Written Supervisory Procedures Documentation

FINRA Rule 3110(b) requires your broker-dealer to establish, maintain, and enforce Written Supervisory Procedures (WSPs) that specifically describe how you supervise your business lines and associated persons, including communications review and approval. To operationalize it fast, map every communication type to a documented review workflow, assign accountable supervisors, and retain proof that the procedures were followed. (FINRA Rule 3110)

Key takeaways:

• Your WSPs must be specific to your business and actually followed, not generic manuals. (FINRA Rule 3110)
• Communications supervision needs documented categories, review/approval steps, escalation, deadlines, and training expectations. (FINRA Rule 3110)
• Examiners focus on “show me”: evidence that reviews happened, exceptions were handled, and updates were controlled. (FINRA Rule 3110)

“Written supervisory procedures documentation requirement” is operational code for two exam realities: (1) your supervision program must be written down at a level a qualified supervisor can execute, and (2) you must be able to prove you execute it consistently. FINRA Rule 3110(b) states that each member must “establish, maintain, and enforce written procedures” covering the types of business it engages in and the activities of associated persons. (FINRA Rule 3110)

For a CCO, GRC lead, or supervision owner, the fastest path is to treat WSPs as a control system, not a policy binder. That means clear scope, roles, step-by-step workflows, documented review criteria, and records that tie back to the procedures. Communications supervision is a common pressure point because it touches marketing, sales, research, social media, emails, and public-facing statements. Your WSPs should spell out what gets reviewed, by whom, when, how approvals work, and what happens when content fails review, plus training for the reviewers. (FINRA Rule 3110)

This page gives requirement-level guidance you can implement quickly: applicability, an execution checklist, required artifacts, exam questions, and a practical plan.

Regulatory text

Text (excerpt): “Each member shall establish, maintain, and enforce written procedures to supervise the types of business in which it engages and the activities of its associated persons.” (FINRA Rule 3110)

Operator meaning: You must (1) write down supervisory procedures that cover your actual business activities, (2) keep them current as your business changes, and (3) enforce them in practice. For communications, your WSPs should explicitly address: which categories of communications you supervise, how each category is reviewed, approval workflows, filing deadlines, escalation of non-compliant materials, and training requirements for personnel responsible for communications review. (FINRA Rule 3110)

Plain-English interpretation of the requirement

Your WSP documentation needs to answer, without guesswork:

• What activities are supervised (by business line and communication channel). (FINRA Rule 3110)
• Who supervises them (named roles/titles, delegations, backups, segregation of duties). (FINRA Rule 3110)
• How supervision happens (review steps, approval gates, tools/systems, review criteria). (FINRA Rule 3110)
• When it happens (pre-use vs post-use review expectations, escalation timing, and any internal deadlines you set). (FINRA Rule 3110)
• What evidence is created and retained to prove the procedure was followed. (FINRA Rule 3110)

A good WSP is executable. A weak WSP reads like principles and lacks operational detail (inputs, decisions, outputs, records).

Who this applies to

Entities: FINRA member broker-dealers and their supervisory systems for associated persons. (FINRA Rule 3110)

Operational contexts where this requirement shows up immediately:

• Advertising, marketing, sales collateral, website content, pitch decks, podcasts/webinars, public seminars.
• Email, chat, texting, social media posts and profiles, and other business communications created or distributed by associated persons.
• Communications created by third parties on your behalf (marketing agencies, lead generators, influencer arrangements) where you remain responsible for supervision through your WSP-defined controls. (FINRA Rule 3110)

What you actually need to do (step-by-step)

1) Set the scope: inventory your “types of business” and communications channels

Create a supervision coverage map that lists:

• Business lines (retail brokerage, institutional, advisory-related activities if applicable to your structure, products, events).
• Communication categories (retail comms, institutional comms, correspondence, public appearances, social media, website updates).
• Content sources (internal teams, associated persons, third parties acting for you).

