FINRA's New Know Your Customer and Suitability Rules
FINRA On July 9, 2012, Financial Industry Regulatory Authority (“FINRA”) Rule 2090 replaced New York Stock Exchange (“NYSE”) Rule 405 as the new Know Your Customer (“KYC”) Rule; and Rule 2111 supplanted National Association of Securities Dealers (“NASD”) Rule 2310 as the new suitability rule.
Fundamentally, FINRA’s new rules employ the same concepts and precepts as their predecessor rules. The language of the new rules, however, provides some welcome clarity to the old rules and makes express what was previously only implied. While these changes should help to curtail some of the more questionable tactics employed by some claimants’ counsel — and provide firms with additional arguments in discovery as to why particular documents are relevant — firms should be on guard for attempts by claimants’ counsel to misconstrue these new rules as somehow imposing new duties.
Following are some of the more substantive changes under FINRA’s new rules:
- Firms’ and brokers’ efforts to get to know their customers are now expressly governed by a reasonableness standard.
- Firms’ and brokers’ KYC obligations are now limited to knowing (i) their customers, and (ii) the authority of each person acting on behalf of their customers.
- The new KYC rule expressly directs that firms and brokers should use reasonable diligence to know those facts required to (i) effectively service their customers’ accounts, (ii) act in accordance with any special handling instructions for their customers’ accounts, (iii) understand the authority of each person acting on behalf of their customers, and (iv) comply with applicable laws, regulations, and rules.
- Firms and brokers should use reasonable diligence to retain their customers’ KYC information and keep it up to date.
- The new suitability rule expressly identifies the following information to be used in determining suitability: (i) customer's age, (ii) other investments, (iii) financial situation and needs, (iv) tax status, (v) investment objectives, (vi) investment experience, (vii) investment time horizon, (viii) liquidity needs, (ix) risk tolerance, and (x) any other information the customer may disclose.
- Suitability now expressly applies to “investment strategies” as well as investments, and it also expressly applies to recommendations to “hold” as well as recommendations to buy, sell, and exchange.
- The new suitability rule directs firms and brokers to have a reasonable basis for believing an investment or strategy is suitable based on the information they obtain through reasonable diligence (as opposed to based on what their customers tell them).
These changes are discussed in greater detail below.
Previously, firms’ KYC obligations were embodied in NYSE Rule 405, which mandated that member firms and associated persons:
Use due diligence to learn the essential facts relative to every customer, every order, every cash or margin account accepted or carried by such organization and every person holding power of attorney over any account accepted or carried by such organization.
In its place, the new FINRA Rule 2090 now states:
Every member shall use reasonable diligence, in regard to the opening and maintenance of every account, to know (and retain) the essential facts concerning every customer and concerning the authority of each person acting on behalf of such customer.
The old and new KYC rules look similar on their face. Importantly, however, the new language of Rule 2090 provides some much needed clarification to the scope of firms’ KYC duties. While this clarification will likely not require most firms to make many substantive changes to the way in which they conduct their businesses (because the substance of the new KYC remains the same), it should help to preclude some of the more questionable tactics employed by claimants’ counsel to manufacture “issues” where none actually exist.
For example, by specifically employing the phrase “reasonable diligence” in place of Rule 405’s more generic “due diligence,” Rule 2090 now makes express that firms’ KYC obligations are governed by a rule of reasonableness (previously, this was only implied). This clarification should make it more difficult for claimants’ counsel to attempt to seize upon perceived inconsistencies or omissions in a firm’s documentation to argue that the firm failed to satisfy some impossible standard of perfect diligence.
Additionally, while both the old and new KYC rules direct firms to make reasonable efforts to learn “essential facts” about their customers, the Supplementary Materials to Rule 2090 now specifically define “essential facts” as “those required to (a) effectively service the customer’s account, (b) act in accordance with any special handling instructions for the account, (c) understand the authority of each person acting on behalf of the customer, and (d) comply with applicable laws, regulations, and rules.” By now providing some contours as to what constitutes an essential fact, Rule 2090 should make it more difficult for claimants’ counsel to invent lists of purportedly “relevant” information which were not collected by a firm and then argue that the firm somehow failed to satisfy its KYC duties. By the same token, this new definition could be useful in discovery to argue why certain categories of documents are relevant or irrelevant to a firm’s defense. For example, since “essential facts” are now specifically defined to include facts “required to . . . understand the authority of each person acting on behalf of the customer,” firms now have an additional ground to compel claimants to produce all of their trust agreements and powers of attorney.
