Try 110 free Series 14 practice questions across the official topic areas, with answers and explanations, then continue with the full Securities Prep question bank.
This free full-length Series 14 practice exam includes 110 original Securities Prep questions across the official topic areas.
The questions are original Securities Prep practice questions aligned to the exam outline. They are not official exam questions and are not copied from any exam sponsor.
Count note: this page uses the full-length practice count maintained in the Mastery exam catalog. Some exam sponsors publish total questions, scored questions, duration, or unscored/pretest-item rules differently; always confirm exam-day rules with the sponsor.
For a compact topic review before or after this set, use the Series 14 Cheat Sheet on SecuritiesMastery.com.
| Item | Detail |
|---|---|
| Issuer | FINRA |
| Exam | Series 14 |
| Official route name | Series 14 — Compliance Official Qualification Examination |
| Full-length set on this page | 110 questions |
| Exam time | 180 minutes |
| Topic areas represented | 9 |
| Topic | Approximate official weight | Questions used |
|---|---|---|
| Regulatory Agencies | 3% | 3 |
| Markets and Operations | 18% | 20 |
| Broker-Dealer Operations | 9% | 10 |
| Credit and Capital | 6% | 7 |
| General Supervision | 18% | 20 |
| Investment Banking | 14% | 15 |
| Registration | 8% | 9 |
| Customer and Employee Accounts | 15% | 16 |
| Sales Solicitations | 9% | 10 |
Topic: Investment Banking
Your firm is lead underwriter on an IPO. The firm’s WSPs require documented Compliance pre-approval before any offering-related written communication is distributed to investors (including test-the-waters decks, roadshow materials, term sheets, and investor emails) and before any public-facing offering communication is posted (e.g., tombstone ads).
Exhibit: Transaction timeline (planned next steps)
Which action above does NOT require Compliance sign-off before proceeding under these WSPs?
Best answer: D
Explanation: An internal diligence call is not a written investor communication or public-facing posting, so these WSPs don’t require pre-approval to proceed.
The WSP trigger here is distribution of offering-related written communications to investors and public-facing offering communications. An internal due diligence call is neither distributed to investors nor posted publicly, so it is outside the stated pre-approval requirement. The other listed steps are expressly covered written or public communications.
To identify when Compliance sign-off is required, match each timeline step to the firm’s stated pre-approval triggers. Here, the triggers are (1) any offering-related written communication sent to investors and (2) any public-facing offering communication posted.
Apply that to the timeline:
Key takeaway: focus on whether the step is an external written/public communication versus an internal execution activity.
Topic: General Supervision
A broker-dealer’s compliance official is reviewing a commission-spend (soft dollar) arrangement to ensure the firm is only receiving eligible research benefits. Which statement is most accurate?
Best answer: D
Explanation: Soft dollars are intended for brokerage/research that aids investment decisions, not for non-research goods and services that are essentially overhead.
Commission-spend arrangements are meant to fund eligible research and related services that provide lawful and appropriate assistance to investment decision-making. Non-eligible items are typically goods and services that primarily benefit the broker-dealer’s business operations (overhead), even if they indirectly support trading. The compliance decision hinges on whether the item is substantive research versus an operational expense.
The core compliance judgment in soft dollar/commission-spend reviews is whether the firm is obtaining an eligible research benefit versus paying for its own overhead. Eligible research generally includes substantive analytical content or tools used to form investment opinions (for example, research reports or analytical market data used for evaluation). Non-eligible goods and services are those that primarily support the firm’s general operations—such as travel and entertainment, meals, and most hardware or broad “business infrastructure” purchases—because they do not constitute substantive research. When a product has both research and non-research components, firms typically need a reasonable allocation method, documentation, and supervisory review to ensure only the eligible portion is treated as commission-funded. The key takeaway is to tie the spend to investment decision-making assistance, not to operational convenience.
Topic: Customer and Employee Accounts
A broker-dealer is the delivering firm for ACATS transfers. Firm policy (aligned to ACATS processing expectations) requires transfers be validated or rejected within 1 business day and completed within 3 business days after validation.
Exhibit: ACATS exception log (snapshot)
Case Type Status Days open Notes
T-1021 Full Validated; not completed 8 "Pending branch manager sign-off"
T-1044 Full Validated; not completed 6 "Waiting on internal fee review"
T-1059 Full Not validated/rejected 4 No action since request received
Which is the primary compliance red flag/control concern the compliance official should address first to reduce customer harm from avoidable delays?
Best answer: A
Explanation: The log shows validated transfers languishing and an unworked request, indicating a workflow/escalation gap that can drive avoidable transfer delays and customer harm.
The exception log shows multiple transfers aging well beyond the firm’s stated validation/completion timelines, including a request with no action taken. The key compliance issue is a supervisory and workflow control failure—tracking, prioritization, and escalation of stalled ACATS items—because it directly creates avoidable delays and customer harm.
Account transfers require tight operational supervision because avoidable delays can restrict customer access to assets and create complaint and regulatory risk. Here, the delivering firm has (1) validated transfers that remain incomplete for days due to internal sign-offs/reviews and (2) a transfer that has not been validated or rejected for several days. The primary red flag is the absence of effective controls to prevent transfers from stalling in “pending” statuses.
Effective controls typically include:
The key takeaway is to fix the supervision and escalation process that is allowing routine transfers to become unnecessarily aged.
Topic: Markets and Operations
Your firm is adding (1) an agency desk that will route and execute customer orders through a registered exchange floor broker and (2) an OTC desk that will solicit and trade low-priced microcap stocks (often under $5) for retail customers. Current surveillance scenarios are calibrated to electronic listed-equity trading and do not cover these activities.
As the compliance official reviewing the go-live request, what is the best NEXT step in the surveillance workflow?
Best answer: D
Explanation: Before go-live, surveillance should be expanded to cover floor-broker order-handling/trading-ahead risks and penny-stock manipulation/markup/concentration risks with a documented triage and escalation process.
The firm is introducing two activities with distinct risk profiles that are not covered by existing scenarios. The next step is to design and implement surveillance use cases that specifically address floor-broker order-handling/trading-ahead risks and penny-stock manipulation and pricing risks, and to document who reviews exceptions and how escalation and closure are evidenced.
Surveillance governance starts with a risk-based mapping of business activities to concrete detection and supervision use cases before the activity begins. Floor-broker activity introduces heightened risks around manual order handling (time/price priority, discretionary handling), misuse of customer order information, and trading-ahead/front-running patterns that may not be visible in electronic-only surveillance. Penny-stock activity elevates risks of manipulative trading (e.g., wash/matched trades, marking the close), excessive markups/markdowns, customer concentration and liquidity harms, and promotion-driven spikes that require tailored alerts and a defined investigation workflow. The appropriate next step is to implement and test those targeted scenarios and document triage, escalation, and supervisory sign-off, rather than relying on external regulators, generic reviews, or delayed implementation.
Topic: Customer and Employee Accounts
A retail customer account opened three weeks ago is now requesting a same-day liquidation of several thinly traded micro-cap positions and an outgoing wire of the proceeds to an unrelated third party overseas. During the disbursement review, the customer’s name and date of birth generate a close match to an OFAC SDN list entry, and the customer is pressuring the firm to “send it now” due to an alleged emergency. The firm’s written procedures require escalation and documented resolution before processing any transaction when an OFAC potential match is identified.
As the compliance official, what is the single best immediate action to minimize regulatory risk while satisfying the stated constraints?
Best answer: C
Explanation: A potential SDN match requires stopping processing, escalating for documented resolution, and blocking/reporting promptly if the match is confirmed.
Because there is a potential OFAC SDN match, the highest-priority risk is sanctions compliance, which requires an immediate stop to processing until the match is resolved. The best action is to place a hold, escalate per written procedures, and ensure blocking and required reporting if the match is confirmed. This also preserves evidence of supervisory review and decisioning under time pressure.
When a potential OFAC SDN match is identified, the firm should not process trades or disbursements that could transfer value until the alert is resolved under the firm’s sanctions procedures. The immediate compliance focus is to (1) stop the requested activity, (2) escalate to the designated AML/OFAC decision-maker, and (3) document the comparison and disposition (true hit vs. false positive). If the match is confirmed, the firm generally must block the property and make the required OFAC reporting; the micro-cap liquidation and third-party wire pressure also elevate AML concerns and can be evaluated in parallel after the sanctions risk is controlled. The key is sequencing: resolve the sanctions “go/no-go” decision before moving any funds or executing transactions.
Topic: Markets and Operations
You are reviewing a Regulation M surveillance alert for a follow-on equity offering.
Exhibit: Reg M surveillance alert summary
Issuer: ABCD
Deal: Follow-on equity offering (firm commitment)
Pricing expected: June 12, 2025 16:30 ET
Firm role: Syndicate member (distribution participant)
Security status: Actively traded
Restricted period: Begins June 11, 2025 00:00 ET; ends when distribution is complete
Flagged trade: June 10, 2025 13:05 ET — Prop/MM acct BUY 8,000 ABCD @ $27.14
Alert reason: “purchase by distribution participant”
Which interpretation is best supported by the exhibit (based on Regulation M restricted-period concepts)?
Best answer: A
Explanation: The exhibit’s restricted period starts June 11, and the purchase occurred June 10.
The exhibit states the security is actively traded and explicitly shows the restricted period beginning on June 11, 2025. The flagged purchase occurred on June 10, 2025, which is before that start time. Therefore, the only conclusion supported by the record is that this particular trade falls outside the restricted period shown.
Regulation M focuses on preventing distribution participants and their affiliates from bidding for or purchasing a security during the applicable restricted period, which is determined by the security’s status (including whether it is “actively traded”) and then runs until the distribution is complete. Here, the record itself provides the key timing facts: it labels the security as actively traded and specifies the restricted period start as June 11, 2025 at 00:00 ET. Because the flagged purchase occurred on June 10, 2025 at 13:05 ET, the trade predates the restricted period shown in the alert summary. A compliance review may still document why the alert was closed or escalated, but the exhibit supports only the timing conclusion for this trade.
Key takeaway: don’t infer a different restricted-period length or an automatic exception when the exhibit already provides the restricted-period window.
Topic: General Supervision
A broker-dealer’s business continuity plan (BCP) assigns two “emergency contacts” responsible for regulatory communications and requires updating the firm’s emergency contact information in FINRA’s contact system whenever personnel change.
During a regional outage, FINRA attempts to reach the firm using the listed emergency contacts; both phone numbers are disconnected because the employees left the firm three months ago. The firm is reached the next business day through a branch manager.
As the compliance official, what is the most likely regulatory outcome of this control failure?
Best answer: A
Explanation: Failing to keep emergency contact information current is a BCP control breakdown that typically results in a supervisory deficiency and required corrective action.
Because the firm’s designated emergency contacts were stale and unusable during an actual disruption, regulators would view this as a breakdown in BCP governance and regulatory readiness. The expected outcome is a deficiency finding with required corrective actions such as updating contacts, testing escalation paths, and evidencing ongoing ownership and reviews.
BCP controls are not just a written document; they must be operationally effective, including a reliable way for regulators to contact the firm during an emergency. If FINRA cannot reach the firm using the emergency contacts on file, that is strong evidence the firm is not maintaining and governing its emergency-contact process (ownership, timely updates upon personnel changes, and periodic testing). The most likely consequence is an examination deficiency (and potential disciplinary exposure if pervasive), along with remediation expectations such as immediately updating the FINRA contact system, revising WSPs to assign accountability, and retaining evidence of periodic verification/testing. The fact that FINRA reached someone later does not cure the control failure at the time it mattered.
Topic: Registration
A registered representative resigns from a FINRA member firm. To “close out” the rep, operations files an amended Form U4 noting the rep is no longer with the firm, and no Form U5 is filed. The rep then attempts to register with a new broker-dealer.
As the compliance officer, what is the most likely outcome of the firm’s filing approach?
Best answer: D
Explanation: Form U5 is the firm’s termination filing, while Form U4 is for registration and updates while associated.
Terminations of registered persons are reported by the member firm on Form U5. Using an amended Form U4 to “remove” a rep does not satisfy the firm’s obligation to report the end of association, so the firm would have a reporting deficiency until a Form U5 is filed and the record is corrected.
Form U4 is used to register an individual (and to amend that individual’s information) while the person is associated with a firm. When the association ends—whether by resignation or discharge—the firm reports the termination and related details on Form U5. If a firm tries to use a U4 amendment instead of filing a U5, the individual’s CRD record can remain inaccurate and the firm is exposed to a books-and-records/reporting deficiency that typically requires remediation (filing the proper U5 and documenting the correction). Form BD governs the broker-dealer’s registration information, and Form ADV governs an investment adviser’s registration/disclosures, so neither substitutes for terminating an individual’s registration record.
Key takeaway: match the filing to the entity (person vs. firm vs. adviser) and the event (registration/update vs. termination).
Topic: General Supervision
A broker-dealer is preparing its annual FINRA Rule 3130 CEO certification. The CCO’s “support file” contains only (1) email attestations from department supervisors that their areas “follow the WSPs,” and (2) a copy of the current WSPs. There is no written CCO report summarizing compliance testing performed, significant exceptions found, or remediation/escalation and closure evidence.
Which is the primary compliance risk/red flag in this certification process?
Best answer: C
Explanation: Rule 3130 expects the certification to be supported by a defensible, documented annual compliance report and evidence of issue identification and follow-through.
Rule 3130 certifications must be supported by defensible evidence that the firm has processes to establish, maintain, and review compliance policies and supervisory procedures. A file limited to supervisor “all-clear” emails and WSP copies does not evidence testing, identified exceptions, escalation, or remediation. The key red flag is the absence of a documented CCO annual report that supports the CEO’s certification.
The core control expectation under Rule 3130 is that the firm’s CEO certification is not a “paper exercise,” but is supported by a documented annual compliance process. Practically, that means the CCO prepares an annual report to senior management that memorializes what compliance reviews/testing were performed, what significant exceptions or risks were identified, what corrective actions were taken (or are planned), and how issues were escalated and closed.
Supervisor sub-certifications can be helpful inputs, but they are not, by themselves, defensible evidence that the firm actually evaluated compliance effectiveness or remediated problems. A certification package should allow an examiner to trace: scope of reviews results/exceptions management escalation remediation ownership and timelines evidence of completion. The closest trap is treating WSP existence and blanket attestations as a substitute for documented compliance oversight.
Topic: Customer and Employee Accounts
In a broker-dealer customer complaint investigation that may proceed to arbitration, which statement best describes the work-product doctrine in a way that helps Compliance coordinate with Legal while preserving privilege boundaries?
Best answer: D
Explanation: Work product generally covers litigation-preparation materials (particularly attorney mental impressions) and is distinct from the underlying facts of the complaint.
The work-product doctrine is aimed at protecting litigation-preparation materials created because of anticipated disputes, particularly counsel’s mental impressions, legal theories, and strategy. In complaint investigations, Compliance should coordinate with Legal to ensure those materials are created and maintained in a way that preserves that protection while still retaining required business records.
The work-product doctrine generally protects documents and tangible things prepared because of anticipated litigation or arbitration, especially an attorney’s (or counsel-directed) mental impressions, legal theories, and case strategy. It is different from attorney-client privilege, which focuses on confidential communications for the purpose of seeking or providing legal advice.
In a complaint investigation, Compliance can help preserve work-product boundaries by:
The key distinction is that labels and general confidentiality practices do not, by themselves, create work-product protection.
Topic: Regulatory Agencies
Which statement best explains the purpose of an SRO (for example, FINRA) disciplinary process and how it differs from civil litigation and criminal enforcement?
Best answer: B
Explanation: SRO discipline is primarily remedial and investor-protection focused, with regulatory sanctions—not compensatory damages or incarceration.
SRO disciplinary processes are regulatory proceedings used to enforce SRO rules and promote market integrity and investor protection. Their outcomes are regulatory sanctions (for example, censure, fines, suspensions, or bars), not criminal penalties like imprisonment and not civil remedies like compensatory damage awards.
An SRO disciplinary process is an administrative, regulator-run mechanism for policing member firms and associated persons and promoting compliance with securities laws and SRO rules. The aim is investor protection and market integrity—often described as remedial and deterrent—rather than making an injured party “whole.” As a result, the typical tools are regulatory sanctions such as censure, fines, heightened supervision, suspensions, or bars.
Civil litigation is generally a private party seeking money damages or other civil remedies in court, while criminal enforcement is brought by the government and can result in criminal convictions and incarceration. SRO discipline may address the same underlying conduct, but it is distinct from (and can proceed separately from) civil or criminal matters.
Topic: Credit and Capital
You are the compliance officer reviewing a daily exception tracker for extensions of credit.
Exhibit: Exception tracker (single row)
Run date: February 17, 2026
Acct: 7KQ3 (retail margin)
Security: ABCD common stock (new issue)
Firm role: Selling group member
Distribution completion date: February 5, 2026
Customer purchase date: February 10, 2026
Current margin debit: $48,750
Collateral supporting debit: ABCD shares only
Based on the exhibit, which interpretation is best supported under high-level Section 11(d) concepts?
Best answer: B
Explanation: A firm that participated in the distribution generally may not extend or maintain credit on that new issue during the restricted period, especially when the new issue is the only collateral.
Section 11(d) concepts focus on whether a broker-dealer that participated in a distribution is extending or maintaining credit on that same new issue during the restricted period. The exhibit shows the firm was a selling group member and the only collateral is the new issue shares, with the debit outstanding well within 30 days of completion. That fact pattern supports treating the credit as prohibited and requiring prompt remediation and documentation.
At a high level, Section 11(d)(1) is designed to prevent firms that are participating in selling a new issue from using credit to facilitate distribution. When a broker-dealer is a syndicate or selling group participant, it generally cannot extend or maintain credit to a customer on that new issue for a post-distribution restricted period (commonly operationalized as 30 days after the distribution is completed), and firms should also be alert to arrangements that effectively finance the new issue. Here, the exception row shows (1) firm participation (selling group member), (2) an outstanding margin debit, (3) the new issue shares as the only collateral, and (4) timing within the restricted period, so the defensible compliance interpretation is to treat the credit as impermissible, escalate, and cure by eliminating the debit (e.g., collect funds or liquidate) with clear supervisory evidence. The key takeaway is that “Reg T-compliant” margin mechanics do not override this distribution-linked credit restriction.
Topic: Credit and Capital
A broker-dealer acted as a co-manager in TechCo’s IPO. Ten days after the offering priced, a registered representative emails an IPO customer offering “IPO financing”: the firm will arrange a loan from its affiliated carrying broker to fund up to 90% of the customer’s purchase of TechCo shares in the aftermarket, secured only by the TechCo shares.
From a Section 11(d) perspective, what is the PRIMARY compliance risk/red flag the compliance officer should identify?
Best answer: B
Explanation: A firm that participated in a distribution generally cannot extend or arrange credit to customers to buy that new issue for 30 days.
Because the firm participated in the IPO, offering to arrange high-LTV financing for customers to buy that same new issue shortly after pricing is a classic Section 11(d) red flag. The key compliance concern is the restricted period concept (generally 30 days) and whether the firm is extending or arranging prohibited credit in connection with the distribution. Controls should force escalation and prevent the loan arrangement absent a clear permitted structure.
