Regulation Best Interest Implementation Standards

To meet the regulation best interest implementation standards requirement, your broker-dealer must deliver Form CRS to each retail investor at or before the time you make a recommendation, and you must maintain written policies and procedures reasonably designed to comply with Reg BI, including all four obligations. Build system gating, consented delivery workflows, and an auditable record of delivery.

Key takeaways:

• Form CRS delivery must occur at or before any recommendation, with evidence you can produce in an exam ¹.
• Electronic delivery is allowed only if you follow SEC electronic delivery expectations, including informed consent; implied consent is a known failure mode ².
• Written policies and procedures must cover Reg BI’s disclosure, care, conflicts, and compliance obligations, and you must enforce them ³.

“Implementation standards” for Regulation Best Interest (Reg BI) break down into two operator-critical deliverables: (1) timely and correct Form CRS delivery for retail investors, and (2) enforceable written policies and procedures that actually run your Reg BI program across disclosure, care, conflicts of interest, and compliance ⁴. Exams often test whether your controls prevent recommendations from occurring before Form CRS is delivered, and whether your records prove the timing, method, and content of delivery.

This page is written for a CCO or GRC lead who needs to translate the requirement into workflows, system controls, and exam-ready evidence quickly. The focus is practical: where the rule bites in the customer journey, how to configure supervisory controls and surveillance, what artifacts to retain, and how to avoid the recurring pitfalls called out in SEC guidance and FAQs. Where firms struggle most is not drafting Form CRS, but operationalizing delivery across channels (branch, phone, web, mobile), proving informed consent for e-delivery, and keeping policies current when systems and business models change ⁵.

Regulatory text

Core requirement (Form CRS delivery and content). Broker-dealers must deliver Form CRS to retail investors at or before the time a recommendation is made ¹. Form CRS must include a brief summary of: the relationships and services you offer, fees and costs, conflicts of interest, your legal standard of conduct, and whether the firm and its financial professionals have reportable legal or disciplinary history ¹. The SEC’s Form CRS rule is referenced at 17 CFR 240.17a-14 ¹.

Core requirement (Reg BI policies and procedures). Broker-dealers must establish, maintain, and enforce written policies and procedures reasonably designed to achieve compliance with Reg BI, including policies addressing the disclosure, care, conflict of interest, and compliance obligations ³.

Operator translation: what you must make true every day

• A recommendation cannot occur unless Form CRS has already been delivered (or is delivered at the moment of recommendation in a controlled, provable way) ¹.
• If you deliver Form CRS electronically, your process must meet SEC expectations, including informed consent ².
• Your written program must be more than paper: procedures must map to the four obligations and be enforced through supervision, training, and testing ³.

Plain-English interpretation (what the SEC expects in practice)

Reg BI implementation standards are less about a single document and more about operational discipline:

1. Customers get the right summary at the right time. Form CRS is a retail investor-facing relationship summary. If it lands after the recommendation, the control failed ¹.
2. You can prove it. Examiners commonly request the Form CRS you filed and posted, plus delivery logs and consent records for e-delivery ⁶.
3. Your Reg BI policies cover the whole rule. If your written procedures only address disclosures, but not care or conflicts, you have a design gap ³.

Who it applies to

Entities: SEC-registered broker-dealers making recommendations to retail investors ¹.

Operational contexts where this becomes “real”:

• New account opening (recommended account type; first recommendation trigger) ¹.
• Recommendations of securities transactions (equities, fixed income, mutual funds, etc.) ¹.
• Recommendations of investment strategies involving securities (including strategy changes communicated as recommendations) ¹.
• Any channel where recommendations occur: registered reps, call centers, online guided flows, hybrid advice programs.

What you actually need to do (step-by-step)

Step 1: Define “recommendation events” and map them to systems

Build a firm-wide inventory of recommendation triggers and where they occur:

• CRM notes / sales tool workflows
• order entry / trade blotter initiation
• model/strategy change prompts in digital experiences
• account type selection flows

Deliverable: a “recommendation event map” that lists each trigger, the system owner, and the control that enforces Form CRS delivery ¹.

Step 2: Implement a “Form CRS gate” that blocks recommendations until delivery is recorded

This is the highest-value control because it prevents timing failures.

• For new retail customers, require Form CRS delivery before the first recommendation is processed.
• For existing customers, ensure Form CRS delivery occurs before (or at) the next recommendation after a materially updated Form CRS, consistent with your update triggers and procedures ¹.