Output artifact: Supervision Coverage Matrix (business line × communication type × system/channel × owner). (FINRA Rule 3110)

2) Write category-specific procedures for communications supervision

For each communication category, document:

• Trigger: What content is in-scope.
• Review type: Pre-use approval vs post-use review (define your internal standard per category).
• Reviewer: Principal/supervisor role, plus backup coverage.
• Criteria/checks: What the reviewer must evaluate (claims substantiation, fair and balanced presentation, required disclosures, prohibited statements, recordkeeping expectations).
• Approval workflow: Where approvals are recorded (system-of-record), what constitutes approval, and how version control works.
• Filing deadlines (if applicable): If your program includes regulatory filing steps, describe who is responsible and where evidence is kept. (FINRA Rule 3110)
• Escalation: What happens if content is non-compliant (reject, remediate, retrain, supervise heightened, potential disciplinary path).
• Training: Required training/qualification expectations for reviewers and content creators; how you document completion. (FINRA Rule 3110)

Tip from practice: Write procedures to match the actual tooling. If marketing uses a ticketing system and email approvals today, build the WSP around that workflow, then improve the tooling after you’ve stabilized the control.

3) Assign accountability and enforce segregation of duties

Define, in the WSPs:

• Who owns the communications supervision program (title/role).
• Who can approve what categories.
• When supervisory approval can be delegated, and how delegation is documented.
• Independence guardrails (for example: creators cannot be final approvers of their own content).

Output artifact: Responsibility and Delegation Register (role-based, kept current). (FINRA Rule 3110)

4) Build your “proof layer”: records, sampling, and exception handling

Exams rarely fail firms for lacking prose. They fail firms for missing evidence that the prose was followed. Set up:

• A system-of-record for approvals (archiving of final content plus approval metadata).
• Post-use review sampling logic where you use post-use review (documented, repeatable).
• An exception log: rejected items, required edits, escalations, and resolutions.

Output artifacts: Approval records, review checklists, exception log, corrective action records. (FINRA Rule 3110)

5) Put WSP change control on rails

Document:

• How WSP updates are requested, reviewed, approved, and communicated.
• What triggers an update (new channel, new product, new third party, regulatory change, exam finding, internal incident).
• Version control and effective dates.
• Attestation or acknowledgment process for impacted staff.

Output artifacts: WSP version history, approval sign-offs, change tickets, staff acknowledgments. (FINRA Rule 3110)

6) Validate implementation with a supervisory “tabletop test”

Run scenario tests:

• “A rep wants to post on LinkedIn about performance.”
• “Marketing updates a landing page.”
• “A third party provides a seminar deck.”

Walk the item through your documented workflow and confirm the records you expect are generated. Fix gaps in the procedure or tooling.

7) Operationalize with workflow software (where it helps)

If your reviews happen in email threads, you will lose evidence. Many firms adopt a GRC/workflow layer to manage requests, approvals, and retention. Daydream can help by standardizing the intake-to-approval workflow, enforcing required fields (category, channel, reviewer), and producing an exam-ready audit trail that maps back to WSP steps. Keep the WSP as the requirement source-of-truth; use tooling to ensure execution and records.

Required evidence and artifacts to retain

Keep artifacts that answer: “What was the procedure, who followed it, and what was the result?”

Minimum practical set:

• WSP document with effective date, scope, roles, and procedures by communication category. (FINRA Rule 3110)
• Supervision Coverage Matrix linking business activities and communication channels to supervisory controls. (FINRA Rule 3110)
• Role/designation evidence for supervisors and approvers (internal designations, delegations, org charts as applicable). (FINRA Rule 3110)
• Approval records for pre-use reviews (request, draft, comments, final approved version, approver identity, timestamp, distribution evidence). (FINRA Rule 3110)
• Post-use review evidence where used (sampling list, review notes, findings, remediation). (FINRA Rule 3110)
• Exception and escalation log (rejections, edits required, violations, corrective actions, heightened supervision decisions). (FINRA Rule 3110)
• Training records for reviewers and supervised personnel on communications rules and internal workflows. (FINRA Rule 3110)
• WSP change control (versioning, approvals, communication, acknowledgments). (FINRA Rule 3110)

Common exam/audit questions and hangups

Expect questions that force traceability from WSP → execution:

• “Show me your WSP section for social media. Who approves? Where is it recorded?” (FINRA Rule 3110)
• “How do you determine which communications are pre-approved vs reviewed after use?” (FINRA Rule 3110)
• “Pull a sample of approved retail communications. Show the final piece and the approval evidence.” (FINRA Rule 3110)
• “How do you handle non-compliant content? Show examples and remediation.” (FINRA Rule 3110)
• “How are WSP updates controlled, and how do staff learn about changes?” (FINRA Rule 3110)
• “How do you supervise communications created by third parties on your behalf?” (FINRA Rule 3110)

Typical hangups:

• Approvals not tied to the final version (version mismatch).
• Unclear categorization (teams disagree whether something is “retail communication” vs “correspondence”).
• Delegations that exist in practice but are undocumented.