Section 11(d) concepts focus on preventing a broker-dealer that participated in a distribution from using credit to stimulate demand for that same new issue. Here, the firm was a co-manager in the IPO and, only 10 days after pricing, the representative is offering to arrange a loan (through an affiliate) to finance aftermarket purchases secured solely by the new issue shares—facts that point directly to “extend or arrange credit” in connection with a new issue during the restricted period (commonly 30 days).
A practical supervisory response is to:
Other issues may exist, but the credit-in-connection-with-new-issue concern is the primary Section 11(d) risk.
Topic: Customer and Employee Accounts
A new retail customer opens an online account and immediately requests (1) an incoming wire from an overseas bank and (2) a purchase of a thinly traded microcap. Your firm’s OFAC screening tool generates a “possible SDN match” alert on the customer name and date of birth.
Which statement is most accurate?
Best answer: B
Explanation: A potential SDN match requires immediate restriction of activity until the match is cleared or, if confirmed, blocking and required reporting.
A potential OFAC SDN match is an immediate, high-priority interdiction issue. The firm should restrict account activity and escalate the alert for review and resolution before processing any wires or securities transactions. Allowing activity to proceed before clearing the match creates an unacceptable sanctions risk.
When OFAC screening produces a possible SDN match tied to a customer identity element (for example, name and date of birth), the compliance priority is to prevent the firm from engaging in a prohibited transaction. Practically, that means putting an immediate hold on account activity tied to the alert (including wires and purchases) and escalating to the firm’s sanctions/OFAC review process to confirm or clear the match using appropriate identifiers and documentation.
If the match is cleared, the firm can proceed while continuing normal risk-based supervision. If the match is confirmed, the firm must follow its OFAC procedures (for example, blocking/rejecting as applicable and making required reports), and document the decisioning and evidence supporting the disposition. Enhanced trading surveillance or customer certifications do not substitute for clearing an OFAC interdiction alert before acting.
Topic: Credit and Capital
Your broker-dealer plans a joint back-office arrangement where another firm will (1) compute net capital and customer reserve figures and (2) prepare and submit the firm’s regulatory filings, while your firm will approve margin extensions and supervise sales.
Exhibit: Draft arrangement excerpt
As the compliance official, what is the best next step before the arrangement goes live?
Best answer: B
Explanation: The firm must document responsibility, retain regulatory accountability, and establish governance/oversight before outsourcing critical capital and credit functions.
Before outsourcing critical capital and credit-related back-office functions, the broker-dealer must clearly allocate responsibilities in writing and set governance for supervision, escalation, and record access. The arrangement cannot be allowed to operate on implied roles because the firm remains accountable for compliant filings, exception handling, and maintaining required records. Establishing audit/access rights and monitoring expectations upfront creates defensible oversight.
A joint back-office arrangement is a form of outsourcing that can concentrate operational and regulatory risk in areas tied to credit and capital (for example, margin processing, reserve computations, and regulatory filings). Even if another firm performs the work, your broker-dealer remains responsible for compliance and must be able to supervise the activity.
The best next step is to require a written agreement and governance plan that, at a minimum:
Relying on “we’ll fix it later” or a single artifact (like a SOC report) is not enough to establish responsibility and supervisory evidence.
Topic: Customer and Employee Accounts
You are the compliance official reviewing a new customer complaint and coordinating the investigation with Legal.
Exhibit: Complaint log (single row)
Case ID: 24-0176
Received: August 12, 2025 (email)
Allegation: Unsuitable options + excessive trading
Customer note: "If not resolved in 10 days, I will file FINRA arbitration"
Counsel: Outside counsel retained August 13, 2025
Litigation hold: Issued August 13, 2025
Internal note: Sales manager requests "the investigation memo from counsel" for rep coaching
Based on the exhibit, which action is most appropriate to coordinate the investigation while preserving attorney-client and work-product boundaries?
Best answer: C
Explanation: Because counsel is already retained for an anticipated dispute, legal analyses should be limited to counsel while business coaching uses a separate, non-privileged summary.
The log shows a threatened FINRA arbitration and that outside counsel has already been retained, which makes privilege and work-product controls critical. The best approach is to have counsel direct the investigative analysis and limit distribution of legal communications. Business remediation and coaching should be supported by a separate factual write-up rather than counsel’s memo.
When a customer complaint indicates a likely dispute (for example, an explicit threat to file FINRA arbitration) and counsel has been retained, the firm should structure the investigation to protect privileged communications and attorney work product. Practically, that means coordinating requests for documents, interviews, and written investigative analysis through counsel; limiting distribution of legal advice and drafts to those who need to know; and keeping business/supervisory remediation on a parallel track using separate, factual documentation that does not embed legal strategy. The litigation hold noted in the log also supports a more formal, counsel-led process with controlled document handling. A common pitfall is circulating counsel’s memo for training or supervisory coaching, which can undermine privilege and blur the legal-versus-business boundary.
Topic: Investment Banking
A broker-dealer receives two unsolicited sell requests in the same exchange-listed issuer (XYZ).
As the compliance officer, which supervisory action best aligns with customer-protection and market-integrity standards for handling these resale orders?
Best answer: A
Explanation: Control securities can require affiliate resale conditions even if acquired in the market, while restricted securities require evidence they are eligible for public resale before accepting the order.
The CEO’s shares are control securities because she is an affiliate, so resale handling focuses on affiliate-related conditions (e.g., manner-of-sale/volume concepts and documented representations). The second customer’s shares are restricted securities from a private placement, so the key issue is whether the shares are eligible for public resale, typically evidenced by legend removal or other support for an exemption.
Control securities and restricted securities are different concepts that drive different resale controls. Control securities are defined by the seller’s relationship to the issuer (affiliate/control person), so even shares bought in the open market may require enhanced resale review to prevent an unregistered distribution and mitigate manipulation/insider-risk concerns; firms typically document affiliate status, obtain appropriate representations, and apply affiliate resale conditions.
Restricted securities are defined by how the securities were acquired (e.g., private placements), often evidenced by a restrictive legend. The supervisory focus is whether the securities have become eligible for public resale (e.g., through registration or an applicable exemption supported by documentation such as legend removal/legal support). The durable standard is tailoring pre-trade controls to the source of restriction: seller status versus acquisition/registration status.
Topic: Customer and Employee Accounts
Which statement is most accurate regarding how a broker-dealer should document supervisory rationale for an OFAC-related account restriction and its resolution?
Best answer: A
Explanation: Defensible supervision requires a dated audit trail showing why the restriction was imposed, what was reviewed, who approved/escalated, and why it was lifted or maintained.
OFAC screening exceptions require a clear supervisory record that explains why the firm restricted activity and how it reached a decision to clear the alert or keep restrictions. The documentation should be sufficient for an independent reviewer to recreate the logic, evidence reviewed, escalations, approvals, and closure decision.
When a potential OFAC match appears, a firm’s key supervisory risk is not only the decision made (restrict, block/reject, or clear), but whether the decision is supported by a complete, retrievable rationale. Good documentation ties together (1) what triggered the restriction, (2) what identifying information was compared and what sources were used to resolve the alert, (3) who reviewed and approved the decision (including any escalation to AML/Compliance), and (4) the final disposition and any remediation (e.g., continued monitoring, account closure, or controls changes).
A customer’s denial or a vendor’s system log is not, by itself, a complete supervisory record; the firm must be able to show its own analysis and approval path. The key takeaway is to preserve an audit trail that demonstrates reasonable review and informed supervisory judgment.
Topic: Customer and Employee Accounts
A retail customer requests options trading approval and wants to place an options order immediately. The customer’s options agreement is incomplete, the Options Disclosure Document (ODD) has not yet been delivered, and no Registered Options Principal (ROP) has approved the account.
Which supervisory action is NOT appropriate under these facts?
Best answer: C
Explanation: Options trading should not occur until required documentation, ODD delivery, and ROP approval are completed and evidenced.
Options account approval is a gated process: the firm must complete the options agreement, deliver the ODD, and obtain documented ROP approval before the first options trade. An email from the representative does not substitute for required firm approval steps. The best supervisory approach is to prevent trading and use monitoring to detect and remediate any breakdowns.
A key supervisory obligation for options is ensuring trading cannot begin until the account is properly established and approved through the firm’s controls. Under the stated facts, the options agreement is incomplete, the ODD has not been delivered, and the ROP has not approved the account—so the firm should treat any options order as prohibited until those prerequisites are satisfied and recorded.
High-level controls typically include:
Informal disclosures by a representative do not replace required approvals and do not create a defensible supervisory record.
Topic: Investment Banking
Your firm is in the selling group for a fixed-price IPO of ZYX at a public offering price of $20.00 per share. A registered rep submits a request to credit a customer’s account $300 as an “account-opening incentive” only if the customer purchases shares in this IPO.
The customer buys 1,500 shares at $20.00 per share.
Which compliance conclusion is most appropriate based on the customer’s effective purchase price?
Best answer: A
Explanation: The $300 credit reduces the customer’s net cost by $0.20 per share ($300/1,500), effectively selling below the fixed public offering price.
In a fixed-price offering, the public must be sold the securities at the stated public offering price, and firms must not indirectly discount that price through rebates or credits tied to the purchase. Here, the $300 incentive is conditioned on buying IPO shares, reducing the customer’s net cost. That creates pricing-integrity risk because it effectively sells below the fixed offering price.
Fixed-price offerings rely on pricing integrity: customers must purchase at the public offering price, and participants may not use their compensation (or any other credit) to effectively reduce the customer’s purchase price. When a credit, rebate, or “incentive” is conditioned on participating in the offering, it is treated as a price reduction even if it is booked separately from the trade.
Compute the effective price:
Because the effective price is below $20.00, the credit should be escalated and stopped/reversed as a pricing-integrity issue.
Topic: Markets and Operations
A broker-dealer’s daily Regulation SHO exception dashboard shows repeated issues for one equity trader. Firm policy requires (1) a documented locate/borrow source ID before a short sale order is released to market and (2) close-out of any fail-to-deliver by the start of trading on T+4.
Exhibit: Reg SHO exception dashboard (snapshot)
OrderID Date Symbol Side Order Mark Locate ID Notes
78122 Jun 3, 2025 LMNO Sell Long (blank) Executed and allocated
78147 Jun 4, 2025 LMNO Sell Long (blank) Executed and allocated
78205 Jun 5, 2025 LMNO Sell Short (blank) Executed and allocated
Fail-to-deliver aging: LMNO fail remains open on Jun 9 (aged 5 business days)
As the compliance official, which action best aligns with durable Regulation SHO supervisory controls?
Best answer: D
Explanation: It applies preventive controls (locate/marking gate) and corrective controls (documented close-out) with escalation to stop repeat violations.
Regulation SHO supervision is strongest when it prevents noncompliant short sales before orders reach the market and promptly remediates any resulting settlement fails. Here, missing locate records and suspect order marking are recurring, and an aged fail indicates close-out is not being enforced. The best action is to implement an order-release gate and drive immediate close-out with documented escalation.
High-level Reg SHO controls should cover the lifecycle: correct order marking, a pre-trade locate process with retrievable evidence, and supervision of close-outs when a fail-to-deliver occurs. The dashboard shows execution of sales marked “long” with no support and a “short” sale executed without a locate ID, indicating both marking and locate controls are not operating effectively. A durable compliance response is to stop the control breach at the front end (system or supervisory block on releasing short sale orders without a recorded locate) and to remediate the back end (ensure the open fail is closed out within the firm’s stated timeline), while documenting escalation and root-cause remediation so the issue does not recur. Waiting or “fixing later” undermines market integrity and weakens supervisory evidence.
Topic: Registration
If a registered person expects to receive transaction-based compensation for a securities transaction conducted away from the member firm (a “private securities transaction”/selling away), the firm generally must:
Best answer: C
Explanation: Compensated selling-away activity generally requires prior firm approval and ongoing supervision/recordkeeping as if done through the firm.
Compensated selling-away activity creates heightened supervisory and books-and-records risk for the broker-dealer. As a result, the firm generally must provide prior written approval and then treat the activity as if it were conducted on the firm’s behalf for supervision and recordkeeping purposes.
A private securities transaction (often called “selling away”) is a securities transaction a registered person participates in outside the member firm. Because these activities can bypass firm controls, firms must have monitoring designed to capture them early (intake, review, escalation) and determine whether the person will receive compensation. When transaction-based compensation is expected, the firm generally must:
By contrast, many non-securities outside business activities may require notice and assessment but do not automatically trigger transaction-level supervision as firm activity.
Topic: General Supervision
A broker-dealer’s institutional desk administers a commission-spend (soft dollar) program for an affiliated investment adviser. An internal review finds the adviser has been using commission credits to pay a vendor invoice that includes: (1) analyst reports and earnings models, and (2) a CRM license and client-entertainment expenses. The adviser’s client disclosure describes these purchases as “research services.”
If the firm continues paying the invoice with commissions without separating and paying for the non-research items with its own funds, what is the most likely compliance outcome?
Best answer: A
Explanation: CRM and entertainment are non-eligible under the research safe harbor, creating regulatory exposure and a need to pay those costs with firm funds and remediate disclosures.
Commission credits can generally support eligible research and brokerage services, but not general overhead or entertainment. Treating CRM and client entertainment as “research” risks falling outside the safe harbor and creating misleading disclosure issues. The typical consequence is to stop the improper use, allocate costs properly, and reimburse or pay with firm funds for the non-eligible portion.
Soft dollar arrangements require the firm to distinguish eligible research/brokerage benefits from non-eligible goods and services. In this scenario, analyst reports and models are the type of product that can qualify as research, but a CRM license and client entertainment are non-eligible overhead/marketing expenses. If commissions are used to pay for non-eligible items (and disclosures label them as research), the firm risks losing safe-harbor protection for that portion of the spend and creating regulatory exposure for inadequate or misleading disclosures. A practical supervisory outcome is remediation: require itemization and reasonable allocation of any “mixed-use” invoice, ensure non-eligible components are paid with firm funds (or reimbursed), and update disclosures and controls to prevent recurrence. The key takeaway is that “some research on the invoice” does not sanitize non-eligible expenses.
Topic: Registration
A firm’s CE dashboard shows two registered representatives with annual Regulatory Element assignments:
Which supervisory treatment best matches these two situations?
Best answer: B
Explanation: A CE-inactive individual must be blocked from performing registered functions, while an assigned-but-not-yet-due individual should be monitored with documented reminders and escalation as the due date nears.
The key control distinction is whether the person is already CE inactive versus merely assigned. Once CE inactive, the firm must prevent the individual from performing (and typically being compensated for) activities requiring registration until the Regulatory Element is completed. Before the deadline, the firm’s obligation is strong tracking, reminders, and escalation to ensure timely completion.
Effective CE supervision controls tie the firm’s workflow to the individual’s CE status. When the firm’s tracking tool shows CE inactive, that is an exception condition requiring immediate action: block the person from performing functions that require registration, document the restriction, and follow up until the status returns to active after completion. When CE is assigned but not yet due, the appropriate treatment is proactive completion tracking—automated reminders, manager/compliance escalation as the due date approaches, and evidencing follow-up (tickets, attestations, and exception reports). The decisive factor is that an “inactive” status triggers activity restrictions, while “assigned” primarily triggers monitoring and escalation controls.
Topic: Broker-Dealer Operations
Under FINRA Rule 4512, a member’s obligation to make a “reasonable effort” to update customer account information for a natural person account is best described as which of the following?
Best answer: C
Explanation: Rule 4512 requires periodic reasonable-effort updates for natural persons and updates when the firm learns the information has changed.
Rule 4512 focuses on keeping required customer account records current and accurate. For natural person accounts, firms must make a reasonable effort to update the information periodically (at least every 36 months) and also update it when they become aware that required information has changed. The key supervisory concept is combining periodic refresh with event-driven updates when inaccuracies are identified.
FINRA Rule 4512 requires firms to maintain specified customer account information and supervise the maintenance of those records so they remain current. For natural person accounts, the rule builds in two practical “triggers” for action:
A compliant control framework typically documents how the firm prompts customers, captures changes, and evidences follow-up when potential changes are detected, rather than relying solely on the passage of time or the customer to initiate updates.
Topic: General Supervision
A broker-dealer’s investment banking team hires an unaffiliated “capital introduction consultant” who is not registered with the firm and is not a registered broker. The contract pays the consultant 2% of gross offering proceeds for any investors the consultant introduces, and the consultant routinely calls prospects to discuss the issuer and forwards subscription packets to the firm.
As the compliance officer, what is the primary compliance risk/red flag that the supervisory program should address?
Best answer: D
Explanation: Paying a success-based fee for investor introductions tied to securities sales indicates unregistered broker activity and a prohibited compensation arrangement.
Compensating a non-registered person based on offering proceeds is a major red flag because it resembles commissions for effecting securities transactions. When the consultant also solicits and facilitates subscriptions, the arrangement increases the risk the person is acting as an unregistered broker. A core supervisory control is to prevent and detect transaction-based payments to unregistered persons.
The key risk is that the firm is paying transaction-based compensation (a success fee) to a person who is not registered/associated, while that person is also soliciting investors and helping move subscriptions forward. Transaction-based compensation is a classic indicator of “broker” activity and creates significant exposure that the consultant should be registered and supervised as an associated person (or the arrangement should be restructured/terminated). A sound supervisory program should include controls to:
Other risks may exist, but the highest-priority red flag here is the prohibited compensation structure involving an unregistered person.
Topic: General Supervision
A broker-dealer uses a commission sharing arrangement (CSA) and policy states: CSA credits may be used only for eligible research within the Section 28(e) safe harbor; non-eligible items must be paid with firm funds. Accounts Payable routes the following vendor invoice to Compliance for approval.
Exhibit: Vendor invoice (summary)
Item 1: Analyst model + written reports (annual) $48,000
Item 2: Market data terminal user fee (annual) $18,000
Item 3: Two laptops for “research access” $3,600
Item 4: Sponsorship of vendor industry conference $5,000
Total $74,600
Payment method requested: CSA commission credits
What is the best next step?
Best answer: D
Explanation: Compliance should allocate the invoice and ensure only eligible research is paid with CSA credits while non-eligible items are billed to the firm.
Because the invoice includes both eligible research and non-eligible goods/services, Compliance must prevent CSA commission credits from being used for the non-eligible portion. The proper workflow step is to obtain sufficient detail to allocate charges and route payment correctly (CSA for eligible research; firm funds for everything else).
In commission-spend/soft-dollar arrangements, the compliance task is to ensure commission credits are used only for eligible “research” benefits (generally substantive research content and certain market data services used to make investment decisions) and not for non-eligible goods and services. Hardware (like laptops) and marketing/entertainment-type expenses (like conference sponsorships) are not eligible research benefits and must be paid with the firm’s own funds.
The defensible next step is to:
Approving first and “fixing it later” creates a control failure because it allows commission credits to be used for non-eligible items.
Topic: Markets and Operations
A broker-dealer receives a retail customer order to buy 5,000 shares of ABC. The firm first buys 5,000 ABC in the market and, within seconds, sells the same quantity to the customer from its own account at a slightly higher net price (no separate commission line). Operations codes the customer trade as “agency” on both the trade report and the customer confirmation.
