Try 10 focused Series 4 questions on Regulatory Practices, with explanations, then continue with the full Securities Prep practice test.
Series 4 Regulatory Practices questions help you isolate one part of the FINRA outline before returning to a mixed practice test. The questions below are original Securities Prep practice items aligned to this topic and are not copied from any exam sponsor.
| Item | Detail |
|---|---|
| Exam | FINRA Series 4 |
| Official topic | Function 5 — Implement Practices and Adhere to Regulatory Requirements |
| Blueprint weighting | 10% |
| Questions on this page | 10 |
During annual supervisory control testing of the firm’s options program, the ROP finds inconsistent practices across branches for new options accounts. In several files, options trading was approved in the account system before the customer’s Options Disclosure Document (ODD) delivery/acknowledgement was evidenced, even though other branches require proof of ODD delivery before approval.
As the options principal responsible for the written supervisory procedures (WSPs), what is the best next step to address this finding in the proper supervisory workflow?
Best answer: C
Explanation: The appropriate next step is to remediate the control gap by revising WSPs and implementing a consistent, testable process (e.g., exception reporting) with documented rollout.
The issue is a supervisory control weakness: the firm’s WSPs and practices are not being implemented consistently for a required options disclosure step. The best next step is to update the WSP to clearly require documented ODD delivery/acknowledgement before approval and add a mechanism (such as an exception report or system block) to enforce and evidence compliance, then train supervisors and retest.
This finding shows that the firm’s written procedures are either unclear or not being followed uniformly, which is exactly what supervisory controls and WSP maintenance are designed to prevent. The principal should first remediate at the process level by tightening the WSP requirement and adding a supervisory control that makes compliance consistent and verifiable.
A sound sequence is:
Individual remediation may follow, but it should not substitute for correcting the procedure-and-control gap that caused inconsistent implementation.
A broker-dealer onboards new retail options customers through a mobile app using electronic delivery. The app delivers the ODD and captures a time-stamped acknowledgment, but it only shows “Member SIPC” in the footer and does not deliver the SIPC brochure (or notice of its availability). As the Registered Options Principal, which supervisory action best aligns with required SIPC disclosures and books-and-records expectations?
Best answer: A
Explanation: Firms must deliver required SIPC disclosures and maintain records showing the disclosures were provided (including for e-delivery).
SIPC membership alone is not the full required customer disclosure. The principal should ensure the SIPC brochure (or the required notice of its availability) is delivered at the required times and that the firm retains reliable evidence of delivery/notice for recordkeeping and audit purposes.
SIPC disclosures are part of customer protection communications that the firm must deliver in a controlled, auditable way. Simply displaying “Member SIPC” does not substitute for delivering the SIPC brochure or a compliant notice describing how the customer can obtain it (including online availability and how to request a paper copy, if applicable). When disclosures are delivered electronically, supervision should confirm (1) the customer is set up for e-delivery, (2) the disclosure/notice is actually sent or made available as designed, and (3) the firm retains records that evidence delivery (for example, time-stamped system logs or acknowledgments) consistent with its books-and-records program. The key control is documented delivery, not informal website availability or outsourcing without oversight.
Which description BEST defines an effective gifts and gratuities recordkeeping log used to monitor compliance with a firm’s gifts and gratuities restrictions (including annual aggregation limits)?
Best answer: A
Explanation: An effective log must capture enough detail to supervise and aggregate items by recipient to enforce firm limits and approvals.
Gifts and gratuities supervision relies on recordkeeping that lets a firm identify who gave or received items, their value, and the business purpose. The log must support aggregation by recipient over time so supervisors can monitor annual limits and enforce any pre-approval requirements.
A gifts and gratuities log is a supervisory record designed to make the firm’s restrictions enforceable in practice. To do that, it needs enough information to (1) identify the parties involved and the registered person, (2) capture value and timing, and (3) document the business context so the firm can distinguish allowable activity and apply its approval/escalation rules. Just as important, the log must support aggregation (typically by recipient and time period) so supervisors can detect patterns and breaches of annual limits. Logs that only capture “large” items, only cash, or only a narrow category of recipients undermine monitoring and are not effective controls.
A broker-dealer’s operations group generates a daily “Address/Returned Mail Exception” report that lists (1) options accounts with mail returned as undeliverable and (2) accounts with a customer “hold mail” instruction that has been in place for more than 30 days. Which supervisory purpose does this report most directly support?
Best answer: C
Explanation: Returned-mail and extended hold-mail exceptions are address controls designed to ensure customers receive confirmations, statements, and other required notices.
