Series 23: Customer Activity Supervision

Series 23 Customer Activity Supervision questions help you isolate one part of the FINRA outline before returning to a mixed practice test. The questions below are original Securities Prep practice items aligned to this topic and are not copied from any exam sponsor.

Topic snapshot

Sample questions

Question 1

A general securities principal is asked to approve a retail webinar deck for first use that afternoon. The firm’s approved webinar platform will record and archive the invitation, final deck, and live session automatically, and the webinar has already been classified as a retail communication. One slide states: “Our tactical income strategy is built to deliver 7%-9% annually. Clients who follow our allocation discipline should avoid meaningful losses even in volatile markets.” What is the primary red flag the principal should identify before approving the presentation?

• A. The term tactical may confuse some retail investors.
• B. Same-day submission limits the principal’s review time.
• C. Promissory claims imply assured returns and protection from losses.
• D. The 7%-9% range lacks documented support in the slide.

Best answer: C

Explanation: The slide is misleading because it suggests expected annual returns and loss avoidance, which makes the communication promissory and unbalanced.

The primary issue is the content of the slide, not the workflow. Saying a strategy is “built to deliver” a return range and that clients “should avoid meaningful losses” implies predictable performance and downside protection, making the presentation promissory and misleading.

Customer communications must be fair, balanced, and not misleading. Here, the principal’s biggest red flag is language that suggests a retail investor can expect a specific annual return and avoid meaningful losses by following the strategy. That kind of phrasing overstates certainty, minimizes risk, and can be viewed as promissory or exaggerated.

A principal should require the presenter to:

• remove or rewrite language implying assured performance
• avoid claims of loss avoidance unless they are precise, fully supported, and balanced by material risk discussion
• present benefits and risks in a balanced way before first use

Late submission and supporting backup may matter operationally, but the decisive supervisory issue is that the message itself is misleading.

• Technical wording is a lesser concern; jargon can be clarified, but it is not the main supervisory risk here.
• Late review timing affects process, but same-day review is not the core problem if approval occurs before use.
• Support for figures matters, yet the more serious issue is the implication of predictable returns and downside protection.

Question 2

A registered representative plans a live 30-minute webinar for 40 retail prospects. She will use prepared slides describing the firm’s managed account program and then answer unscripted audience questions. Attendance is by invitation, and the same slide deck will be emailed to attendees after the event. Which supervisory action best aligns with communications-classification and retention standards?

• A. Treat the slides as retail communication and the live Q&A as a public appearance; apply the firm’s review, supervision, and retention controls to both.
• B. Treat the webinar and slides as institutional communication because the audience consists of prospects rather than customers.
• C. Treat the entire event as correspondence because each invitation was sent individually.
• D. Wait to classify the material until the firm decides whether to post a recording online.

Best answer: A

Explanation: Written slides sent to 40 retail prospects are retail communication, while the live webinar discussion is a public appearance that must be supervised and retained under firm procedures.

Prepared written material distributed to 40 retail prospects is retail communication, and the live webinar remarks are a public appearance. A principal should classify each format correctly up front and apply the firm’s supervision and retention controls to both.

The key issue is that communication classification depends on the format and audience, not just how the event was invited. The prepared slide deck is written material that will be distributed to more than 25 retail investors within 30 days, so it is retail communication. The representative’s live webinar remarks and unscripted answers are a public appearance.

A principal should therefore:

• review and supervise the slide deck as retail communication
• supervise the live presentation under the firm’s public-appearance procedures
• retain the required records for both the written material and the event-related communication record

The invitation being sent individually does not make the webinar correspondence, and the fact that attendees are prospects does not make them institutional investors.

• Individual invitations do not change a mass retail webinar and follow-up slide deck into correspondence.
• Prospect status is irrelevant to institutional classification; the audience here is retail, not institutional.
• Delay classification fails because supervision and approval decisions must be made before use, not after a later posting decision.

Question 3

Which statement is most accurate about when a principal should escalate an account for deeper review for possible excessive trading or churning?

• A. Escalate when trading frequency and costs appear inconsistent with the customer’s objectives, even if the account is non-discretionary and the representative effectively controls the activity.
• B. Day-trading patterns require escalation only after the customer submits a written complaint.
• C. If the account shows overall profits, a principal generally does not need to investigate excessive trading.
• D. Churning concerns arise only if the representative has written discretionary authority over the account.

Best answer: A

Explanation: Churning review turns on excessive activity and effective control, not just formal discretion, so those facts warrant principal escalation.

A principal should escalate when account activity, costs, and trading patterns appear inconsistent with the customer’s profile or objectives. Formal discretionary authority is not required if the representative effectively controls the recommendations or trading decisions.