If this coding continues, what is the most likely compliance outcome?
Best answer: A
Explanation: Because the firm interposed itself and sold from its own account, the customer trade is riskless principal and must be recorded/reported and confirmed with the correct capacity and economic disclosure.
The firm is not acting as an agent when it buys for its own account and then sells to the customer, even if the offsetting trade is nearly simultaneous. That workflow is riskless principal activity, which has supervisory implications for accurate capacity reporting, accurate customer confirmations, and surveillance around the firm’s remuneration (e.g., markup).
Capacity is determined by how the firm participates in the transaction. In an agency trade, the firm arranges the trade between the customer and a third party and typically charges a commission. In a principal trade, the firm is the counterparty to the customer (buying from or selling to the customer) and is compensated through the price.
Here, the firm purchased shares and then sold them to the customer out of its own account in a contemporaneous, offsetting manner—this is riskless principal. If the firm codes it as agency, it creates inaccurate trade reporting and inaccurate customer confirmations/books and records. Supervision should focus on fixing the capacity coding, correcting affected reports/confirmations as needed, and monitoring the firm’s compensation and best execution impacts for this trading pattern.
Topic: General Supervision
In a broker-dealer soft-dollar program, what best describes a “mixed-use allocation” for research payments?
Best answer: D
Explanation: Mixed-use requires a reasonable, documented allocation so only the research component is paid with commissions and the non-research component is paid with hard dollars.
Mixed-use items include both eligible research and non-eligible benefits. A compliant mixed-use allocation uses a reasonable methodology to apportion the cost and documents the rationale, paying only the research portion with client commissions while the firm pays the rest with hard dollars.
A mixed-use allocation applies when a product or service has both research and non-research components (for example, a data platform that includes analytical research tools plus non-research features). The firm must make a good-faith, reasonable allocation and keep documentation that shows how it determined the research vs. non-research split and why that method is appropriate. The key compliance principle is that only the eligible research portion may be paid with client commissions under the firm’s soft-dollar practices; the non-research portion must be paid by the firm (hard dollars). Strong documentation typically captures:
The control objective is to prevent overcharging clients for non-research benefits.
Topic: Markets and Operations
Your firm is a co-manager on an IPO, and allocations must be finalized today before pricing. A sales rep forwards Compliance an email from a hedge fund client stating it will participate in the IPO only if it also agrees to buy “at least 100,000 shares in the aftermarket during the first week” and asks for a “preferred allocation” in return.
As the compliance official responsible for syndicate controls, what is the single best action to minimize regulatory risk while meeting the timing constraint?
Best answer: C
Explanation: Conditioning IPO allocations on aftermarket purchases is a prohibited tie-in, so the firm should halt and escalate while documenting and enforcing compliant allocation criteria.
The client’s request links receiving IPO shares to agreeing to buy in the aftermarket, which is a prohibited allocation practice (a tie-in) and presents significant manipulation risk. The best compliance response is to stop the request immediately, preserve evidence, escalate to the appropriate supervisory chain, and ensure allocations are made using neutral, documented criteria not conditioned on aftermarket activity.
IPO allocations must not be used as leverage to induce aftermarket trading or other quid pro quo behavior. A customer condition that it will buy in the aftermarket in exchange for a preferred IPO allocation is a classic prohibited “tie-in”/laddering-type practice and should be treated as a serious new-issue allocation exception.
The best control response is to:
Relying on disclosures, timing delays, or after-the-fact surveillance does not cure an improper allocation condition.
Topic: General Supervision
Your firm’s political-contributions surveillance generates the alert below. The registered rep is designated as a Municipal Finance Professional (MFP) and is currently part of a team soliciting City of Harborview for a negotiated underwriting.
Exhibit: Surveillance alert (political contribution)
As the compliance official, what is the best next step in the supervisory workflow to address municipal-business-related risk?
Best answer: A
Explanation: You should promptly escalate, investigate coverage, and stop solicitation activity while assessing any G-37-related prohibition and required remediation/reporting.
A potential political contribution by an MFP to an issuer official creates immediate municipal-solicitation risk. The defensible next step is to escalate and initiate an investigation while placing an interim hold on solicitation/municipal securities business activity with the affected issuer until coverage and impact are confirmed and remediation is determined.
Political-contribution alerts tied to municipal business require controls that both (1) promptly assess whether MSRB pay-to-play restrictions could apply and (2) prevent further tainted solicitation activity while the facts are validated. Here, the alert involves an identified MFP, an issuer official (city treasurer), a meaningful amount, and missing pre-clearance—so the appropriate workflow is immediate escalation (e.g., to the municipal securities principal/CCO), creation of an investigative case, and an interim hold on Harborview-related solicitations/engagements.
Key actions typically include:
Deferring action until routine reporting or taking irreversible reporting steps before validating facts weakens supervision and increases municipal-business risk.
Topic: Regulatory Agencies
A FINRA member firm files a claim seeking repayment of an outstanding promissory note from a former registered representative. No customers are involved, and the dispute is purely between industry parties over compensation. Which forum/process best matches this type of matter?
Best answer: A
Explanation: Disputes between member firms and associated persons (with no customer) are typically resolved through intra-industry arbitration.
The dispute is between a member firm and a former registered representative and involves an employment/compensation-related claim, not a customer complaint. That fact pattern aligns with intra-industry arbitration rather than customer arbitration. A disciplinary action would be triggered by alleged rule violations pursued by a regulator, not a private debt claim.
Arbitration forum selection in the securities industry largely depends on who the parties are and what is being alleged. When the dispute is between industry participants—such as a member firm and an associated person (or two firms)—and concerns matters like compensation, promissory notes, or other employment-related obligations, it is generally handled as intra-industry arbitration.
Customer arbitration, by contrast, is triggered by a dispute involving a public customer (or certain customer-related claims against a firm/rep). Formal disciplinary actions are not private claims; they are enforcement proceedings initiated by FINRA (or the SEC) in response to suspected violations of securities laws or rules and can result in sanctions such as fines, suspensions, or bars. The key takeaway is to identify whether the matter is a private dispute (arbitration) and whether it is customer-related or industry-only.
Topic: Markets and Operations
A broker-dealer’s equity surveillance system generated two alerts:
Which recordkeeping approach best supports regulator-ready evidence for closing Alert 1 versus Alert 2?
Best answer: D
Explanation: Manual judgment requires documented rationale and review evidence, while auto-closure requires auditable rule logic, applicability, and governance/testing evidence.
Alert 1 is closed based on human judgment, so the audit trail must show what was reviewed, the rationale, and who approved the disposition. Alert 2 is closed by system logic, so the audit trail must preserve the alert event and the control design evidence—what rule closed it, that it applied, and that the rule is governed and periodically validated.
Surveillance case closure evidence should match the decision mechanism that drove the disposition. When an analyst (or supervisor) makes a judgment, regulators expect a defensible trail showing the inputs reviewed (e.g., order/trade data, market context, and any relevant communications), the rationale for the disposition, escalation/consultation steps, and supervisory review/approval where required.
When a case is auto-closed by a pre-set rule, the firm still needs an audit trail that allows a regulator to recreate why the system closed it:
The key is that “auto-closed” is not, by itself, a regulator-ready explanation.
Topic: Registration
A broker-dealer is (1) hiring an experienced representative who will be registered with FINRA, (2) terminating a registered representative for cause, (3) adding a new 10% indirect owner of the broker-dealer, and (4) launching an advisory program through an affiliated investment adviser. Which statement about the firm’s use of registration forms is INCORRECT?
Best answer: C
Explanation: Form ADV is for registering and disclosing information about the investment adviser firm, not for registering broker-dealer personnel with FINRA.
Form U4 and Form U5 are individual registration/termination filings for associated persons, while Form BD is the broker-dealer’s firm registration and amendment filing. Form ADV is the investment adviser firm’s registration and disclosure document (including the brochure), not a mechanism to register broker-dealer personnel for FINRA activities.
In day-to-day registration operations, compliance should match the form to the registrant and the event. Form U4 is the individual’s application/registration record and is used when onboarding a person who will be registered and for capturing required disclosures. Form U5 is the individual’s termination filing and is used when a registered person leaves the firm, including reporting the termination reason and related information. Form BD is the broker-dealer’s firm registration and is amended when the broker-dealer has material changes such as ownership/control updates. Form ADV is for the investment adviser firm (and its disclosure brochure), not for registering a broker-dealer representative with FINRA.
Topic: Registration
A registered representative resigns effective June 3, 2026, two days after being notified that Compliance opened an internal review of possible unauthorized options trading in an elderly customer account. No findings have been reached yet, but the firm has preserved order tickets, texts, and recorded calls and has scheduled customer outreach.
The firm’s Form U5 must be filed within 30 calendar days of termination, and it must be amended within 30 calendar days after the firm learns information that makes a prior answer inaccurate or incomplete.
Which action by the compliance officer best aligns with Form U5 filing standards and appropriately addresses narrative-quality escalation risk?
Best answer: D
Explanation: It preserves record integrity by timely filing and uses an objective, supportable narrative with appropriate escalation and amendment controls while the review is pending.
A Form U5 should be filed timely and completed accurately based on what the firm knows at the time, with a narrative that is objective and supported by firm records. When an internal review is open, the disclosure should reflect the review’s status without reaching unsupported conclusions. Escalating the narrative for Legal/senior review and setting an amendment tickler manages defamation and completeness risk as facts change.
The core standard is timely, accurate, and fair disclosure on Form U5, supported by documentation and subject to escalation controls because the narrative can create regulatory and defamation exposure. When a termination occurs during a pending review, the firm should not “wait for certainty” or file a misleadingly clean U5; it should disclose the existence and status of the internal review using objective, fact-based language that the firm can evidence.
Practical controls that align with this standard include:
The key takeaway is to manage both completeness and defensibility: disclose the pending review as pending, and be prepared to amend as the investigation progresses.
Topic: Markets and Operations
Which statement is most accurate about the role of market makers and traders in price discovery and liquidity, and the related compliance risks?
Best answer: B
Explanation: This correctly ties the market-making function (continuous two-sided quoting and liquidity provision) to common market-integrity risks that require surveillance and controls.
Market makers and active traders contribute to price discovery by expressing supply and demand through quotes and trades, and market makers add liquidity by standing ready to buy and sell. Those same activities can be abused to mislead the market (for example, placing non-bona-fide quotes or trading to move prices), so firms need surveillance and conflict controls around quoting and proprietary trading.
Price discovery occurs as market participants submit quotes and execute trades that reveal willingness to buy and sell at different prices. Market makers enhance liquidity by maintaining two-sided markets and absorbing temporary imbalances, which can narrow spreads and improve execution quality. The compliance risk is that quoting and trading can also be used to distort perceived supply/demand (for example, manipulative quoting, spoofing/layering-like behavior, or other activity intended to move prices) or create conflicts when proprietary positions benefit from induced price moves. A sound framework focuses on monitoring quote/trade patterns, investigating alerts for intent and impact, and documenting remediation when activity appears inconsistent with bona fide market making or legitimate trading strategies. The key is recognizing that liquidity provision does not eliminate market-integrity risk; it changes where the firm must monitor most closely.
Topic: Customer and Employee Accounts
During a quarterly review of account-designation exceptions, you find an account coded in the firm’s system as “Retail—Non-Associated.” The new account documentation shows the co-owners are a registered representative at your firm and the representative’s spouse, and most deposits come from their joint bank account. Which supervisory action best aligns with durable standards for accurate account coding and defensible records?
Exhibit: New account highlights (Acct 7H29)
Owners: Pat Lee (RR at firm), Jordan Lee (spouse)
Employment (Jordan): “Homemaker”
Funding source: “Joint checking—Pat/Jordan”
Account coding in system: “Retail—Non-Associated”
A. Keep the retail code because the spouse is not registered
B. Recode as an employee/related account and evidence an ownership/control review
C. Run OFAC screening only and leave the designation unchanged
D. Close the account to eliminate the coding risk
Best answer: B
Explanation: The facts indicate an associated-person household account, requiring recoding, documentation, and tailored lookback/ongoing supervision to keep books and records accurate.
The account’s ownership and funding show it is tied to an associated person, creating a clear red flag that the “non-associated retail” code is inaccurate. The best response is to correct the designation and create supervisory evidence of beneficial ownership/control, plus any targeted lookback and ongoing monitoring that the corrected code is meant to trigger. This preserves record integrity and supervisory accountability.
A compliance official should treat account coding as a books-and-records control: the designation must reflect who beneficially owns or controls the account and what supervisory controls should apply. Here, a firm registered representative is a co-owner and uses joint funds, so the “non-associated” coding is inconsistent with the account’s true relationship and can improperly bypass heightened supervision intended for employee/related accounts. The strongest approach is to (1) validate and document beneficial ownership and control, (2) correct the system designation, and (3) apply the firm’s related supervisory requirements (e.g., required approvals, heightened monitoring, and a reasonable lookback where the wrong code may have affected surveillance or entitlements). The key is remediation that is both operational (system correction) and evidentiary (defensible documentation).
Topic: Sales Solicitations
A registered representative sends the same product-update email to 8 retail customers over a two-week period. Which supervisory treatment best matches this message under FINRA public communications standards?
Best answer: B
Explanation: Because it is distributed to 25 or fewer retail investors in 30 days, it is correspondence, which is typically supervised through post-use review under WSPs.
A message sent to 25 or fewer retail investors within a 30-calendar-day period is generally treated as correspondence. Correspondence does not require registered principal pre-use approval, but it must be supervised and reviewed under the firm’s written, risk-based procedures. Here, the 8-recipient email fits correspondence, so post-use review is the best match.
The key supervision decision is driven by how the communication is classified. Retail communications (broad distribution to retail investors) generally require a registered principal’s approval before first use. Correspondence, however, is more limited distribution to retail investors (typically 25 or fewer within a 30-calendar-day period) and is supervised through the firm’s written supervisory procedures, commonly using post-use, risk-based review rather than mandatory pre-use sign-off.
Because this email goes to only 8 retail customers over two weeks, it falls into the correspondence bucket, so the appropriate control is documented, risk-based post-use supervision (with escalation for red flags), not blanket pre-use principal approval.
Topic: Investment Banking
A registered rep wants to send a “new private placement opportunity” email for a Regulation D offering that is being conducted without general solicitation. Your WSPs allow a streamlined approval process only when the distribution list is limited to accounts tagged “PP-Eligible” (documented pre-existing substantive relationship and eligibility captured). Any other recipients require the message to be held for enhanced compliance review and list remediation.
Exhibit: Proposed distribution list
| Tag | Count |
|---|---|
| PP-Eligible | 312 |
| Retail-only | 18 |
| No tag/unknown | 20 |
| Total | 350 |
What is the most appropriate compliance decision?
Best answer: B
Explanation: Because 350 − 312 = 38 recipients fall outside the PP-Eligible control, the message cannot use streamlined approval and must be escalated and scrubbed.
The firm’s control allows streamlined approval only when the distribution is limited to PP-Eligible accounts. The exhibit shows 350 total recipients but only 312 PP-Eligible, meaning 38 recipients are outside the permitted population. That makes the proposed communication ineligible for streamlined handling and requires escalation, list remediation, and enhanced review to avoid an improper solicitation.
In limited offerings conducted without general solicitation, controls commonly restrict offering communications to a vetted, pre-qualified population (for example, accounts with a documented pre-existing substantive relationship and private-placement eligibility). When a rep proposes a broader “blast” that includes unvetted recipients, the compliance risk shifts from a controlled investor notice to a potentially impermissible solicitation, so enhanced review and distribution controls must be applied.
Using the exhibit:
A legend alone does not substitute for eligibility screening and controlled distribution.
Topic: Broker-Dealer Operations
A broker-dealer clears through a third-party clearing firm that generates and emails customer trade confirmations. Compliance reviews the firm’s daily SEC Rule 10b-10 confirmation reconciliation (executions vs. confirmations archived in the firm’s records) and sees four corporate bond customer trades from yesterday marked “executed—no confirmation image/data retained.” Operations says, “The clearing firm sent the confirms, so we’re fine.”
As the compliance official, what is the best NEXT step in the proper workflow sequence?
Best answer: B
Explanation: Even if a clearing firm delivers the confirmation, the introducing firm should evidence 10b-10 confirmation content and control completeness through reconciliation and retained records.
Rule 10b-10 supervision is not just about sending confirmations—it also requires the firm to be able to evidence the confirmation content and demonstrate completeness and accuracy through defensible records. A daily reconciliation exception indicates a books-and-records control break that must be investigated and cured by obtaining the missing confirmation record/data and documenting the fix and remediation.
A key compliance concept under SEC Rule 10b-10 is that the firm must be able to evidence that required confirmation disclosures were provided for customer transactions and maintain records that support supervisory review. When confirmations are produced or delivered by a clearing firm or vendor, the introducing firm still needs controls to ensure (1) confirmations were generated/sent for each execution and (2) the firm can retrieve the confirmation (or the underlying confirmation data) for recordkeeping and audit purposes.
The proper next step after a reconciliation exception is to cure the specific breaks first—retrieve the missing confirmation images/data from the clearing firm, match them to the executions, and retain them—then perform root-cause analysis (e.g., interface failure, mapping issue, account flag) and implement/document remediation so the exception does not recur. Closing the exception without evidence, or creating unvalidated internal substitutes, undermines record integrity and supervisory defensibility.
Topic: Markets and Operations
You are the compliance officer for an introducing broker-dealer that clears through a third-party clearing firm. A daily Reg SHO exception report shows a proprietary trading account has three open short-sale fails-to-deliver (FTDs) in the same equity, which has been on a published threshold list for 9 consecutive settlement days; the FTDs are aged 5, 7, and 12 settlement days. Firm policy (aligned to Reg SHO) requires short-sale FTDs to be closed out by the start of trading on T+4, and if an FTD in a threshold security remains open beyond 13 settlement days the account must be placed on “pre-borrow only” and no additional short sales may be accepted until the fail is closed.
Operations notes the trader has been labeling the items “pending stock loan” and no close-out buy has been entered. What is the single best compliance action to minimize regulatory and operational risk?
Best answer: C
Explanation: It cures aged fails promptly while applying the required short-sale restriction and creating defensible supervisory evidence through escalation and documentation.
Aged short-sale FTDs—especially in a threshold security—require prompt close-out controls and effective restrictions that prevent additional short sales until the issue is cured. The exception report and operations note show a clear control failure (no close-out action and improper “pending stock loan” handling). The best response is to force timely close-out, impose the required trading restriction, and evidence supervision through escalation and documentation.
The core compliance issue is a breakdown in short-sale delivery/close-out controls: multiple FTDs are already beyond the firm’s stated T+4 close-out requirement, and the security is on a threshold list, increasing regulatory sensitivity and the risk that the position reaches the firm’s “pre-borrow only/no new shorts” trigger. A compliance officer should treat this as an active exception requiring immediate remediation and supervisory follow-up.
A sound control response is to:
Deferring action or shifting responsibility to the clearing firm leaves the firm exposed to ongoing delivery failures, potential regulatory findings, and repeated settlement/market-access operational risk.
Topic: General Supervision
You are reviewing a commission-sharing arrangement (CSA) payment request for soft-dollar eligibility.
