Account Approval and Principal Review

FINRA Rule 3110(b)(2) requires your firm’s written supervisory procedures to mandate review and endorsement by a registered principal for the opening of each customer account. To operationalize it, you need a documented account-opening approval workflow (including exceptions), principal sign-off standards, and audit-ready evidence that approvals happen before accounts can trade. (FINRA Rule 3110)

Key takeaways:

• Build WSPs that clearly define who approves accounts, what they review, and when trading is permitted. (FINRA Rule 3110)
• Make principal endorsement evidence easy to produce: time-stamped approval, reviewer identity, and what was reviewed. (FINRA Rule 3110)
• Tie approval to KYC and suitability data quality so deficiencies are corrected before activity occurs. (FINRA Rule 3110) (FINRA Rule 2111)

“Account Approval and Principal Review” is a supervision control, not a paperwork exercise. FINRA expects each member firm to have written supervisory procedures (WSPs) that require a registered principal to review and endorse the opening of every customer account. (FINRA Rule 3110) If your process allows accounts to be opened, funded, or traded before a principal review occurs, you are creating a supervision gap that will be hard to defend in an exam.

Operationally, the fastest path is to treat account approval like a production gate: no principal endorsement, no account activation beyond strictly limited, pre-defined activities (for example, collecting documents). Your principal review needs to confirm that required account opening information is complete, that the selected account type fits the customer’s profile, and that red flags are identified, escalated, and resolved before approval. These checks connect directly to your suitability obligations and KYC expectations, even if those duties live in other procedures. (FINRA Rule 2111) (Regulatory Notice 12-25)

This page gives requirement-level guidance you can put into WSP language, workflow design, and exam-ready evidence—without guessing what a principal “should have looked at.”

Regulatory text

Regulatory excerpt (provided): “Each member must have procedures for the review and endorsement by a registered principal of the opening of each customer account.” (FINRA Rule 3110)

What the operator must do

You must do three things, consistently and provably:

1. Write procedures that describe the account-opening review and endorsement requirement, including who performs it (a registered principal), the timing, and the documentation trail. (FINRA Rule 3110)
2. Execute the review for every new customer account—not “most,” not “based on risk,” unless your procedure explicitly defines a permitted exception and you can defend it in practice. (FINRA Rule 3110)
3. Retain evidence that the registered principal actually reviewed and endorsed the opening, and that the review occurred within the timeframe your WSPs promise. (FINRA Rule 3110)

Plain-English interpretation

A registered principal must sign off on every customer account opening, and your WSPs must spell out how that happens. The principal isn’t just attesting that a form is present; they are confirming the account was opened on a complete and coherent customer profile, with the right account type and no unaddressed red flags.

This requirement also becomes the “front door” control for suitability and KYC quality. If customer information is missing, contradictory, stale, or suggests heightened risk, the principal should not endorse the account until the issue is resolved or escalated per WSP. (FINRA Rule 2111) (Regulatory Notice 12-25)

Who it applies to (entity and operational context)

In scope

• FINRA member broker-dealers that open customer accounts, including retail and institutional accounts. (FINRA Rule 3110)

Operational contexts where this control is tested hard

• Digital account opening (fully online, straight-through processing)
• Introducing/carrying arrangements where account-opening steps are split across firms
• Accounts with product elections (margin, options) or entity/beneficial ownership complexity
• Branch offices and remote supervision models where principals approve high volumes

Typical roles involved

• Registered principal reviewer/endorser (defined by your WSPs) (FINRA Rule 3110)
• Account onboarding / new accounts team (first-line completeness checks)
• Registered representative (collects customer information; follows up on deficiencies)
• Compliance/supervision (owns WSPs, QA, exception governance)

What you actually need to do (step-by-step)

1) Write WSP language that is testable

Your WSPs should answer, in plain terms:

• Trigger: What counts as “opening” an account in your business (creation in system, funding, ability to trade).
• Timing standard: By when principal endorsement must occur relative to activation and first trade. (FINRA Rule 3110)
• Reviewer eligibility: Which principal registrations/roles may endorse, and what independence is required.
• Review scope: The minimum data and documents the principal must confirm for each account type.
• Restrictions: What the account can and cannot do before endorsement (prefer a hard system block).
• Exception handling: How you handle incomplete submissions, missing documentation, or urgent business requests.
• Evidence: Where the endorsement is recorded and what fields must be captured. (FINRA Rule 3110)