The core supervisory issue is whether trading appears excessive in light of the customer’s investment objectives, financial situation, and account profile, and whether the representative is driving the activity. A deeper review is warranted when frequent trading, high commissions or costs, or day-trading patterns suggest the account may be handled for the representative’s benefit rather than the customer’s. Written discretion is not required for churning concerns; effective control over a non-discretionary account can be enough. Profitability also does not end the analysis, because an account can still be excessively traded even if some gains are realized. Principals are expected to detect and escalate these patterns through surveillance, not wait for a complaint.

• Written discretion only fails because effective control in a non-discretionary account can still support a churning concern.
• Profits end review fails because gains do not erase excessive turnover or cost patterns that are inconsistent with the customer’s objectives.
• Complaint required fails because principals must use proactive surveillance to identify questionable day-trading or excessive activity.

Question 4

A principal learns that a branch emailed an unencrypted spreadsheet containing customer names, Social Security numbers, and account values to an unaffiliated seminar vendor so the vendor could invite customers to retirement events. The firm’s privacy notice covered servicing-related sharing only and did not offer an opt-out for this marketing use. What is the most likely consequence?

• A. An automatic trading freeze on the affected accounts until customers consent.
• B. A mandatory SAR filing solely because the customer data was sent out.
• C. A likely Regulation S-P violation for improper sharing and inadequate safeguards.
• D. Only an updated annual privacy notice, since the prior sharing was permitted.

Best answer: C

Explanation: The firm disclosed nonpublic personal information to a nonaffiliated marketer without proper privacy treatment and also failed to safeguard the data.

The most immediate consequence is a privacy and safeguarding problem. Sharing nonpublic personal information with a nonaffiliated marketing vendor without the proper notice and opt-out, and sending it unencrypted, points to a Regulation S-P deficiency rather than an automatic trading or AML action.

This scenario combines two core privacy supervision duties: permitted information sharing and safeguarding customer data. A firm may share nonpublic personal information with certain service providers under limited exceptions, but using an unaffiliated vendor for marketing generally raises notice and opt-out issues unless a specific exception applies. Here, the firm’s privacy notice did not cover this marketing sharing, and customers were not given an opt-out for that use.

The unencrypted transmission of Social Security numbers and account values also suggests a failure to maintain reasonable administrative, technical, and physical safeguards for customer records. The most likely consequence is a regulatory finding under Regulation S-P and a need for remediation, not an automatic hold on trading or a SAR based solely on the transmission itself.

The key takeaway is that privacy notice obligations and safeguarding controls both matter, and a gap in either can create immediate supervisory exposure.

• The revised-notice choice fails because updating a privacy notice later does not make an already improper disclosure permissible.
• The trading-freeze choice fails because a privacy lapse does not automatically suspend customer trading authority.
• The SAR choice fails because suspicious activity reporting is not triggered solely by an improper vendor transmission of customer data.

Question 5

A retail customer who has never sent wires requests an immediate $48,000 wire to a newly added bank account. Earlier that day, the online profile had a password reset, and both the email address and mobile number were changed.

Exhibit: Firm identity-theft scorecard

Password reset same day ................ 1 point
Email and mobile both changed same day . 2 points
Wire to newly added bank account ....... 2 points

4 points or more: place a temporary hold and verify
using previously established contact information
before releasing funds.

3 points or less: obtain standard rep callback
confirmation.

Which supervisory action is required?

• A. Treat the request as 5 points; place a temporary hold and verify through previously established contact information.
• B. Treat the request as 2 points; process the wire without delay.
• C. Treat the request as 3 points; obtain standard rep callback confirmation.
• D. Treat the request as 4 points; confirm by email to the updated address.

Best answer: A

Explanation: The events total 5 points, so the firm must escalate with a temporary hold and out-of-band verification using preexisting contact information.

The red flags add up to 5 points: 1 for the password reset, 2 for same-day email and mobile changes, and 2 for the wire to a newly added bank account. Because that exceeds the firm’s 4-point threshold, the principal should impose a temporary hold and verify through previously established contact information.

This item tests how a principal applies an identity-theft red flag program to a suspected account-takeover pattern. The customer shows multiple same-day changes tied to a funds disbursement request, so the firm’s scoring matrix must be used before the wire is released.

• Password reset: 1 point
• Email and mobile changed: 2 points
• Wire to newly added bank account: 2 points
• Total: 5 points

A 5-point total is above the firm’s 4-point escalation threshold, so the required mitigation is a temporary hold plus verification through previously established contact information. The key supervisory point is that new contact data created during the suspicious activity should not be relied on for verification.

