Try 50 free Series 99 practice questions across the official topic areas, with answers and explanations, then continue with the full Securities Prep question bank.
This free full-length Series 99 practice exam includes 50 original Securities Prep questions across the official topic areas.
The questions are original Securities Prep practice questions aligned to the exam outline. They are not official exam questions and are not copied from any exam sponsor.
Count note: this page uses the full-length practice count maintained in the Mastery exam catalog. Some exam sponsors publish total questions, scored questions, duration, or unscored/pretest-item rules differently; always confirm exam-day rules with the sponsor.
For a compact topic review before or after this set, use the Series 99 Cheat Sheet on SecuritiesMastery.com.
| Item | Detail |
|---|---|
| Issuer | FINRA |
| Exam | Series 99 |
| Official route name | Series 99 — Operations Professional Qualification Examination |
| Full-length set on this page | 50 questions |
| Exam time | 90 minutes |
| Topic areas represented | 2 |
| Topic | Approximate official weight | Questions used |
|---|---|---|
| Broker-Dealer Operations | 70% | 35 |
| Professional Conduct | 30% | 15 |
Topic: Broker-Dealer Operations
A customer drops off a physical stock certificate at a branch for deposit into his individual brokerage account and asks that it be forwarded to the transfer agent the same day. The only instruction received is an email from the registered representative summarizing a text message from the customer, and the certificate bears a “restricted securities” legend. It is 30 minutes before the firm’s end-of-day vault cutoff.
What is the single best action the operations professional should take to satisfy custody/control and supervisory audit-trail controls?
Best answer: D
Explanation: A timely blotter entry documents chain of custody (who/what/when/where) and supports supervision while the certificate is secured and restricted-securities documentation is obtained.
The securities blotter is used to create a time-stamped record of securities received and delivered, establishing chain of custody. Entering the certificate immediately (with key identifiers and location) supports supervision, exception tracking, and an audit trail while the restricted legend and customer authorization are reviewed. Securing the certificate prevents unauthorized movement during review.
A securities blotter is a chronological log of securities movements (receipts, deliveries, transfers) that supports an audit trail and supervisory controls over physical and non-physical positions. In this scenario, the firm has heightened risk: a physical certificate (custody exposure), a restricted legend (requires review before processing), and informal instructions relayed by email/text (not adequate authorization to move securities). The best control is to create an immediate blotter entry at the moment of receipt and place the certificate in secure storage, so supervisors and auditors can trace:
This preserves chain of custody and prevents unapproved delivery even if a cutoff is approaching.
Topic: Professional Conduct
To reduce the risk of unauthorized access to customer new account forms that contain nonpublic personal information (NPI), a broker-dealer stores the paper documents in a locked file room that requires badge access, and the room is covered by security cameras and a visitor log.
Which option best matches the primary type of safeguard being used?
Best answer: D
Explanation: Locks, restricted-entry areas, cameras, and visitor logs are controls over physical access to records containing NPI.
The controls described are designed to prevent unauthorized physical entry to a location where NPI is stored. Restricting facility access with locks and badges, monitoring with cameras, and tracking visitors are classic physical protections for customer records. These measures are distinct from policy/training controls and from system-based access controls.
Customer information safeguards are commonly grouped into administrative, technical, and physical controls. The scenario focuses on protecting paper records by controlling who can enter a specific room and by monitoring/recording access. Those are physical safeguards because they address physical access to spaces and hard-copy records (e.g., locked cabinets/rooms, badge-controlled doors, cameras, and visitor logs). Technical safeguards would instead control access through systems (e.g., encryption, multifactor authentication, role-based entitlements, logging), while administrative safeguards rely on governance such as written procedures, training, vendor oversight, and periodic reviews. The key distinction is whether the control is over the facility/physical media versus systems or policies.
Topic: Broker-Dealer Operations
A clearing broker-dealer’s daily NSCC CNS fail report shows a fail-to-deliver in XYZ that resulted from a customer short sale and is still open as of the settlement date (T+1). The firm confirms it does not have the shares on hand and no borrow is currently available through its stock loan desk. Under Reg SHO Rule 204, what is the best next operational step?
Best answer: A
Explanation: Rule 204 requires the participant to close out an open CNS fail by buying or borrowing shares by the start of regular trading hours on the settlement day after the settlement date.
Reg SHO Rule 204 requires a clearing participant with an open fail-to-deliver at a registered clearing agency to complete a close-out by purchasing or borrowing securities by the beginning of regular trading hours on the settlement day following the settlement date. Because the firm has neither the shares nor a borrow, operations must escalate immediately to execute the close-out and monitor completion.
The core control in Rule 204 is time-sensitive close-out of an open fail-to-deliver at a registered clearing agency (e.g., NSCC CNS). Once the firm identifies it has an open CNS fail and cannot make delivery from inventory or an existing borrow, it must promptly trigger the close-out process so that shares are purchased or borrowed in time to meet the Rule 204 deadline (by the start of regular trading hours on the settlement day after the settlement date).
Operational monitoring steps typically include:
Waiting to “see if it resolves” or making record-entry fixes does not satisfy the requirement to actually obtain shares for delivery.
Topic: Broker-Dealer Operations
In broker-dealer settlement processing, what is the primary purpose of performing Standing Settlement Instruction (SSI) validation?
Best answer: D
Explanation: SSI validation verifies the accuracy and authorization of delivery/receipt instructions to prevent misdirected settlement and related fails.
SSI validation is a preventive control focused on where and how cash or securities will be delivered or received. By confirming that settlement instructions (e.g., custodian, account number, DTC/agent details) are correct and authorized, firms reduce the risk of misdirected deliveries, payment errors, and avoidable settlement fails.
Standing Settlement Instructions are the “delivery coordinates” used to complete settlement (cash wires, custodians, DTC/agent identifiers, account numbers, and related static data). SSI validation is the control that checks those instructions are (1) correct for the counterparty and (2) properly authorized/verified before the firm releases securities or funds. This helps prevent operational losses from sending assets to the wrong place, reduces settlement fails and downstream repairs, and supports straight-through processing. Trade affirmation/matching addresses whether the trade details agree; allocation addresses how a block is assigned to underlying accounts; and a DK notice is a corrective message used when a trade does not compare/match.
Topic: Broker-Dealer Operations
A carrying broker-dealer is preparing its weekly customer reserve computation under SEC Rule 15c3-3. On the reserve cutoff date, Operations discovers a ,000,000 unreconciled difference between the stock record and DTC positions for fully paid customer securities that would increase customer “credits” in the reserve formula if recorded correctly.
Which action best aligns with customer protection concepts and record integrity standards?
Best answer: C
Explanation: The reserve deposit must be based on accurate, reconciled customer credits/debits, so the break must be resolved (or conservatively addressed) before certification and funding.
The customer reserve formula is designed to ensure the firm maintains sufficient funds in a reserve account for net customer credit balances. Because the computation relies on the firm’s books and records (including the stock record), an unreconciled position difference can cause an understated deposit. The proper response is to escalate and correct/reconcile the records and recompute (and fund) based on accurate information before certification.
SEC Rule 15c3-3’s reserve formula is a customer protection control that depends on reliable books and records: customer “credits” (amounts owed to customers) are compared to “debits” (customer obligations), and the firm must maintain the net amount in a segregated reserve account. If the stock record and depository positions for fully paid customer securities are not reconciled, customer credits can be misstated, creating a risk that the firm underfunds the reserve account.
Operationally, the durable standard is:
The key takeaway is that timely reconciliations protect customers by preventing reserve underfunding driven by inaccurate records.
Topic: Broker-Dealer Operations
An operations associate is reviewing a new account setup before activating trading permissions.
Exhibit: New account checklist (snippet)
Account type: Individual
Cash trading: Enabled
Margin: No
Options: Level 2 requested
Options agreement: Signed 02/12/2026
CIP (ID verification): Verified
Tax form: W-9 received
Supervisory review: ROP approval = PENDING
Based on the exhibit, which action is required before the account can be activated for the requested permissions?
Best answer: A
Explanation: Because options trading is requested and the ROP approval is shown as pending, options cannot be activated until an ROP reviews and approves the account.
The exhibit shows options Level 2 is requested and all core paperwork/status items listed (options agreement, CIP, and W-9) are complete. The only incomplete control specifically tied to activating options permissions is the pending supervisory review by a Registered Options Principal. Therefore, the account should not be enabled for options trading until that approval is obtained.
