FINRA Suitability Rule - Customer-Specific Requirements

FINRA Suitability Rule 2111 customer-specific requirements mean you must not recommend a transaction or investment strategy unless you have a reasonable basis to believe it is suitable for that particular customer, based on reasonable diligence to learn and document the customer’s investment profile ¹. Operationalize this by tightening “what counts as a recommendation,” standardizing investment profile collection/updates, and forcing documented suitability rationale and supervision at the point of sale.

Key takeaways:

• Treat “investment profile” as mandatory decision data: collect it, validate it, and refresh it on material changes ¹.
• Build a workflow where no recommendation can be recorded without a customer-specific suitability rationale tied to the profile ².
• Post–Reg BI, Rule 2111 primarily governs institutional recommendations; align scoping and controls accordingly ³.

A Rule 2111 failure rarely looks like a single bad trade in isolation. In exams and internal reviews, it usually shows up as a control failure: the firm cannot prove it knew the customer well enough, or cannot show how the recommendation matched what it knew. FINRA frames the customer-specific obligation as a “reasonable basis to believe” standard that depends on reasonable diligence to ascertain the customer’s investment profile ¹. That pushes you toward two operational outcomes: (1) reliable customer investment profile data, and (2) a repeatable, reviewable suitability rationale for each recommendation.

Scope matters. For retail customers, SEC Regulation Best Interest generally supersedes FINRA Rule 2111 as of June 30, 2020, while Rule 2111 continues to apply to recommendations to institutional customers ³. Many firms still run a combined supervision stack because the same sales practice risks (missing profile data, complex products, concentration, high activity) show up across customer types. The goal of this page is requirement-level implementation guidance: what to build, what to evidence, and how to get it exam-ready quickly for the finra suitability rule - customer-specific requirements requirement.

Requirement: FINRA Rule 2111 customer-specific suitability (what it means)

Under FINRA Rule 2111, you must have a reasonable basis to believe a recommended transaction or investment strategy involving a security or securities is suitable for the customer, based on information obtained through reasonable diligence to ascertain the customer’s investment profile ¹. The “customer-specific” piece is the part that ties the recommendation to this specific customer, not “a generic investor.”

Plain-English interpretation

You cannot recommend unless you can answer, in writing and with supporting records:

1. What do we know about this customer’s objectives, constraints, and risk tolerance?
2. What is this product/strategy supposed to do for them?
3. Why does it fit this customer, given what we know?

FINRA’s suitability FAQs also make a practical point operators miss: suitability duties can apply “regardless of whether compensation is received,” and depend on whether there is a recommendation ⁴. That means “no commission” is not a defense if the communication is a recommendation.

Who it applies to (entity and operational context)

In-scope entities

• FINRA member broker-dealers and their associated persons (registered representatives) who make recommendations ¹.

In-scope activity

• Recommendations of a transaction or an investment strategy involving securities ¹.
• Applies based on the existence of a recommendation, not on whether you got paid ⁴.

Customer scope after Reg BI

• For retail customers, Reg BI is the primary standard as of June 30, 2020; Rule 2111 continues to apply in institutional recommendation contexts ³. Many firms still maintain Rule 2111-aligned controls as part of a harmonized sales practices program, but you should document your scoping and mapping so examiners see intentional design.

Regulatory text

Text (excerpt): “A member or an associated person must have a reasonable basis to believe that a recommended transaction or investment strategy involving a security or securities is suitable for the customer, based on the information obtained through the reasonable diligence of the member or associated person to ascertain the customer's investment profile.” ¹

What the operator must do

• Define what your firm treats as a “recommendation” for workflow purposes and train staff to identify it ⁴.
• Require collection and maintenance of the customer “investment profile,” which includes age, other investments, financial situation and needs, tax status, investment objectives, investment experience, time horizon, liquidity needs, risk tolerance, and any other information the customer discloses ¹.
• Implement supervisory checks that block or escalate recommendations that do not align with the profile ¹.

