SEC Regulation Best Interest (Reg BI)

SEC Regulation Best Interest (Reg BI) requires your broker-dealer and its associated persons to act in the retail customer’s best interest at the time of each recommendation, without putting the firm’s or rep’s interests ahead of the customer’s. To operationalize it quickly, implement a repeatable recommendation review workflow that proves disclosure, care, conflict controls, and supervision are working. (17 CFR 240.15l-1)

Key takeaways:

• Reg BI is executed “trade-by-trade” (and strategy-by-strategy) at the moment of recommendation, not satisfied by a policy alone. (17 CFR 240.15l-1)
• Exams continue to focus on Reg BI compliance, so you need a defensible evidence trail, not narrative explanations. (2024-exam-priorities)
• Recent SEC cases show penalties for Reg BI-related failures and weak compliance programs, so gaps in surveillance and documentation translate into enforcement risk. (Release No. 34-101066)

The operational problem with the sec regulation best interest (reg bi) requirement is rarely “do we agree with the standard.” It’s “can we prove we met it for this customer, for this recommendation, using the information we had at that time.” Reg BI is triggered when a broker-dealer (or an associated person) makes a recommendation of a securities transaction or an investment strategy involving securities to a retail customer. (17 CFR 240.15l-1)

For a CCO or GRC lead, the fastest path to control is to treat Reg BI as a production workflow with four parts: (1) capture complete customer and account context, (2) document the recommendation and reasonable alternatives, (3) identify and address conflicts, and (4) supervise and test the system so exceptions surface and get remediated. The SEC’s Division of Examinations continues to name Reg BI as a primary focus for broker-dealers, which means your operating model should assume requests for samples, exception reports, and supervisory follow-up. (2024-exam-priorities)

This page gives requirement-level implementation guidance you can hand to supervision, operations, and the front office, with a concrete evidence bundle for exams and internal audit.

Requirement summary (plain English)

Reg BI requires that when your firm recommends a securities transaction or investment strategy to a retail customer, the recommendation must be in the customer’s best interest at that moment, and you cannot put the firm’s or rep’s financial or other interests ahead of the customer’s. (17 CFR 240.15l-1)

Operationally: you must be able to show (with records) what was recommended, to whom, why it was in the customer’s best interest, what conflicts existed, what you disclosed, and what you did to mitigate or eliminate conflicts that could bias the recommendation.

Who it applies to

Entity scope

• Broker-dealers, and natural persons who are associated persons of a broker or dealer. (17 CFR 240.15l-1)

Activity scope (what triggers Reg BI)

• A recommendation of any securities transaction or investment strategy involving securities to a retail customer. (17 CFR 240.15l-1)

Operational context (where teams get caught)

• New account funding and initial trade recommendations
• Rollovers and account-type recommendations (where the “strategy” is the recommendation)
• Product switches, concentration changes, and “trade more/hold” prompts that can be framed as recommendations
• Recommendations delivered through branches, call centers, hybrid models, and digital prompts that a regulator can interpret as individualized

Regulatory text

Primary obligation (excerpt): A broker, dealer, or associated person, when making a recommendation of any securities transaction or investment strategy involving securities to a retail customer, must act in the best interest of the retail customer at the time of the recommendation, without placing the firm’s or rep’s interest ahead of the retail customer’s interest. (17 CFR 240.15l-1)

Operator interpretation (what you must do)

1. Define “recommendation” events in your business so supervision knows what interactions must be reviewed and documented. (17 CFR 240.15l-1)
2. Build a controlled decision record for each recommendation that ties customer profile inputs to the recommendation output. (17 CFR 240.15l-1)
3. Identify conflicts tied to compensation, product shelf, revenue sharing, or incentives and ensure controls prevent those conflicts from driving outcomes. (17 CFR 240.15l-1)
4. Prove your compliance program operates in practice through supervisory reviews, exception handling, and periodic testing aligned to exam expectations. (2024-exam-priorities)

What you actually need to do (step-by-step)

Treat this as a workflow with clear entry criteria, required fields, approvals, and an audit trail.

Step 1: Establish a Reg BI “control card” (ownership + runbook)

Create a one-page runbook that answers:

• Owner: named role (CCO delegate, Head of Supervision)
• Scope: channels, products, recommendation types
• Trigger events: what counts as a recommendation in your firm
• Execution steps: what reps/supervisors must do every time
• Exception rules: when escalation is mandatory (e.g., complex products, elderly/vulnerable clients, high-turnover patterns)

This closes a common exam gap: teams can explain Reg BI but cannot show who runs it, when, and how.