New account activation depends on both customer-provided documentation and required internal supervisory approvals for specific features. Options trading is a heightened-permission feature that requires review and approval by a qualified options supervisor (typically a Registered Options Principal) before the firm enables the account for options activity. In the exhibit, the customer’s options agreement is already signed, and baseline onboarding items (CIP verification and tax form) are complete; the remaining gating item is the “ROP approval = PENDING” status. Until that approval is recorded, operations should not turn on the requested options level even if the account can be opened for basic cash trading.
Topic: Professional Conduct
An operations professional is reviewing the firm’s supervisory control system documentation to confirm controls are being tested and monitored.
Exhibit: Supervisory control testing log (extract)
Control ID: CSH-07
Process: Customer wire disbursements
Control: Daily review of outgoing wires over $50,000 against signed/verified instructions
Test frequency: Quarterly
Last test: Oct 15, 2025
Tester: Ops Control Unit (separate from Cashiering)
Independence check: PASS (tester has no wire-release entitlements)
Test result: 2 exceptions
Remediation: WSP updated + cashier re-training (Owner: Cashiering Mgr)
Retest scheduled: Nov 15, 2025
Evidence retained: QC checklist + exception tickets
Escalation: Material findings reported to CCO
Which interpretation is best supported by the exhibit?
Best answer: A
Explanation: The log shows exceptions, remediation steps, and a retest date with retained evidence and escalation.
The exhibit shows a structured supervisory control testing process: an identified control, periodic testing by a separate unit, documentation of exceptions, remediation ownership, and a scheduled retest. Those elements demonstrate monitoring and follow-up, which are core supervisory control system concepts. The interpretation must be limited to what the log explicitly documents.
A supervisory control system is more than performing a day-to-day operational review; it also requires a framework to test whether supervisory controls are working and to evidence monitoring over time. In the exhibit, the firm documents a defined control, a periodic test schedule, and that testing was performed by a group separate from the business function being reviewed (with an independence check tied to entitlements). The log also shows the key monitoring loop: exceptions were identified, remediation was assigned and completed (WSP update and training), a retest was scheduled, evidence is retained, and material findings are escalated to compliance leadership. Together, these are the operational hallmarks of testing and ongoing monitoring of supervisory controls.
Topic: Broker-Dealer Operations
An operations principal is testing whether required records were created on time. For this question, assume:
Exhibit: Equity trade timestamps
Which required SEC Rule 17a-3 record was NOT created/updated within the required timeframe described above?
Best answer: D
Explanation: The next business day after Friday is Monday, but the blotter entry was not made until Tuesday.
SEC Rule 17a-3 requires broker-dealers to make certain core records, including a purchase and sales blotter. Under the control stated in the question, the blotter must be updated by the close of the next business day after trade date. With a Friday trade date and no holidays, the next business day is Monday, so a Tuesday blotter entry is late.
A key SEC Rule 17a-3 concept is that broker-dealers must create (make) and keep current core operational records that evidence their trading activity, such as order memoranda and purchase/sales blotters. Here, the only timing standard you need is provided: the trade blotter must be updated by the close of the next business day after trade date.
The confirmation timing does not control the blotter creation requirement in the fact pattern.
Topic: Professional Conduct
Under FINRA Rule 2210 (Communications with the Public), which statement best defines a retail communication and the firm’s typical operational review touchpoint for it?
Best answer: C
Explanation: Retail communications are broadly distributed to retail investors and typically require registered principal approval prior to first use under the firm’s review process.
Retail communication is the FINRA Rule 2210 category for written or electronic messages distributed broadly to retail investors (more than 25 within a 30-day period). Operationally, these materials are routed through the firm’s communications review workflow and are generally approved by an appropriately registered principal before first use.
FINRA Rule 2210 classifies customer-facing content so firms can apply the right supervision and approval controls. A retail communication is any written (including electronic) communication distributed or made available to more than 25 retail investors within any 30 calendar-day period. Because it can reach many retail customers, the typical operational touchpoint is that the content is submitted through the firm’s advertising/communications review process and approved by a registered principal before first use (with any exceptions handled per WSPs). This contrasts with correspondence (limited retail distribution) and institutional communication (institutional-only audience), which are supervised under different review standards.
Topic: Professional Conduct
A broker-dealer’s WSPs currently cover only outgoing customer account transfers processed through ACATS. Operations is rolling out a new, manual non-ACATS transfer process for securities that are not ACATS-eligible, including a new vendor portal and new authentication/control steps. A supervisor suggests distributing a one-page “job aid” instead of revising the WSPs.
Which action best reflects proper WSP update governance for this change?
Best answer: D
Explanation: A new non-ACATS workflow and controls is a material process change that requires a formally approved, controlled WSP update and communication/training.
A new operational path (non-ACATS) with a new vendor tool and new control steps is a material process change that should be captured in the firm’s WSPs. Proper governance generally includes updating the controlled WSP document, obtaining appropriate supervisory/compliance approval, maintaining version/effective-date controls, and communicating/training the impacted staff before go-live.
WSPs are the firm’s controlled supervisory procedures and should be updated when there is a material change to how a regulated activity is performed or supervised. Adding a non-ACATS transfer path (vs existing ACATS-only processing) introduces a different workflow, different documentation and authentication steps, and often different controls and exception handling; that is a classic trigger for a WSP update even if no new rule was issued.
Good WSP governance typically includes:
Job aids can supplement WSPs, but they should not replace updating the controlled procedure when the underlying process changes.
Topic: Broker-Dealer Operations
An institutional customer calls the trading desk (recorded line) and places an order to buy $2,000,000 par of an OTC corporate bond. To fill the order, the trader immediately buys the same bond and quantity from another dealer and then sells it to the customer at a slightly higher price; the firm does not carry the position in inventory. The trader asks Operations to mark the customer trade as “agency with commission” so the confirmation won’t show a markup. Operations must enter the trade for FINRA reporting and generate the customer confirmation the same day.
What is the single best action for Operations to take?
Best answer: B
Explanation: Because the firm was the counterparty in an offsetting, same-quantity transaction, capacity is riskless principal and the confirmation must disclose principal capacity and remuneration.
In a riskless principal transaction, the firm fills a customer order by executing an offsetting trade and then selling to (or buying from) the customer as principal. That capacity must be reflected consistently on the trade report and the customer confirmation. The confirmation must also disclose the firm’s compensation (e.g., markup/markdown) rather than presenting it as an agency commission.
Trading capacity must reflect the firm’s actual role in the execution because it drives both regulatory reporting fields and what the customer must be told on the confirmation. Here, the firm purchased the bonds from another dealer and then sold to the customer, making the firm the customer’s counterparty even though the street-side trade was immediately offset—this is a riskless principal workflow, not agency.
Operationally, the control is to ensure consistent classification across the order ticket, trade report, and confirmation:
Mislabeling the trade as agency to avoid markup disclosure is a capacity/reporting and disclosure failure.
Topic: Broker-Dealer Operations
A customer emails the cashiering team from an address on file requesting an outgoing wire of $85,000 to a bank account not previously linked to the brokerage account. The account currently has standing instructions only for ACH to a different bank. Your firm’s WSPs state that wire requests cannot be accepted from unsecure email and must be received via an authenticated channel, with out-of-band verification before releasing funds.
What is the best next step?
Best answer: B
Explanation: Unsecure email is not an acceptable instruction method for a new wire; the request must be authenticated using out-of-band verification and captured via an approved channel.
Because the request came via unsecure email and involves a new wire destination, it cannot be acted on as-is. Operations should authenticate the customer using an independent contact method (e.g., callback to the phone of record) and require the instruction to be submitted through an approved method such as a secure portal workflow or properly controlled LOA process. Only after those controls are completed should the wire be released.
The control point here is distinguishing acceptable instruction channels and completing authentication before moving customer funds. Unsecure email—even from an address on file—is high risk for account takeover and typically is not an approved method for wire instructions, especially when the destination is new or differs from standing instructions. The appropriate workflow is to (1) perform out-of-band verification using an established contact path (such as a callback to the phone number of record, not the email thread) and (2) obtain the instruction through an approved authenticated method (e.g., secure client portal with multifactor authentication, or a firm-controlled LOA process that includes signature/identity checks per WSPs). Only then should cashiering set up/validate the destination and release the wire. The key is completing verification and using an approved instruction method before any funds movement.
Topic: Professional Conduct
An operations associate reviews a service ticket for an existing retail customer. Within 30 minutes of a successful web login from a new device and out-of-state IP address, the customer submitted requests to (1) change the account mailing address and mobile number and (2) wire $48,000 to a newly added bank account with same-day processing. The customer is pressuring staff to bypass the usual call-back step due to “travel.”