• Standard callback fails because the score is not 3; it is 5, which triggers enhanced mitigation.
• Updated email check fails because the new email is part of the red-flag pattern and is not a reliable verification channel.
• Immediate processing fails because multiple disbursement-related red flags require escalation, not routine handling.

Question 6

Which account maintenance request is generally treated as an account-type change that requires new supporting documentation and principal approval, rather than a routine record update?

• A. Adding or changing a beneficiary designation
• B. Converting a cash account to a margin account
• C. Recording a trusted contact person
• D. Updating the customer’s mailing address

Best answer: B

Explanation: Changing from cash to margin alters the account’s legal and supervisory framework, so firms generally require margin documentation and principal approval.

A cash-to-margin conversion is not just a clerical update; it changes the account type and the risks, disclosures, and supervision that apply. That is why firms generally require new documentation, such as a margin agreement, plus principal approval before the change is effective.

The key concept is the difference between a routine account-record change and a change that materially alters how the account may operate. Moving an existing account from cash to margin changes the account’s permissions, credit features, and supervisory requirements, so it typically requires additional account documentation and review by an appropriately designated principal.

By contrast, items such as an address update, beneficiary change, or trusted contact update are usually maintenance changes to existing records. Those updates still require proper customer instruction and firm documentation under the firm’s WSPs, but they do not normally convert the account into a different operating type. The best answer is the choice that changes the account’s legal and supervisory status, not merely the customer information on file.

• Address update: This is usually a record-maintenance change, even though firms must document and supervise it carefully.
• Beneficiary change: This updates transfer-on-death or similar account instructions, but it does not usually change the core account type.
• Trusted contact: This adds contact information for protective outreach purposes and is not an account-type conversion.

Question 7

A principal is reviewing a new online individual cash account. The file includes the customer’s signed application, name, date of birth, residential address, funding source, and a clear OFAC screen. The firm’s WSP states that before principal approval the file must include all required CIP identifying information, including the customer’s taxpayer identification number; email address, trusted contact information, and e-delivery elections may be completed later. Which statement is INCORRECT?

• A. The account may be approved if only the e-delivery election is missing.
• B. The account may be approved if only the email address is missing.
• C. The account may be approved if only trusted contact information is missing.
• D. The account may be approved if the taxpayer identification number is still missing because OFAC screening is complete.

Best answer: D

Explanation: The taxpayer identification number is part of required CIP information under the stated WSP, so its absence blocks principal approval even if OFAC screening is clear.

Material missing documentation is the kind the firm’s procedures require before approval, especially CIP identifying information. Here, the taxpayer identification number is expressly required before principal approval, while the other missing items are optional and may be added later.

This item turns on whether the missing information is a required account-opening and CIP element or only a convenience/servicing item. Under the stated WSP, principal approval cannot occur until all required CIP identifying information is in the file, and the taxpayer identification number is specifically listed as required. A completed OFAC screen does not replace missing CIP data; it is a separate control. By contrast, items such as an email address, trusted contact information, and an e-delivery election may be completed after opening because the firm has said they do not block approval.

The key takeaway is that a principal should block approval when a missing item affects required identification and verification, not when it concerns optional account features.

• Email address is acceptable to obtain later because the WSP specifically says it does not block approval.
• Trusted contact is also acceptable to add later under the stated procedures.
• E-delivery election concerns delivery preference, not required CIP identification, so it does not stop approval under these facts.

Question 8

A broker-dealer’s account maintenance procedure requires a supervisor to independently verify any address or bank-instruction change on a long-dormant retail account before accepting a same-week liquidation and wire request. This control is primarily designed to detect and prevent which risk?

• A. Unsuitable recommendations based on the customer’s profile
• B. Account takeover or identity-theft fraud causing unauthorized disbursement
• C. Trade-reporting errors in the firm’s order execution process
• D. AML structuring intended to avoid currency reporting thresholds

Best answer: B

Explanation: Dormant-account changes followed by rapid liquidation and transfer are classic red flags for possible account takeover and fraudulent withdrawal.

The control matches customer-protection and fraud prevention, not sales-practice or trading surveillance. Sudden maintenance changes on a dormant account, especially right before liquidation and a wire, are red flags for possible identity theft or unauthorized account access.

This type of procedure is an account-maintenance and customer-protection control. A dormant account that suddenly shows changes to contact or payment instructions, followed immediately by liquidation and a disbursement request, presents a classic risk of account takeover, impersonation, or other fraud. The supervisory purpose of independent verification is to confirm that the real customer authorized the changes before assets leave the account.

A principal should recognize this pattern as a heightened-verification event, not as a suitability, communications, or trade-reporting issue. The key takeaway is that unusual maintenance activity in a dormant account can signal identity-theft or unauthorized-disbursement risk and should trigger escalation and confirmation procedures.