Exhibit: Soft-dollar exception tracker (row)
Request ID: 24-017
Vendor: Alpha Research LLC
Pay method: CSA commissions
Invoice total: $25,000
Line items:
1) Semiconductor quarterly reports + analyst hotline access $20,000
2) Alpha Summit: conference pass + hotel $5,000
Support attached: sample report; summit agenda
Based on the exhibit, which interpretation is best supported when determining what may be paid with commissions?
Best answer: A
Explanation: Substantive research reports and analyst access are eligible research benefits, while conference fees and lodging are non-research goods/services.
Soft-dollar/CSA spend may be used for eligible research benefits, such as substantive research content and analyst access that supports investment decision-making. Non-eligible goods and services—like travel, lodging, and conference-related costs—must be paid with hard dollars or carved out. The exhibit shows a clearly mixed-use invoice with both types of items.
In a commission-spend arrangement, the compliance decision is to distinguish eligible research from non-eligible goods and services and ensure any mixed-use invoice is reasonably allocated. The exhibit includes two separable line items: (1) written industry reports and analyst hotline access, and (2) a conference pass plus hotel. Substantive research content and analyst access are classic eligible research benefits, while conference fees and lodging are non-eligible items (they are not themselves research, even if the event has an agenda). A defensible control outcome is to approve payment of the research portion with commissions and require the non-eligible portion to be paid with hard dollars (or excluded from the CSA payment). The key is that vendor label and “research” packaging do not make non-research items eligible.
Topic: Customer and Employee Accounts
A retail customer emails the firm alleging a registered rep placed “unauthorized and excessive” trades over the past two months and requests reimbursement. The email includes account number and trade examples, so it meets the firm’s definition of a written customer complaint. Firm policy requires (1) logging all written complaints upon receipt, (2) sending an acknowledgment within 5 business days, and (3) investigating and documenting the resolution before issuing a final response.
As the compliance official, what is the best next step?
Best answer: A
Explanation: The correct sequence is to capture the complaint and acknowledge receipt promptly, then investigate and document before any final response or closure.
A defensible complaint workflow starts with intake controls that create a record of receipt and ensure the customer is acknowledged promptly. After logging and acknowledgment, the firm should open an investigation file to gather facts, document findings, and track remediation through a final written response and closure. This sequencing prevents premature conclusions and supports required supervisory evidence.
Written customer complaints should follow a controlled workflow that is consistent, auditable, and timely. Here, the firm’s policy sets the order: log upon receipt, acknowledge within the stated timeframe, then investigate and document before responding substantively and closing.
A practical sequence is:
Steps like a final denial or registration disclosure decisions should not occur before the complaint is logged, acknowledged, and factually investigated.
Topic: General Supervision
A broker-dealer sends an investment adviser a single bundled monthly invoice to be paid with client commissions. The adviser represents that any eligible items are used in the investment decision-making process and that required disclosures are made.
Exhibit: Bundled invoice (USD)
Under Section 28(e) concepts, what is the maximum amount that would generally qualify to be paid with soft dollars under the safe harbor from this invoice (assuming proper mixed-use allocation)?
Best answer: C
Explanation: Execution and eligible research/market data total $16,800 + $7,200 + $8,400, while hardware, compliance consulting, and entertainment are non-eligible.
Section 28(e) generally covers eligible brokerage (execution-related) and eligible research (including certain market data and research reports) when used to make investment decisions. Non-eligible items like entertainment, general compliance/overhead services, and hardware must be paid with the adviser’s own funds. Adding only the eligible line items yields the maximum soft-dollar amount.
Under Section 28(e), a key compliance step is to separate (and document) what is eligible “brokerage and research” from non-eligible products and services. Here, trade execution/routing is eligible brokerage, and the market data/news subscription and third-party research reports are generally eligible research if used in the investment decision-making process. Terminal hardware, compliance consulting (a general overhead/service), and client entertainment are not eligible and must be carved out under mixed-use.
Compute the eligible portion:
The remaining items are paid with the adviser’s own money, not client commissions, even if billed on the same invoice.
Topic: Credit and Capital
Which statement is most accurate about supervising daily margin records under FINRA Rule 4220?
Best answer: A
Explanation: Rule 4220 centers on a daily required-margin record, and effective supervision uses it to identify and trend repeat margin exceptions for follow-up and escalation.
FINRA Rule 4220 is about maintaining a daily record that reflects required margin, which supports day-to-day supervisory control over margin compliance. A sound program uses the daily record to generate exception reports and to spot patterns such as repeat deficiencies or chronic under-margined accounts. Trending and documented follow-up help demonstrate that the firm is detecting and remediating margin risks, not merely recording them.
The core supervisory concept behind FINRA Rule 4220 is that the firm must maintain a daily record of required margin, and that record should be operationalized as a control. In practice, compliance/supervision should ensure the daily record (or report derived from it) is complete for all accounts where the firm extends credit and that it supports daily exception identification.
Supervisory use typically includes:
A common weakness is treating on-time cures as eliminating the need for review evidence; the control still needs documented oversight and trend analysis to catch systemic or repeated breakdowns.
Topic: Registration
Which statement is most accurate regarding a registered representative’s outside activities and the related registration-risk controls at a broker-dealer?
Best answer: D
Explanation: Compensated “selling away” requires firm written approval and ongoing supervision/recordkeeping as if done through the member.
Compensated private securities transactions create significant sales-practice and registration risk because the firm must decide whether to permit the activity and, if permitted, supervise it like firm business. That means written approval, surveillance/controls, and books-and-records capture consistent with the firm’s supervisory system.
The core control concept is that outside activity disclosures are not just “paperwork”—they drive the firm’s supervisory obligations and the rep’s registration-risk profile. For private securities transactions, the key dividing line is compensation: if the rep will be compensated, the firm must make an explicit written approval decision and then supervise the activity as though it were executed on the firm’s behalf (including documenting the approval and ensuring appropriate recordkeeping and ongoing monitoring).
By contrast, treating outside activity as something that can be handled informally (verbal approval or annual-only capture) undermines the firm’s ability to assess conflicts, customer impact, and potential “selling away,” and it can lead to inaccurate or stale registration disclosures and supervisory findings. The practical takeaway is to require prompt pre-activity notice, documented decisions, and risk-based supervision for approved activities.
Topic: Broker-Dealer Operations
Under NYSE volatility control rules, a “market-wide trading halt” is best described as which of the following features?
Best answer: C
Explanation: Market-wide circuit breakers pause trading broadly across U.S. equity venues when index-based decline thresholds are reached.
A market-wide trading halt is an index-triggered circuit breaker that pauses trading broadly across U.S. equity markets, not just one symbol, one venue, or one firm. It is designed to address extraordinary market-wide volatility by temporarily stopping trading activity across multiple exchanges and trading centers.
NYSE volatility control rules include market-wide circuit breakers that are triggered by market-wide conditions (typically an index-based decline threshold) and are implemented broadly across U.S. equity markets. The defining feature is scope: the halt is coordinated and applies across venues, so firms must be prepared for order-handling, trading, and program-trading workflows to pause and then resume in an orderly way.
This is different from volatility controls that affect only one security (such as limit up-limit down pauses), exchange-specific operational halts, or a broker-dealer’s own risk controls (such as a kill switch). The key takeaway is that “market-wide” means cross-market coordination driven by broad market moves.
Topic: Credit and Capital
A firm’s written credit policy prohibits margin loans on any equity trading below $5.00; the position must be fully paid (100% deposit). The trading desk requests a one-day policy exception for a customer order and proposes the compensating controls shown below. The firm applies a 5% haircut to money market fund collateral.
Exhibit: Exception request (summary)
Order: Buy 20,000 shares @ $4.50 (position value = $90,000)
Customer deposit at trade: $54,000 (60%)
Additional collateral: $36,000 money market fund
Haircut on money market fund collateral: 5%
Proposed control: daily mark-to-market and same-day margin call
As the compliance officer, what is the most appropriate decision on this exception request?
Best answer: A
Explanation: After the 5% haircut, total collateral is $88,200, leaving a $1,800 shortfall versus the $90,000 fully-paid requirement.
The proposed compensating controls must make the firm whole against its 100% fully-paid house requirement on sub-$5 equities. Applying the stated 5% haircut reduces the money market fund collateral credit, so the proposal does not fully cover the $90,000 purchase. The appropriate response is to require additional collateral (or reduce the transaction) so haircut-adjusted collateral equals the full amount before granting any exception.
When evaluating a credit-policy exception, the key question is whether compensating controls eliminate (or appropriately mitigate) the incremental risk created by deviating from the written limit. Here, the house limit requires a fully paid position, so the firm must have $90,000 of acceptable collateral value.
Using the exhibit numbers:
Because the proposal leaves a collateral deficit after applying the firm’s stated haircut, daily monitoring and calls do not substitute for meeting the required coverage at the time of the exception.
Topic: Investment Banking
Which statement is most accurate regarding resales of restricted or control securities under SEC Rule 144?
Best answer: B
Explanation: Once the holding period is met and the seller is a non-affiliate, Rule 144’s conditions fall away after one year.
Rule 144 is a resale safe harbor with different conditions depending on whether the seller is an affiliate and whether the securities are restricted. A key compliance point is that, after the full holding period, non-affiliates can resell without being subject to the ongoing Rule 144 conditions that otherwise restrict resales. This is why the one-year, non-affiliate statement is the most accurate.
Rule 144 provides a non-exclusive safe harbor for resales of restricted securities and for sales by affiliates (control persons). Compliance review starts with two determinations: (1) whether the securities are “restricted” (so a holding period applies), and (2) whether the seller is an affiliate (so ongoing resale conditions apply due to control-person risk). For non-affiliates, once the required holding period has fully run, Rule 144 no longer imposes the typical resale conditions (such as volume and manner-of-sale limitations and a Form 144 notice); the seller can generally resell without meeting those conditions. By contrast, affiliates selling control securities remain subject to Rule 144 resale conditions, so affiliate status must be assessed and documented as part of evaluating whether a proposed resale is consistent with the safe harbor.
Topic: Broker-Dealer Operations
A broker-dealer supports an institutional client’s automated “basket” strategy that can send thousands of child orders within minutes through the firm’s market access. Pre-trade controls currently validate each child order (symbol, price collar, max shares), but there is no aggregate basket notional limit and no intraday exposure dashboard for the desk supervisor.
Today, the firm’s surveillance generates this alert:
Alert: Basket burst (Client DMA)
Window: 10:01–10:06 ET
Child orders sent: 8,420
Aggregate notional: $185,000,000
Net fill: $22,400,000
Exchange rejects: 312 (rate-limit)
Risk notes: No aggregate basket limit configured
As the compliance official, which action best aligns with durable pre-trade and intraday risk-limit standards before allowing the strategy to continue?
Best answer: C
Explanation: Stopping the flow until aggregate and intraday controls (limits, monitoring, and escalation/kill switch) are implemented addresses the control gap driving the alert.
The control weakness is that per-order checks do not constrain aggregate basket exposure or provide supervisors real-time visibility during a burst. A defensible response is to halt the activity and implement aggregate pre-trade limits plus intraday monitoring and a documented escalation/kill-switch process. This aligns supervisory accountability with risk containment during high-volume program trading.
High-volume basket activity can create rapid, correlated exposure that is not captured by “good order” checks on individual child orders. Durable standards focus on preventing uncontrolled market access risk by combining (1) pre-trade limits that cap aggregate exposure (e.g., basket notional/order-rate constraints) and (2) intraday supervision that detects and stops abnormal bursts in real time.
A sound control response is to:
Post-trade-only review or “tuning for fewer rejects” does not address the core risk: uncontrolled aggregate exposure during the trading window.
Topic: General Supervision
Which statement is most accurate regarding a broker-dealer’s business continuity planning (BCP) controls and emergency-contact governance for regulatory readiness?
Best answer: D
Explanation: BCP governance centers on a written, periodically reviewed plan and current emergency contacts to support timely regulator communication and operational continuity.
Regulatory readiness requires a written, living BCP that is periodically reviewed and supported by current emergency-contact information. The goal is to ensure the firm can continue or wind down critical operations and that regulators can quickly reach accountable personnel during disruptions. Stale contacts or an unmanaged plan undermines supervisory controls in an actual event.
BCP supervision is about governance and evidence: the firm should maintain a written plan that addresses how it will respond to significant business disruptions and demonstrates ongoing oversight (for example, periodic review and updates). A key readiness control is maintaining current emergency-contact information so regulators can quickly reach designated individuals with decision authority and knowledge of critical operations. From a compliance-officer perspective, this means ensuring ownership is assigned, reviews are documented, changes to personnel/phone/email are updated promptly in the firm’s regulatory contact records, and gaps identified in testing or after-action reviews are remediated and tracked to closure. A “set it and forget it” approach, or relying on informal knowledge or a generic switchboard, is not defensible supervision.
Topic: General Supervision
A broker-dealer wants a supervisory control that most directly addresses restrictions on giving gifts or gratuities to employees of other broker-dealers (to avoid improperly influencing business decisions). Which feature best matches that objective?
Best answer: D
Explanation: Tracking and aggregating benefits by recipient supports limits and prevents improper influencing of other firms’ personnel.
A gifts-and-entertainment control is designed to prevent employees from using items of value to influence personnel at other firms. The most direct feature is a log that aggregates items by recipient and supports enforcing an annual cap with supervisory review.
Restrictions on gifts/gratuities to employees of other broker-dealers are aimed at reducing conflicts of interest and the appearance (or reality) of buying business through items of value. A well-designed supervisory control therefore needs to (1) capture all items of value provided, including entertainment where required by firm policy, (2) identify the recipient and the recipient’s firm, and (3) aggregate activity so supervisors can enforce an annual limit and detect patterns (for example, repeated small items that add up). Controls focused on other conflict areas—like political contributions, outside business activities, or personal trading—do not directly address the “influencing or rewarding other firms’ employees” risk.
Topic: Credit and Capital
A broker-dealer’s monthly net capital computation control includes a documented supervisory review and quarterly governance reporting of exceptions. For the last three months, the same deficit in the net capital workpaper (incorrect classification of an allowable asset) was found and corrected before filing, but the firm did not document root-cause analysis, committee review, or follow-up testing to confirm remediation.
During a FINRA exam, the firm cannot produce evidence of control testing, governance review, or remediation beyond “we fixed it each month.” What is the most likely outcome?
Best answer: A
Explanation: Without governance and remediation evidence, recurring exceptions are treated as a capital-control weakness requiring a formal corrective action plan and demonstrable retesting.
Recurring net capital control exceptions that are repeatedly “fixed” without documented root-cause analysis, governance escalation, and follow-up testing typically result in an exam finding. Regulators expect evidence that the firm’s capital controls are designed, reviewed, and proven effective over time, not just ad hoc corrections.
Capital compliance is not only about arriving at the right number; it also requires a defensible control framework that detects issues, escalates recurring problems, and proves remediation worked. When the same net capital workpaper error repeats, exam staff typically expect documentation showing (1) the exception trend was identified, (2) it was escalated to appropriate governance (e.g., finance/compliance management or a risk committee), (3) a root cause and corrective action were implemented, and (4) the control was retested and evidenced.
If the firm can only say “we corrected it each month,” FINRA is likely to view the control environment as ineffective and the supervisory record as inadequate, increasing regulatory exposure even if no net capital deficiency ultimately occurred. The practical expectation is a documented remediation plan, enhanced monitoring, and proof of sustained closure through retesting.
Topic: Investment Banking
Your firm is co-manager on a follow-on equity offering. An automated communications review alert flags a registered rep’s mass email to 180 customers titled “Offering Highlights,” attaching a slide deck created by investment banking. The deck was not in the firm’s approved communications library, and the email includes projected use-of-proceeds benefits and an indicative price range. The rep says the deck was “already approved by deal team.”
As the compliance official, what is the best next step in the workflow?
Best answer: D
Explanation: The firm must preserve the exact content and create defensible evidence of review, escalation, and the final supervisory decision before any further use.
The immediate control need is to preserve the communication and create a clear supervisory record showing who reviewed it, what was reviewed, what issues were identified, and what escalation and outcome occurred. That documentation is the evidence of supervisory review and supports any remediation or reporting decisions. Stopping use is important, but without capturing and documenting the review trail, the firm cannot demonstrate effective supervision.
Offering-related communications must be supervised in a way that is provable after the fact. When an unapproved deal communication is detected, the compliance workflow should first secure the evidence (the exact email and attachment as sent) and open a documented review path showing: the reviewer(s), the basis for any required edits or prohibition, any escalation to the appropriate supervisory principal(s) (e.g., retail communications and investment banking supervision), and the closure decision (e.g., corrective outreach, training, discipline, or updated approvals). This creates defensible supervisory review evidence while enabling the firm to assess scope (recipients, versions, timing) and prevent further distribution.
Key takeaway: act first to preserve and document the supervisory review trail, then remediate.
Topic: Registration
A broker-dealer adds a control to its registration program: each quarter, Compliance pulls an HR roster (active employees and job titles) and compares it to CRD registration status and approved role assignments (e.g., trading, supervision) to identify individuals who are active in HR but missing required registrations or who have role access inconsistent with their registrations.
Which option best matches the purpose of this control?
Best answer: C
Explanation: It is designed to detect gaps or mismatches between active personnel/roles and their regulatory registrations.
The described feature is a periodic reconciliation control that cross-checks internal HR status and role assignments against CRD registration data. Its purpose is to surface exceptions such as active employees performing or being enabled for regulated functions without the appropriate registrations, or individuals with outdated registrations relative to their assigned roles. This supports ongoing registration accuracy and supervisory risk reduction.
A core registration-program control is a recurring “source-of-truth” reconciliation that ties together (1) who HR shows as active, (2) what roles/permissions the firm has assigned, and (3) what the regulator-facing registration system (CRD) shows. The goal is to detect and remediate mismatches, such as an active employee with supervisory or trading responsibilities who lacks the required principal/representative registration, or a person with system entitlements that exceed what their registrations support. In practice, the control should generate an exception list, assign ownership for investigation, document remediation (e.g., filing, role change, access removal), and evidence closure for audit/exam readiness. This is different from filing specific forms, which update records but do not by themselves ensure ongoing alignment across systems.
Topic: Markets and Operations
A broker-dealer wants to begin routing a new midpoint-liquidity strategy to a newly onboarded equities ATS. Firm policy requires, before go-live, (1) pre-trade max order notional limits and (2) an intraday gross notional cap for the strategy that covers the strategy’s expected peak activity and is approved by Risk and Compliance.
Exhibit: Pilot projections and proposed limits (USD)
Based on the exhibit, which control action should Compliance require before approving go-live?
Best answer: A
Explanation: Peak-day notional is $8,250,000, so the $5,000,000 cap must be revised and approved before launch.
The firm’s new-strategy controls require an intraday gross notional cap that covers expected peak activity and is approved before go-live. The peak-day projection is higher than the configured $5,000,000 cap, so the strategy should not be approved until the cap is resized (or the strategy scaled down) with documented Risk and Compliance approval.
Before a firm participates in a new strategy or venue, it should complete a new-product/strategy review that includes configuring and validating the key risk controls needed for the expected activity. Here, the per-order limit appears sufficient, but the intraday gross notional cap must cover the strategy’s expected peak day.