Which is the primary red flag/control concern under the firm’s Regulation S-ID identity theft prevention program?
Best answer: B
Explanation: Rapid contact-info changes plus an urgent funds transfer and request to bypass verification are classic identity theft red flags requiring heightened authentication/escalation.
Regulation S-ID focuses on detecting and responding to identity theft red flags, especially around account access and movement of funds. A sudden login from a new environment combined with rapid changes to contact details and an urgent wire request—plus pressure to bypass normal controls—signals elevated risk of an impostor attempting an unauthorized transfer. Operations supports the program by applying enhanced verification, placing holds as needed, and escalating per WSPs.
Regulation S-ID requires firms to maintain an Identity Theft Prevention Program that identifies “red flags,” detects them in day-to-day processing, and responds appropriately to prevent and mitigate identity theft. In operations, the highest-risk moments are changes to customer profile data (address/phone/email/bank instructions) paired with requests to move money out quickly.
Here, multiple red flags occur together: access from a new device/location, rapid changes to contact information, addition of new payment instructions, an urgent wire request, and an attempt to bypass call-back verification. The appropriate control concern is identity theft and unauthorized disbursement, so operations should follow WSPs (e.g., out-of-band verification, temporary holds, and escalation to the program owner/AML-fraud team as applicable) and document actions taken. The key takeaway is that S-ID is about recognizing patterns that indicate impersonation, not routine processing delays or generic recordkeeping.
Topic: Broker-Dealer Operations
Your broker-dealer is preparing its month-end FOCUS report as of June 30, 2025. The FOCUS includes a balance sheet that reports “fails to receive” (unsettled purchases that have passed contractual settlement).
Assume U.S. equities settle T+1 and all dates shown are business days. Operations provides the settlement exception summary below (no deliveries were received by close of business on June 30):
What total amount should Operations support for reporting as “fails to receive” on the June 30 FOCUS report?
Best answer: B
Explanation: Only the June 27 purchase has a June 30 contractual settlement date (T+1) and is therefore a fail as of June 30.
The FOCUS report summarizes a broker-dealer’s financial and operational condition, including balance sheet items supported by operational processing data. A purchase becomes a “fail to receive” only after it passes its contractual settlement date. With T+1, the June 27 trade settles June 30, while the June 30 trade settles July 1.
The FOCUS report is the broker-dealer’s periodic financial/operational report to regulators and includes a balance sheet and related schedules (e.g., items that feed net capital and other financial computations). Many balances come directly from operations sources such as clearing/settlement systems, stock record, and exception reports.
Apply contractual settlement date logic (T+1 for U.S. equities):
Therefore, only the $1,200,000 contract value is supported by Operations for the June 30 “fails to receive” balance.
Topic: Broker-Dealer Operations
A FINRA member broker-dealer is updating its written supervisory procedures for SEC Rule 17a-4 record preservation. Which statement is INCORRECT?
Best answer: B
Explanation: Backups do not permit destroying required records before the applicable 17a-4 retention period expires.
SEC Rule 17a-4 requires broker-dealers to preserve specified records for minimum periods and in an accessible manner. Having backups is not a substitute for retaining the official required records for the full retention period. Early deletion of required records violates the preservation requirement even if a backup copy exists.
Under SEC Rule 17a-4, broker-dealers must preserve required books and records for specified minimum retention periods, and they must be able to promptly produce them in a usable form upon request. When records are maintained electronically, the storage system must preserve the records’ integrity (commonly described as write once, read many, or non-rewriteable and non-erasable) and be supported by supervisory controls that prevent improper alteration or destruction. A key operational expectation is that required records are not destroyed before the retention period ends; the firm’s backup or disaster-recovery copies do not make it permissible to delete the required records early. The takeaway is to treat retention periods as minimums and to align electronic storage controls to prevent premature deletion or tampering.
Topic: Broker-Dealer Operations
Which situation is the clearest operational trigger of potential broker-dealer financial stress that should be promptly escalated to the FINOP (or finance leadership) under firm WSPs?
Best answer: C
Explanation: Aged, material fails can create unsecured receivables and capital charges that may reduce net capital, requiring prompt FINOP escalation.
Material, aged settlement fails can create unsecured receivables or loss exposure that may drive net capital charges and signal liquidity stress. Because the FINOP is responsible for monitoring and reporting the firm’s financial and net capital condition, operations should escalate large or worsening fails that could impact net capital per WSPs. The key is the potential to impair the firm’s regulatory financial position, not routine processing volume.
A core escalation trigger for financial stress is an item that can quickly and materially reduce the firm’s regulatory net capital (or signal liquidity strain). Large, aged fails are high-risk because they can turn into unsecured receivables, buy-in exposure, or losses that may require regulatory capital charges and immediate attention. When operations identifies this type of exposure, the appropriate pathway is to escalate promptly to the FINOP/finance leadership (and the designated operations supervisor) so the firm can assess net capital impact, funding needs, remediation (e.g., close-outs/buy-ins), and any required internal or regulatory notifications under WSPs. Routine account transfer mechanics and standard settlement instruction maintenance generally do not indicate firm-level financial stress.
Key takeaway: escalate items that are material and can impair net capital, especially large aged fails.
Topic: Broker-Dealer Operations
An operations analyst reviews the firm’s daily bank-to-GL cash reconciliation on February 5, 2026. Per the firm’s WSPs:
Exhibit: Exception log (cash recon)
Type: Bank wire batch credited at bank, not posted to GL
Amount: $125,000
First observed: Jan 29, 2026
Last action: Feb 3, 2026 (bank confirms credit; internal posting not found)
Similar exceptions (same type): Jan 8, 2026 and Jan 17, 2026
Status: Open
Based on the WSPs and the exhibit, what is the most appropriate action today?
Best answer: A
Explanation: As of February 5 the break is 6 business days old and it is the third similar exception in 30 days, triggering escalation and root-cause analysis with full documentation.
The exception has been open since January 29, which is 6 business days as of February 5 (excluding the weekend), so it exceeds the firm’s 5-business-day escalation threshold. The log also shows two prior similar breaks within 30 calendar days, making this the third occurrence and triggering a documented root-cause analysis process in addition to escalation and ongoing exception documentation.
Reconciliation exceptions should be controlled through an exception record that is updated until the break is resolved (what the break is, when it was identified, aging, investigative steps taken, supporting evidence obtained, and how/when it was cleared). Here, the break’s business-day age is determined from the first observed date: Jan 29 (1), Jan 30 (2), Feb 2 (3), Feb 3 (4), Feb 4 (5), Feb 5 (6), so it is more than 5 business days old and must be escalated per WSP.
Because the same exception type also occurred on Jan 8 and Jan 17, the February 5 item is the third similar exception within 30 calendar days, which requires opening a problem-management ticket and performing root-cause analysis (e.g., interface controls, posting cutoffs, or mapping issues) to prevent recurrence. The key control is not to “force” the recon to balance without a valid resolution path and audit trail.
Topic: Professional Conduct
A broker-dealer’s corporate actions team receives a request from an issuer’s proxy solicitor for the names and addresses of all beneficial owners of the issuer’s common stock held in street name at the firm. The request asks for a “NOBO list” and also asks that the firm include customers who have elected to be OBO. The firm’s new account records include each customer’s OBO/NOBO election.
What is the best next operational step?
Best answer: A
Explanation: NOBO information may be shared for issuer communications, but OBO identities must not be disclosed and communications must be forwarded through the intermediary.
OBO/NOBO status determines whether the firm can disclose beneficial owner identity information for issuer communications. For NOBO customers, the firm can provide the requested list to support shareholder communications. For OBO customers, the firm must not release identifying information and instead supports communications by forwarding materials through the intermediary process.
The operational control point is handling a third-party information request while honoring customers’ OBO/NOBO elections and privacy obligations. A NOBO (non-objecting beneficial owner) has permitted the broker-dealer to disclose their name/address to the issuer (typically via the issuer’s agent) for shareholder communications such as proxies. An OBO (objecting beneficial owner) has elected not to have identifying information released; the firm can still facilitate issuer communications by forwarding materials to OBOs, but the issuer/solicitor should not receive OBO identities from the broker-dealer.
In this workflow, the appropriate sequence is:
Key takeaway: NOBO allows disclosure for issuer communications; OBO requires nondisclosure and intermediary forwarding.
Topic: Professional Conduct
A broker-dealer uses a third-party bank to process customer check disbursements and ACH transfers. The bank receives customer nonpublic personal information (NPI) and access to payment instructions. Which statement about vendor controls and documentation is INCORRECT?