Control pattern (practical):

• A required field in CRM (“Form CRS Delivered?”) fed only by your delivery system, not manual rep entry.
• Order entry restrictions: if “Form CRS Delivered = No,” the system prevents the trade ticket from being submitted for retail accounts.

Deliverable: documented system rules + screenshots or configuration exports showing the gating logic ¹.

Step 3: Build compliant electronic delivery with informed consent (or keep paper)

Electronic delivery is allowed, but your workflow must align with SEC expectations. A recurring risk is “implied consent” (for example, defaulting customers to e-delivery without proper informed consent) ².

Minimum operational requirements to implement:

• Capture an affirmative e-delivery preference tied to the customer profile.
• Provide notice that Form CRS will be delivered electronically and how to access it.
• Maintain evidence of consent and successful delivery (delivery log plus the content version delivered) ⁷.

Deliverable: e-delivery consent language, consent capture records, and delivery audit trail ².

Step 4: Maintain Form CRS filing/posting and a controlled content lifecycle

Your program needs a content lifecycle so Form CRS stays accurate and current.

• File Form CRS through the appropriate SEC process and post it on your public website ¹.
• Update Form CRS at least annually and whenever information becomes materially inaccurate ¹.
• Version control: link each delivered Form CRS to a version ID and effective date.

Deliverable: Form CRS version history, approval records, and website posting evidence ¹.

Step 5: Put written Reg BI policies and procedures in “run mode”

Reg BI requires written policies and procedures reasonably designed to achieve compliance across the four obligations ³.

Implementation checklist:

• Disclosure obligation: procedures for delivering required disclosures (including Form CRS and other required disclosures where applicable), and supervision of disclosure accuracy ³.
• Care obligation: documented process for evaluating recommendations, customer profile capture, and supervision/testing of recommendation rationale ³.
• Conflict of interest obligation: conflict inventory, mitigation rules, escalation path, and monitoring ³.
• Compliance obligation: training, surveillance, exception handling, and periodic reviews of the program design and effectiveness ³.

Deliverable: Reg BI WSPs (written supervisory procedures) mapped to these four obligations ³.

Step 6: Test, monitor, and evidence the controls

Create recurring testing that answers two exam questions: “Did you deliver on time?” and “Can you prove it?”

• Sample testing of recommendation events vs. delivery timestamps.
• Exception reporting for “recommendation without delivery record.”
• QA on Form CRS content accuracy and required sections ¹.

Deliverable: testing workpapers, exception logs, corrective action tickets, and management review sign-offs.

Required evidence and artifacts to retain (exam-ready)

Use this as your document retention and exam request checklist ⁶:

Artifact	What it proves	Owner
Current Form CRS (filed copy)	Content exists and matches the filed version	Compliance / Legal
Website posting evidence (dated)	Public posting occurred	Marketing / Web
Form CRS version history + approvals	Governance and change control	Compliance
Delivery logs (timestamp, channel, version, customer)	Timing (“at or before”) and completeness	Operations / IT
E-delivery consent records	Informed consent, not implied consent	Operations
Reg BI WSPs mapped to 4 obligations	Program design meets rule expectations	Compliance
Training materials + attendance	Reps were trained on the process	Compliance / HR
Testing/surveillance reports + remediation	Program enforcement and monitoring	Compliance
Post-change reviews (system changes, mergers)	Control effectiveness after change	Compliance / PMO

Common exam/audit questions and hangups

Expect these lines of inquiry because they track SEC guidance and FAQs ⁸:

1. “Show me how you ensure Form CRS is delivered before a recommendation.” Examiners will want system logic, not a narrative.
2. “How do you define ‘recommendation’ in each channel?” If digital flows can recommend strategies or transactions, include them.
3. “How do you obtain and document informed consent for electronic delivery?” Be ready to show the consent workflow and records ².
4. “How do you know the Form CRS delivered was the current version?” Version control and delivery logs answer this.
5. “Where are the written policies for each Reg BI obligation?” Missing one obligation is a common design gap ³.
6. “What changed in the last year, and how did you reassess Reg BI controls?” Systems and business changes drive failures if not reviewed ³.

