Customer-Specific Suitability

Customer-specific suitability means you must match every securities recommendation to the individual customer’s investment profile and be able to show, in writing, why the recommendation fit that customer at that time (FINRA Rule 2111). Operationalize it by collecting complete profile data, forcing suitability checks before order entry, supervising exceptions, and retaining evidence that ties the recommendation to the profile (FINRA Rule 3110).

Key takeaways:

• You need a documented, profile-based rationale for each recommendation, not a generic product pitch (FINRA Rule 2111).
• Missing or stale investment profile data is a control failure; block or escalate recommendations until corrected (FINRA Rule 2111).
• Supervisory review must test suitability decisions and exceptions, and you must retain audit-ready evidence (FINRA Rule 3110).

Customer-specific suitability is the “does this fit this customer?” obligation. It sits downstream of KYC and upstream of order execution: if your representatives can’t articulate how a recommendation aligns with the customer’s age, financial situation, tax status, objectives, experience, time horizon, liquidity needs, and risk tolerance, you are exposed (FINRA Rule 2111).

For a CCO or GRC lead, the fastest way to make this real is to treat suitability as an evidence problem, not a training problem. You need a workflow that (1) captures a complete investment profile, (2) converts that profile into constraints and decision points inside your CRM/order-entry process, (3) routes edge cases for supervision, and (4) preserves a clear record that links “profile → recommendation → rationale → approvals.” Supervision and recordkeeping are where otherwise “good” programs fail during exams because the firm cannot prove what happened and why (FINRA Rule 3110).

This page translates the customer-specific suitability requirement into operational steps, artifacts to retain, and exam-ready talking points you can implement quickly.

Regulatory text

Requirement (quoted): “A member or associated person must have a reasonable basis to believe that the recommendation is suitable for the particular customer based on that customer's investment profile.” (FINRA Rule 2111)

What the operator must do

You must design and run a process where, before a recommendation is made or acted upon, the representative has:

1. A current investment profile for the customer; and
2. A documented rationale showing the recommendation aligns to that profile (FINRA Rule 2111).

Then you must supervise that process through written supervisory procedures, reviews, and exception handling that can be evidenced during testing (FINRA Rule 3110).

Plain-English interpretation (what “reasonable basis” looks like in practice)

Customer-specific suitability is satisfied when a reviewer can pick up the file and answer three questions without guessing:

• What did the firm know about the customer? (profile fields complete and current)
• What was recommended (or effected), and when? (the recommendation and timing are clear)
• Why did it make sense for this customer? (a rationale tied to the specific profile factors) (FINRA Rule 2111)

Your risk increases when any of these are missing, stale, conflicting, or overwritten without audit history. Suitability failures usually show up as process gaps: incomplete profiles, “default” risk tolerance, copy-pasted rationales, or recommendations made outside the documented objective and constraints.

Who it applies to (entity + operational context)

Entities

• FINRA member broker-dealers and their associated persons making recommendations to customers (FINRA Rule 2111).
• Operationally similar expectations often exist in advisory contexts, but this page is anchored to FINRA’s suitability rule text and supervision expectations (FINRA Rule 2111; FINRA Rule 3110).

Activities in scope

Customer-specific suitability applies to recommendations made through:

• Registered representatives in branches or call centers
• Digital or hybrid channels where a person or the firm recommends (for example, model portfolios presented as recommendations)
• Rollovers, switches, and allocations when framed as recommendations
• Account-level recommendations (for example, margin or options approval) when they function as individualized recommendations

Out of scope (but commonly confused)

• Purely educational content with no recommendation may fall outside a “recommendation” analysis, but your supervision program still needs clear boundaries and documentation standards to avoid “accidental recommendations” in notes, emails, and chat.

What you actually need to do (step-by-step)

Step 1: Define your “investment profile” data standard (and make it non-optional)

Create a profile schema that, at minimum, covers the factors explicitly called out in FINRA’s suitability framework: age, other investments, financial situation, tax status, investment objectives, investment experience, investment time horizon, liquidity needs, risk tolerance, and other information the customer discloses (FINRA Rule 2111).