Best answer: C
Explanation: Oversight must include documented review/assessment and ongoing monitoring, not just receipt of a SOC report.
When a third party handles customer funds or NPI, the broker-dealer remains responsible for supervising the activity. Controls typically include documented due diligence, contractual protections, and ongoing monitoring of performance and security. Simply obtaining a vendor report without documenting review and follow-up does not demonstrate effective oversight.
Vendor oversight is a control framework the firm uses to manage risks when a third party can move customer money, hold securities, or access customer data. The firm should maintain documentation that it (1) performed initial due diligence (e.g., financial condition, controls environment, cybersecurity, BCP), (2) set expectations in the contract (e.g., SLAs, confidentiality, incident notice, audit rights), and (3) conducts ongoing monitoring (e.g., periodic control/report reviews such as SOC reports, exception trend reviews, and documented remediation tracking). Receiving a SOC report can be an input to oversight, but the firm must evidence that it reviewed, evaluated, and acted on the results as needed.
Topic: Broker-Dealer Operations
A broker-dealer’s OMS-to-TRF interface is down. To meet reporting cutoffs, the trading desk emails Ops a spreadsheet of executed equity trades and asks Ops to manually key each trade into the trade reporting system and the clearing trade entry screen.
Which is the primary operational risk/red flag and control concern in this situation?
Best answer: A
Explanation: When executions are manually re-entered from a spreadsheet, the main risk is trade capture/reporting errors unless independently matched to the authoritative blotter/confirm details.
Re-keying trades from an emailed spreadsheet introduces a high likelihood of classic trade errors (wrong security, price, quantity, account, or capacity) and downstream corrections. The key control concern is ensuring an independent validation of each manually entered trade against an authoritative source (e.g., execution reports/blotter) before reporting and sending to clearing.
The core issue is trade capture integrity: when system interfaces fail and staff manually re-enter trades, “fat-finger” and misallocation errors become more likely (wrong symbol, quantity, price, account, or capacity). Those errors can create inaccurate trade reports and incorrect clearing submissions, leading to DKs, comparisons breaks, and time-consuming as/of or cancel/correct activity.
A practical control response is to require independent verification before submission, such as:
Privacy and settlement risks may exist in some workflows, but the primary red flag here is the elevated probability of trade input/reporting errors caused by manual re-keying.
Topic: Professional Conduct
A broker-dealer’s WSP requires Operations to escalate an outgoing wire request for additional review if it is for ,000 or more and is submitted within 10 calendar days after the most recent change to the account’s email, phone, address, or bank instructions.
Exhibit: Account activity log (all dates 2026)
02/03 Address updated (online)
02/09 Email updated (online)
02/14 Outgoing wire requested: $12,000
Destination: Third-party name (not on file)
Based on the WSP, what is the most appropriate operations action?
Best answer: D
Explanation: The wire is ,000+ and was requested 5 calendar days after the most recent profile change (02/09 to 02/14).
The request meets the firm’s escalation trigger because it is an outgoing wire of at least ,000 and it occurs within 10 calendar days of the most recent account-profile change. Computing from the latest change date (02/09) to the wire request (02/14) gives 5 calendar days, so the request should be routed for additional review.
Operations red flags often combine a high-risk movement of funds with a recent change to key customer identifiers, which can indicate account takeover. The WSP here defines a specific control: escalate if an outgoing wire ,000 or more is requested within 10 calendar days of the most recent change to email, phone, address, or bank instructions.
To apply it:
Because 5 10 and the amount threshold is met, the request should be escalated for review (e.g., enhanced authentication/callback per WSP) rather than processed straight-through.
Topic: Professional Conduct
Within a broker-dealer, what is the primary purpose of segregating cashiering functions (e.g., moving funds) from recordkeeping and reconciliation functions?
Best answer: C
Explanation: Separating custody/movement of assets from recording and reconciling creates independent verification that deters and detects fraud and errors.
Segregation of duties is a core internal control that prevents one person or team from both initiating/processing asset movements and also recording and reconciling those same transactions. This separation creates independent checks that make it harder to misappropriate funds or securities and then hide the activity in the books and records.
Segregation of duties is designed to reduce the opportunity for fraud and to improve error detection by ensuring that key steps in a process are performed by different people or groups. In broker-dealer operations, the highest-risk conflicts involve (1) custody or movement of customer assets, (2) authorization/approval, (3) recordkeeping, and (4) reconciliation/exception review. If the same individual can move money and also post the journal entries and clear reconciliation breaks, they could misappropriate assets and conceal it. By separating cashiering from recordkeeping and reconciliation, the firm creates independent verification and a clear audit trail so exceptions are more likely to be identified and escalated under WSPs.
Topic: Professional Conduct
A broker-dealer’s operations group is rolling out a new customer feature that allows standing instructions to transfer cash to an external bank using a new fintech vendor’s API. The workflow changes how customer bank details are collected, stored, and who can edit them.
Which action best aligns with durable supervision and control standards for WSP governance?
Best answer: A
Explanation: Material process and NPI-handling changes should trigger a pre-implementation WSP update with documented review, approval, training, and an effective date.
A new workflow that changes how customer bank information is collected, stored, and edited is a material process change affecting safeguarding of NPI and supervisory controls. That should trigger a governed WSP update before implementation, including documented review/approval, role-based control expectations, training, and an effective date. This creates auditable supervisory guidance and helps prevent inconsistent practices across teams.
WSPs should be updated when there are material changes to the firm’s business, products, systems, vendors, or processes—especially when the change affects customer protection controls (like who can change standing instructions) or how NPI is captured and stored. Good WSP governance is not ad hoc messaging; it is a documented change-management workflow that ensures procedures are current, reviewed by the right control functions, and implemented consistently.
A durable approach is:
This reduces operational risk and supports supervision, auditability, and consistent customer handling.
Topic: Broker-Dealer Operations
An operations associate receives a service ticket to add a new external bank and wire out the full cash balance from an existing retail account. The account had an address and phone change submitted online yesterday, and today the customer failed additional identity-verification questions; the new bank account name does not exactly match the brokerage account name. Per the firm’s WSPs, these are treated as potential account-takeover red flags.
What is the best next step?
Best answer: B
Explanation: Potential account-takeover indicators require restricting activity and escalating per WSPs before releasing funds.
The combination of recent profile changes, failed identity verification, and a mismatched bank-name is a common reason to restrict account activity due to suspected fraud or identity concerns. The operational control is to place a temporary hold (at least on disbursements) and escalate to the designated fraud/AML/compliance reviewers under the firm’s WSPs before acting on the wire request.
This scenario presents classic account-takeover red flags (rapid contact changes, failed identity checks, and third-party/bank-name mismatch). Operations should not “cure” these issues by simply taking an inbound call or pushing the transaction through. The correct workflow is to restrict the relevant account activity (typically disbursements) to prevent loss, then escalate promptly to the firm’s fraud/AML/compliance channel for investigation and documented approval before any funds are released.
Typical next steps under WSPs include:
Key takeaway: when identity or fraud concerns exist, restrict first, then investigate and approve; do not process the disbursement while the risk is unresolved.
Topic: Broker-Dealer Operations
A customer emails the broker-dealer’s service inbox stating: “I did not authorize the purchase of 5,000 shares of ABC in my account last week. Reverse the trade and refund all charges.” The assigned registered representative tells Operations, “This is just a service issue—please handle it and don’t enter it into the complaint log or forward it to Compliance since we’ll fix it quickly.”
What is the primary operations risk/control concern raised by the representative’s request?
Best answer: C
Explanation: The email is a written customer complaint alleging unauthorized activity and must be logged/retained and escalated for assessment of reporting obligations.
A customer email alleging an unauthorized trade is a written complaint that must be captured in the firm’s complaint records and preserved under books-and-records controls. Routing it to Compliance is a key control so the firm can evaluate required reporting and supervisory follow-up. Treating it as a “service issue” to avoid the log creates a books-and-records and reporting risk.
The core issue is complaint recordkeeping and escalation. A written customer communication (including email) that expresses dissatisfaction and alleges wrongdoing—such as an unauthorized trade—must be treated as a written customer complaint. Operations should ensure the firm:
This control matters because complaint records are part of the broker-dealer’s required books and records and are commonly used to determine whether additional actions are required (e.g., internal investigation, supervisory response, and any applicable external reporting). A request to “fix it quickly” does not eliminate the obligation to maintain the complaint record.
Topic: Broker-Dealer Operations
A trade surveillance analyst asks operations what the term “inside market” means on a market data screen used to review executions and potential trade reporting issues. Which description correctly matches this feature?