Frequent implementation mistakes and how to avoid them

1. Copy-paste WSPs that don’t match your business

• Fix: Start from your business/communications inventory, then write procedures per category. (FINRA Rule 3110)

2. WSPs say “review,” but don’t define “review”

• Fix: Add concrete review criteria and required artifacts (checklist, comment log, approval record). (FINRA Rule 3110)

3. No enforcement mechanism

• Fix: Make escalation real: rejection pathways, retraining triggers, and supervisory follow-up documented in an exception log. (FINRA Rule 3110)

4. Orphan channels

• Fix: Treat new platforms as a WSP change trigger. If teams adopt a new tool, require a compliance intake and update the matrix before production use. (FINRA Rule 3110)

5. Training is informal

• Fix: Document who must be trained (reviewers and creators), what training covers, and keep completion records. (FINRA Rule 3110)

Enforcement context and risk implications

FINRA’s rule text is explicit that procedures must be established, maintained, and enforced. (FINRA Rule 3110) The practical risk is that weak documentation or weak execution can turn routine communications activity into a supervisory failure narrative: unclear accountability, inconsistent reviews, and missing evidence. Communications issues also propagate quickly because content is reusable, shareable, and often produced at volume; that raises the stakes on workflow discipline and recordkeeping.

A practical 30/60/90-day execution plan

First 30 days (stabilize and document the minimum executable program)

• Build the Supervision Coverage Matrix for communications channels and business lines.
• Identify approver roles for each category and document delegations/backups.
• Draft or revise WSP sections for each communication category with clear workflows, escalation, and training expectations. (FINRA Rule 3110)
• Pick the system-of-record for approvals and start capturing artifacts consistently.

Days 31–60 (prove execution and close evidence gaps)

• Run tabletop tests on real content from each category; fix version control and record retention gaps.
• Stand up the exception/escalation log and require it for all rejections and remediations.
• Deliver targeted training for reviewers and content owners; collect acknowledgments. (FINRA Rule 3110)
• Start a periodic QA review of completed approvals to confirm the WSP is followed.

Days 61–90 (harden change control and scale)

• Implement WSP change control (intake, approval, versioning, communication).
• Add monitoring to catch “shadow channels” and third-party content production.
• If email-based approvals persist, migrate to a structured workflow (for example, Daydream) to standardize intake fields, enforce required approvals, and produce an audit-ready trail mapped to the WSP steps.

Frequently Asked Questions

Do WSPs need to be tailored to my firm, or can I use a template?

You can start from a template, but FINRA Rule 3110(b) requires procedures that supervise the types of business you actually engage in and the activities of your associated persons. If your WSPs don’t match your real channels and workflow, you will struggle to prove enforcement. (FINRA Rule 3110)

What’s the minimum level of detail expected for communications supervision?

Your WSPs should define communication categories, review steps per category, approval workflows, filing deadlines where applicable, escalation for non-compliant materials, and training requirements for reviewers. If a supervisor cannot execute the procedure from the document, it is too thin. (FINRA Rule 3110)

How do I prove I “enforce” WSPs?

Keep approval records, review notes, exception logs, and corrective actions that show the procedure operated as written. Examiners typically test whether records tie to the final distributed content and whether exceptions were handled consistently. (FINRA Rule 3110)

How should we handle communications created by third parties like marketing agencies?

Treat third-party-created materials as in-scope communications, route them through the same documented review and approval workflow, and retain the same evidence. Your WSPs should state who reviews and approves third-party content and how versions are controlled. (FINRA Rule 3110)

How often should WSPs be updated?

FINRA Rule 3110(b) requires you to “maintain” WSPs, so update them whenever your business, channels, or supervisory approach changes. Define internal triggers and a change-control process so updates happen predictably and are communicated to impacted staff. (FINRA Rule 3110)

Can a tool replace WSPs?

No. WSPs are the documented supervisory requirement; tools help you execute the workflow and retain evidence. A workflow system like Daydream is most valuable for consistent intake, required approvals, version control, and an exam-ready audit trail mapped to your WSP steps. (FINRA Rule 3110)