Senior Investor Protections

Senior investor protections is an operational requirement, not a policy-only exercise. FINRA’s framework ties together two outcomes: your firm asks for a trusted contact person for customer accounts, and your firm can pause disbursements long enough to investigate suspected financial exploitation (FINRA Rule 2165). For a CCO or GRC lead, the practical challenge is making this “real” in the systems and behaviors that matter in an exam: onboarding scripts, account update triggers, exception handling, escalation paths, and supervision.

Examiners typically focus on whether your firm made “reasonable efforts” to obtain trusted contact information and whether your teams can execute a temporary hold consistently, with documented rationale and controlled communications (FINRA Rule 2165). This page translates the requirement into steps you can implement quickly: what to change in forms and CRM fields, how to train frontline staff to spot red flags and escalate, how to document hold decisions, and what evidence to retain so your story is provable. If you use a GRC platform like Daydream, treat this requirement as a mapped control set with task workflows and evidence collection, so you can show completeness across accounts and hold events without scrambling.

Regulatory text

Regulatory excerpt (provided): “Members must make reasonable efforts to obtain the name and contact information of a trusted contact person for customer accounts, and may place temporary holds on disbursements when financial exploitation of seniors is suspected.” (FINRA Rule 2165)

Operator interpretation:
You need two built, repeatable capabilities:

1. Trusted contact capture as a standard account data practice. “Reasonable efforts” means you consistently request the information, document the request and response, and re-request under defined circumstances (for example, account updates) rather than treating it as optional or ad hoc (FINRA Rule 2165).

2. A controlled “temporary hold” mechanism. Your firm must be able to place, document, supervise, and release a temporary hold on disbursements of funds or securities when exploitation is suspected, with an investigation and appropriate notifications happening within that window (FINRA Rule 2165).

Plain-English requirement: what it means day to day

This requirement is about reducing the risk that an older or vulnerable client is coerced or tricked into moving assets out of the account. In practice, it means:

• You ask every client for a trusted contact person (name and contact information). The trusted contact is a person you can reach out to if you can’t reach the client or you suspect exploitation (FINRA Rule 2165).
• You prepare your operations team to pause disbursements when something looks wrong, so you can investigate instead of racing the wire (FINRA Rule 2165).

The trusted contact process is preventive; the temporary hold process is detective and responsive. Exams tend to probe both.

Who it applies to

Entity types: Broker-dealers and investment advisers are listed as in-scope in the provided applicability data. Operationally, the Rule text provided is framed for FINRA “Members,” which is broker-dealer context (FINRA Rule 2165). Treat this as mandatory for broker-dealer operations subject to FINRA, and as a strong operational benchmark where your advisory business shares systems and servicing teams.

Operational contexts where you must embed controls

• New account opening: forms, digital onboarding, and scripted client conversations.
• Account maintenance / profile updates: periodic updates and event-driven changes (address, phone, beneficiaries, POA changes, distribution instructions).
• Cash management and disbursements: wires, ACH, checks, ACATs, securities transfers.
• Supervision and surveillance: escalation, approvals, recordkeeping, and QA testing.

What you actually need to do (step-by-step)

1) Define the control standard (policy + procedures that match the operational reality)

Create or update a written procedure that states:

• You will request trusted contact info at account opening and at defined account update events (FINRA Rule 2165).
• You will document whether the customer provides, declines, or partially provides information, and what follow-up was done.
• You will place a temporary hold on disbursements when you suspect financial exploitation of a senior or vulnerable adult, and you will document the basis and the steps taken (FINRA Rule 2165).

Practical drafting tip: write procedures in a way that matches your workflow tools (CRM, ticketing system, wire system). If the procedure says “notify X,” there should be a field, task, or template that makes it hard to skip.

2) Implement trusted contact capture in onboarding (forms + systems + scripts)

Systems configuration

• Add required fields for “Trusted Contact Name,” “Relationship,” “Phone,” “Email,” and “Address” (or the subset your firm standardizes), plus a status field: “Provided / Declined / Pending.”
• Add a notes field for “Reasonable efforts record,” so staff can log attempts and outcomes in a consistent format.