Best answer: D
Explanation: The inside market is the best (highest) bid and best (lowest) offer available among quoted markets.
The inside market refers to the best prices currently available to trade: the highest bid and the lowest ask across markets. Operations uses this concept when reviewing whether an execution occurred at an expected price level relative to prevailing quotes.
“Inside market” (also called the NBBO conceptually) describes the best available quoted prices at a point in time: the highest bid (best bid) and the lowest ask (best offer) across all markets displaying quotes. It is quote information, not trade information. In operations and trade reporting reviews, comparing an execution price to the inside market can help identify potential issues such as executions that appear away from prevailing quotes (which may require investigation, correction, or escalation depending on firm procedures). By contrast, “last sale” is a trade print, “ask” is only one side of the quote, and “spread” is a derived value from the bid and ask.
Topic: Professional Conduct
An operations team processes ACATS transfer forms that include customer Social Security numbers and bank account details (NPI). The forms are received electronically and sometimes printed for exception research. Which of the following practices is NOT an appropriate safeguard for protecting this customer information?
Best answer: D
Explanation: Shared credentials reduce accountability and weaken access controls over NPI.
Common safeguards for customer information include administrative controls (least-privilege access and periodic reviews), technical controls (encryption), and physical controls (locked storage and secure destruction). Using shared credentials undermines individual accountability and makes it harder to control, monitor, and investigate access to NPI.
Protecting customer information in a broker-dealer environment relies on layered safeguards that limit who can access NPI, how it is transmitted/stored, and how physical records are controlled. Appropriate safeguards include administrative measures like role-based access and periodic entitlement reviews, technical measures like encryption for data in transit and at rest, and physical measures like locked storage and secure shredding of paper containing NPI. Allowing multiple employees to use a shared mailbox with a common password defeats user authentication and audit trails, making it difficult to attribute access, detect misuse, and enforce least privilege. The key takeaway is that controls should be tied to identifiable users and monitored, not shared for convenience.
Topic: Professional Conduct
A firm’s operations team receives a call from an IRA customer who says she never authorized today’s $48,000 wire disbursement and alleges her registered rep “must have changed the bank instructions.” The wire was processed at 3:40 p.m. based on an emailed instruction that came from the rep’s internal email (not from the customer), and the destination bank was added to the account earlier the same day. The firm’s WSPs require same-day notification to Compliance for any allegation of theft, misappropriation, forgery, or unauthorized disbursement because it may trigger FINRA Rule 4530 reporting. What is the single best action for operations to take now?
Best answer: A
Explanation: An allegation of unauthorized disbursement with suspicious instruction sourcing is a red-flag event requiring immediate internal escalation and complaint capture for potential Rule 4530 reporting.
The customer’s allegation of an unauthorized wire tied to a rep-sourced email and same-day bank change is a serious red-flag event, not routine service. Operations should follow WSP escalation controls by promptly notifying Compliance and ensuring the matter is captured as a complaint/event for potential FINRA Rule 4530 reporting. Placing a hold helps prevent additional loss while the review proceeds.
FINRA Rule 4530 focuses on timely reporting of certain events to FINRA, and firms typically operationalize this through WSPs that require immediate internal notification when red flags arise. Here, the allegation involves an unauthorized disbursement and potential misappropriation/forgery, combined with control weaknesses (instruction originated from the rep’s email, and bank instructions were changed the same day), which makes same-day escalation appropriate.
Operationally, the best control sequence is:
The key takeaway is that operations should not “finish processing” or wait for a completed investigation before notifying Compliance when WSP-defined 4530-triggering red flags are present.
Topic: Broker-Dealer Operations
Your firm reported an OTC corporate bond trade to TRACE. Thirty minutes later, a trader emails Operations stating the reported quantity was entered as 1,000 bonds instead of 100 and asks you to “just change it in the system.”
Per the firm’s WSPs, all trade-report corrections must be supervisor-approved and supported by documentation that preserves an audit trail of the original and corrected report. What is the best next step?
Best answer: D
Explanation: This sequence preserves the original record and creates documented, approved support for the correction, maintaining an audit trail.
Trade-report corrections must be processed in a way that preserves an auditable history of what was originally reported, why it changed, and who approved the change. The proper workflow is to document the error and supporting details, obtain the required supervisory approval, and then submit the correction using the reporting system’s cancel/correct functionality so the original and corrected submissions are traceable.
For trade reporting and corrections, the control objective is a complete audit trail: the firm should be able to demonstrate the original submission, the corrected submission, the reason for the change, the requester, the approver, and when each action occurred. Operationally, that means you should not “overwrite” or delete the original record to make it look like it was always correct. Instead, follow WSPs by opening a correction record (ticket/case), capturing key fields from the original report (and the support for the correction), routing for the required supervisory approval, and then transmitting the correction via the reporting system’s standard correction method (e.g., cancel/correct). The closest trap is trying to fix it fastest by editing in place, which weakens the audit trail.
Topic: Broker-Dealer Operations
An operations analyst is reviewing whether a reported customer equity trade price appears reasonable compared with market data at the time of execution.
Exhibit: Market data snapshot (same second as execution)
| Field | Value |
|---|---|
| Best bid | 24.10 x 500 |
| Best offer | 24.12 x 700 |
| Last sale | 24.11 |
Which statement about the quotation terms shown is INCORRECT?
Best answer: C
Explanation: A bid is a displayed buying interest (the price a buyer is willing to pay), while the offer/ask is where a seller is willing to sell.
Bid and offer quotes represent actionable buying and selling interest, and the inside market is the best bid and best offer available at that moment. The last sale is simply the most recent reported trade and can differ from the current quotes. The incorrect statement reverses what the bid represents.
In U.S. equity market data, the inside market (often referenced as the NBBO when consolidated) is the highest displayed bid and the lowest displayed offer across venues at that time. The bid reflects the best price someone is willing to pay to buy shares; the offer (ask) reflects the best price someone is willing to accept to sell shares. The “last sale” is the most recently reported trade price and is not the same as the current bid/ask, especially in fast markets. When operations compares an execution to quotes for reasonableness, a customer buy is typically evaluated against the offer side of the market at the relevant time (recognizing executions can occur at prices that reflect available liquidity and routing).
Topic: Broker-Dealer Operations
It is 4:30 p.m. ET on the last business day of the month, and the broker-dealer’s net capital computation and FOCUS filing are scheduled for the next morning. You see an email from Accounts Payable stating the CFO gave a verbal instruction to “hold” a \$180,000 vendor invoice for cloud services (service period already ended) until next week because “it will pressure net cap,” and to “book it next month when the invoice is finalized.” Under the firm’s WSPs, material journal entries affecting regulatory reporting must be supported, entered promptly, and escalated to the FINOP if there is a dispute.
What is the single best action for an operations professional to take?
Best answer: A
Explanation: Delaying a known liability to improve net capital is a financial-reporting red flag; the proper control is timely recording and escalation per WSPs.
The request to delay a known expense to avoid “pressuring net cap” is a red flag for misstating regulatory reporting through delayed or concealed entries. The best control response is to follow WSPs: record a supportable accrual promptly and escalate the issue to the FINOP/compliance for review before regulatory reporting is finalized.
Operations staff should treat instructions to defer, backdate, or reclassify entries for the purpose of improving regulatory metrics (e.g., net capital) as potential prohibited activity and an escalation event. If the service period has ended and the amount is reasonably estimable, the books used to prepare the net capital computation and FOCUS report should reflect an appropriate accrual rather than intentionally omitting the liability. The control response is to document the basis for the estimate, record the entry promptly under normal books-and-records processes, and escalate the conflict to the FINOP/compliance per WSPs so the regulatory filing is not based on knowingly incomplete or misleading records. The key takeaway is that “we’ll book it next month” to manage net capital is not a permissible operational workaround.
Topic: Broker-Dealer Operations
A broker-dealer operations associate is reviewing the following inbound message that was opened as a service case.
Exhibit: CRM case + customer email (excerpt)
Case type: Trade dispute
Channel: Email
From: jane.doe@email.com (customer)
Date: Jan 10, 2026
Subject: Unauthorized trade in my account
Message: "I did NOT approve the sale of 200 shares of XYZ on Jan 9. Please reverse the trade and
reimburse any losses. My rep placed this without my permission."
Rep mentioned: M. Smith
Which interpretation is best supported by the exhibit and baseline broker-dealer recordkeeping expectations?
