Exams

Based on FINRA's Annual Regulatory Oversight Reports, the most common WSP-related deficiencies include: outdated rule citations, missing procedures for active business lines, procedures that don't match actual practice, no off-channel communications procedures despite repeated FINRA guidance, generic procedures not tailored to the firm, and no documentation of annual review.

The Practical Answer

Annual formal review, documented and dated, is the minimum. Out-of-cycle updates are triggered by any of the five categories above. For firms in fast-moving regulatory environments — significant digital asset activity, options trading, complex product lines — quarterly reviews of the most sensitive sections are common practice among firms with clean examination records. The firms that consistently avoid WSP-related findings treat their procedures as a living document maintained in real time, not an annual compliance project.