2) Define a principal review checklist by account type

Create a checklist the principal can follow quickly, and that you can show to examiners. Keep a “core” checklist plus add-ons:

Core review (all accounts)

• Customer identity/profile fields present and internally consistent (name, address, tax ID/other identifiers your process collects)
• Customer risk/suitability profile fields completed per your model (investment objectives, risk tolerance, time horizon, liquidity needs, etc.) (FINRA Rule 2111)
• Disclosures, agreements, and required acknowledgments present
• Conflicts/affiliations captured as applicable by your process
• Red flags triaged and cleared or escalated

Add-ons

• Margin election: confirm required margin agreements and suitability-related flags are addressed (your WSP should define the required documents and any heightened review).
• Options election: confirm options documentation, approval level, and any required internal review steps before activation.
• Retirement accounts: confirm plan/account type selection, beneficiary fields if applicable to your process, and any rollover documentation rules in your WSP.
• Entity accounts: confirm entity authority documentation and beneficial ownership-related items required by your procedures.

Your checklist becomes your defensible “what did the principal review?” story. It also reduces variability across principals.

3) Implement a workflow gate in systems (don’t rely on email)

A principal endorsement requirement fails most often because the operational flow allows activity to start before review.

Minimum workflow design:

• New account enters “Pending Principal Approval” status
• System blocks trading and sensitive features until approval is recorded
• Principal endorsement is recorded inside the system of record (or a controlled approval tool) with:
  • principal identity
  • timestamp
  • approval outcome (approved/denied/needs info)
  • reason codes for denials/returns
• Any override requires documented justification and secondary approval per WSP. (FINRA Rule 3110)

If your business spans multiple platforms, define the “system of record” for the endorsement and enforce reconciliation.

4) Build a deficiency-and-escalation loop (the practical difference-maker)

Principal review should generate one of three outcomes:

• Approve: account activates
• Reject/close: account does not open (and you record the rationale)
• Return for remediation: missing/inconsistent data or documents; rep/onboarding team must fix before approval

Escalation triggers should be explicit in WSPs: identity anomalies, contradictory customer profile elements, suspicious funding narratives, or patterns that could lead to unsuitable activity once the account is live. (FINRA Rule 3110) (FINRA Rule 2111) (Regulatory Notice 12-25)

5) Add QA testing and surveillance for “approval integrity”

To prove this control operates, run recurring checks that answer:

• Were any accounts activated/traded before principal endorsement?
• Are approvals performed by eligible principals?
• Do approvals show evidence of review (not just “clicked approve”)?
• Are exception approvals properly documented and rare?

Daydream (where it fits naturally): teams often track these test results, exceptions, and evidence in scattered tools. Daydream can centralize WSP-to-control mapping and store the artifacts (approval logs, sample testing, exception memos) so you can answer exam requests without rebuilding the story each time.

Required evidence and artifacts to retain

Keep evidence that shows both design (your procedures) and operation (your actual approvals):

Design artifacts

• WSP section covering account opening review and principal endorsement (FINRA Rule 3110)
• Role/permission matrix showing which principals can endorse and how access is controlled
• Principal review checklist(s) by account type
• Exception and escalation procedures (with approval authority)

Operating evidence (exam-ready)

• System audit logs showing principal endorsement (user, timestamp, account ID) (FINRA Rule 3110)
• Queue/workflow reports for “pending approval,” “returned,” “rejected,” and turnaround tracking
• Samples of new account packets with principal approval and remediation notes
• Exception documentation (business justification, approver, compensating controls)
• QA/testing workpapers and results, including follow-up on findings

Common exam/audit questions and hangups

Expect questions that force you to prove timing, consistency, and independence:

• “Show me your WSPs for principal endorsement of account opening.” (FINRA Rule 3110)
• “Demonstrate that every account opened during this period received principal approval.” (FINRA Rule 3110)
• “Can an account trade before principal approval? If yes, show the procedure and examples.” (FINRA Rule 3110)
• “How do you ensure approvals are performed by a registered principal and not delegated?” (FINRA Rule 3110)
• “What does the principal review for suitability/KYC completeness?” (FINRA Rule 2111) (Regulatory Notice 12-25)

Hangups usually come from: missing logs, approvals stored in email, unclear definition of “account opened,” and inconsistent principal practices across branches.