Notably, in addition to defining what is meant by the term “essential facts,” Rule 2090 also now limits that term in a significant way. Whereas firms were previously directed under the old KYC rule to use reasonable diligence to learn essential facts relative to every customer, order, account, and person holding power of attorney over any account, the new Rule 2090 now requires firms to use reasonable diligence to learn essential facts concerning only (i) every customer, and (ii) the authority of each person acting on behalf of such customer.
On the other hand, whereas a firm’s obligations under the old KYC rule began and ended when an account was opened, Rule 2090 now arguably imposes on firms an ongoing duty to ensure that the KYC information they collect is kept up to date. Specifically, Rule 2090 directs firms to use reasonable diligence to learn essential facts “in regard to the opening and maintenance of every account.” Rule 2090 also directs firms to use reasonable diligence to “retain” the KYC information they collect. As a practical matter, many firms may already take reasonable efforts to keep their KYC information up to date — and to retain that information consistent with the SEC’s record retention rules — but this was not previously an express mandate under Rule 405 as it is now appears to be under Rule 2090.
Suitability: NASD Rule 2310 & FINRA Rule 2111
Previously, member firms’ and associated persons’ suitability obligations were embodied in NASD Rule 2310, which stated in pertinent part:
In recommending to a customer the purchase, sale or exchange of any security, a member shall have reasonable grounds for believing that the recommendation is suitable for such customer upon the basis of the facts, if any, disclosed by such customer as to his other security holdings and as to his financial situation and needs.
Prior to the execution of a transaction recommended to a non-institutional customer, other than transactions with customers where investments are limited to money market mutual funds, a member shall make reasonable efforts to obtain information concerning: (1) the customer’s financial status; (2) the customer’s tax status; (3) the customer’s investment objectives; and (4) such other information used or considered to be reasonable by such member or registered representative in making recommendations to the customer.
In its place, the new FINRA Rule 2111(a) now states:
A member or an associated person must have a reasonable basis to believe that a recommended transaction or investment strategy involving a security or securities is suitable for the customer, based on the information obtained through the reasonable diligence of the member or associated person to ascertain the customer's investment profile. A customer's investment profile includes, but is not limited to, the customer's age, other investments, financial situation and needs, tax status, investment objectives, investment experience, investment time horizon, liquidity needs, risk tolerance, and any other information the customer may disclose to the member or associated person in connection with such recommendation.
Similar to the old Suitability rule, FINRA Rule 2111 still applies only to “recommendations,” and it also continues to embody a reasonableness standard.
Unlike the old suitability rule, however, Rule 2111 now expressly applies not only to recommended “transactions” but also to recommended “investment strategies.” In addition, the Supplementary Materials to Rule 2111 make it clear that the new rule now expressly applies not only to recommendations to "purchase,” “sell,” and “exchange” investments but also to recommendations to “hold” investments. Further, whereas the old suitability rule distinguished between money market mutual funds (which arguably did not require a suitability analysis) and all other types of securities (which did), Rule 2111 draws no such distinction for purposes of a member’s or associated person’s suitability obligations.
Another difference between the old NASD Rule 2310 and the new FINRA Rule 2111 concerning the appropriate basis for making a recommendation might seem subtle but could potentially have significant implications. Under the old suitability rule, firms and brokers were required to have reasonable grounds for believing their recommendations were suitable based on the information their customers disclosed to them. By contrast, under the Supplementary materials to new Rule 111, firms and brokers now are required to have reasonable grounds for believing their recommendations are suitable based on information they obtain through "reasonable diligence.” It is conceivable that claimants’ counsel might attempt to use the new language of Rule 2111 to argue that firms have a duty to verify the information their customers provide when they open their accounts (under the old suitability rule, firms were clearly entitled to rely on the information provided by their customers — regardless of whether they might have over- or under-stated their net worth, liquid assets, investment experience, etc.). On the other hand, firms should be able to use this same new language to support their arguments as to why certain categories of documents are relevant. For example, a firm could argue that is should be entitled to a claimant’s bank account and credit card statements in order to show the claimant’s “financial situation and needs” and "liquidity needs” regardless of what the customer might have disclosed when he first opened his account (under the old suitability rule, claimants’ counsel often argued that such documents were irrelevant since firms were required to rely only on the information that claimants provided to them and, therefore, documents establishing the accuracy of that information are not relevant). However, claimants’ counsel may then point out that documents sought by defense counsel during discovery were not sought by the firm or associated person at the time of the underlying events.