Best answer: A
Explanation: An email alleging an unauthorized trade by a named rep is a written customer complaint that must be captured in complaint records and evaluated for any required regulatory reporting.
The exhibit is a customer’s written communication (email) alleging a grievance—an unauthorized trade—and identifying an associated person. That makes it a written customer complaint that the firm must preserve in its complaint records. Because certain complaint allegations can trigger regulatory reporting obligations, the case should be escalated to the group responsible for determining reportability.
Written customer complaints include written (including electronic) communications from a customer alleging a grievance about the firm’s business activities or an associated person. The email shown alleges an unauthorized trade and names the representative, so operations should ensure it is captured in the firm’s complaint files/log and preserved under the firm’s books-and-records retention requirements.
Operationally, complaint recordkeeping and reporting intersect because some complaints (based on allegation type, involved person, and other facts) may require regulatory reporting or internal filings. Operations typically routes the complaint and supporting documentation (the original email and case data) to Compliance/Supervision for investigation, disposition, and any required external reporting or registration updates.
Topic: Broker-Dealer Operations
A customer calls the broker-dealer’s operations desk and states they did not place or authorize a buy of 1,000 shares of XYZ that is currently booked in their account. The trade has already executed and the firm is investigating how the trade was misbooked.
Which statement about using an error account is INCORRECT?
Best answer: D
Explanation: Error accounts are firm accounts used to hold and track firm error positions and related P&L, not customer accounts.
Error accounts are firm-controlled accounts used to record and resolve trades that resulted from processing or execution mistakes, including positions temporarily held while the firm corrects a misbooking. When a trade is identified as erroneous for a customer, operations can move it out of the customer account and into the firm’s error account to prevent customer impact while resolution occurs.
An error account is an internal firm account used to isolate and track positions and cash differences created by trading/booking mistakes (for example, a trade allocated to the wrong customer or an unauthorized trade posted to a customer account). When the firm identifies the error, operations typically removes the position from the impacted customer account and moves it to the firm’s error account so the firm—not the customer—bears the position and any market movement while the issue is investigated and corrected.
Error accounts are control points, not “parking” places for customer positions. They should be subject to supervision: aging, documentation of the error and correction, approval/escalation, and reconciliation so errors are resolved and not used to obscure activity or P&L.
Topic: Broker-Dealer Operations
A customer calls to update her legal name on an existing brokerage account due to marriage and asks that future checks and account statements reflect the new name. Which account maintenance documentation best matches this request before the firm updates its records?
Best answer: C
Explanation: A legal name change requires firm documentation (e.g., marriage certificate/court order) before updating customer records and disbursement/statement name fields.
Changing the registered (legal) name on an account is a record-maintenance event that typically requires the firm to obtain and retain evidence of the legal name change before updating systems that drive statements and check registrations. This is distinct from transfer-related signature authentication, tax certification refreshes, or suitability/profile updates.
The core control in account maintenance is that material changes to a customer’s identifying information must be supported by appropriate documentation and reflected consistently across the firm’s books and records (e.g., account registration, statements, and check payee setup). A legal name change is an identity/registration update, so operations should require a firm name-change request plus supporting legal documentation (such as a marriage certificate or court order) before updating the account. This creates an audit trail and helps prevent unauthorized changes.
By contrast, a medallion signature guarantee is generally used to authenticate signatures for certain securities movements/transfer agent instructions, not as the standard documentation trigger for updating an account’s name. Tax forms and investment profile updates are triggered by changes to tax status/withholding or customer financial/suitability information, not simply by a name change.
Topic: Broker-Dealer Operations
At month-end close (today, 5:00 p.m. ET), an introducing broker-dealer reviews retail cash-account trades and sees customers were charged both a commission and separate line-item regulatory pass-through fees (SEC fee and FINRA TAF). The general ledger currently posts the total customer charge to “Commission Revenue,” with a month-end journal entry to record “Regulatory Fees Expense” when the firm remits amounts to its clearing firm. The FINOP notes that regulatory assessments and FOCUS reporting use gross revenue classifications and wants the most appropriate accounting control to avoid misstatement.
What is the single best action?
Best answer: D
Explanation: Pass-through regulatory fees are not earned revenue and should be recorded as a payable until remitted, while commissions are recognized as revenue when earned (typically trade date).
Commissions are earned by the broker-dealer for executing the trade and are typically recognized on trade date. Regulatory pass-through charges (e.g., SEC fee, FINRA TAF) are collected on behalf of others and should be recorded as a liability payable, not as revenue. Correct classification matters because gross revenue line items feed regulatory reporting and assessment calculations even if net income would be the same.
The core issue is distinguishing earned revenue from amounts collected on behalf of third parties. Trade commissions represent compensation for services and are generally recognized as revenue when the service is performed (commonly on trade date). In contrast, SEC fees and the FINRA TAF are pass-through regulatory charges; the firm has an obligation to remit them, so they should be recorded as a liability (fees payable) when billed/collected and relieved when remitted.
A practical control is:
This avoids overstating gross revenues and misclassifying liabilities as operating results for FOCUS and regulatory assessments.
Topic: Broker-Dealer Operations
During month-end net capital preparation, a FINOP questions why the general ledger shows no receivable for a large corporate bond delivery. Operations reviews the settlement instruction and confirms it was sent as “free delivery” (securities delivered with no simultaneous cash movement), but the trade/settlement record was coded in the books as “DVP.”
Which statement correctly contrasts DVP vs free delivery in a way that drives accurate books and financial reporting?
Best answer: B
Explanation: Free delivery creates an unsecured receivable exposure that must be recorded, while DVP settles versus payment and typically does not leave a standalone due-from balance.
DVP (delivery versus payment) is designed so securities are delivered only against payment, which generally avoids leaving an open unsecured receivable on the books. Free delivery sends securities without simultaneous funds, so accurate books and records require recording and aging a due-from/receivable. Mis-coding the settlement type can understate receivables and overstate regulatory capital measures derived from the trial balance.
Books and records feed the firm’s trial balance, which in turn supports regulatory financial reporting (e.g., net capital computations and FOCUS reporting). DVP transactions are structured to exchange securities and money together at settlement, so the accounting typically clears without leaving an open “due from” balance.
Free delivery means the firm delivers securities without receiving funds at the same time, creating an open exposure that must be captured as a receivable (and monitored/aged). A common error source is incorrect settlement-type coding (DVP vs free), which can suppress required receivable postings, distort fail/receivable aging, and misstate regulatory calculations that rely on accurate asset classification.
Topic: Broker-Dealer Operations
An operations principal is reviewing whether a U.S.-listed equity short sale met Reg SHO’s locate requirement. The order is not marked long and there is no exemption noted.
Exhibit: Order record (partial)
Order ID: 874221
Acct: MM-32 (proprietary)
Symbol: QRS
Side/Mark: Sell Short
Qty: 10,000
Order Time: 10:14:08 ET
Execution Time: 10:14:10 ET
Locate Method: ETB list
ETB List Version Used: 2026-02-15 10:00 ET
Pre-borrow Flag: N
Based on the exhibit, which interpretation is best supported?
Best answer: B
Explanation: Using a current easy-to-borrow list as of a time prior to the short sale is a common way to evidence “reasonable grounds to believe” for Reg SHO locate.
Reg SHO generally requires a broker-dealer to have reasonable grounds to believe it can borrow the security before effecting a short sale, and that determination must be documented. The exhibit shows the order was marked short and relied on an easy-to-borrow (ETB) list version timestamped prior to the order/execution, which is evidence supporting the locate control.
Under Reg SHO’s locate requirement, before effecting a short sale in an equity security, the broker-dealer must have “reasonable grounds to believe” the security can be borrowed and delivered on settlement, and must document how that conclusion was reached. One common, operationally acceptable form of evidence is reliance on the firm’s easy-to-borrow (ETB) list that is generated/updated based on securities lending availability.
Here, the exhibit shows the order is marked “Sell Short” and the “Locate Method” is “ETB list,” with an ETB list version timestamped earlier than the order and execution times. That supports the interpretation that a locate determination existed prior to execution. A locate record is not the same as proof of an executed borrow; pre-borrowing is a separate control that may be required only in specific situations.
Topic: Broker-Dealer Operations
Which statement best describes how margin interest is typically computed, posted, and displayed on a customer’s brokerage statement?
Best answer: B
Explanation: Margin interest is generally calculated each day based on the account’s settled debit and then posted to the account (and shown on the statement) as a margin interest charge for the period.
Margin interest is a financing charge on a customer’s debit balance. Firms typically accrue it daily (using the day’s settled debit balance) and then post it to the account on a periodic cycle, where it appears on the statement as a margin interest/interest-on-debit charge for that statement period.