What you actually need to do (step-by-step)

1) Lock down the “recommendation” perimeter

Create a written decision rule for front-line staff and supervisors:

• Covered: explicit buy/sell/hold suggestions; strategy suggestions (e.g., “move to income,” “write covered calls,” “concentrate in sector X”); rollovers when presented as advice.
• Not covered: purely administrative communications or execution-only orders, if truly unsolicited.

Then embed the rule in:

• Training and attestations ⁴.
• Your CRM/email supervision lexicon (keywords and supervision prompts).
• Rep workflow: a “recommendation?” field that triggers suitability documentation.

2) Standardize investment profile intake and refresh

Build a single “Investment Profile” record with required fields aligned to Rule 2111 ¹. Operational moves that work:

• Validate completeness at account opening: no approvals with missing core fields.
• Add a “material change” trigger: if the customer updates employment, liquidity needs, objectives, or risk tolerance, require an updated profile before the next recommendation.

Practical tip: treat “unknown” or “declined to answer” as a supervisory exception that requires documented follow-up efforts. Reasonable diligence is harder to defend if key fields are blank.

3) Force a customer-specific suitability rationale at point of recommendation

Require reps to document, in plain language:

• Customer goal/constraint (from the profile).
• Key product/strategy risk the customer is accepting.
• Why this is appropriate for that customer’s time horizon, liquidity needs, and risk tolerance ¹.

For complex or higher-risk products, add enhanced fields:

• Customer understanding notes (what was explained, what the customer acknowledged).
• Scenario risks (e.g., liquidity lockups, volatility, compounding effects) as applicable.

4) Add supervisory gates and escalation paths

Minimum viable supervision design:

• New account approval includes review of investment profile completeness and internal consistency.
• Principal review for recommendations in higher-risk categories or exceptions. A common control pattern is principal approval for complex product sales with documented suitability analysis ¹.
• Concentration surveillance with alerts when positions exceed firm-defined thresholds, followed by documented suitability review and customer contact notes (industry practice described in provided materials).

5) Monitor for suitability drift after the recommendation

Ongoing surveillance should look for patterns that suggest the recommendation series is no longer aligned to the profile, even if each trade has a story. Many firms monitor turnover rate and cost-to-equity ratio for high-activity accounts as a quantitative suitability check (industry practice described in provided materials). If you adopt numeric triggers, document that they are firm policy thresholds (not “FINRA requirements”) and calibrate them to your business model.

6) Train, test, and prove it works

• Role-based training for reps, principals, and supervisors on the customer-specific obligation and documentation expectations ⁴.
• QA testing: sample recommendations each month, score documentation quality, and remediate.

Required evidence and artifacts to retain (exam-ready)

Keep artifacts that show both process and proof per recommendation:

Customer data

• Account opening documents capturing the investment profile fields ¹.
• Profile update records, including date, what changed, and who recorded it.
• Customer communications relevant to objectives/risk tolerance (notes, emails, call logs per your recordkeeping program).

Recommendation records

• Suitability checklist / narrative tied to the specific customer profile ².
• Product/strategy risk disclosures provided and acknowledgment process, when applicable.
• For exceptions: documented rationale, approvals, and customer consent.

Supervision

• New account principal approval evidence.
• Principal approvals for complex product sales with suitability analysis ¹.
• Exception reports: concentration alerts; high-risk product exceptions; supervision dispositions and follow-up actions.

Training and governance

• Training decks and completion records focused on suitability and what counts as a recommendation ⁴.
• Written supervisory procedures (WSP) section mapping workflow steps to Rule 2111.

Common exam/audit questions and hangups

Expect questions like:

• “Show me how you define a recommendation and how reps are trained on it.” ⁴
• “Pull a sample of institutional recommendations and show the customer investment profile and rationale.” ⁵
• “How do you ensure profiles are updated when circumstances change materially?” ¹
• “How do you supervise concentration and higher-risk products?” (source catalog supports concentration controls as industry practice; don’t call it a FINRA mandate)

Hangups that slow exams:

• Missing or stale risk tolerance/time horizon.
• Suitability notes that recite product features but never connect to the customer profile.
• Supervisory approvals that are “rubber stamps” with no substantive rationale recorded.