An address/returned mail exception report is a supervisory control to catch stale or invalid customer address information and prolonged mail holds. Those conditions create a delivery risk for required documents and notices, so the report drives timely outreach and address updates (or another approved delivery method) to restore effective delivery.
“Hold mail” and “returned mail” conditions are supervisory red flags because they can prevent delivery of required documents (for example, trade confirmations, account statements, ODD updates, and other firm/regulatory notices). An exception report that surfaces undeliverable mail and prolonged mail holds supports controls to keep the customer’s address of record accurate and to prompt follow-up when delivery appears impaired.
Typical supervisory actions include:
The key point is that the report is an operational/books-and-records control focused on delivery and address accuracy, not trading risk or advertising review.
During a books-and-records review, a Registered Options Principal compares two retail accounts:
Both accounts already have an executed options agreement, evidence the ODD was delivered before trading, and a margin agreement.
Which record is specifically required to be maintained for Account B (portfolio margin) that would not be required solely because Account A is standard margin?
Best answer: A
Explanation: Portfolio margin requires maintaining the customer’s portfolio margin disclosures/acknowledgment as part of the account’s required documentation.
Portfolio margin is a distinct margin program with additional required disclosures and customer acknowledgment records. Since both accounts already have the baseline options and margin documentation (options agreement, ODD delivery evidence, and margin agreement), the differentiator is maintaining the portfolio margin disclosure/acknowledgment for the portfolio margin account.
For options supervision, firms must maintain core account records such as the options agreement/approval and evidence that the Options Disclosure Document (ODD) was delivered before the customer’s first options trade. Margin accounts also require an executed margin agreement.
Portfolio margin is a separate, higher-risk margin methodology, so the firm must keep additional portfolio margin documentation—most importantly the required portfolio margin risk disclosures and the customer’s acknowledgment/acceptance of those disclosures—along with the firm’s approval to place the account in the program. This is the key recordkeeping difference versus a standard (Reg T) margin options account when the baseline options and margin records are already on file.
A retail customer emails the firm to complain about a recommendation to buy 5 XYZ June 40 calls at a premium of $2.50 per contract (100 shares per contract). The customer held the calls to expiration, and XYZ closed at $38.00 on expiration; the calls expired worthless.
Exhibit: WSP excerpt (complaint log)
What should the Registered Options Principal enter and how should the complaint record be maintained?
Best answer: B
Explanation: A long call’s breakeven is strike plus premium ($42.50) and the expired loss is the full premium paid: $2.50 × 5 × 100 = $1,250, maintained in the segregated complaint file.
The complaint log should reflect the option strategy’s breakeven and an estimated-damages figure based on the actual outcome when the position is closed or expires. For a long call, breakeven is strike price plus premium, and if the option expires worthless the customer’s loss is the total premium paid. The written complaint and log entry must be retained in a centralized complaint file separate from the account file.
To maintain accurate customer complaint records, the principal should document the strategy details and quantify the customer’s alleged damages using the firm’s method, then preserve the record in the required segregated complaint file. Here, the customer bought calls and held them to expiration, so the outcome is known.
Separately, the complaint and related documentation must be stored in the firm’s centralized complaint file (not buried in the customer account file) and retained per the firm’s retention policy.
During preparation for the firm’s annual compliance certification, Compliance asks the Registered Options Principal (ROP) to produce evidence that supervisory controls are operating to detect and resolve retail accounts trading uncovered short options without the required approval level. The WSP requires a daily exception report, documented supervisor disposition of each exception in the firm’s surveillance system (time-stamped), and retention of the report and dispositions in firm records. An internal review finds supervisors did review the exceptions, but they recorded dispositions in personal spreadsheets and emails, and some exceptions have no documented follow-up.
What is the BEST supervisory action to satisfy the certification need and remediate the control weakness?
Best answer: D
Explanation: Annual certification support requires preserved, retrievable evidence of the control’s performance and documented corrective action to address gaps.
To support annual compliance certification, the ROP must be able to produce firm-retained, auditable evidence that the supervisory control operated as designed (exception identification, review, disposition, and follow-up). Because dispositions were kept in personal files and some lacked follow-up documentation, the best action is to remediate by centralizing recordkeeping, documenting corrective steps, and updating the control/WSP to prevent recurrence.