Margin interest reflects the cost of borrowing from the broker-dealer and is tied to the customer’s debit balance, not to trade activity labels or the market value of securities. Operationally, firms typically compute interest by accruing it each day based on the settled margin debit balance (often using a 360-day year convention) and then posting the accumulated amount to the account on a periodic schedule (commonly monthly). On customer statements, this shows up as an interest charge for the statement period (often described as “margin interest” or “interest on debit balance”) and reduces equity like any other debit item. The key control point is that the charge is driven by the debit financing balance, not by purchases, market value, or maintenance call status.
Topic: Broker-Dealer Operations
Operations is updating controls for a retail brokerage platform. The control is described as: “When the firm first opens a retail customer’s account (or before making a recommendation), the system must deliver the firm’s relationship summary and retain evidence that delivery occurred (paper mailing record or electronic delivery audit trail).”
Which operational requirement does this control most directly support?
Best answer: B
Explanation: Form CRS must be delivered to retail investors at required touchpoints, and the firm should retain evidence of delivery.
The described control is about providing the relationship summary to a retail investor and keeping proof it was delivered. That is a core operational touchpoint for Form CRS and aligns with Reg BI’s emphasis on appropriate disclosure delivery processes and supervision. The key operational element is maintaining auditable delivery evidence (mailing or e-delivery logs).
Form CRS (the relationship summary) is a required disclosure for retail investors and has specific delivery touchpoints, such as at account opening and before or at the time of a recommendation (depending on the interaction). From an operations perspective, the critical control is not just producing the document, but being able to demonstrate delivery during an exam through retained evidence (e.g., mailing records, electronic delivery consent plus timestamped audit logs, or a system-of-record flag tied to the specific Form CRS version delivered). The stem’s feature—delivery plus delivery-evidence retention—matches this Form CRS/Reg BI operational requirement rather than trade reporting or trade correction workflows.
Topic: Broker-Dealer Operations
Which statement best describes a riskless principal transaction and how it affects capacity reporting and customer disclosure?
Best answer: B
Explanation: In riskless principal, the firm fills the customer order with an offsetting trade and reports principal capacity while disclosing compensation as a markup/markdown (not a commission).
Riskless principal means the firm executes an offsetting market trade to fill the customer order and does not take meaningful market risk. Even though the firm is “flat” economically, the trade is reported in principal capacity. On the customer confirmation, the firm discloses it acted as riskless principal and shows compensation as a markup/markdown rather than a commission.
Trading capacity describes whether the broker-dealer acted as an agent for the customer or as a counterparty to the customer. In a riskless principal transaction, the firm executes an offsetting purchase or sale to fill the customer order (typically contemporaneously) and is economically neutral, but it still acts as the customer’s counterparty.
Operationally this drives two key outputs:
The common pitfall is treating “no market risk” as “agency,” even though the firm is on the other side of the customer trade.
Topic: Professional Conduct
An operations principal receives a customer complaint that an IRA account’s email address was changed and a third-party wire was submitted the same day. The service team notes the email change was requested through a scanned LOA sent from a free email address, and the firm’s chat system auto-deletes messages after 30 days. A registered rep then messages the operations principal on the firm chat saying the customer “will drop it” and asks that the wire ticket be “cleaned up” before Compliance reviews it.
What is the single best action the operations principal should take to preserve records and evidence during the escalation?
Best answer: C
Explanation: A documented hold with capture of original communications and audit trails preserves evidence integrity and prevents routine deletion or alteration during review.
When a complaint suggests potential unauthorized activity, the priority is preserving a complete, tamper-evident record set. That means promptly placing a hold to stop auto-deletion and capturing original-source records (including metadata like email headers and audit trails) with controlled access. This creates reliable evidence for Compliance/Legal review and demonstrates sound supervisory controls.
Record preservation during an escalation is about maintaining integrity, completeness, and traceability of evidence. Here, there are multiple red flags (free-email LOA, same-day profile change and wire, and a request to “clean up” a ticket) plus a known deletion risk (chat retention). The best operational control is to open a formal escalation and immediately preserve records in a non-editable manner while preventing routine purges.
Key preservation steps typically include:
The key takeaway is to preserve original records and audit logs before anything can be altered or automatically deleted.
Topic: Broker-Dealer Operations
A customer’s full ACATS transfer has a status of “Completed.” Two business days later, the relinquishing firm receives (1) a $38.64 dividend on a transferred stock and (2) 15 additional shares from a late issuer reorganization allocation. An operations analyst asks how these post-transfer items should be processed and monitored.
Which statement correctly distinguishes residual credit processing from residual transfer processing in this situation?
Best answer: A
Explanation: Cash residuals are handled as residual credits, while late-arriving positions are residual transfers that must be swept/delivered and monitored to completion.
Residual credit processing covers cash that posts after an ACATS transfer completes, such as dividends and interest that must be forwarded to the receiving firm/customer. Residual transfer processing covers securities positions that post after completion, such as late reorganization shares, which must be moved via an eligible residual mechanism or an appropriate manual delivery method. Both require monitoring (queues/reports/reconciliations) until the customer receives the full entitlement.
After an ACATS transfer is marked completed, activity can still hit the relinquishing firm because of timing differences (late corporate actions, interest/dividend payable dates, corrected allocations, late-settling activity). Operations typically separates these into two workflows.
The control point is classifying the residual as cash vs. position and ensuring it is tracked to resolution.
Topic: Broker-Dealer Operations
You are reviewing your firm’s daily DTC fail aging report on June 6, 2024 for U.S. equity trades (regular-way T+1).
Exhibit: Fail aging report (line item)
As-of: 06/06/2024
Symbol/CUSIP: XYZ / 12345XAB1
Trade Dt: 06/03/2024 Settle Dt: 06/04/2024
Side: BUY Qty: 10,000 Process: CNS Location: DTC
Fail Flag: FTR (Fail to Receive) Age: 2
Compare Status: Matched
Memo: Contra delivery shortage / no shares delivered
Which interpretation is supported by the exhibit?
Best answer: A
Explanation: The record shows a matched CNS buy with an FTR due to no shares delivered, aged 2 business days past the contractual settlement date.
The exhibit explicitly identifies the item as an FTR (fail to receive) on a buy in CNS at DTC, with compare status already matched. The “Age: 2” ties monitoring/aging to days past the contractual settlement date shown (06/04/2024), and the memo supports a common cause: the contra did not deliver shares (shortage).
Fails are typically tracked on daily exception/aging reports and aged from the contractual settlement date for the transaction. Here, the trade is a BUY that is already matched and processed through CNS at DTC, but it is flagged as FTR with a memo indicating no shares were delivered by the contra (a common fail-to-receive cause, such as a position/stock shortage on the delivering side). The “Age: 2” aligns with the as-of date being two business days after the settle date shown.
Key takeaway: a matched trade can still fail; matching addresses compare risk, not delivery completion.
Topic: Broker-Dealer Operations
A customer emails the broker-dealer’s cashiering team requesting an $85,000 same-day wire to a new bank account not previously on file. The email comes from the customer’s address of record and includes a voided check image. The firm’s WSPs require out-of-band verification for (1) any change to wire instructions and (2) any third-party or non-on-file destination, plus dual approval before release.
Which action best aligns with durable operational controls for moving customer funds?
Best answer: C
Explanation: A wire to new instructions is high risk and should be released only after out-of-band authentication and dual control per WSPs.
Wires are an irreversible, high-risk method of moving customer funds, so firms typically require stronger authentication and dual control—especially when the destination is new or not on file. Following WSP-required out-of-band verification using the phone number of record helps prevent social engineering and protects customer assets. Dual approval supports segregation of duties and record integrity for cashiering releases.
The core control for customer fund disbursements is verifying that the request is authentic and authorized before releasing money. A request to send a wire to new or non-on-file instructions is a common fraud scenario (email compromise, spoofing, altered payee details), so durable standards include out-of-band verification (using contact information already on file), adherence to WSP documentation requirements (e.g., maintaining the request and verification evidence), and dual control to reduce single-person override risk.
In practice, operations should:
The key point is that “email from the address of record” and a voided check image are not, by themselves, sufficient controls for releasing a wire to new instructions.
Topic: Broker-Dealer Operations
A broker-dealer borrows shares to cover a customer’s short sale. The stock loan is agreed on a fee basis (no rebate).
Exhibit: Stock loan terms (summary)
Security: ABC
Collateral: 102% cash
Mark-to-market: daily
Borrow fee: 12% annualized, accrues daily
Billing: monthly in arrears
Which statement about the borrow fee and collateral process is INCORRECT?