Step 2: Standardize the recommendation record (inputs → analysis → output)

Require a documented recommendation record for each covered event:

• Customer profile snapshot: investment objectives, risk tolerance, time horizon, liquidity needs, tax status as relevant, and other suitability-relevant factors as captured in your systems
• Account context: holdings, concentration, recent activity, constraints, investment policy notes if applicable
• Recommendation details: product/security, size, rationale, time of recommendation
• Reasonable alternatives considered: the short list and why rejected (keep it practical; avoid essay-length narratives)
• Costs and compensation: customer-facing costs plus rep/firm incentives relevant to the product or strategy
• Disclosures delivered: which disclosure documents, when, and how delivery was evidenced

Design point: you want required fields that make “blank” recommendations impossible to approve.

Step 3: Implement conflict identification and handling

Build a conflicts layer that connects firm incentives to recommendations:

• Inventory your conflict sources: product shelf differences, proprietary products, revenue sharing, sales contests, differential compensation, referral arrangements, and non-cash compensation. (17 CFR 240.15l-1)
• Map each conflict to a control response: disclose, mitigate, or eliminate, then document which approach you use and why. (17 CFR 240.15l-1)
• Hard-code high-risk conflict checks into the workflow (e.g., prompts and required supervisor sign-off when a higher-compensating share class is selected).

Step 4: Build supervisory review that is evidentiary, not conversational

Supervision should produce artifacts that demonstrate:

• The recommendation record was completed
• Conflicts were addressed per policy
• The customer profile used was current
• Exceptions were identified and resolved with documented rationale

Practical pattern: create an exception queue (missing profile fields, stale KYC, high turnover indicators, high-cost products, concentration alerts) and require documented closure.

Step 5: Implement ongoing control health checks (testing + remediation)

You need two layers:

• Control operation checks: are reviews happening; are required fields populated; are approvals documented
• Outcome-oriented surveillance: detect patterns that indicate the best-interest process is failing (for example, excessive trading concerns have appeared in Reg BI enforcement context). (Release No. 34-101361)

Track findings through remediation to validated closure. Examiners routinely ask for proof that issues were fixed and stayed fixed. (2024-exam-priorities)

Step 6: Train to the workflow and test comprehension

Training must be tied to:

• What is a recommendation in your channels
• How to document alternatives and costs
• How to recognize and escalate conflicts
• What “good” and “bad” documentation looks like in your firm

Keep examples close to your product shelf and compensation model.

Required evidence and artifacts to retain

Build a minimum evidence bundle per recommendation sample. Store it in a consistent location with indexed retrieval.

Per-recommendation artifacts

• Customer profile snapshot (as-of time of recommendation)
• Recommendation record (required fields completed)
• Disclosure delivery evidence (timestamped delivery logs, acknowledgment capture where used)
• Cost/compensation support (product fee schedule reference, payout grid mapping as applicable)
• Supervisor review/approval record (who, when, what was checked)
• Exception documentation (alerts triggered, rationale, and disposition)

Program-level artifacts

• Written supervisory procedures covering Reg BI workflow and escalation paths (17 CFR 240.15l-1)
• Conflict inventory and control mapping (17 CFR 240.15l-1)
• Testing plan, test results, and remediation tracking
• Training materials and completion records

If you use Daydream, configure the requirement as a control card plus an evidence checklist so each supervisory cycle produces the same bundle, formatted the same way, every time.

Common exam/audit questions and hangups

Exams have repeatedly signaled focus on Reg BI for broker-dealers. (2024-exam-priorities) Expect questions like:

• “Define what you treat as a recommendation across branch, phone, and digital channels.” (17 CFR 240.15l-1)
• “Show us a sample set of recommendations and the support for why each was in the retail customer’s best interest at the time.” (17 CFR 240.15l-1)
• “How do you identify and mitigate conflicts tied to compensation and product selection?” (17 CFR 240.15l-1)
• “How do supervisors evidence review and escalation, and what happens when required customer data is missing?” (Release No. 34-101066)
• “Show testing results, exceptions, and proof of remediation.” (2024-exam-priorities)

Hangups that slow exams:

• No consistent record that alternatives were considered
• Customer profile data scattered across systems after conversions or integrations, leading to incomplete review files (a failure mode raised in enforcement context). (Release No. 34-101066)
• Conflicts documented in a policy but not reflected in front-office tooling

Frequent implementation mistakes (and how to avoid them)