Annual compliance certification relies on demonstrable supervisory controls and preserved evidence—i.e., records that show what was reviewed, by whom, when, what decision was made, and what follow-up occurred. Here, the control design calls for time-stamped dispositions in the firm’s surveillance system and retention as firm books and records, but execution occurred in personal spreadsheets/emails and with missing follow-up notes, creating a documentation and control gap.
The best supervisory response is to (1) capture and retain the existing exception reviews in a firm-controlled repository where possible, (2) document the remediation for missing dispositions (including escalation and corrective training where needed), and (3) enhance the supervisory control/WSP so dispositions must be recorded and retained in the firm system with supervisory sign-off and periodic testing. This both supports the certification and strengthens the control going forward.
During preparation for the firm’s annual compliance certification, the options principal is asked to produce evidence that uncovered options-writing exception reports were reviewed and resolved throughout the year. The firm’s surveillance vendor dashboard shows review notes only for the last 30 days and then overwrites them. Supervisors did perform the reviews, but no exports or retained records exist.
What is the primary supervisory control risk/red flag?
Best answer: B
Explanation: Annual certification relies on demonstrable, retained records of supervisory controls and reviews, not just verbal attestations.
The key issue is not whether reviews occurred, but whether the firm can demonstrate them with preserved supervisory evidence. If exception reports and the supervisors’ resolution notes are overwritten, the firm cannot support its supervisory control testing and annual certification. The principal must treat this as a control and record-retention breakdown requiring remediation and documentation.
Annual compliance certification and supervisory control testing require a firm to be able to evidence that supervisory controls operated as designed. Here, the control is the periodic review and disposition of uncovered-writing exceptions, and the evidence is the report plus the supervisor’s documentation (date, reviewer, rationale, and disposition). If the surveillance system overwrites review history after 30 days and the firm does not export/retain it in an approved recordkeeping system, the firm has a record-retention and supervision-evidence failure even if the reviews were actually performed. The options principal should remediate by implementing retention (e.g., automated exports to the firm’s records archive), updating WSPs/workflows, and documenting the gap and corrective actions for the certification file. The closest trap is focusing on other substantive risks that are not indicated by the facts.
You are the Registered Options Principal for a broker-dealer. A retail customer emails a complaint alleging an unauthorized options trade and requests that the firm reverse the transaction.
Exhibit: WSP excerpt (complaints)
Which action is NOT appropriate for meeting the firm’s complaint record retention and segregation requirements?
Best answer: B
Explanation: Deleting the original email violates the requirement to preserve the original complaint record for the required retention period.
Complaint recordkeeping requires preserving the original complaint record and retaining it for the required period in a compliant storage format. Summarizing a complaint for tracking does not replace the obligation to keep the original email/attachments. Deleting the original complaint record defeats retention and supervisory review.
The core control is to preserve and retain customer complaint records in a manner that supports supervision, regulatory review, and tamper-resistant storage. When a complaint is received by email, the firm must keep the original message (and attachments) as the complaint record and store it in the firm-designated, segregated complaint repository (often WORM) for the required retention period, with the first portion readily accessible. A complaint log or case-management entry is a useful index for tracking, but it is not a substitute for retaining the original complaint record. The key takeaway is to retain the original complaint in the firm’s centralized complaint file, not just a summary.
A broker-dealer that is a SIPC member opens 200 new retail options accounts using an electronic new-account workflow. During a supervisory control test, the options principal learns that a vendor configuration error prevented the required SIPC disclosure from being delivered, and there is no retained evidence of delivery for those accounts. No customers have complained.
What is the most likely required corrective action and compliance exposure?
Best answer: D
Explanation: The firm must remediate the missed SIPC disclosure and correct the related books-and-records evidence gap.
Failing to deliver required SIPC disclosures and failing to maintain evidence of delivery creates a compliance deficiency even without a customer complaint. The appropriate supervisory response is to promptly deliver the disclosure to affected customers, document delivery, and correct the process control that caused the gap.
SIPC-related disclosures are required customer-facing disclosures for SIPC member firms, and firms must be able to evidence that required disclosures were provided when applicable. Here, the issue is both (1) non-delivery of the disclosure to 200 accounts and (2) a books-and-records problem because the firm cannot demonstrate delivery.
A reasonable supervisory remediation is to:
The absence of complaints does not eliminate the obligation to provide the disclosure or maintain records supporting delivery.
Use the Series 4 Practice Test page for the full Securities Prep route, mixed-topic practice, timed mock exams, explanations, and web/mobile app access.
Use the Series 4 Cheat Sheet on SecuritiesMastery.com when you want a compact review before returning to the FINRA Series 4 Practice Test page.