Notably, Rule 2111 enlarges the list of customer information that firms should make an effort to know; and it expressly states that this information is directly relevant to determining the suitability of a recommended investment or strategy. Specifically, Rule 2111 directs that the suitability of an investment is to be determined based on a customer’s “investment profile” which Rule 2111 further defines to include, but not be limited to: “the customer’s age, other investments, financial situation and needs, tax status, investment objectives, investment experience, investment time horizon, liquidity needs, risk tolerance, and any other information the customer may disclose to the member or associated person in connection with such recommendation.” Rule 2111 makes clear that whether a particular factor is more important than any other factor will depend on the facts and circumstances of each case.
In addition, the Supplementary Materials to Rule 2111 now expressly divide firms’ and brokers’ suitability obligations into three components: a reasonable-basis obligation, a customer-specific obligation, and a quantitative suitability obligation. This expands upon previous guidance provided by FINRA in its notices to members.
- Reasonable Basis Obligation. A member or associated person must have a reasonable basis, based on reasonable diligence, to believe that the recommendation is suitable for at least some investors. What constitutes “reasonable diligence” will depend on the complexity and risks of the investment product or strategy. At a minimum, however, it will provide the firm or broker with an understanding of a particular investment’s risks and rewards. Indeed, Rule 2111 expressly states that a lack of such an understanding would violate the rule. As practical matter, in many cases the reasonable basis obligation will likely be satisfied when a firm completes its initial vetting process and approves a security or strategy to be placed on its platform.
- Customer-Specific Obligation. A member or associated person must have a reasonable basis to believe that the investment recommendation is suitable for a particular customer based on her “investment profile.” This is the traditional suitability concept with which most firms and brokers are already familiar.
- Quantitative Suitability Obligation. A member or associated person who has actual or de facto control over an account must have a reasonable basis to believe that the recommendation, even if suitable when viewed in isolation, is not excessive or unsuitable for a customer based on her "investment profile.” In determining excessive activity, Rule 2111 looks at various factors including, but not limited to, turnover rate, the cost-equity ratio, and the use of in-and-out trading in the customer’s account.
Finally, as did the old NASD Rule 2310, the new FINRA rule 2111(b) contains a special provision for “institutional accounts.” Under the old suitability rule, firms and brokers were exempted from having to obtain basic suitability information concerning an institutional account(e.g., financial status, tax status, investments objectives, etc.). The new Rule 2111 incorporates the general concepts previously contained in NASD IM-2310-3 and provides that firms and brokers now will be deemed to have satisfied their customer-specific suitability obligation (but not necessarily their reasonable basis and quantitative suitability obligations) if: (i) they have a reasonable basis to believe that the institutional customer is capable of independently evaluating general and specific investment risks, and (ii) the institutional customer affirmatively indicates that it is exercising independent judgment in evaluating the recommendations it receives (either on a trade-by-trade basis, asset-class-by-asset-class basis, or in terms of all potential transactions for its account).
FINRA Rule 2090 has replaced NYSE Rule 405 as the new KYC rule; and Rule 2111 has replaced NASD Rule 2310 as the new suitability rule. While the language of the new rules provides some welcome clarity to what was previously only implied, most firms will likely not need to make many substantive changes to the way in which they conduct their businesses because the fundamental principals remain the same: firms and brokers must make a reasonable effort to know their customers; and if they are going to make a recommendation to a customer, they must have a reasonable basis for believing that it is suitable.
 In addition, Rule 405 directed member firms to “supervise diligently all accounts handled by registered representatives or the organization.” Rule 405 also required that members be personally informed of the essential facts concerning each customer and the nature of each proposed account and “specifically approve” in writing the opening of each new account prior to or promptly after the completion of any transaction with the customer. Neither of these aspects of Rule 405 are contained in the new Rule 2090.
 It should be noted that essential facts are defined to include “facts required to . . . comply with applicable . . . rules,” which would include the “investment profile” factors identified in the new FINRA Rule 2111. See infra. As a result, firms should use reasonable diligence to know a customer's age, other investments, financial situation and needs, tax status, investment objectives, investment experience, investment time horizon, liquidity needs, and risk tolerance.
 Firms may have other diligence requirements under other FINRA rules.
 NASD Rule 2310 and FINRA Rule 2111 both define “institutional accounts” as “banks, savings and loan associations, insurance companies, registered investment companies, investment advisers registered either with the Securities and Exchange Commission under Section 203 of the Investment Advisers Act of 1940, or with a state securities commission (or any agency or office performing like functions), or any other entity (whether a natural person, corporation, partnership, trust, or otherwise) with total assets of at least $50 million.”