1. Policy-only compliance. Fix: make Reg BI a workflow with required fields and approvals, then test it. (17 CFR 240.15l-1)
2. Stale or incomplete customer data used for reviews. Fix: block approval when key fields are missing; route to remediation before recommendations proceed. (Release No. 34-101066)
3. Conflicts treated as generic disclosures. Fix: tie conflicts to product/compensation realities and require specific mitigation steps for high-risk conflicts. (17 CFR 240.15l-1)
4. Supervision that cannot be replayed. Fix: require supervisors to record what they checked and why exceptions were approved, in a standardized template.
5. No evidence index. Fix: define the evidence bundle and storage path so you can produce it quickly for exams. (2024-exam-priorities)

Public enforcement cases

Recent SEC administrative orders provide concrete examples of Reg BI-related enforcement and weak supervisory programs:

• In the Matter of Citigroup Global Markets, Inc. and Citi International Financial Services, LLC — Release No. a range — civil penalty of a material amount. (Release No. a range)
• In the Matter of Laidlaw and Company (UK) Ltd. — Release No. a range — civil penalty of a material amount. (Release No. a range)
• In the Matter of Western International Securities, Inc. — Release No. a range — civil penalty of a material amount. (Release No. a range)
• In the Matter of First Horizon Advisors, Inc. — Release No. a range — civil penalty of a material amount. (Release No. a range)
• In the Matter of PHX Financial, Inc. — Release No. a range — civil penalty of a material amount. (Release No. a range)

What this means for your risk register

• The SEC brings cases where firms fail to establish, maintain, or enforce policies reasonably designed for Reg BI compliance, including supervision failures. (Release No. 34-101066)
• Penalties in these cited matters ranged from a material amount to a material amount based on the listed orders. (Release No. a range) (Release No. a range)

Practical 30/60/90-day execution plan

Use this as an operator’s plan. Adjust sequencing based on your channel mix and current tooling.

First a defined days: Stabilize scope, ownership, and evidence

• Appoint Reg BI control owner and approvers; publish the control card and escalation rules. (17 CFR 240.15l-1)
• Define “recommendation” triggers by channel and write them into supervisory procedures. (17 CFR 240.15l-1)
• Design the minimum recommendation record and evidence bundle; pilot on one desk or branch.
• Select an initial exception set (missing customer fields, high-cost products, concentration flags) and route to supervision.

Days 31–60: Put supervision and conflicts into production

• Build conflict inventory and map each conflict to disclosure/mitigation/elimination controls. (17 CFR 240.15l-1)
• Implement supervisory review templates and an exception queue with documented closure.
• Train reps and principals to the workflow; require completion before independent recommending.
• Run a first control health check and open remediation items with owners and due dates.

Days 61–90: Test, tune, and prepare for exam requests

• Perform targeted testing on recommendation files for completeness and consistency; document results and fixes. (2024-exam-priorities)
• Tune surveillance thresholds and exception routing based on observed errors.
• Build an exam response package: sample production process, evidence index, and a short narrative of your workflow with screenshots and templates.
• If you use Daydream, centralize evidence requests and remediation tracking so you can show issue lifecycle, not isolated artifacts.

Frequently Asked Questions

Does Reg BI apply to all customer interactions or only certain ones?

Reg BI applies when you make a recommendation of a securities transaction or an investment strategy involving securities to a retail customer. You should define and document what your firm treats as a “recommendation” across channels so supervision reviews the right population. (17 CFR 240.15l-1)

What is the single most important artifact for an exam?

A complete recommendation record that shows customer profile inputs, the specific recommendation, alternatives considered, conflicts addressed, and supervisory approval. Examiners typically want to sample files and see a consistent evidence trail. (2024-exam-priorities)

How do we handle conflicts tied to differential compensation?

Identify where compensation varies by product or strategy, then implement controls to prevent that conflict from driving recommendations, supported by documentation and supervision. Keep the mapping explicit so you can explain exactly how the conflict is addressed in practice. (17 CFR 240.15l-1)

We went through a merger and our customer data is split across systems. What should we do first?

Start by identifying which customer fields are required for Reg BI review and block approvals when those fields are missing or stale. Enforcement history highlights the risk of system integration issues leading to incomplete information for Reg BI review. (Release No. 34-101066)

Can we satisfy Reg BI with disclosures alone?

Disclosures help, but Reg BI’s standard is acting in the retail customer’s best interest at the time of recommendation and not placing firm interests ahead of customer interests. Build a workflow that documents the basis for the recommendation and shows conflicts are addressed, not merely disclosed. (17 CFR 240.15l-1)

What should we produce if the SEC asks about Reg BI supervision?

Provide supervisory procedures, evidence of supervisory reviews, exception reports, and remediation tracking that shows issues were identified and fixed. Exams continue to focus on Reg BI compliance for broker-dealers. (2024-exam-priorities)