Control design choices that examiners like:

• Required fields with controlled vocabulary (picklists) for objectives and risk tolerance
• Free-text fields only for nuance, not as a substitute for structured data
• Clear “last updated” and “who updated” audit trail

Step 2: Set “data freshness” triggers and event-based re-confirmation

Document when you require the profile to be updated or re-confirmed. Avoid promising a calendar cadence you can’t evidence. Instead, use event-based triggers you can detect and audit, such as:

• Material changes disclosed by the customer
• A recommendation that conflicts with current objectives or risk tolerance
• Long inactivity followed by a new recommendation

Tie these triggers to supervision: if a trigger fires, the system should block recommendation workflow or require escalation (FINRA Rule 2111; FINRA Rule 3110).

Step 3: Build a suitability check at the point of recommendation (not after)

Make suitability a gating step in the workflow:

• Representative selects the product/strategy being recommended
• System displays relevant profile constraints and prompts the rep to confirm alignment
• Rep records a customer-specific rationale (short, specific, and testable)
• If mismatch, require documented exception and supervisory approval before proceeding (FINRA Rule 3110)

Example of an acceptable rationale (pattern):

• “Customer has long time horizon, moderate risk tolerance, and objective of growth; recommendation increases equity exposure within stated tolerance and does not introduce near-term liquidity constraints.” (FINRA Rule 2111)

Example of a weak rationale (pattern to avoid):

• “Suitable for growth and diversification.”
  This fails because it is generic and not tied to the customer’s actual profile (FINRA Rule 2111).

Step 4: Create an exception taxonomy and escalation paths

Define exception categories that require heightened review, such as:

• Objective mismatch (income vs. growth)
• Liquidity mismatch (illiquid product vs. near-term liquidity need)
• Risk mismatch (high-risk product vs. low tolerance)
• Concentration concerns (high exposure to a single issuer/sector)
  Then define who can approve, what evidence is required, and what follow-up is mandatory (FINRA Rule 3110).

Step 5: Supervise with targeted reviews and trend reporting

Under supervision expectations, you need written procedures and actual review activity that tests whether reps are applying the rule as designed (FINRA Rule 3110). Build a supervisory review program that includes:

• Pre-trade or near-real-time review of flagged recommendations
• Post-trade sampling that checks profile completeness, rationale quality, and approvals
• Supervisory sign-off records and remediation tracking

Report trends that matter operationally:

• Top “missing profile field” drivers
• Most common mismatch categories
• Representatives with repeated exceptions or copy-pasted rationales

Step 6: Train to the workflow and the evidence standard

Training should be short and practical:

• How to complete the profile correctly
• What constitutes a good rationale vs. unacceptable boilerplate
• How to handle customer refusal to provide info (document refusal; restrict recommendations until sufficient basis exists) (FINRA Rule 2111)

Step 7: Retain records so you can prove the decision

Suitability is frequently litigated as “you can’t prove what you did.” Treat record retention as part of the control, not an afterthought. Your records should support reconstruction of the recommendation decision (FINRA Rule 3110).

Required evidence and artifacts to retain

Use this checklist as your exam-ready evidence set:

Artifact	What “good” looks like	Why it matters
Customer investment profile record	Complete fields; timestamps; audit trail of changes	Establishes the basis for the recommendation (FINRA Rule 2111)
Recommendation record	Product/strategy; date/time; channel; rep identity	Defines what was recommended and by whom (FINRA Rule 2111)
Suitability rationale note	Specific linkage to profile factors; not boilerplate	Demonstrates reasonable basis for suitability (FINRA Rule 2111)
Exception + approval record (if applicable)	Mismatch category; approval; conditions; follow-up	Shows supervision of deviations (FINRA Rule 3110)
Supervisory review logs	Sampling criteria; findings; remediation tracking	Proves supervisory system is operating (FINRA Rule 3110)
WSPs and job aids	Procedures match system reality	Examiners test “written vs. actual” (FINRA Rule 3110)
Training completion records	Role-based completion; updates after process changes	Demonstrates reasonable training governance (FINRA Rule 3110)

Common exam/audit questions and hangups

Expect questions like:

1. Show me how you determine suitability for a recommendation. Walk through the workflow screens, required fields, and rationale prompts (FINRA Rule 2111).
2. How do you prevent recommendations when the profile is incomplete or stale? Examiners look for controls that stop bad activity, not just policies (FINRA Rule 2111; FINRA Rule 3110).
3. How do you supervise exceptions and mismatches? Produce exception logs, approvals, and remediation evidence (FINRA Rule 3110).
4. How do you know reps aren’t using boilerplate rationales? Show surveillance, lexicon checks, and sampling results (FINRA Rule 3110).
5. What happens if a customer refuses to provide information? Show documented refusal handling and restricted recommendation pathways (FINRA Rule 2111).