Frequent implementation mistakes and how to avoid them

1. Relying on rep attestation instead of system evidence. Fix: feed “delivered” status from your delivery system into CRM/order entry.
2. Electronic delivery by default without informed consent. Fix: make e-delivery opt-in with stored consent artifacts; audit for “paperless” defaults ².
3. No unified definition of recommendation events. Fix: create the recommendation event map and require sign-off from Sales, Supervision, and Digital.
4. Form CRS updates don’t propagate into delivery workflows. Fix: treat Form CRS like a controlled document with release management; test that new versions flow to the delivery engine ¹.
5. Policies exist, but there’s no enforcement loop. Fix: align WSPs to surveillance, exception handling, and remediation tickets ³.

Enforcement context and risk implications

The SEC has stated it will review broker-dealers for compliance with Form CRS requirements and the accuracy of the relationship summary ³. Practical risk tends to be systemic: if your process allows recommendations to occur without a delivery record, you can accumulate large populations of impacted accounts before anyone notices. That is why gating controls, exception reporting, and consent evidence matter ⁹.

Practical 30/60/90-day execution plan

Days 1–30: Stabilize the requirement and close obvious gaps

• Inventory recommendation events and channels; publish your recommendation event map.
• Validate you have a current Form CRS filed and posted, with an internal content owner ¹.
• Review e-delivery workflow for informed consent and delivery evidence ².
• Gap-assess WSPs against the four Reg BI obligations ³.

Days 31–60: Implement gating and build exam-ready evidence

• Configure system gating for new retail customers so Form CRS delivery is required before first recommendation.
• Implement delivery logging that captures timestamp, channel, version, and customer identifier ¹.
• Stand up exception reporting: “recommendation detected, no Form CRS delivery record.”
• Train supervisors and front line on what triggers delivery and how exceptions are handled ³.

Days 61–90: Operationalize monitoring and change management

• Launch periodic testing and management reporting on delivery compliance and exceptions.
• Implement a Form CRS change control process: annual update cycle and ad hoc updates for material inaccuracies ¹.
• Add a “Reg BI impact assessment” step to system change and merger integration checklists ³.
• If you need workflow evidence fast, tools like Daydream can centralize control ownership, collect delivery logs and approvals, and package exam responses without chasing screenshots across teams.

Frequently Asked Questions

Do we have to deliver Form CRS before every single recommendation?

The requirement is that Form CRS must be delivered to a retail investor at or before the recommendation ¹. In practice, firms operationalize this with a “delivered” status per customer plus re-delivery triggers when Form CRS is updated ¹.

Can we deliver Form CRS electronically by default?

Electronic delivery is permitted, but your process must align with SEC electronic delivery expectations, including informed consent ². A default-to-electronic approach without proper consent creates avoidable compliance risk ².

What evidence do examiners usually request for Form CRS delivery?

Expect requests for the filed Form CRS, website posting, delivery records, and electronic delivery consent documentation ⁹. They also commonly request written Reg BI policies and procedures and training/testing evidence ³.

What does “reasonably designed” policies and procedures mean for Reg BI?

Your written program must cover the disclosure, care, conflict of interest, and compliance obligations and be enforceable through supervision and monitoring ³. “Reasonably designed” is demonstrated through clear procedures, assigned ownership, training, testing, and remediation records.

We updated our CRM and order entry system. Do we need to revisit Reg BI controls?

Yes. System changes can break Form CRS gating, delivery logging, or exception reporting, which undermines your ability to prove “at or before” delivery ¹. Treat major system changes as triggers for Reg BI procedure review and re-testing ³.

How should we handle Form CRS for hybrid or digital recommendation journeys?

Identify where the digital experience makes a recommendation (account type, transaction, or strategy involving securities) and enforce delivery at that point ¹. The cleanest design is to block the user from completing the recommended action until delivery is recorded and retrievable.

Related compliance topics

• 2025 SEC Marketing Rule Examination Focus Areas
• Access and identity controls
• Access Control (AC)
• Access control and identity discipline
• Access control management

Footnotes

1. Form CRS, 2019

2. Reg BI FAQs, 2020

3. SEC Reg BI Guide, 2019

4. Form CRS, 2019; Source: SEC Reg BI Guide, 2019

5. Reg BI FAQs, 2020; Source: SEC Reg BI Guide, 2019

6. Form CRS, 2019; Source: SEC Reg BI Guide, 2019; Source: Reg BI FAQs, 2020

7. Reg BI FAQs, 2020; Source: Form CRS, 2019

8. SEC Reg BI Guide, 2019; Source: Reg BI FAQs, 2020; Source: Form CRS, 2019

9. Form CRS, 2019; Source: Reg BI FAQs, 2020