Frequent implementation mistakes and how to avoid them

1. Approval captured outside the system of record (email/Teams).
   Fix: require endorsement in the workflow tool and disable activation until recorded. (FINRA Rule 3110)

2. “Rubber-stamp” approvals with no defined review scope.
   Fix: adopt a principal checklist and require “return for remediation” notes for deficiencies. (FINRA Rule 3110)

3. Trading enabled before endorsement due to straight-through processing.
   Fix: enforce a hard gate at account creation or before first trade, and document any narrow exception path. (FINRA Rule 3110)

4. Entity accounts treated like retail accounts.
   Fix: create an entity add-on checklist and require authority documentation review before approval.

5. No proof that the approver is eligible.
   Fix: maintain a principal roster tied to system permissions; review access when roles change. (FINRA Rule 3110)

Enforcement context and risk implications

No public enforcement cases were provided in the source catalog for this requirement, so this page does not list case summaries.

Risk still matters. If accounts open without principal endorsement, you create a supervision failure that can amplify downstream issues: unsuitable recommendations, unapproved options/margin exposure, and inconsistent handling of customer information quality. Those downstream areas are examined under suitability and supervision expectations. (FINRA Rule 2111) (FINRA Rule 3110) (Regulatory Notice 12-25)

A practical execution plan (30/60/90)

First 30 days: Stabilize the gate

• Inventory all account types and opening channels (online, branch, institutional onboarding).
• Map the current state: where endorsement happens, who does it, and what “activation” means in each system.
• Draft/update WSP language to define timing, eligibility, review scope, and evidence. (FINRA Rule 3110)
• Implement an interim control if needed: a manual “do not trade until approved” queue with daily reconciliation.

Next 60 days: Standardize review and evidence

• Roll out principal checklists by account type with required fields and red-flag escalation.
• Move approvals into the workflow/system of record; eliminate email-based approvals.
• Create exception templates (return for remediation, reject, override) with mandatory rationale fields.
• Train principals and onboarding staff using real examples of good vs weak approval notes.

By 90 days: Prove it works under testing

• Run a sample-based test: verify endorsement exists for each sampled account and occurred before activation/trading. (FINRA Rule 3110)
• Review access controls for principal approvers and confirm registration/role alignment.
• Build a standing monthly report for “accounts opened without timely endorsement,” returned rates, and recurring deficiencies.
• Centralize WSPs, checklists, approval logs, and testing artifacts in a single evidence workspace (Daydream can serve this role) so exam responses are repeatable.

Frequently Asked Questions

Does the principal have to approve every single account, or can we risk-rate and sample?

The excerpted requirement calls for procedures for review and endorsement by a registered principal of the opening of each customer account. Sampling is better positioned as QA testing of the process, not a substitute for the endorsement itself. (FINRA Rule 3110)

Can a supervisor who is not a registered principal perform the review if a principal signs later?

The endorsement must be by a registered principal per the requirement. You can have onboarding staff do completeness checks, but your workflow should ensure the principal’s endorsement is the actual approval gate. (FINRA Rule 3110)

What counts as “endorsement” in practice?

A recorded approval by a registered principal that is attributable (who), time-stamped (when), and tied to the specific account (what). A free-form email is harder to defend than a controlled approval record. (FINRA Rule 3110)

How do we handle digital account opening where customers expect instant trading?

Build straight-through processing up to the point of principal approval, then block trading until endorsement is recorded. If you allow any limited activity pre-approval, document it narrowly in WSPs and monitor for exceptions. (FINRA Rule 3110)

Should the principal review suitability information during account opening?

The principal review should confirm that customer information supporting suitability is complete and coherent, because suitability obligations depend on accurate customer profile data. Align your checklist with your FINRA Rule 2111 process and any relevant internal risk flags. (FINRA Rule 2111) (Regulatory Notice 12-25)

What evidence is most persuasive in a FINRA exam?

System-generated audit logs showing principal identity and timestamps, plus the WSPs and checklists that define the review scope. Pair that with QA test results that confirm no activation/trading occurs without endorsement. (FINRA Rule 3110)