Frontline script (minimum)

• Ask the client to provide a trusted contact person.
• Explain the purpose plainly: “If we can’t reach you or suspect someone is trying to take advantage of you, we may contact this person.”
• Provide an explicit “decline” option and record it.

Quality gate

• Do not allow an account to move from “pending” to “active” without either trusted contact details or a recorded decline plus evidence the request was made (FINRA Rule 2165).

3) Build the “reasonable efforts” refresh triggers for existing accounts

You need a defined trigger set so this does not depend on memory. Common operational triggers include:

• Any update to customer profile/contact details
• Changes in disbursement instructions
• Changes in authority (new agent, POA, new third party authorization)
• Returned mail, unreachable client, or unusual communication patterns

For each trigger, make your system open a task: “Request trusted contact update,” with required closure notes.

4) Stand up a temporary hold workflow (decisioning + documentation + supervision)

Scope the hold: The requirement allows holds on disbursements of funds or securities when you suspect exploitation (FINRA Rule 2165). Treat this as a specific operational action in your disbursement process.

Create an escalation path

• Tier 1: frontline rep flags concern and routes to a dedicated queue (Supervision/Compliance/Operations).
• Tier 2: a trained reviewer decides whether to place a hold, with documented rationale.
• Tier 3: supervisory approval (document who approved and why).

Investigation checklist (make it a template)

• What is the requested disbursement and destination?
• What changed compared to prior behavior?
• Contact attempts to the customer (dates/times/methods).
• Any internal account notes: prior concerns, third party involvement, sudden urgency.
• Decision: hold placed or not placed, and why.
• Notifications made (internal and external where appropriate per your procedures) (FINRA Rule 2165).

Time limits (operationalize them as system controls): Rule 2165 permits a temporary hold for up to 25 business days, extendable to 55 business days under the conditions described in the Rule (FINRA Rule 2165). Implement timer-based controls:

• Automatic reminders before the initial hold period ends.
• A required review/approval step to extend.
• A required closure step to release, reject, or escalate.

5) Train staff to spot and escalate suspected exploitation

Training should be role-based:

• Front office: identifying concerns, how to pause processing and escalate, what not to promise the client.
• Operations: how to place a hold, how to prevent “workarounds,” documentation standards.
• Supervisors/Compliance: consistent decisioning, communications, and record retention (FINRA Rule 2165).

Keep training anchored in workflows: show screenshots, forms, and ticket examples, not just slides.

6) Evidence, testing, and governance (make it exam-ready)

Supervisory reviews

• Sample new accounts for trusted contact completion/declines.
• Sample disbursement requests for escalation and hold handling.
• Review exceptions where disbursements were processed despite red flags.

Metrics that help you manage (qualitative, not vanity)

• Volume of accounts missing trusted contact status
• Volume of declined trusted contacts by channel/rep
• Count of disbursement escalations and holds
• Aged holds nearing end of permitted period (FINRA Rule 2165)

If you track this in Daydream, map each control (trusted contact capture, refresh triggers, hold workflow, documentation) to owners, recurring tasks, and evidence requests so audits become an export, not a fire drill.

Required evidence and artifacts to retain

Keep artifacts that prove “reasonable efforts” and controlled holds:

Trusted contact

• Account opening record showing trusted contact requested and the response (provided or declined) (FINRA Rule 2165)
• Dated notes or system logs of follow-up attempts for missing information
• Records of trusted contact refresh requests triggered by account updates

Temporary hold

• Hold initiation record: date/time, request details, who initiated
• Rationale for suspicion of exploitation (facts observed, not conclusions)
• Investigation notes: customer contact attempts, internal reviews
• Supervisory approvals for placing and extending holds
• Notifications made per your procedure and any relevant correspondence (FINRA Rule 2165)
• Hold release documentation and final disposition

Program governance

• Written supervisory procedures (WSPs) / compliance procedures
• Training materials and completion records
• QA/testing results and remediation tickets

Common exam/audit questions and hangups

Expect these lines of questioning:

• “Show me how your firm makes reasonable efforts to obtain trusted contact information.” (FINRA Rule 2165)
• “What happens if the customer refuses?” Show how you document the decline and that the request was still made (FINRA Rule 2165).
• “Walk me through the last temporary hold.” They will want a timeline, rationale, approvals, and outcome (FINRA Rule 2165).
• “How do you ensure holds don’t exceed permitted periods?” Show timer controls, reminders, and supervisory reviews tied to the Rule’s timeframes (FINRA Rule 2165).
• “How do you ensure operations follows the escalation and doesn’t process ‘rush’ wires?” Show workflow gating and exception reporting.