Compute expected peak-day notional:
Because $8,250,000 exceeds the proposed $5,000,000 cap, Compliance should require the cap (or activity level) be adjusted and formally approved and tested before go-live, rather than relying on after-the-fact monitoring.
Topic: Broker-Dealer Operations
Your firm operates an NYSE Designated Market Maker (DMM) unit and also has separate agency algorithmic trading and proprietary trading desks. Minutes before the close, the DMM unit receives non-public closing auction imbalance updates while it is facilitating the closing auction.
Which statement describes a compliance practice that is INCORRECT under these facts?
Best answer: A
Explanation: Non-public imbalance information obtained through the DMM role must not be used or shared to benefit other firm trading activity before it is broadly available.
A DMM’s access to real-time auction imbalance information creates a heightened risk of misuse of non-public information. The key compliance consideration is preventing dissemination or use of that imbalance data by other firm trading units (agency or proprietary) before it is publicly available. Controls should emphasize information barriers, access restriction, and surveillance around close-related influence.
DMM-facilitated closing auction activity can expose a firm to manipulation and information-misuse risk because DMMs may receive non-public, time-sensitive imbalance information as part of their market-making function. A compliance official should treat that imbalance data as restricted and ensure it is not transmitted to other parts of the firm (including agency algorithm desks) in a way that could advantage trading decisions before the information is broadly available.
Practical controls typically include:
The core takeaway is that “helpful execution optimization” cannot justify sharing restricted auction imbalance information across desks.
Topic: Investment Banking
Which statement best describes a broker-dealer’s restricted list as used in confidentiality controls for M&A and restructuring mandates?
Best answer: D
Explanation: A restricted list is used to impose firmwide trading limitations when MNPI risk exists around an issuer/security.
A restricted list is a key information-barrier tool used to control trading when the firm’s involvement in a mandate creates MNPI risk in a particular issuer or security. Its purpose is to prevent or limit trading activity (often firmwide) to protect market integrity and demonstrate effective confidentiality controls. It differs from lists that track who has MNPI access or that merely require pre-clearance.
In M&A and restructuring work, the firm may obtain MNPI about an issuer (e.g., deal terms, financing plans, distress/restructuring outcomes). A restricted list is a control that identifies the affected issuer/securities and triggers trading restrictions designed to prevent misuse of MNPI and reduce appearance-of-conflict risk.
Typical compliance outcomes include:
By contrast, an insider list focuses on tracking individuals with MNPI access (for auditability and inquiries), and a watch/pre-clearance concept generally allows trading subject to heightened review rather than outright restriction.
Topic: Customer and Employee Accounts
A compliance official is reviewing a weekly ACATS transfer-delay report. The firm’s customer-harm metric is a “delay impact score” calculated as:
Delay impact score = (number of transfers) × (average account value) × (average days past the 7-business-day target)
Exhibit: Weekly delay summary (past 30 days)
| Primary root cause | # Transfers | Avg account value (USD) | Avg days past target |
|---|---|---|---|
| Missing/defective transfer authorization (NIGO) | 8 | $120,000 | 6 |
| Unsettled positions/contra firm hold | 3 | $200,000 | 3 |
| Internal account-number coding error | 2 | $150,000 | 10 |
Based on the exhibit, which supervisory control enhancement should be prioritized to most reduce customer harm from avoidable delays?
Best answer: C
Explanation: The missing/defective authorization category produces the highest delay impact score when you multiply transfers by value by days past target.
Using the firm’s metric, you compare each root cause by multiplying the number of delayed transfers by the average account value and the average days past target. The missing/defective transfer authorization (NIGO) bucket has the largest product, so improving upfront completeness checks and immediate NIGO outreach should produce the biggest reduction in customer harm from avoidable delay.
A practical way to prioritize transfer-delay controls is to quantify where avoidable delay creates the most customer exposure. Here, the firm defines exposure as a “delay impact score,” so the compliance decision is to compute and compare the score by root cause.
Because the NIGO authorization bucket is the largest driver, the best first control is an intake completeness check with rapid customer outreach to cure defects early, reducing out-of-market time and related harm. Focusing only on the highest average days or highest average value would miss the metric’s combined effect.
Topic: Markets and Operations
Which statement about SEC Rule 10b-18 issuer repurchase activity is most accurate?
Best answer: D
Explanation: Rule 10b-18 is an optional safe harbor conditioned on meeting its trading parameters, so monitoring focuses on adhering to and documenting those limits.
Rule 10b-18 is designed to reduce manipulation risk by offering an optional safe harbor for issuer (or affiliated purchaser) buybacks that follow specific trading conditions. A compliance official’s monitoring should therefore focus on controls and surveillance that test those conditions and retain defensible evidence of adherence and exception handling.
SEC Rule 10b-18’s purpose is to provide an issuer (and certain affiliated purchasers) with an optional, nonexclusive safe harbor from allegations that the repurchase itself was manipulative, if the buyback complies with the rule’s conditions. Because the safe harbor is conditional (and not a blanket approval of buybacks), compliance monitoring should be built around verifying the trading parameters were met and that exceptions are identified, escalated, and documented.
Practical monitoring typically includes:
The key takeaway is that adopting a plan is not enough; the safe harbor depends on how the trading occurs.
Topic: Sales Solicitations
You are designing a monthly management dashboard for cold-calling controls. The metric definition is: “Timely corrective-action completion rate = (# of cold-calling exceptions detected in January that were closed on or before their due date) ÷ (total cold-calling exceptions detected in January). Treat open items as not timely.”
Exhibit: Cold-calling exception tracker (as of February 14, 2026)
ID Detected Due Closed
CC-101 Jan 7, 2026 Jan 21, 2026 Jan 20, 2026
CC-102 Jan 9, 2026 Jan 23, 2026 Jan 29, 2026
CC-103 Jan 14, 2026 Jan 28, 2026 Jan 27, 2026
CC-104 Jan 22, 2026 Feb 5, 2026 (Open)
CC-105 Jan 28, 2026 Feb 11, 2026 Feb 10, 2026
Based on the exhibit, what timely corrective-action completion rate should be reported for January?
Best answer: B
Explanation: Three of the five January-detected exceptions were closed on or before their due dates, and open items are not timely.
The metric’s denominator is all exceptions detected in January, and the numerator includes only those closed on or before the due date. The exhibit shows three on-time closures, one late closure, and one open item that is therefore not timely. That yields 3 out of 5, or 60%.
A defensible management metric must match its stated definition and be reproducible from the firm’s exception tracking records. Here, “timely” is explicitly defined as closed on or before the due date, and the denominator is all exceptions detected in January (not just those that were eventually closed). From the exhibit, CC-101, CC-103, and CC-105 were closed by the due date (3 timely). CC-102 was closed after the due date (not timely), and CC-104 is open (also not timely).
Using the defined metric: timely rate = 3 timely ÷ 5 total January exceptions = 60%.
The key control-design point is to avoid denominator switching (e.g., only closed items), which can mask backlog and late remediation.
Topic: General Supervision
Two broker-dealers are reviewing controls for business continuity planning (BCP) and emergency contacts.
Which firm’s treatment best reflects regulatory-ready emergency-contact governance?
Best answer: B
Explanation: Regulatory readiness requires governance that keeps emergency contacts continuously reachable and promptly updated in the regulator-facing contact system, not just in an internal BCP file.
Regulatory readiness focuses on whether the firm can be reached quickly during a disruption using current, reliable emergency contact information. That means named, reachable individuals (often with alternates), controlled change management, periodic verification, and prompt updates to the regulator-facing contact records. Simply updating an internal BCP document or listing a generic switchboard line does not provide the same assurance.
A BCP is not just a document; it is an operational control set that must work under stress. For emergency-contact governance, regulators expect the firm to maintain continuously reachable points of contact and to keep regulator-facing contact records current so the regulator can reach the firm quickly during an event. Strong governance typically includes a primary and alternate contact, 24/7 direct contact methods, restricted edit rights, a defined verification cadence, and documented evidence of updates and reviews. Keeping emergency contact information only inside an internal BCP repository (or relying on a generic number) creates a single point of failure and delays regulator communications when rapid coordination is most critical.
Topic: Investment Banking
A broker-dealer is lead manager for a fixed-price follow-on offering and is designing controls for the syndicate order book.
Which option best matches the appropriate compliance treatment?
Best answer: B
Explanation: A hard cut-off with documented, approved exceptions helps prevent gaming cancellations that could distort fair and consistent allocations.
Fixed-price offering allocations must follow a written, consistently applied methodology using bona fide orders, with controls that prevent order gaming. A firm cut-off and documented, approved exceptions create an auditable trail for cancellations and size changes. Allowing free post-allocation resizing invites manipulative “placeholder” behavior and undermines allocation fairness.
In fixed-price offerings, a key compliance risk is that late cancellations or resizing can be used to “game” the book and steer shares to favored accounts. A sound control design typically includes a clearly communicated order cut-off, restricted ability to change orders after cut-off, and a defensible audit trail showing that any post-cut-off changes were customer-directed and appropriately approved. Allocations should be driven by a written methodology (for example, time priority or another neutral basis) that is applied consistently across eligible accounts, with records retained to evidence how orders, changes, and exceptions were handled. A process that permits placeholder orders with unrestricted post-allocation adjustments lacks the controls needed to demonstrate fairness and can compromise the integrity of the allocation process.
Topic: General Supervision
A branch surveillance review flags possible misuse of customer funds and account-sharing.
Exhibit: Exception snapshot
Acct: Retail IRA (customer age 72)
Activity: 3 ACH disbursements to “J. Smith Consulting” (rep’s outside entity)
Initiation: Entered in online portal (no call notes)
Logins: Same device fingerprint used for rep portal + customer portal
Customer email: “My rep handles my account online for me.”
As the compliance official, which immediate action best aligns with durable supervisory standards for customer protection and escalation?
Best answer: B
Explanation: The facts indicate potential misappropriation and credential sharing, requiring immediate restriction, preservation of evidence, independent customer confirmation, and escalation to compliance/AML supervision.
The combination of payments to the rep’s entity, shared device fingerprints, and the customer’s statement that the rep “handles” logins creates high-risk red flags for misappropriation and account sharing. The appropriate response is to immediately contain the risk (restrict access and activity), preserve records, independently validate customer intent through a controlled call-back process, and promptly escalate for investigation and AML/compliance review.
Supervisory programs must respond to credible red flags of customer harm with prompt containment, independent verification, and documented escalation—not reliance on the potentially involved rep or informal customer messages. Here, disbursements to the rep’s outside entity plus evidence of shared access (same device fingerprint across rep and customer portals, and the customer’s email implying credential sharing) create a reasonable suspicion of misuse of customer funds and improper account access.
A durable immediate response is:
Actions that “paper over” the issue or delay escalation increase customer-protection and supervisory failures.
Topic: Markets and Operations
Which of the following is a common fair-pricing/commission red flag that should trigger supervisory review at a broker-dealer?
Best answer: B
Explanation: Charging customers both a markup/markdown and a separate commission suggests potentially unreasonable, duplicative compensation.
Fair pricing supervision focuses on whether customer compensation is reasonable and not unfairly excessive. A key red flag is potentially duplicative charges that inflate total compensation without a clear, supportable basis. Collecting a principal markup/markdown and an additional commission for the same execution warrants review and documentation.
A broker-dealer’s fair pricing obligations generally require that prices (including markups/markdowns and commissions) be fair and that total customer compensation be reasonable in light of the security, market conditions, services provided, and the firm’s role (agency vs. principal). A classic supervisory red flag is compensation that appears duplicative or difficult to justify—such as layering a separate commission on top of a principal markup/markdown—because it may indicate the customer is being charged twice for the firm’s remuneration on the same transaction. Effective supervision looks for patterns of unusually high total charges, inconsistent application across similarly situated customers, weak documentation of pricing rationale, and exceptions concentrated in specific reps, products, or trading conditions.
Topic: General Supervision
A broker-dealer uses a soft-dollar arrangement in which equity order flow generates research credits with Broker X. A quarterly best execution review shows Broker X has consistently higher effective spread and price impact than two other venues for the same order types, even after considering the value of the research received.
Which statement is INCORRECT under these facts?
Best answer: C
Explanation: Soft-dollar benefits cannot justify routing that results in inferior executions versus reasonably available alternatives.
Best execution requires the firm to seek the most favorable terms reasonably available for customer orders and to reassess routing when execution quality is inferior. Research obtained through soft dollars may be considered, but it cannot override evidence that an execution venue is delivering worse outcomes. Controls should force an execution-quality-based decision and create defensible documentation.
The core issue is managing the conflict between obtaining research through soft dollars and the firm’s best execution obligation. A firm may consider the value of research in its overall evaluation of broker-dealers, but it must still route orders in a way that seeks the most favorable terms reasonably available for customers. When the firm’s own reviews show a broker consistently provides inferior executions versus alternatives for comparable order flow—even after factoring in research value—continuing to prioritize that broker to maximize credits is not an acceptable supervisory outcome.
Sound supervision typically includes:
The key takeaway is that soft-dollar benefits must be managed within, not at the expense of, best execution.
Topic: Customer and Employee Accounts
A broker-dealer is reviewing its OFAC controls and is comparing two events:
Which treatment best matches appropriate OFAC screening for these two events?
Best answer: A
Explanation: OFAC programs generally require screening at customer onboarding and again when processing a payment to a new counterparty, not relying solely on historical results.
OFAC screening should be applied at multiple points: when establishing the relationship and when executing transactions that introduce new sanctioned-party risk. Opening a new account calls for screening the customer (and any required associated persons such as beneficial owners, as applicable). A same-day wire to a new third party requires transaction-time screening of the relevant payment parties before release and appropriate escalation if a potential match occurs.
A defensible OFAC control framework uses layered screening tied to risk-entry points: onboarding, periodic rescreening, and event-driven screening at transactions (especially payments) where new parties are introduced. In Event 1, the firm should screen the customer information captured during account opening to prevent establishing a relationship with a sanctioned party. In Event 2, even though the customer was screened years ago, the outgoing wire introduces a new beneficiary/bank pathway; the firm should run interdiction screening on the wire parties before processing and be prepared to pause/escalate if the filter produces a potential match. The key differentiator is that payment events can introduce sanctioned parties independent of the customer’s prior screening status.
Topic: Investment Banking
A broker-dealer is participating as an underwriter in a follow-on equity offering. Compliance requires the syndicate desk to “wall off” the firm’s proprietary trading and market making from entering bids for, purchasing, or attempting to induce others to bid for or purchase the offered security (and any covered reference security) starting shortly before pricing and lasting until the distribution is complete, unless a specific exception applies.
Which Regulation M concept is this control designed to address?
Best answer: A
Explanation: Regulation M’s restricted period is intended to prevent distribution participants from bidding for or purchasing the covered security in a way that could artificially influence the market during a distribution.
The described “do not bid, buy, or induce” restriction during a defined window around an offering is the hallmark of Regulation M’s restricted period. The control is meant to prevent market manipulation or artificial price support by firms participating in the distribution until the distribution is complete.
Regulation M is designed to protect market integrity during securities distributions by limiting conduct that could artificially influence the market for the offered security. A core mechanism is the restricted period, during which distribution participants and their affiliated purchasers are generally prohibited from bidding for, purchasing, or attempting to induce others to bid for or purchase the covered security (and certain related reference securities). Compliance controls commonly include restricting proprietary trading activity, pre-clearance requirements, and surveillance to ensure any permitted activity fits within an applicable exception. By tying the restriction to the period shortly before pricing through completion of the distribution, the control targets the exact window when distribution-related trading could most distort supply, demand, or price.
The key takeaway is that this is about avoiding improper bidding and purchasing activity during the distribution window, not about permitted price support mechanics.
Topic: Broker-Dealer Operations
Your firm’s written reference for NYSE market-wide circuit breakers states: Level 1 = 7% S&P 500 decline (15-minute halt if before 3:25 p.m. ET); Level 2 = 13% decline (15-minute halt if before 3:25 p.m. ET); Level 3 = 20% decline (halt for rest of day).
Exhibit: Trade surveillance alert summary
Alert type: Market-wide volatility control (MWCB)
Index: S&P 500
Time triggered (ET): 2:58:14 p.m.
Percent change vs prior close: -7.2%
Exchange status: Trading Halt (MWCB)
Scope: All listed equities
Which interpretation is best supported by the exhibit?
Best answer: C
Explanation: The exhibit shows a 2:58 p.m. ET trigger and a -7.2% S&P 500 move, matching a Level 1 MWCB halt condition.
The alert is explicitly labeled as a market-wide circuit breaker event and shows the S&P 500 down 7.2% at 2:58 p.m. ET. Under the stated reference, that decline meets the Level 1 trigger and, because it occurs before 3:25 p.m. ET, supports a market-wide trading halt rather than a symbol-specific volatility pause.
Market-wide trading halts are triggered by broad index moves (commonly the S&P 500) and apply across the market, which is operationally distinct from single-security volatility mechanisms. Here, the exhibit identifies the event as an MWCB alert, provides the triggering index, and shows a -7.2% move at 2:58 p.m. ET with “Scope: All listed equities.” Using the firm’s stated reference, a 7% decline corresponds to a Level 1 trigger, and because the trigger time is before 3:25 p.m. ET, the concept supported is a market-wide circuit breaker halt (not a single-stock pause and not a remainder-of-day halt). The key compliance takeaway is to interpret the scope and trigger basis correctly before escalating or coding the event in program trading exception reviews.
Topic: Broker-Dealer Operations
An introducing broker-dealer uses a clearing firm to generate and mail customer trade confirmations. Compliance is comparing two control designs:
Which treatment best aligns with SEC Rule 10b-10 confirmation record concepts and related reconciliation controls?
Best answer: A
Explanation: Even when a clearing firm produces confirmations, the broker-dealer needs defensible records and controls to ensure every execution is confirmed with required disclosures.
Rule 10b-10 focuses on timely, transaction-specific confirmations with required disclosures, and compliance must be able to demonstrate completeness and accuracy of what was sent. When a clearing firm generates confirmations, the introducing firm still needs retained confirmation records and a reliable process to ensure each execution results in a correct confirmation. A daily trade-to-confirmation reconciliation with documented break handling best evidences those obligations.
SEC Rule 10b-10 requires broker-dealers to provide customers a written (or electronic) confirmation at or before completion of the transaction containing key transaction details and disclosures (for example, capacity as agent/principal and commissions/markups/markdowns, as applicable). Using a clearing firm to create and send confirmations does not eliminate the introducing firm’s supervisory need to prove that confirmations were produced for all reportable trades and that required fields are accurate.
A practical, defensible control framework is to:
Spot-checking alone is typically insufficient to evidence completeness across all executions.
Topic: Credit and Capital
A broker-dealer’s weekly net capital dashboard shows the firm operating with a thin buffer above its early-warning threshold. The CFO asks Compliance which of the following statements about upcoming firm events is INCORRECT because it would generally not be expected to increase capital pressure.
Which statement is INCORRECT?
Best answer: D
Explanation: Selling down concentrated proprietary positions typically reduces inventory exposure and related haircuts, easing (not increasing) capital pressure.