• AML mismatch fails because the described control is tied to account changes and disbursement authorization, not transaction-pattern monitoring for structuring.
• Suitability mismatch fails because no recommendation is being evaluated; the issue is whether the request is fraudulent.
• Trading mismatch fails because the concern is customer verification before funds leave the account, not execution or reporting accuracy.

Question 9

A registered representative wants to use the firm’s approved LinkedIn account to (1) replace her profile banner and “About” section with marketing language about retirement-income services and (2) respond the same day to prospects who comment on her posts. The firm’s archive captures all business social-media activity, but only one principal review can occur before launch. As the supervising principal, what is the single best action?

• A. Pre-approve the banner, About text, and each future reply before any response is posted.
• B. Pre-approve the banner and About text, then supervise replies post-use as interactive content while retaining both through the firm archive.
• C. Allow the banner and About text without prior approval because LinkedIn profiles are interactive content, and review everything after use.
• D. Pre-approve the banner and About text, but let LinkedIn serve as the recordkeeper for comments and replies.

Best answer: B

Explanation: The profile changes are static content requiring prior approval, while real-time replies are interactive content supervised after use, and both must be retained.

The best supervisory response is to separate static content from interactive content. The LinkedIn banner and About section are static business communications that require prior principal approval, while replies to comments are interactive communications that can be supervised after use, with firm retention of both.

This item turns on the distinction between static and interactive social-media content. Content that sits on a profile page, such as a banner or About section, is static because the firm can review it before the public sees it; that makes prior principal approval the appropriate control. By contrast, real-time replies to commenters are interactive content, so requiring pre-approval of each response is generally not the best fit when the rep must respond promptly.

The supervisory approach that satisfies all stated constraints is:

• pre-approve the static profile content before launch
• permit real-time interactive replies subject to post-use supervision
• retain all business-related social-media records through the firm’s archive

The closest trap is the choice that correctly pre-approves the profile content but fails to keep retention under firm control.

• Pre-approving every reply is more restrictive than necessary and conflicts with the need for same-day interactive responses.
• Treating the profile as interactive fails because banner and About text are static content, not real-time interactive exchanges.
• Relying on LinkedIn records fails because the firm, not the platform, must ensure required business-communication retention.

Question 10

During supervisory control testing, a general securities principal learns that one branch uses a third-party portal for address changes and re-delivery of electronic statements and confirmations. The firm’s archive keeps the final approved account-change form, but not the customer’s request, identity-verification record, or copies of the reissued statements and confirmations. No fraud has been confirmed. What is the best next step?

• A. Shut down the portal immediately and reverse recent account changes.
• B. Wait for more customer complaints before expanding the review.
• C. Revise the WSPs now and test record retrieval after implementation.
• D. Conduct a documented retention-gap review and secure all affected records first.

Best answer: D

Explanation: The principal should first preserve and test retrieval of all required records to determine scope and control failure before broader remediation.

The first supervisory step is to determine whether the firm is retaining and can retrieve all required account-maintenance records, statements, and confirmations. That means documenting the gap, preserving records from the branch and vendor, and defining the affected population before moving to broader remediation.

This scenario is a books-and-records and account-maintenance control issue. When a new workflow or vendor portal appears to omit customer requests, authentication evidence, or reissued statements and confirmations, the principal should first secure the records and perform a documented gap review. That establishes whether the firm can actually retain and retrieve the required records, how many accounts are affected, and whether customer notifications or further escalation may be needed.

A sound sequence is:

• preserve available records and prevent loss
• obtain missing records from the branch or vendor
• test completeness and retrievability for affected accounts
• then update WSPs, vendor controls, training, and any needed escalation

Immediate shutdown or reversals may be premature without first defining the problem, while waiting for more complaints is too late. Updating procedures before confirming the retention failure also reverses the proper supervisory order.

• Immediate shutdown may be considered later, but first the principal must preserve records and determine the scope of the retention problem.
• WSP revision first skips the required review of whether records are complete and retrievable under the current process.
• Wait for complaints is inappropriate because record-retention exceptions require prompt supervisory review even without confirmed fraud.

Continue with full practice

Use the Series 23 Practice Test page for the full Securities Prep route, mixed-topic practice, timed mock exams, explanations, and web/mobile app access.

Related focused pages

• Registration and Personnel
• General Broker-Dealer Activities
• Trading and Market Making
• Investment Banking and Research
• Free Series 23 Full-Length Practice Exam

Free review resource

Use the Series 23 Cheat Sheet on SecuritiesMastery.com when you want a compact review before returning to the FINRA Series 23 Practice Test page.