Frequent implementation mistakes and how to avoid them

1. Trusted contact treated as a one-time onboarding checkbox.
   Fix: create refresh triggers tied to account updates and disbursement changes (FINRA Rule 2165).

2. No proof of “reasonable efforts.”
   Fix: require structured notes for request attempts and customer responses; audit for missing notes.

3. Temporary hold exists on paper but not in systems.
   Fix: implement a disbursement “stop” status that prevents processing until a supervisor clears it.

4. Inconsistent decisioning across teams.
   Fix: publish a decision checklist and require supervisor sign-off for holds and extensions (FINRA Rule 2165).

5. Holds age out without action.
   Fix: timer-based queues, reminders, and escalation for holds approaching the maximum permitted duration (FINRA Rule 2165).

Enforcement context and risk implications

No public enforcement cases were provided in the supplied source catalog, so this page does not cite specific actions. The risk is still concrete: if you cannot prove “reasonable efforts” for trusted contact collection or cannot demonstrate controlled hold decisions with clear records, you face exam findings, remediation costs, and heightened supervisory scrutiny (FINRA Rule 2165). Operationally, weak controls also increase the chance of irreversible disbursements that harm clients and trigger complaints.

Practical 30/60/90-day execution plan

First 30 days (Immediate)

• Assign an accountable owner across Compliance + Operations for the senior investor protections program (FINRA Rule 2165).
• Update procedures/WSPs to reflect trusted contact requests, refresh triggers, and temporary hold workflow (FINRA Rule 2165).
• Inventory systems: where will trusted contact data live, and where can a hold be placed.
• Draft the investigation checklist and supervisor approval requirements for holds (FINRA Rule 2165).

Days 31–60 (Near-term)

• Deploy onboarding changes: forms, CRM fields, required statuses, and scripted language.
• Implement refresh triggers as tasks in your workflow tool (CRM/ticketing).
• Configure disbursement workflow gating to support hold placement and prevent bypass.
• Train frontline and operations staff; require completion evidence (FINRA Rule 2165).

Days 61–90 (Operationalize and prove it)

• Run a targeted remediation campaign for existing accounts missing trusted contact status (request or document decline) (FINRA Rule 2165).
• Tabletop test: run scenarios for suspected exploitation and place a mock hold end-to-end (FINRA Rule 2165).
• Start QA sampling and management reporting; log issues as corrective actions with owners and due dates.
• In Daydream, set up recurring control tests and evidence requests so you can demonstrate ongoing compliance without manual chasing.

Frequently Asked Questions

Do we have to refuse to open an account if a customer won’t provide a trusted contact?

The requirement is to make reasonable efforts to obtain the information and document the outcome (FINRA Rule 2165). Operationally, allow an explicit “declined” status and retain evidence the request was made.

When should we re-ask for trusted contact information?

Build re-requests into account maintenance events and other defined triggers, and record the attempt and response each time (FINRA Rule 2165). Avoid relying on annual “hope it happens” outreach unless it is actually executed and tracked.

What transactions should be in scope for a temporary hold?

Treat disbursements of funds or securities as in scope and ensure your disbursement systems can stop processing pending review (FINRA Rule 2165). Document each hold decision with the facts that led to suspicion.

Who should be allowed to approve a temporary hold?

Limit approval to trained supervisors or Compliance, and require documented rationale and approval records for both placement and extension decisions (FINRA Rule 2165). Frontline staff should escalate, not decide.

How do we prove “reasonable efforts” in an exam?

Keep system logs or notes that show the trusted contact request at onboarding and on defined update triggers, including the customer’s response (provided or declined) (FINRA Rule 2165). Missing notes is a common gap even when staff “asked.”

Can we operationalize this without new tooling?

Yes, but you need consistent fields, workflow routing, and evidence capture. A GRC workflow in Daydream can reduce manual coordination by tying tasks, approvals, and artifacts to the same control record.