Best answer: A
Explanation: In a fee-based stock loan, the borrower pays the lender the borrow fee; the lender does not pay it to the borrower.
In a fee-based stock loan, the economic cost of borrowing is a borrow fee paid by the borrower to the lender, accrued daily and typically settled/billed periodically. Separately, cash collateral is maintained as a percentage of the loan’s market value and is marked-to-market, driving collateral calls or returns as prices move.
Stock loans have two core operational cash flows: (1) collateral movements based on daily mark-to-market and an agreed collateral percentage, and (2) financing/fee economics settled separately. Under the stated terms, the borrower posts 102% cash collateral and the parties mark the loan to the current market value each day; price increases create a collateral deficit and a call, while price declines can create excess collateral to be returned. Because the loan is explicitly “fee basis (no rebate),” the borrow fee is a cost to the borrower that accrues daily (based on the loan’s market value and agreed rate) and is billed/settled per the billing cycle. The key takeaway is that collateral maintenance and borrow-fee settlement are distinct processes, and the direction of the borrow fee payment depends on whether the loan is fee-based or rebate-based.
Topic: Professional Conduct
A broker-dealer is comparing two entitlement approaches for its trade correction and cashiering platforms.
Which choice correctly identifies the decisive differentiator that aligns with least privilege and how entitlements should be reviewed and updated?
Best answer: D
Explanation: Role-based entitlements plus regular manager attestations and joiner/mover/leaver updates best enforce least privilege over time.
Least privilege is best supported when access is tied to job-function roles and is actively governed over time. A strong entitlement program includes documented approvals and periodic re-certification so access remains appropriate as employees change roles or leave. Ad hoc “copy a user” access without reviews tends to accumulate excessive permissions.
Entitlement policy is about controlling who can do what in firm systems and proving it stays appropriate. Role-based access control (RBAC) assigns access through standardized roles (groups) aligned to job duties, which supports least privilege because each role is designed to include only the minimum permissions needed.
How entitlements are reviewed and updated typically includes:
Copying another user’s access without periodic review is a common control weakness because it can propagate inappropriate permissions and leave excess access in place.
Topic: Broker-Dealer Operations
A broker-dealer’s trade support team reviews two new equity purchase orders where the customers do not have enough fully paid cash on hand.
Exhibit: Account profiles (all amounts USD)
| Account | Account type | Funds/Equity available | Order instruction |
|---|---|---|---|
| 12AB | Cash | $2,000 cash | Buy $10,000 of XYZ |
| 34CD | Margin | $2,000 equity | Buy $10,000 of XYZ using margin |
Which statement correctly differentiates how these orders may be processed based on account type?
Best answer: C
Explanation: Margin accounts are permitted to extend credit (subject to margin requirements), while cash accounts must pay in full and cannot borrow from the broker-dealer.
The decisive difference is whether the broker-dealer may extend credit. A margin account can finance part of a purchase through a margin loan (subject to applicable margin requirements and approvals). A cash account must have sufficient settled funds and generally cannot buy securities by borrowing from the firm.
Cash vs. margin is an operational control point because it determines whether the firm can lend to the customer. In a cash account, purchases are intended to be fully paid for with the customer’s own funds; the firm should not process the trade on the assumption it will “front” the money. In a margin account (once properly approved and set up), the firm may extend credit to finance part of the purchase, and the customer’s equity supports that borrowing.
Key takeaway: when the customer lacks sufficient cash, the purchase can proceed on margin only in a margin-enabled account; the same instruction in a cash account requires full payment rather than borrowing.
Topic: Professional Conduct
A broker-dealer uses a third-party statement vendor. The vendor reports that an employee accidentally emailed a test file to the wrong external recipient. The file contained 250 customers’ names, account numbers, and last four digits of SSNs, and the email was not encrypted. Under the firm’s WSPs, security incidents involving customer data must be escalated immediately.
What is the primary risk/red flag that requires escalation, and how should it be routed?
Best answer: A
Explanation: Unencrypted misdelivery of customer identifiers is a privacy/security incident and should be routed through the firm’s incident-response escalation path.
The facts indicate possible exposure of customer nonpublic personal information (NPI) due to an unencrypted misdirected email from a vendor. That is a security/privacy incident, not a routine vendor performance problem. The appropriate routing is immediate escalation to the firm’s information security incident response function and Compliance/Privacy so containment, investigation, and any required notifications can be coordinated.
The core control concern is safeguarding customer NPI when it is handled by a third-party vendor. A report that a file containing account identifiers and SSN fragments was sent to an unintended external recipient—especially without encryption—is an operational security incident and a Reg S-P/firm privacy-program red flag. Operations should not treat this as a normal vendor “error” to be handled only through contract/SLA channels; it must be routed through the firm’s incident-response process so the right stakeholders can assess impact and take coordinated actions.
Typical immediate routing includes:
SLA remediation can occur later, but it does not replace prompt security escalation.
Topic: Broker-Dealer Operations
During the daily clearing account reconciliation, an operations analyst finds two unresolved breaks: (1) the clearing firm shows a 1.8 million cash debit not reflected in the firm s general ledger, and (2) DTC shows 25,000 shares long of an equity that the firm s stock record shows as flat. The analyst s supervisor instructs the analyst to book a 1.8 million miscellaneous journal entry and a manual stock record adjustment to make the recon tie and research it later.
What is the primary risk/red flag in this situation?
Best answer: B
Explanation: Posting unsupported plug entries defeats reconciliation controls and can hide errors that drive fails, inaccurate stock record, and incorrect cash positions.
Clearing cash and securities reconciliations are key controls to confirm the firm s books match the clearing firm/DTC and that positions used for deliveries and payments are real. Creating unsupported plug entries to force a tie is a serious red flag because it bypasses the investigation of breaks that can directly cause settlement failures and inaccurate records. The breaks must be researched, documented, and corrected with proper support before being cleared.
Daily reconciliation of the clearing account (cash) and the stock record (securities) helps ensure the firm can settle trades based on accurate positions and funding. A cash or securities break can indicate misposted trades, corporate action/fee postings, failed deliveries/receipts, or timing/booking errors between the firm and its clearing firm/DTC. The control objective is to identify, age, investigate, and resolve breaks with supporting documentation so the firm s books and records reflect reality.
Instructing staff to post unsupported journal/position adjustments just to make the recon tie is a major red flag because it:
Proper handling is to escalate material/aged breaks, obtain clearing/DTC detail, and post only supported corrections tied to the underlying activity.
Topic: Broker-Dealer Operations
A customer makes three in-person cash deposits to the same brokerage account on the same business day: $4,000 at 10:15 a.m., $3,500 at 1:05 p.m., and $3,000 at 3:40 p.m. The teller notes the customer asked whether “keeping each deposit under $10,000 avoids any reporting.”
Under the firm’s AML WSPs, cashiering must monitor for aggregated cash activity and escalate suspicious patterns. Which action best aligns with CTR concepts and cashiering’s role in AML monitoring and reporting?
Best answer: C
Explanation: Cash deposits are aggregated by business day for CTR purposes, and the customer’s question is a structuring red flag requiring escalation without tipping off.
CTR concepts generally require aggregating a customer’s cash transactions over a single business day to determine whether the $10,000 threshold is exceeded. Here, the deposits total $10,500, so the activity must be treated as a reportable cash event. The customer’s comment is also a red flag for structuring, so cashiering should escalate per WSPs and maintain record integrity without alerting the customer to any reporting decisions.
In cashiering, “currency” means physical cash, and CTR determination is typically based on the total cash activity for the customer in the same business day, not whether any one deposit is over $10,000. Operationally, this is why firms use surveillance/aggregation controls (e.g., daily cash logs, system alerts, exception reports) and require escalation when cash activity crosses the threshold.
In this scenario, the three cash deposits aggregate to $10,500, so cashiering should route the event for CTR processing and retain complete supporting records (who, when, where, amount). The customer’s question about staying under $10,000 is a classic structuring indicator; cashiering should escalate to AML/Compliance for review and any additional reporting considerations, and should not “tip off” the customer about filings or thresholds beyond standard firm disclosures. The key control is aggregation plus timely escalation under WSPs.
Use the Series 99 Practice Test page for the full Securities Prep route, mixed-topic practice, timed mock exams, explanations, and web/mobile app access.
Review weak areas with the Series 99 Cheat Sheet , then continue with the complete Securities Prep route from the FINRA Series 99 Practice Test page.