Capital pressure typically rises when the firm’s risk profile expands through larger or less liquid inventory, greater concentrations, or operational loss events that create charges and uncertainty. By contrast, reducing concentrated proprietary inventory usually lowers risk-based deductions and liquidity stress. Therefore, the statement claiming it increases pressure is the incorrect one.
A compliance official should recognize firm events that commonly tighten net capital by increasing risk-based deductions (such as haircuts) or by creating losses/uncertainty that consume capital. Capital pressure often increases when a firm builds or retains proprietary inventory—especially in less liquid products—or when exposures become concentrated in a single issuer, sector, or strategy, because adverse moves can be larger and financing/liquidation options can be limited. Operational risk events (e.g., major processing failures, cyber incidents, fraud losses, or large error trade losses) can also strain capital through realized charges, contingent liabilities, and elevated financing needs.
In contrast, reducing a concentrated proprietary position generally lowers market and liquidity exposure and tends to reduce related net capital deductions, easing pressure rather than increasing it.
Topic: General Supervision
A FINRA exam letter cites a supervisory deficiency: the firm cannot evidence principal review of business-related messages sent on a newly adopted collaboration app. The CCO must convert this finding into a corrective action plan (CAP) that can be tracked to closure.
Exhibit: Two draft CAPs (summary)
Which draft CAP best matches regulatory expectations for converting an exam finding into a trackable remediation plan?
Best answer: C
Explanation: It assigns accountable ownership and timing and includes objective, documentable validation criteria to evidence the control is operating.
A defensible CAP turns a finding into discrete corrective actions with an accountable owner, a due date, and clear validation criteria showing the fix works in practice. The plan should specify how the firm will test effectiveness (and what evidence will be retained) so the issue can be closed on objective results rather than intent or activity alone.
Regulators expect remediation to be managed like an auditable project: the firm should translate the finding into specific actions that address the root cause and can be tracked to completion. A strong CAP names an accountable business owner (not just “the firm”), sets realistic due dates/milestones, and defines validation criteria that demonstrate the control is implemented and operating effectively.
Effective validation is typically expressed as objective checks (for example, sampling, metrics, exception evidence, and documented sign-offs) and specifies what records will be retained as closure evidence. Plans that rely on reminders, vague commitments (“explore”), or outcome proxies (like fewer complaints) usually fail because they do not prove that supervision and recordkeeping controls are functioning.
The key takeaway is that closure should be supported by documented testing results, not simply completion of an activity such as selecting a vendor.
Topic: Markets and Operations
A compliance officer is updating written supervisory procedures for the firm’s equity smart-order router in NMS stocks. The procedures include guidance on protected quotations, trade-throughs, and routing disclosures.
Which statement about Regulation NMS is INCORRECT for inclusion in the procedures?
Best answer: A
Explanation: Reg NMS “protected quotations” generally apply to automated, displayed round-lot quotes, not odd-lot quotes.
Reg NMS order protection is built around avoiding trade-throughs of protected quotations, which are generally automated, displayed round-lot quotes in NMS stocks. Odd-lot quotes may be part of the market’s pricing landscape, but they are not treated as protected quotations for trade-through compliance. Procedures should distinguish protected vs. non-protected liquidity when designing routing and surveillance.
For supervisory oversight, a key Regulation NMS concept is the Order Protection framework: trading centers must have policies and controls reasonably designed to prevent trade-throughs of protected quotations (automated, displayed round-lot quotes in NMS stocks from eligible markets). Firms may use tools like intermarket sweep orders to execute efficiently while still satisfying order protection by simultaneously routing to clear better-priced protected quotes.
Separately, Regulation NMS routing transparency concepts focus on disclosures about where and how customer orders are routed (including material relationships and payment arrangements), supported by periodic public reporting and providing customer-specific routing information when requested. The incorrect procedure statement is the one that misclassifies odd-lot quotes as “protected quotations” for trade-through purposes.
Topic: Investment Banking
You are reviewing a principal’s daily exception tracker for a Regulation A offering.
Exhibit: Exception tracker (single line)
Offering: ABC Growth Reg A: Tier 2 Status: Qualified
Investor: J. Rivera Accredited: No
Annual income: $120,000 Net worth: $80,000
Subscription request: $25,000
System flag: Tier 2 non-accredited investment limit exceeded
Which interpretation is best supported by the exhibit and baseline Regulation A requirements?
Best answer: B
Explanation: For a Tier 2 Reg A offering, a non-accredited investor is subject to an investment limit, and the exhibit shows the request exceeds that limit.
The exhibit identifies a Regulation A Tier 2 offering and a non-accredited investor with stated income and net worth. Under Tier 2, non-accredited investors are subject to an investment cap, so the firm’s supervisory system should prevent acceptance of a subscription that exceeds the permitted amount based on the investor’s financial information. The system flag supports that this control is working as intended.
Regulation A Tier 2 offerings allow sales to both accredited and non-accredited investors, but Tier 2 adds an investor-level purchase limitation for non-accredited investors. Supervisory controls should therefore (1) capture the investor’s accredited status and the financial inputs used for the limit calculation, (2) calculate the Tier 2 cap based on the required measure (not just one field), and (3) hard-block or require a principal override with documentation when an order would exceed the cap.
Here, the offering is shown as “Tier 2” and “Qualified,” but the investor is “Accredited: No” and the subscription request is flagged as exceeding the Tier 2 non-accredited limit, so the defensible interpretation is that the order cannot be accepted as-entered without resizing or obtaining updated, documented investor status/information that changes the limit outcome. The closest trap is assuming Reg A lacks purchase limits or applying the wrong input field.
Topic: Sales Solicitations
A broker-dealer’s retail marketing team plans to launch an email solicitation tomorrow promoting a new managed account program to prospective customers. The campaign uses a third-party platform that can A/B test subject lines and landing-page text by overwriting prior versions, and marketing proposes keeping only the final “winning” version at the end of the campaign. Firm policy requires pre-use principal approval of retail communications and the ability to evidence what was actually distributed.
As the compliance officer, what is the single best action to satisfy these constraints and minimize regulatory risk?
Best answer: C
Explanation: The firm must be able to produce records showing what retail communication versions were actually used, along with pre-use approval evidence and the materials supporting the claims.
Retail communications require a defensible record of what was distributed and proof of pre-use approval. When a vendor can overwrite content through A/B testing, compliance should ensure version control so each version actually used is captured and retrievable. Retaining approvals and substantiation tied to each used version best satisfies supervision and books-and-records expectations.
The core risk is losing the ability to demonstrate (1) what retail communications were actually delivered to the public and (2) that each such communication received appropriate pre-use principal approval and was supported by a reasonable basis for any claims. If a platform overwrites prior variants, “keeping only the final version” can leave the firm unable to reconstruct communications that were sent earlier in the campaign.
The best control is to require:
The key takeaway is to align approval and retention to the versions that were actually disseminated, not just the final “winning” copy.
Topic: Markets and Operations
A broker-dealer is rolling out a new electronic trading strategy that can generate high order-to-cancel activity intraday. The CCO is updating the surveillance framework to address both market integrity risk (e.g., potential spoofing-style behavior) and execution-quality oversight.
Which statement about choosing real-time versus post-trade surveillance is INCORRECT under these facts?
Best answer: D
Explanation: Post-trade surveillance can detect issues after execution, but it cannot prevent an order from being entered or interacting with the market in real time.
Real-time surveillance is most effective when the firm needs to identify and potentially stop harmful behavior as it occurs, such as extreme order-to-cancel patterns. Post-trade surveillance is best for deeper review, trending, and outcome testing after executions and cancellations are known. Saying post-trade surveillance prevents problematic orders from reaching the market misstates its purpose and timing.
The core distinction is timing and the action the control can support. Real-time surveillance (and pre-trade/market-access controls) is used to detect urgent patterns while they are happening and route them for immediate triage, escalation, or intervention, which is especially relevant for fast, high-cancel strategies that may create market integrity risk. Post-trade surveillance uses complete activity and market context to reconstruct behavior and evaluate outcomes, making it well-suited for pattern confirmation, trending, scenario calibration, and execution-quality testing.
A practical framework often:
Post-trade can inform remediation, but it cannot stop an order from interacting with the market once entered.
Topic: General Supervision
During a quarterly soft-dollar (CSA) review, the compliance officer tests spend against firm policy: (1) at least 85% of quarterly soft-dollar payments must be Section 28(e)-eligible research, and (2) any non-eligible amount identified must be repaid to the CSA pool from firm funds within 30 days. The firm’s documented mixed-use assessment for the data terminal is 50% eligible / 50% non-eligible.
Exhibit: Q4 soft-dollar payments (USD)
| Item | Amount | 28(e) eligibility |
|---|---|---|
| Research platform subscription | $120,000 | Eligible |
| Market data terminal | $60,000 | 50% mixed-use |
| Industry conference sponsorship | $20,000 | Non-eligible |
| Employee travel to conference | $10,000 | Non-eligible |
Which remediation step best addresses the exception?
Best answer: D
Explanation: The non-eligible amount is $60,000, which must be repaid promptly and prevented through stronger upfront controls.
The remediation must remove and repay the portion that is outside Section 28(e) expectations and the firm’s soft-dollar policy. Here, eligible spend is $150,000 out of $210,000 (71.4%), breaching the 85% policy threshold. The appropriate fix is to repay the non-eligible $60,000 from firm funds, document the correction, and enhance controls to prevent recurrence.
When soft-dollar spend falls outside a firm’s policy or Section 28(e) eligibility expectations, the core remediation is to stop charging client commission arrangements for non-eligible items and to make the client/CSA pool whole using firm funds (or another non-soft-dollar source), with clear documentation and control enhancements.
Using the exhibit and the documented 50/50 mixed-use allocation:
Key takeaway: remediate by repaying the identified non-eligible amount and strengthening upfront classification/allocation and approvals rather than “trueing up” later with more research spend.
Topic: Customer and Employee Accounts
A broker-dealer’s written AML procedures require (1) documented disposition of surveillance alerts and (2) escalation to AML Compliance when activity appears suspicious. Over several months, the AML analyst closes multiple alerts on one new retail account that receives frequent third-party wires and quickly purchases and liquidates thinly traded securities. The analyst records only “false positive” with no supporting notes, and no escalation occurs.
During a FINRA exam, the firm cannot produce evidence of review beyond the “false positive” label. What is the most likely outcome for the firm?
Best answer: A
Explanation: Inability to evidence alert review and escalation is a failure to implement AML controls, prompting remediation and potential SAR lookbacks.
FINRA will focus on whether the firm’s AML program is effectively implemented, not merely written. Closing high-risk alerts without documented analysis or escalation creates a supervisory evidence gap and raises the risk that suspicious activity was not appropriately investigated or reported. The likely consequence is an AML deficiency requiring remediation and a lookback to determine whether SAR filings were warranted.
An AML program must be reasonably designed and actually followed, with defensible records showing how alerts were investigated, resolved, and escalated when warranted. Here, the activity pattern (third-party wires, rapid in-and-out trading, thinly traded securities) is inherently higher risk, and the firm cannot evidence any meaningful review beyond a conclusory label. In an exam, that typically results in a finding that the firm failed to implement its AML procedures, along with required corrective actions such as strengthening alert documentation standards, retraining/escalation controls, supervisory attestations, and a lookback of prior alerts and transactions to determine whether any SARs should have been filed. The key issue is control execution and documentation, not whether the alert ultimately proves suspicious.
Topic: Broker-Dealer Operations
A broker-dealer’s equities desk onboards an institutional client that will trade through an algorithm sending “basket” orders (typically 30–80 stocks per basket) multiple times per day. In the first week, surveillance shows the baskets are executed within seconds and are frequently launched in the last 10 minutes of trading, but no single-name order is unusually large when viewed on a stand-alone basis. The head trader says this is “not program trading” because each leg is below the desk’s large-order review threshold. As the compliance official, what is the single best action to satisfy supervisory expectations and minimize regulatory risk?
Best answer: D
Explanation: Program trading is the coordinated, automated execution of baskets, so supervision should aggregate across legs and focus on close/market-impact risks with documented escalation and follow-up.
Program trading is best understood at a high level as automated, strategy-driven execution of a basket of securities, so reviewing each leg in isolation can miss the true size, timing, and market-impact of the activity. The pattern near the close elevates manipulation and market-impact concerns. The best compliance decision is to implement supervision that aggregates, surveils, escalates, and documents at the basket/strategy level.
The core concept is that program trading involves coordinated (often automated) trading of multiple securities as a single strategy (for example, basket/portfolio trades, index-related rebalancing, or arbitrage). Because the compliance risk is created by the combined effect, supervision should not depend solely on single-name size thresholds. In this fact pattern, frequent baskets executed rapidly and concentrated near the close are common risk factors that can heighten concerns such as price/close impact and other manipulative-conduct indicators.
A sound supervisory response is to:
The key takeaway is to supervise the strategy-level behavior, not just the individual order legs.
Topic: Sales Solicitations
In reviewing firm communications that include third-party content (for example, links, re-posts, or embedded material), what best describes entanglement risk?
Best answer: C
Explanation: Entanglement exists when the firm is involved in preparing or shaping third-party content, so the content is treated as the firm’s communication.
Entanglement risk focuses on the firm’s involvement in developing third-party material. If the firm participates in creating, editing, or directing the content, regulators may treat that third-party content as the firm’s own communication, triggering the firm’s approval, supervision, and content standards obligations.
When a firm uses third-party content in a communication, compliance must assess whether the content is attributable to the firm. Entanglement generally means the firm was involved in the preparation of the third-party content (for example, by drafting, editing, directing themes, or otherwise shaping what was published). If entanglement is present, the third-party content is treated like a firm communication and should be subject to the firm’s normal content standards, principal approval where required, and supervisory review/recordkeeping processes. By contrast, adoption focuses on whether the firm explicitly or implicitly endorses or approves third-party content (even if the firm did not help create it). Key takeaway: the deciding factor for entanglement is firm participation in content creation, not simply linking to or paying a third party.
Topic: General Supervision
You are reviewing an exception tracker entry created by Accounts Payable after a marketing invoice was routed for approval.
Exhibit: Exception tracker (single row)
Ticket: AP-44721
Payee: NorthBridge Leads LLC (non-affiliated vendor)
Payee status: Not FINRA-registered; no associated persons at the firm
Stated service: “Introduce high-net-worth prospects to firm reps”
Compensation term: 1.5% of gross commissions generated by referred accounts
Payment trigger: Monthly, for 12 months after each account opens
Which interpretation is best supported by the exhibit?
Best answer: A
Explanation: The vendor is unregistered and is being paid based on commissions from securities activity, a hallmark of broker compensation requiring registration.
The exhibit shows a vendor being paid a percentage of gross commissions generated by referred accounts. Paying an unregistered person transaction-based compensation tied to securities business is generally prohibited because it indicates the person is acting as a broker. The appropriate compliance conclusion is that the arrangement must be stopped and remediated, not re-labeled as marketing.
A core control for payments to non-registered persons is detecting and preventing “selling compensation” that is contingent on securities activity (for example, commissions, revenue share, per-account success fees, or payments tied to trading). In the exhibit, the vendor’s role is introducing prospects to firm representatives, and the compensation is explicitly calculated as 1.5% of gross commissions from referred accounts for 12 months. That is transaction-based compensation tied to securities transactions, which is a strong indicator the recipient would need to be properly registered to be paid that way. Recasting the payment as “marketing” or relying on contractual language does not cure the transaction-based nature of the arrangement. The compliant approach is to prohibit this structure and require a non-contingent fee model (if otherwise permissible) with supervisory review and documentation.
Topic: Markets and Operations
A broker-dealer’s order management system (OMS) flags retail equity executions as principal when the firm is the counterparty (including riskless principal). Operations codes the same trades for customer confirmations as either Agency or Principal.
Firm procedure: If more than 10% of OMS-flagged principal executions for the day are coded Agency on confirmations, the confirmation batch must be held and corrected before release, and the issue escalated to the trading/operations supervisor for root-cause remediation.
Exhibit: Today’s pre-release exception report
Based on the exhibit, what is the MOST appropriate compliance action?
Best answer: A
Explanation: 60 of 360 is 16.7%, exceeding the 10% threshold and causing incorrect capacity disclosure.
The control compares Agency-coded confirmations against the universe of OMS-flagged principal executions because those trades require principal capacity disclosure. The miscode rate is \(60/360 = 16.7\%\), which exceeds the firm’s 10% escalation threshold. The proper response is to prevent incorrect confirmations from being delivered and to escalate for remediation.
Capacity coding on a customer confirmation is a customer-facing disclosure (principal vs agency) and must match how the firm actually acted in the transaction. The firm’s procedure measures the error rate within the population that matters for this disclosure: OMS-flagged principal executions.
Compute the exception rate:
\[ \begin{aligned} \text{Miscoded principal executions} &= 60 \\ \text{OMS principal executions} &= 360 \\ \text{Miscode rate} &= 60/360 = 0.1667 = 16.7\% \end{aligned} \]Because 16.7% is above the 10% threshold, the control requires stopping the confirmation release, correcting the capacity codes (and any related disclosure differences), and escalating to supervisors to identify and fix the root cause. The key takeaway is to use the correct denominator: the principal-trade population driving the disclosure obligation.
Topic: Markets and Operations
A customer complains that their “Market-on-Close” (MOC) equity orders did not receive the official closing price and instead were filled seconds before 4:00 p.m. in an internal cross. Surveillance pulls a sample and sees MOC orders entered with a “Do Not Route (DNR)” modifier that executed internally in the continuous market.
Exhibit: Sample order events (all times ET)
Time In Symbol OrderType Modifier Routed Execution
15:42:10 ABC MOC DNR=Y No 15:59:58 Internal cross
15:55:33 ABC MOC DNR=Y No 15:59:59 Internal cross
15:58:44 ABC MOC DNR=Y No 15:59:59 Internal cross
As the compliance official, what is the best next step in the review sequence?
Best answer: D
Explanation: The next step is to determine whether the order handling logic and disclosures support bypassing the closing auction before deciding on remediation or reporting.
MOC is generally intended to participate in a closing auction, while modifiers like DNR can change routing and execution outcomes. The compliance workflow should first confirm what the customer instructed, how the system is programmed to handle MOC with DNR, and what was disclosed. Only then should the firm decide on remediation, customer outreach, or escalation beyond the firm.
This scenario presents a potential mismatch between an auction-oriented order instruction (MOC) and an order modifier (DNR) that can prevent routing to external venues. A compliance triage should start by establishing the “intended handling” and the “actual handling” using objective evidence (order entry instructions, system specs/routing tables, and CAT/order events), then confirming whether customer disclosures and account-level instructions permitted internal execution instead of auction participation.
A practical next-step sequence is:
The key takeaway is to validate order handling logic and customer-facing disclosures before concluding misconduct or closing the alert.
Topic: Markets and Operations
Which statement best differentiates real-time surveillance from post-trade surveillance and when each is most effective?
Best answer: C
Explanation: Real-time controls are most effective for preventing/interrupting misconduct, while post-trade review is most effective for detecting patterns across executions.
Real-time surveillance operates before or during execution, so it is best for preventing or interrupting problematic activity through blocks, warnings, or rapid escalation. Post-trade surveillance evaluates completed executions, making it best for reconstructing activity, identifying patterns across accounts/time, and performing deeper reviews that rely on finalized trade data.