Frequent implementation mistakes (and how to avoid them)

1. Treating the profile as a one-time onboarding form.
   Fix: Add event-based refresh triggers tied to recommendation workflow (FINRA Rule 2111).

2. Allowing “default” risk tolerance or objectives.
   Fix: Prohibit defaults; require explicit customer-confirmed entries and supervisor review for edge cases (FINRA Rule 2111; FINRA Rule 3110).

3. Rationale notes that don’t reference the profile.
   Fix: Use a short template that forces mention of objective, horizon, liquidity, and risk tolerance. Train supervisors to reject generic text (FINRA Rule 2111).

4. Supervision that exists only in WSPs.
   Fix: Maintain review logs, sampling methodology, and remediation tracking with timestamps (FINRA Rule 3110).

5. No clear definition of “recommendation” across channels.
   Fix: Define channels and communications that constitute recommendations and apply the same evidence standard to notes, email, and chat where applicable (FINRA Rule 2111; FINRA Rule 3110).

Enforcement context and risk implications

No public enforcement case sources were provided in the supplied source catalog for this requirement, so this page does not list specific cases. Practically, customer-specific suitability issues tend to surface through customer complaints, arbitration, branch exams, and trade surveillance reviews, then expand into supervisory findings if documentation is inconsistent with WSPs (FINRA Rule 3110). Your operational goal is simple: make the file self-explanatory.

Practical 30/60/90-day execution plan

You asked for quick operationalization; use phases you can complete and evidence.

First 30 days: Stabilize the minimum viable control

• Map where recommendations occur (channels, products, teams) and confirm the profile fields you will require (FINRA Rule 2111).
• Update WSP language to match the actual workflow and supervision responsibilities (FINRA Rule 3110).
• Implement “hard stops” or required escalations for missing profile fields in the recommendation flow (FINRA Rule 2111).
• Publish a rationale standard with examples of acceptable vs. unacceptable notes (FINRA Rule 2111).

Days 31–60: Add supervision depth and exception discipline

• Stand up an exception taxonomy with required approvals and documentation (FINRA Rule 3110).
• Launch supervisory sampling: test files for profile completeness, mismatch handling, and rationale quality (FINRA Rule 3110).
• Add monitoring for boilerplate rationales (keyword patterns, repeated text blocks) and route to supervisors for coaching and remediation (FINRA Rule 3110).

Days 61–90: Make it durable and audit-ready

• Implement trend reporting to identify repeat exception drivers and high-risk reps/teams (FINRA Rule 3110).
• Run a mock exam: produce end-to-end evidence for a set of recommendations, including approvals and review logs (FINRA Rule 3110).
• If you need scale and consistency, configure Daydream to standardize evidence capture and keep suitability decision records tied to the customer profile and supervisory workflows (FINRA Rule 2111; FINRA Rule 3110).

Frequently Asked Questions

What counts as the “investment profile” for customer-specific suitability?

You need enough information to assess suitability for that customer, including age, financial situation, tax status, objectives, experience, time horizon, liquidity needs, risk tolerance, and other disclosed factors (FINRA Rule 2111). Treat the profile as required data, not optional narrative.

Do we have to document a rationale for every recommendation?

You need records that demonstrate a reasonable basis for believing the recommendation was suitable for the particular customer (FINRA Rule 2111). In practice, that means a documented rationale tied to the profile, plus any required supervisory approvals (FINRA Rule 3110).

What if the customer refuses to provide profile information?

Document the refusal and assess whether you still have enough information to form a reasonable suitability basis (FINRA Rule 2111). If you don’t, restrict recommendations and require escalation or supervisory review under your procedures (FINRA Rule 3110).

How do we handle suitability for digital or model-based recommendations?

Apply the same rule: the recommendation must align to the particular customer’s profile, and you must be able to evidence the linkage (FINRA Rule 2111). Build gating checks and retain decision records just as you would for a human rep (FINRA Rule 3110).

What’s the cleanest way to prevent “boilerplate” suitability notes?

Use structured prompts that require specific profile factors and add supervisory sampling to reject generic text (FINRA Rule 3110). Track repeat offenders and require remediation with documented follow-up.

How does supervision connect to customer-specific suitability?

FINRA expects a supervisory system that enforces and tests your suitability process, including exceptions and documentation quality (FINRA Rule 3110). If supervisors can’t produce review logs and remediation evidence, suitability gaps become supervisory findings.