Frequent implementation mistakes (and how to avoid them)

1. Treating the profile as onboarding paperwork. Fix: make the profile a live control object that gates recommendations ¹.
2. Letting “customer wanted it” substitute for suitability. Fix: record the customer request separately, but still document why it fits the profile ¹.
3. Weak controls around complex products. Fix: require principal approval and enhanced documentation for complex products ¹.
4. Confusing Reg BI transition scoping. Fix: explicitly document where Rule 2111 applies (institutional) and how controls map for retail vs institutional workflows ³.

Enforcement context and risk implications (without case citations)

No public enforcement cases were provided in the source catalog for this page, so don’t build your program around specific case outcomes. Still, the operational risk is clear: suitability deficiencies can trigger disciplinary findings, customer remediation, heightened supervision, and reputational harm. The highest exposure usually comes from patterns: concentrated positions without justification, complex products sold to mismatched profiles, and high-activity accounts where documentation and supervision don’t support the trading pattern ¹.

Practical 30/60/90-day execution plan

First 30 days: stabilize the control perimeter

• Write and approve your internal “recommendation” decision rule and train supervisors ⁴.
• Inventory where investment profile data lives (CRM, NNA system, advisory platform) and define the system of record.
• Add a suitability documentation template with required fields tied to Rule 2111 investment profile elements ¹.

Days 31–60: implement gates, supervision, and reporting

• Add workflow gating: block recommendation entry if profile fields are missing or stale per firm policy ¹.
• Launch principal approval for complex products and exceptions, with required narrative fields ¹.
• Stand up exception reports: missing profile fields, concentration alerts (firm-defined), and suitability documentation missingness.

Days 61–90: prove effectiveness and harden for exams

• Run QA sampling and scorecards. Track findings to root causes (training, workflow design, supervision capacity).
• Remediate high-risk accounts: missing profiles, outdated profiles, concentrated positions without documentation.
• Prepare an exam binder: WSP excerpts, sample recommendation files, exception report samples, and training completion records ⁶.

Implementation tooling note: if you need a structured way to collect third-party attestations (for example, product due diligence packets from distributors) and map them to your suitability workflows, Daydream can help centralize evidence collection and tracking. Keep it secondary to core suitability controls; the examiner will care most about your customer profile data, recommendation rationale, and supervision records ¹.

Frequently Asked Questions

Does Rule 2111 still matter after Reg BI?

Yes, in institutional recommendation contexts Rule 2111 continues to apply after June 30, 2020 ³. Many firms harmonize processes across retail and institutional, but you should document scoping and mapping.

What must be in the “investment profile” for customer-specific suitability?

Rule 2111 lists age, other investments, financial situation and needs, tax status, investment objectives, experience, time horizon, liquidity needs, risk tolerance, and other disclosed information ¹. Your account opening and update forms should capture these consistently.

If a customer insists on a risky trade, can we take the order?

You still need a reasonable basis to believe the recommendation is suitable if you are recommending it ¹. If it is truly unsolicited, document it as unsolicited and ensure communications did not cross into a recommendation ⁴.

What’s the minimum documentation examiners expect for a recommendation?

Expect to produce the customer investment profile plus a record showing how the recommendation aligned to that profile ¹. A checklist can work if it forces specific, customer-tied rationale rather than generic product language.

How should we handle missing or “declined” profile fields?

Treat them as exceptions that require documented follow-up and supervisory review before recommendations proceed ¹. Missing data undermines your ability to show reasonable diligence.

Do we need special controls for complex products?

Rule 2111 requires a reasonable basis tied to the customer profile; many firms add principal approval and enhanced documentation for complex products to prove that basis ¹. If you add product-specific controls, write them into WSP and enforce them consistently.

Related compliance topics

• 2025 SEC Marketing Rule Examination Focus Areas
• Access and identity controls
• Access Control (AC)
• Access control and identity discipline
• Access control management

Footnotes

1. FINRA Rule 2111

2. FINRA Rule 2111; Regulatory Notice 12-25

3. Regulatory Notice 20-18

4. Regulatory Notice 12-25

5. FINRA Rule 2111; Regulatory Notice 20-18

6. FINRA Rule 2111; Regulatory Notice 12-25; Regulatory Notice 20-18