Real-time surveillance is designed to act on order and market activity as it is occurring (or just before execution). It is most effective when the firm’s goal is to prevent harm—such as blocking prohibited orders, throttling market access, generating immediate alerts for rapid intervention, or escalating potential manipulation before it continues.
Post-trade surveillance analyzes completed trades using finalized executions and enriched data (e.g., allocations, customer/account linkages, and end-of-day positions). It is most effective for detecting patterns that require aggregation and context—layering/spoofing lookbacks, wash-like activity, mark-the-close patterns, best execution trend reviews, and repeat exceptions that drive supervisory remediation. The key distinction is timing and the ability to intervene versus diagnose patterns after the fact.
Topic: Broker-Dealer Operations
You are the Series 14 compliance official reviewing an internal “Program Trading Exception Report.” The firm’s WSP defines program trading as automated execution of a basket of 15 or more securities as a single strategy. The WSP requires escalation to Trading Supervision when a program’s notional value is more than 25% of the equity desk’s total notional for the day.
Exhibit: Desk activity (today, USD)
Which activity must be escalated under the WSP?
Best answer: D
Explanation: It is a 25-security automated basket and its $28,000,000 notional exceeds 25% of $80,000,000 ($20,000,000).
The WSP ties escalation to two elements: a basket size consistent with program trading and a notional concentration test versus the desk’s daily total. Twenty-five percent of $80,000,000 is $20,000,000. The only automated basket meeting the 15+ security definition and exceeding $20,000,000 is the index rebalance basket activity.
Program trading is commonly supervised as automated, strategy-driven execution of baskets (multiple securities traded together), which can amplify operational and market-conduct risk if controls fail. Here, the WSP’s definition requires 15+ securities per basket, and the escalation trigger requires the program to be more than 25% of the desk’s daily notional.
Compute the notional threshold and compare:
Single-name or manual single-security activity may be automated or large, but it is not a basket, so it does not meet this WSP’s program-trading escalation criterion.
Topic: Markets and Operations
A customer complains that their buy order in a NYSE-listed stock “should have filled during the day” but did not. You review the firm’s order record.
Exhibit: Order ticket excerpt
Order ID: 19QX-44721
Symbol: WXYZ (NYSE)
Side/Qty: BUY 10,000
Order type: LOC (Limit-on-Close)
Limit: 42.10
Time in force: DAY
Session: Closing Auction
Route setting: Exchange
Status: Canceled (No execution)
Which interpretation is supported by the exhibit?
Best answer: B
Explanation: A LOC order is a limit order designated for the closing auction and will not execute outside that auction.
The order record shows a Limit-on-Close instruction and explicitly tags the session as the Closing Auction. That designation means the order is intended to participate in the close, subject to the stated limit price, and not to seek execution during continuous intraday trading.
The core concept is that auction-designated orders (like LOC) have an execution window tied to the specific auction, not the continuous market. Here, the ticket states “Order type: LOC” and “Session: Closing Auction,” which supports that the order was only eligible to execute in the exchange’s closing auction and only at the limit price (or better for a buy). If the closing auction does not produce an execution at a price that satisfies the limit, the order can end the day without a fill (as reflected by “Canceled (No execution)”).
Key takeaway: an auction qualifier explains why a customer may see no intraday fills even when prices traded near the limit during the day.
Topic: Registration
You are reviewing a draft Form U5 for a registered representative who resigned today.
Exhibit: Draft Form U5 excerpt
Termination date: February 2, 2026
Reason for termination: Voluntary resignation
Q: At termination, was the individual under internal review for violating
investment-related statutes/regulations, rules, or firm policies? Yes
Disclosure explanation (draft):
"RR resigned after being advised he would be terminated for stealing client
funds."
Based on the exhibit, which compliance conclusion is best supported before the U5 is filed?
Best answer: B
Explanation: The draft uses a definitive accusation (“stealing”) and should be reframed as a factual statement about resignation during an internal review and escalated for appropriate review.
The exhibit shows the firm answered “Yes” to an internal-review question but the narrative states a definitive finding of theft. U5 disclosures should be accurate, balanced, and based on supportable facts at the time of filing, with narrative wording carefully controlled. This creates a narrative-quality risk that should be escalated and revised before submission.
Form U5 reporting is a firm record that regulators and other firms may rely on, so the termination reason and any disclosure narrative should be supportable, internally consistent, and written in factual, non-defamatory terms. Here, the filing indicates the representative was “under internal review,” which generally supports describing the status of the review and the fact of the resignation, not stating an unproven conclusion. A statement that the person was “stealing client funds” reads as a definitive adjudication and increases risk of an inaccurate or misleading U5, as well as reputational and litigation exposure. The appropriate control is to escalate the draft to compliance management/legal and revise the language to accurately reflect what is known (e.g., resignation while under internal review regarding potential misconduct) and to document the basis for the wording used. The key is careful, factual disclosure rather than changing answers or delaying a required filing.
Topic: Customer and Employee Accounts
A broker-dealer’s sanctions screening tool generates two alerts:
Which documentation approach best matches the correct compliance treatment for both alerts?
Best answer: B
Explanation: A true SDN match requires blocking/reporting with documented rationale, while a false positive requires documented resolution and lifting any restriction.
Alert 1 is a confirmed SDN match, so the firm should document the identifiers supporting the match, block the property, escalate internally, and evidence any required OFAC reporting. Alert 2 is a false positive, so the firm should document the comparison that disproves the match and record the rationale for lifting any restriction and resuming normal activity.
Supervisory documentation should show a defensible rationale for why an account or transaction was restricted, who approved the decision, what steps were taken, and what evidence supports closure.
For a confirmed OFAC SDN match, the compliant treatment is to block the property/transaction and create a record that ties the decision to the matching identifiers (not just the name), the escalation/approvals, and the firm’s OFAC reporting/record-retention steps. For a false positive, the firm should document the specific non-matching identifiers reviewed (e.g., DOB, address, passport), record the decision to clear the alert, and evidence removal of any temporary restriction so future reviewers can reconstruct why activity was allowed.
The key differentiator is whether the alert is a true match versus a documented false positive.
Topic: Sales Solicitations
A broker-dealer uses an outsourced dialing platform for outbound sales calls. Firm policy requires that any verbal “do-not-call” request be (1) logged in the firm’s centralized suppression list within 1 business day, (2) applied to all future solicitation campaigns, including vendor dialing, and (3) retained as evidence for 5 years.
During a review, Compliance finds a rep received a customer’s do-not-call request by phone, then emailed the request to herself but did not enter it into the suppression-list system.
Which remediation step is NOT appropriate under the stated facts?
Best answer: B
Explanation: A personal email inbox is not a centralized suppression control and does not ensure firmwide, ongoing suppression (including vendor dialing).
Opt-out requests must be documented in a centralized, auditable suppression list that is used to block future solicitation calls across the firm and any third-party dialer. Keeping the request only in a rep’s email does not create an enforceable firmwide control or ensure the number is suppressed in future campaigns. Appropriate remediation focuses on capture, propagation, and verification of suppression.
The core control objective for telephone solicitation opt-outs is ongoing suppression: once a customer requests no further sales calls, the firm must be able to (1) capture the request in a centralized system, (2) apply it across all solicitation channels (manual calling lists and vendor dialers), and (3) retain evidence that the request was recorded and honored.
A rep’s personal email may show the request occurred, but it does not function as a suppression-list control because it cannot reliably drive list scrubs, prevent calls by other callers/teams, or ensure the vendor’s dialing platform blocks the number. A defensible remediation plan therefore emphasizes centralized logging, vendor propagation with audit evidence, and periodic testing/exception reporting to confirm suppression is effective over time.
Topic: Regulatory Agencies
A broker-dealer’s Chief Compliance Officer is briefing senior management after receiving a FINRA disciplinary complaint (not a customer lawsuit) alleging supervisory failures. Which statement about SRO disciplinary processes is INCORRECT?
Best answer: B
Explanation: Only criminal courts can impose imprisonment; SRO discipline is remedial and limited to industry sanctions.
SRO disciplinary actions are designed to protect investors and markets through remedial industry sanctions (for example, fines, suspensions, and bars). They do not have criminal authority to incarcerate individuals; potential criminal penalties come only through criminal prosecution.
SRO disciplinary processes (such as FINRA’s) are regulatory proceedings focused on investor protection and market integrity by enforcing conduct rules and requiring remedial outcomes. Typical SRO sanctions include censure, fines, heightened supervision, suspensions, and bars, and SROs may also require remedial steps such as restitution-like payments in appropriate cases. These proceedings differ from civil litigation, which primarily resolves private disputes and can result in money damages awarded by a court (or arbitration forum), and from criminal enforcement, which is brought by the government and can result in imprisonment and other criminal penalties. SRO matters may run alongside, or be referred to, SEC civil enforcement or DOJ criminal authorities when facts warrant it. The key distinction is that SRO discipline regulates industry participation; it does not impose criminal sentences.
Topic: Sales Solicitations
A broker-dealer runs an outbound telephone solicitation program to retail prospects across multiple U.S. states using internal callers and a third-party dialing platform. Which statement is most accurate about coordinating FINRA and FCC telemarketing expectations in this multi-jurisdiction program?
Best answer: C
Explanation: Multi-jurisdiction calling requires meeting FCC timing/DNC expectations plus FINRA supervisory controls, applying the most restrictive applicable requirements.
A compliant telemarketing program must satisfy both FCC requirements (including calling-time restrictions and do-not-call obligations) and FINRA expectations for written procedures, supervision, and enforcement. When soliciting across jurisdictions, the firm should apply the most restrictive applicable standard, including using the called party’s local time and honoring both National and internal do-not-call lists.
Coordinating FINRA and FCC telemarketing expectations means designing one supervisory program that meets FCC/TCPA-related restrictions (such as honoring do-not-call requirements and calling only during permitted hours) and also meets FINRA’s expectations that member firms maintain and enforce written procedures, training, monitoring, and exception handling. In a multi-state campaign, the firm should not “pick” a single standard; it should apply the most restrictive requirements that apply to the call, including state law restrictions and the called party’s local time when applying calling-hour limits. Vendor tools can support compliance (e.g., list scrubbing), but the broker-dealer remains responsible for oversight, documentation, and ensuring the controls actually operate as designed.
Topic: Investment Banking
Your broker-dealer is participating in two offerings and selling to customers.
Which supervisory approach to prospectus-delivery-related controls best matches these two offerings?
Best answer: A
Explanation: Prospectus delivery (or compliant access equals delivery) is tied to SEC registration, while 144A offerings use an offering memorandum without a statutory prospectus-delivery requirement.
Prospectus-delivery controls primarily turn on whether the offering is SEC-registered. For the registered follow-on, the firm should supervise a process that ensures customers receive (or are provided compliant electronic access to) the final prospectus/prospectus supplement and that the firm can evidence it. A Rule 144A offering is exempt from registration and does not carry a statutory prospectus-delivery obligation.
The key differentiator for prospectus-delivery supervision is registration status. In an SEC-registered distribution, sales to customers must be supported by controls reasonably designed to ensure delivery (or compliant electronic access/delivery) of the final prospectus and any prospectus supplement, along with auditable evidence that the process worked (e.g., vendor logs, e-delivery consent and notice, or fulfillment records).
In a Rule 144A offering, securities are sold in a private resale market to QIBs using an offering memorandum rather than an SEC-filed prospectus. Supervisory focus shifts away from “prospectus delivery” to controlling who can receive the materials and buy (QIB verification) and ensuring selling restrictions/legends and documentation are followed. The closest trap is treating “distribution” status as creating prospectus-delivery duties even when the offering is unregistered.
Topic: Customer and Employee Accounts
For an associated person’s securities account maintained at another broker-dealer or financial institution, which control best describes the core monitoring concept firms use to supervise “accounts held away”?
Best answer: A
Explanation: Employer consent plus duplicate trade/activity information enables the firm to review for compliance with its supervisory and trading policies.
The core supervision concept for associated-person accounts held away is to ensure the firm has visibility and oversight. That is accomplished by requiring the associated person to obtain the employing firm’s written consent and arranging for the outside institution to provide duplicate confirmations and statements (or equivalent access) so compliance can monitor activity.
Supervising associated-person “accounts held away” focuses on ensuring the employing broker-dealer can actually review the activity for conflicts, insider-trading risk, restricted-list compliance, and firm policy adherence. The practical control is a two-part mechanism: (1) the associated person must notify the employer and obtain the employer’s written consent to open or maintain the account, and (2) the employer must receive trade confirmations and periodic statements (or equivalent electronic access) from the executing institution. This creates an independent activity feed for surveillance and reviews, rather than relying on employee attestations or ad hoc reporting. A common misconception is that firms must pre-clear every trade; that may be a firm policy for certain persons/securities, but it is not the baseline monitoring construct.
Topic: Sales Solicitations
A broker-dealer permits registered reps to use LinkedIn for prospecting. Compliance pre-approves a monthly “educational” LinkedIn post template and reviews only the original post before it is published. Reps routinely respond to public comments in real time and send direct messages (DMs) to prospects. The firm’s archiving tool captures the original post but does not capture comment threads or DMs, and there is no periodic supervisory review of those interactions.
What is the primary compliance risk/red flag the Series 14 principal should escalate?
Best answer: C
Explanation: LinkedIn comments and DMs are interactive communications that require capture and a risk-based post-use supervision program, not just pre-approval of the initial post.
The firm is treating an interactive forum like a static advertisement. Real-time comments and DMs can constitute business communications and must be captured as books and records and supervised through risk-based post-use monitoring (e.g., lexicon surveillance, sampling, and escalation workflows). The control gap is the failure to retain and review the interactive portions of the activity.
The core issue is correctly distinguishing static content (a fixed post or template that can be pre-approved) from interactive communications (comment threads and DMs that occur in real time and can change rapidly). Static retail communications are typically supervised through pre-use approval and content standards. Interactive communications generally cannot be practically pre-approved message-by-message, so firms supervise them with a risk-based program that includes (1) capture/retention of the interactive content, (2) written supervisory procedures defining permitted use, (3) training and attestation, and (4) post-use surveillance such as lexicon/keyword review, sampling, exception escalation, and evidence of follow-up.
The key takeaway is that pre-approving only the initial post does not address supervisory and recordkeeping obligations for the interactive comment and DM activity.
Topic: Registration
During a quarterly reconciliation of HR job codes, system entitlements, and CRD registrations, Compliance identifies a mismatch for an employee who has already been given supervisory permissions.
Exhibit: Reconciliation exception (excerpt)
Employee: Taylor Kim (ID 01877)
HR job code: Trade Desk Supervisor (Equities)
System role: Approver — retail communications; branch supervision dashboard
CRD: Registered representative only; no principal/supervisory registration active
Effective date of HR change: January 8, 2026
Firm policy prohibits performing principal/supervisory functions unless the registration record supports the assigned role. What is the BEST next step in the workflow?
Best answer: A
Explanation: The control sequence is to stop unqualified activity, verify the required registration for the actual duties, update the regulatory record/roles as needed, and document the remediation.
A periodic reconciliation exception should trigger immediate risk containment and a documented remediation workflow. Because the employee has supervisory entitlements that are not supported by the CRD registration record, the firm should promptly prevent principal activity, escalate for registration assessment, and update role assignments and regulatory filings as needed. This preserves supervisory integrity and creates defensible evidence of correction.
Periodic reconciliations are designed to detect when people, permissions, and regulatory registrations drift out of alignment as roles change. When a reconciliation shows a person has been assigned supervisory permissions but the CRD record does not reflect an appropriate principal/supervisory registration, the compliance-first sequence is: restrict the activity, confirm what functions the person is actually performing, and remediate both the entitlement mapping and the registration record (e.g., initiate the appropriate Form U4 update and qualification path if required). The firm should also document the investigation, interim controls, approvals, and final resolution so the reconciliation process produces auditable evidence and prevents recurrence. Waiting for later attestations or allowing continued supervision undermines the purpose of the reconciliation control.
Topic: Investment Banking
Your broker-dealer has been engaged as financial advisor and dealer-manager for AcquirerCo’s planned cash tender offer for TargetCo. Before any public announcement, the investment banking team has received MNPI about the offer, and the firm’s trading desk currently makes a market in TargetCo. Compliance learns that research has a TargetCo note scheduled for publication next week and sales has existing “solicit to buy” ideas in TargetCo.
Which action by the compliance officer best aligns with durable tender-offer compliance standards across advisory, trading, and sales functions?
Best answer: D
Explanation: Because the firm is wall-crossed and conflicted as dealer-manager/advisor, it should promptly restrict the name and implement firm-wide trading and communications controls with documented supervision.
Once the firm receives MNPI and is acting as advisor/dealer-manager, compliance must manage conflicts and protect market integrity across the entire firm—not just the deal team. The most durable control is to promptly restrict the subject security and apply documented limits on proprietary trading, solicitation, and research publication, with enhanced supervision of any permitted customer activity.
Tender offer engagements often create two immediate compliance drivers: MNPI risk (before and during the offer) and firm conflicts (as advisor/dealer-manager while the firm also trades, publishes research, or solicits customers). A compliance officer should coordinate a firm-wide workflow that (1) identifies the security and relevant persons/accounts, (2) places the security on the appropriate restricted list, (3) implements enforceable controls over proprietary trading and customer solicitation, (4) controls or pauses research and related communications, and (5) documents the decisioning, approvals, surveillance, and escalation.
A key expectation is that controls reach trading, research, and sales functions that could impact the market or customers, not only investment banking personnel.
Topic: Sales Solicitations
You are the Series 14-qualified compliance officer responsible for approving retail communications before first use. Marketing submits the following draft social media post for a structured note:
Exhibit: Draft post
“Earn 8% annually with our Income Shield Note — principal protected with no downside risk. It outperformed the S&P 500 by 12% last year. Limited time — call today.”
Product desk confirms the note has a conditional coupon, is callable, and repayment depends on the issuer’s credit; principal can be lost at maturity.
Which action best aligns with fair-and-balanced content standards for retail communications?
Best answer: C
Explanation: The communication must not be misleading and must balance benefits with clear, prominent risks and limitations before approval.
The draft contains exaggerated and misleading statements (for example, “principal protected,” “no downside,” and an uncontextualized performance comparison) that conflict with the product’s actual risks and conditions. A fair-and-balanced retail communication must present benefits and material risks with comparable prominence and avoid promissory implications. The best supervisory action is to require substantive revisions before approving first use.
Retail communications must be fair and balanced and may not omit material information or make exaggerated, unwarranted, or promissory claims. Here, the post implies guaranteed outcomes (“8% annually,” “principal protected,” “no downside risk”) and touts performance in a way that is likely misleading, because the note’s coupon is conditional, it is callable, and principal repayment depends on issuer credit and the underlying performance.
A compliant approval outcome is to require a rewrite that:
Adding a generic disclaimer or a link cannot cure a headline claim that is misleading on its face.
Topic: Customer and Employee Accounts
A broker-dealer’s CRM allows a registered rep to change an existing natural-person account’s profile from “Retail” to a status that routes the account out of the firm’s Reg BI/suitability surveillance queue. During testing, Compliance finds multiple re-codings with no documented basis and no customer acknowledgement that the account has the expertise to evaluate investment risks.
Which account designation is most likely being improperly applied?
Best answer: A
Explanation: Treating an account as institutional generally requires a reasonable documented basis and an affirmative customer indication, not a rep-only re-code.
Moving a natural-person account out of retail conduct reviews by re-coding it is a classic account-designation red flag. Institutional treatment is not just a label; the firm must have a reasonable basis (supported by documentation) and an affirmative indication that the customer can evaluate investment risks. Missing documentation and rep-only changes point to improper institutional coding.
Account designations drive which supervisory controls apply, so firms should treat re-coding as a controlled event with documentation and review. “Institutional” status is particularly sensitive because it can change how suitability/Reg BI-related processes are applied; firms generally need a reasonable basis to believe the customer qualifies and an affirmative indication the customer is capable of evaluating risks. When testing shows representatives can unilaterally re-code accounts and the file lacks required support (no capability evidence and no customer acknowledgement), Compliance should treat that as a high-risk red flag for improper institutional coding and strengthen change controls (approval, required fields, audit trail, and exception reporting). The key issue is misuse of a designation to bypass surveillance rather than a settlement, authority, or employee-account attribute.
Topic: Broker-Dealer Operations
A broker-dealer’s program trading desk runs an algorithm that targets executions in the NYSE closing auction. Compliance reviews an internal message log showing the trader repeatedly contacting the stock’s Designated Market Maker (DMM) between 3:55–4:00 p.m. ET for “latest imbalance color,” then canceling and re-entering LOC orders and sending small aggressive buys in the continuous market immediately before submitting a large MOC buy intended to “help it print up.”
Which is the primary compliance risk/red flag that should drive surveillance and escalation?
Best answer: B
Explanation: The pattern suggests using auction-related information and last-minute trading to influence the closing print rather than seek best execution.
The fact pattern centers on closing-auction influence: repeated imbalance-driven cancel/re-enter behavior plus small aggressive pre-close trades designed to move the reference price and the auction outcome. That is a classic red flag for “marking the close” or other manipulative conduct around the closing auction. The appropriate compliance focus is on auction manipulation surveillance, communications oversight, and documented escalation when intent indicators appear.
DMM-facilitated closing auctions create heightened manipulation risk because participants may try to influence the closing print by reacting to imbalance information and by timing/canceling auction orders near the cutoff. A key compliance consideration is detecting behavior inconsistent with legitimate liquidity-seeking, such as:
Controls typically include surveillance for late-day price/volume spikes, order-cancel patterns around the auction, and supervision of communications with market center personnel (including DMMs), with escalation and documentation when facts suggest an attempt to affect the closing price. The closest traps focus on reporting, registration, or suitability, which are not the main risk indicated by this pattern.
Topic: Sales Solicitations
A firm’s registered rep edits an already-approved marketing email by adding a section promoting a “covered call income strategy,” including examples of potential returns and statements that the strategy is “low risk.” The rep sends the revised email to 2,000 retail prospects through the firm’s email system without submitting the revised version for principal review, and no Registered Options Principal reviews it.
During a FINRA exam, what is the most likely outcome for the firm?
Best answer: C
Explanation: Options-related retail communications generally require appropriate pre-use principal review (including options principal review when applicable), so distributing a revised version without that review creates a likely FINRA finding and remediation.
Revising an approved piece can create a new communication that must be re-reviewed before use. Because the revised email promotes an options strategy to retail prospects and includes potentially misleading risk statements, distributing it without appropriate principal (and options) review is most likely to result in a FINRA supervisory finding and required remediation.
Firms must have procedures to classify, approve, and supervise public communications, and they cannot rely on the approval of an earlier version when substantive changes are made. When a retail message includes options content (for example, strategy promotion, performance examples, or risk characterizations), firms typically require additional scrutiny and approval by a properly qualified options supervisor before first use.
Here, the rep’s edits (options strategy promotion and “low risk” language) are material and increase the risk the message is misleading. The likely regulatory consequence is a cited failure of the firm’s communications supervision/approval controls, along with expected remediation such as halting further use, conducting a documented post-distribution review, updating procedures/workflows, and retraining involved personnel. Prior template approval is not a substitute for reviewing the final, distributed version.
Topic: General Supervision
A broker-dealer’s compliance official is asked whether a proposed commission-spend item is an eligible research benefit (as opposed to non-eligible overhead) for a soft-dollar/commission-sharing arrangement. Which item best matches an eligible research benefit?
Best answer: C
Explanation: Substantive analytical reports used in investment decision-making are the core example of eligible research benefits.
Soft-dollar eligibility focuses on whether the good or service provides substantive investment research used to make investment decisions. Third-party analytical research reports are a classic eligible research product. General business overhead, entertainment, and trading/operational infrastructure are not eligible research benefits.
In commission-spend (soft-dollar/CSA) arrangements, the key compliance judgment is whether the item being paid for is research (or brokerage) that provides substantive assistance in the investment decision-making process, rather than routine overhead. Written research reports that analyze issuers, industries, or markets and are used by investment personnel to form investment views generally fit the “research” concept. By contrast, items that primarily support running the business (equipment, office infrastructure), promotional/entertainment expenses, or core trading/operational systems are typically non-eligible and should be paid with the adviser/firm’s own funds. When an item has both research and non-research uses, firms need a reasonable, documented allocation method; the stem’s item is a clear research example without a mixed-use issue.
Topic: Investment Banking
Your broker-dealer is advising AlphaCo on a planned cash tender offer for TargetCo. The deal team has signed NDAs, financing is committed, and a draft offer document is circulating internally (no public announcement yet). A sales trader overhears an investment banker mention the planned tender offer and then buys TargetCo shares in the firm’s proprietary account.
If regulators later reconstruct the timeline, what is the most likely outcome for the firm and trader?
Best answer: A
Explanation: Rule 14e-3 can prohibit trading while aware of tender-offer MNPI once substantial steps have begun, even without a fiduciary-duty theory.
Once substantial steps toward a tender offer have begun, Rule 14e-3 broadly restricts trading (and tipping) while aware of nonpublic tender-offer information. Here, the firm is on the deal, the transaction is active, and the trader traded after learning the information internally, creating classic tender-offer MNPI misuse risk and enforcement exposure.
Rule 14e-3 is designed to protect tender-offer market integrity by prohibiting trading (and related tipping) while in possession of material, nonpublic information about a tender offer once “substantial steps” toward the offer have started (for example, financing commitment and draft documents). It does not depend on proving a fiduciary duty owed to the issuer.
In this scenario, the information is tender-offer MNPI originating from the firm’s deal activity, and the proprietary purchase occurs before public announcement—exactly the period Rule 14e-3 targets. The likely compliance consequence is an insider-trading style investigation and remediation (restrict/watch listing, access review, communications review, and escalation), with potential regulatory action such as disgorgement and sanctions if misuse is confirmed. The key takeaway is that effective information barriers must prevent both intentional and inadvertent “over-the-wall” spread of tender-offer information to trading personnel.
Topic: Markets and Operations
A broker-dealer participates directly in U.S. Treasury auctions and also submits bids on behalf of customers. Compliance implements a post-auction review that aggregates the firm’s own bids with customer bids routed through the firm, flags unusual bid concentrations near the stop-out rate, and requires escalation when patterns suggest coordinated bidding or bids intended to influence the auction outcome.
Which compliance monitoring consideration does this control most directly address?
Best answer: A
Explanation: Aggregating bids and analyzing stop-out-rate patterns is aimed at detecting bids intended to improperly affect auction pricing or reflect coordination.
Treasury auction participation creates market-integrity risks if a dealer (alone or with others) uses bidding strategies to influence auction results. A review that aggregates proprietary and customer bidding activity and looks for clustering around the stop-out rate is designed to identify potential manipulation, collusion, or other improper auction-influencing behavior. Escalation and documentation support defensible supervision.
A key high-level compliance consideration for U.S. Treasury auctions is ensuring auction integrity—i.e., that bids are entered for legitimate purposes and not to improperly influence the auction’s clearing level or to coordinate outcomes with other market participants. Controls commonly focus on monitoring aggregated bidding activity (proprietary plus customer activity handled by the firm), identifying outlier bidding patterns (including concentrations near the stop-out rate), and requiring timely escalation and documentation when patterns suggest potential collusion or auction-influencing intent. These reviews are governance-oriented: they create an evidence trail of surveillance, investigation, and remediation, rather than relying on rote rule citations. The closest distractors involve other products/regimes (equity reporting, Regulation M, best execution) that do not address auction-bid integrity.
Topic: General Supervision
You are the broker-dealer’s designated compliance officer supporting an affiliated investment adviser that directs client equity trades to the firm and uses commissions to pay certain vendors. Ahead of a renewal, a vendor proposes a bundled “research package” to be paid entirely with soft dollars: (1) written analyst reports and analyst calls, (2) real-time market data, and (3) an annual user conference fee and client-entertainment events. The adviser wants approval this week so trading can begin allocating commissions next month, and your firm’s soft-dollar policy requires pre-approval and documentation of any new arrangement.
What is the single BEST compliance decision to satisfy Section 28(e) concepts and minimize regulatory risk?
Best answer: C
Explanation: 28(e) generally supports eligible research/brokerage, but bundled arrangements require documented mixed-use allocation and hard-dollar payment for non-eligible conference/entertainment.
Section 28(e) safe harbor generally covers commissions used for eligible research and eligible brokerage services, but it does not cover products like entertainment and conference fees. When a vendor bundles eligible and non-eligible items, the firm should require pre-approval, obtain itemization, document the analysis, and allocate costs so the non-eligible portion is paid with hard dollars.
The core compliance task under Section 28(e) is to determine whether the adviser is using client commissions for items that are generally eligible research or eligible brokerage, and to ensure the process is controlled and documented before commissions are spent. Written research and access to analysts are typically research; certain market data can be eligible when it provides substantive informational content used in the investment decision-making process. By contrast, conference fees and client-entertainment are not eligible.
For bundled arrangements, a prudent workflow is:
This approach meets the policy’s pre-approval requirement and avoids using commissions for non-eligible benefits.
Topic: Investment Banking
A broker-dealer is a member of the underwriting syndicate for a firm-commitment IPO. During a post-deal review, Compliance sees the following entry in the syndicate operations checklist:
Prospectus delivery: Final prospectus posted to deal microsite.
Retail process: Reps told to direct customers to issuer website.
Confirmations: “Prospectus available upon request.”
E-delivery: No customer consent captured; no delivery log maintained.
Which item is the primary compliance risk/red flag the compliance official should escalate?
Best answer: A
Explanation: A microsite posting and “available upon request” language do not demonstrate required prospectus delivery, especially without e-delivery consent and an auditable delivery record.
The key red flag is a supervisory and recordkeeping gap around prospectus delivery in a distribution. Posting a document online and telling reps to direct customers to a website does not, by itself, satisfy a controlled process to deliver the prospectus and retain evidence of delivery. A compliance official should require a documented, auditable workflow (including e-delivery consent where applicable).
In an underwriting/distribution, the firm needs a defensible process to ensure the required prospectus is actually delivered to purchasers (or delivered electronically in a manner consistent with notice/access/consent expectations) and to maintain evidence that delivery occurred. The checklist indicates reliance on customers finding the document themselves and on generic confirmation language, while also admitting there is no captured e-delivery consent and no delivery log. That combination is a core control failure because it weakens the firm’s ability to demonstrate compliant prospectus delivery and supervision across accounts, channels, and timeframes. The primary escalation should be to implement and test controls that (1) push delivery (or compliant e-delivery), and (2) retain retrievable delivery evidence.
Topic: Investment Banking
Your firm has just signed an engagement letter to act as lead underwriter for a public company’s follow-on equity offering. Investment banking wants to “wall-cross” 20 institutions tomorrow and email a draft investor deck that includes management projections not yet public. The firm’s trading desk currently makes a market in the issuer’s outstanding notes and holds inventory. As the compliance officer, what is the single best action now that satisfies supervisory documentation needs and minimizes MNPI and market-integrity risk?
Best answer: B
Explanation: At the mandate stage, you must stand up deal-specific controls (lists, trading restrictions, preclearance and logging of wall-crossing/materials) before any investor contact occurs.
Once the mandate is signed and pre-marketing will involve potential MNPI, the key compliance checkpoint is to formalize the transaction and put preventive controls in place before any contact. That includes setting the issuer on the appropriate watch/restricted lists, controlling related trading activity, and requiring preapproved wall-crossing procedures with complete documentation. This sequencing reduces the risk of improper disclosure and trading while creating defensible supervisory evidence.
Underwriting compliance is staged: each phase (mandate, diligence, marketing, pricing/allocation, and distribution) has specific checkpoints. Here, the firm is at the mandate-to-pre-marketing transition and plans to share nonpublic projections, so the immediate priority is to establish and document deal-specific controls before outreach or trading continues in a way that could be tainted by MNPI.
Practical kickoff actions typically include:
Controls applied only after pricing or after filing are reactive and leave the firm exposed during the highest-risk period: initial outreach and information flow.
Topic: Customer and Employee Accounts
A retail customer files a complaint alleging your firm overcharged on a municipal bond purchase. Your firm’s WSP says: “Escalate to the Municipal Principal for fair-pricing review when a retail muni mark-up exceeds 2.00% of the desk’s contemporaneous cost for the same security.”
Exhibit: Trade details (same day)
CUSIP: 123456AB7
Customer trade: BUY $25,000 par @ 100.00
Desk cost: $25,000 par @ 97.50
Based on the WSP trigger, what is the most appropriate next step?
Best answer: D
Explanation: The mark-up is \(\frac{100.00-97.50}{97.50}\approx 2.56\%\), which exceeds the 2.00% escalation trigger.
Compute the mark-up using the desk’s contemporaneous cost as the denominator, as the WSP specifies. The difference is 2.50 points, and \(2.50/97.50\approx 2.56\%\), which is above the 2.00% trigger. That result requires escalation for a documented fair-pricing review as part of customer protection and complaint handling.
In municipal complaint scenarios, customer protection starts with a prompt, documented assessment of whether pricing appears potentially unfair under your supervisory procedures. Here, the WSP defines the escalation test: mark-up as a percentage of the desk’s contemporaneous cost for the same security.
Because the result exceeds the 2.00% trigger, the appropriate compliance step is escalation for a fair-pricing review (including prevailing market price support and any remediation decision), rather than prematurely closing or “making it right” without analysis.
Topic: Markets and Operations
A broker-dealer’s monthly surveillance shows recurring best-execution exceptions on retail equity orders: the same three registered reps routinely route orders to an away venue with a higher execution cost than the firm’s primary routing destination, and the order management system (OMS) “reason for trading away” field is often left blank. Desk supervisors have been marking the alerts “closed—acceptable” without documenting any review beyond a brief note.
As the compliance official, which corrective action best aligns with durable supervisory standards and customer protection?
Best answer: B
Explanation: It addresses the recurring pattern by tightening supervision and record evidence while remediating behavior through targeted training and ongoing monitoring.
Recurring exceptions tied to specific individuals and weak closure notes indicate a control and accountability gap, not a one-off error. The best response combines strengthened supervisory review, required documentation of routing rationale, targeted training for the involved reps, and monitoring to confirm the issue trends down. This creates defensible evidence of oversight and remediation.
When sales practice exceptions recur—especially with the same reps and superficial alert closures—compliance should treat it as a supervision and record-integrity problem. A durable corrective action pairs (1) clearer expectations (what constitutes an acceptable trade-away and what must be recorded), (2) accountable supervisory review with documented evidence, and (3) targeted training tied to the observed breakdown. Controls should be embedded in workflow (e.g., requiring an OMS justification field before closure) and supported by management reporting that tracks repeat behavior and supervisor disposition quality. Finally, the firm should trend the exceptions after remediation to demonstrate the control change is effective. A generic reminder or reduced alerting does not correct the root cause or produce defensible supervisory records.
Topic: Markets and Operations
A surveillance alert flags concentrated buying in a thinly traded microcap by a registered rep’s discretionary customer account. The next morning, the issuer announces it is being acquired at a 40% premium. The rep sits on the same floor as the firm’s investment banking group.
Exhibit: Surveillance alert (summary)
Issuer: QLTX
Account: DVP-4421 (RR discretionary)
Activity: 9 buys across 3 venues; 68% of daily volume
Timing: 2:11–3:58 p.m. ET, day before announcement
Unrealized gain at close: +$112,400
Linking note: RR exchanged messages with IB banker on QLTX that day
As the compliance officer, which escalation path is MOST appropriate as the first step, given the primary red flag/control concern?
Best answer: B
Explanation: The key red flag is potential MNPI misuse, requiring prompt Legal/CCO-led escalation, preservation, and coordinated trading restrictions pending review.
The pattern—heavy pre-announcement buying, material price-moving news, and a proximity/link to investment banking—creates an immediate MNPI/insider-trading risk. That risk requires rapid escalation to Legal and senior compliance leadership to control further trading, preserve evidence, and direct an appropriate investigation. Other issues may be reviewed later, but they are not the primary driver for first-step escalation here.
The primary concern is potential misuse of MNPI (and possible information-barrier breakdown) indicated by unusual, concentrated buying shortly before a material corporate event plus a documented connection to an investment banking banker. The first escalation should go to Legal and senior compliance/market-abuse leadership because they can promptly direct evidence preservation, determine whether the security should be restricted, and coordinate with trading supervision to prevent additional potentially problematic activity.
A defensible first-step escalation typically includes:
Best execution, trade reporting, and advertising review can be relevant later, but they don’t address the immediate market-integrity/MNPI risk signaled by the alert.
Topic: Sales Solicitations
A broker-dealer is updating its digital-communications WSPs. (1) Marketing uploads a firm-written product page to the public website that remains unchanged until the next scheduled revision. (2) Registered reps respond in real time to prospect questions through a website live-chat widget, and all chat transcripts are captured and archived.
Which option correctly matches each item to the communication type and the firm’s most appropriate monitoring method?
Best answer: D
Explanation: Static retail content is typically approved before first use, while interactive chat is generally supervised via post-use monitoring with retained records.
A website page that stays the same until edited is static content, so the key control is principal approval before first use (and periodic review thereafter). A live-chat stream is interactive because the content is created in real time, so supervision is typically accomplished through documented, risk-based post-use review and electronic surveillance of captured transcripts.
The decisive difference is whether the message is a fixed piece of content or a real-time, back-and-forth exchange. Static content (like an unchanged website product page) functions like a traditional advertisement: it can be reviewed in full before it goes live, so a strong supervisory control is principal pre-use approval with subsequent periodic reviews/updates. Interactive communications (like a live-chat widget) generate content dynamically and at high volume, making pre-approval of each message impractical; the defensible approach is to retain the records and apply documented, risk-based post-use supervision (e.g., lexicon or keyword surveillance, sampling, escalation and investigation of flagged items, and trending/reporting). The key is matching the monitoring method to how the content is produced and updated.
Use the Series 14 Practice Test page for the full Securities Prep route, mixed-topic practice, timed mock exams, explanations, and web/mobile app access.
Review weak areas with the Series 14 Cheat Sheet , then continue with the complete Securities Prep route from the FINRA Series 14 Practice Test page.