Regulation Best Interest and Derivative Sales

Regulation Best Interest (Reg BI)—the SEC's standard for broker-dealer recommendations since June 30, 2020—hits derivative sales desks harder than vanilla equity or bond businesses because every derivative recommendation triggers heightened scrutiny by default. The enforcement record confirms it: in September 2024, the SEC fined First Horizon Advisors $325,000 for Reg BI violations tied to structured note recommendations, citing failures across more than 5,000 migrated accounts that lacked proper documentation or alternatives analysis. The move isn't treating Reg BI as a compliance checkbox. It's building controls that force the four obligations into every derivative recommendation workflow before the trade reaches execution.

TL;DR: Reg BI requires broker-dealers to meet four component obligations—Disclosure, Care, Conflict of Interest, and Compliance—on every retail recommendation. Derivative and complex products face heightened scrutiny under each obligation. Firms that embed these requirements into pre-trade workflows avoid the documentation gaps that regulators are actively targeting.

What Reg BI Requires (The Four Obligations Applied to Derivatives)

Reg BI (Exchange Act Rule 15l-1, adopted June 5, 2019, effective June 30, 2020) replaced the prior FINRA suitability standard with a higher bar: broker-dealers must act in the best interest of retail customers when recommending any securities transaction or investment strategy. A retail customer is a natural person (or legal representative) who uses the recommendation primarily for personal, family, or household purposes. Institutional counterparties are excluded.

The rule breaks into four component obligations. Each one creates specific control requirements when the product involved is a derivative or derivative-embedded instrument.

Disclosure Obligation → Care Obligation → Conflict of Interest Obligation → Compliance Obligation

Disclosure Obligation. Provide written, full and fair disclosure of all material facts related to the recommendation and the firm's conflicts of interest, delivered prior to or at the time of recommendation. For derivatives, this means disclosing embedded optionality, structured payoff profiles, issuer credit risk, and liquidity constraints. Firms must also deliver Form CRS (a maximum 2-page document for broker-dealers) describing services, fees, conflicts, and disciplinary history.

Care Obligation. Exercise reasonable diligence, care, and skill. This includes understanding the product's risks, rewards, and costs—and evaluating reasonably available alternatives on the firm's platform that could achieve the customer's objectives at lower cost or risk. The point is: for a structured note with an embedded barrier option, you cannot satisfy the Care Obligation without documenting why that specific payoff structure serves the customer better than a simpler alternative (a plain bond plus a separate option position, for instance).

Conflict of Interest Obligation. Establish, maintain, and enforce written policies to identify, disclose, and mitigate or eliminate conflicts. This covers sales contests, quotas, bonuses, and non-cash compensation. Derivative desks face particular scrutiny here because embedded margins in structured products are less transparent than commissions on listed securities (making conflict identification harder and disclosure more critical).

Compliance Obligation. Establish, maintain, and enforce written policies and procedures reasonably designed to achieve compliance with Reg BI as a whole—including controls, remediation, training, and periodic review. Why this matters: this obligation makes Reg BI a firm-level control requirement, not just an individual representative standard.

Why Derivatives Trigger Heightened Scrutiny (And What That Means Operationally)

FINRA Regulatory Notice 22-08 (published January 2022) defines complex products as securities or strategies with novel, complicated, or intricate derivative-like features—including structured notes, inverse/leveraged ETFs, and products with embedded options. The 2025 FINRA Annual Regulatory Oversight Report identifies Reg BI compliance, complex products supervision, and derivative-like instruments as priority examination areas.

The test: if the product has an embedded derivative, structured payoff, leverage, or inverse exposure, it triggers the complex product heightened review process. No exceptions, no materiality threshold.

Heightened scrutiny means the firm must apply additional review and documentation before the recommendation proceeds. In practice, this requires:

1. Product-level due diligence (understanding the derivative's payoff mechanics, worst-case scenarios, and issuer risk before the product enters the recommendation set)
2. Customer-level profile completeness (confirming the customer's risk tolerance, investment horizon, liquidity needs, and experience with derivatives are documented and current)
3. Alternatives analysis (documenting why this derivative serves the customer better than reasonably available alternatives on the platform)
4. Supervisory pre-approval (a principal or designated supervisor reviews and approves the recommendation before execution)

The critical point: heightened scrutiny is not a suggestion—it is the standard FINRA and the SEC apply when examining derivative recommendations. First Horizon's $325,000 penalty came specifically from approving structured note recommendations without the required customer profile data or alternatives analysis.

Worked Example: Structured Note Recommendation Under Reg BI

Consider a scenario modeled on the First Horizon enforcement pattern.

Phase 1: The Setup. A firm acquires a brokerage business and migrates 5,000 customer accounts to its platform. The migrated accounts lack complete Reg BI documentation—customer investment profiles are missing risk tolerance data, experience with complex products is not recorded, and the accounts have not received updated Form CRS disclosures.

Phase 2: The Trigger. Representatives begin recommending structured notes (a derivative-embedded product with issuer credit exposure, a barrier feature, and a defined maturity payoff) to migrated customers. The firm's systems do not flag the incomplete documentation. No alternatives analysis is performed. No heightened review process is triggered because the compliance workflow was not updated to account for the migrated accounts.

Phase 3: The Outcome. The SEC examines the firm. Findings include:

Result: $325,000 civil penalty, remediation requirements, and reputational damage across the entire derivatives business.

The practical point: Every one of these deficiencies was a process gap, not a judgment failure. The firm's representatives may have made reasonable recommendations—but without the documentation, the SEC treated them as violations. Documentation is the deliverable, not the recommendation itself.

Mechanical alternative: Before any migrated or new account receives a derivative recommendation, the workflow should require: (1) complete customer profile, (2) Form CRS delivery confirmation, (3) alternatives analysis, and (4) supervisory sign-off. No trade ticket generated until all four gates clear.

The Security-Based Swap Overlay (Where Reg BI Meets SBSD Requirements)

Firms dealing in security-based swaps face an additional regulatory layer. Any entity exceeding the de minimis threshold of $8 billion in notional security-based swap dealing activity over the prior 12 months (or $400 million for single-name CDS) must register as a Security-Based Swap Dealer with the SEC.

Registered SBSDs must comply with capital, margin, and segregation rules (SEC Release 34-86175, compliance date October 6, 2021) in addition to Reg BI obligations on any retail-facing activity. Key numeric thresholds:

The point is: if your firm sells security-based swaps to retail customers, you carry both the Reg BI obligation (best interest standard on the recommendation) and the SBSD obligation (capital, margin, and reporting requirements on the position). These are independent obligations with separate enforcement tracks. Satisfying one does not satisfy the other.

Enforcement Trends (What Regulators Are Actually Targeting)

The SEC brought 583 total enforcement actions in fiscal year 2024 (431 stand-alone), resulting in $8.2 billion in total financial remedies ($6.1 billion in disgorgement and prejudgment interest, $2.1 billion in civil penalties). FINRA filed 552 enforcement actions in 2024, up 22% from 453 in 2023, with total fines in 2023 reaching $89 million (up 63% from $54.5 million in 2022).

Two derivative-related enforcement actions illustrate the pattern:

First Horizon Advisors (September 2024). $325,000 civil penalty for Reg BI violations on structured note recommendations. Root cause: migrated accounts without complete documentation. Over 5,000 accounts affected.

Western International Securities (July 2024). $475,000 FINRA fine plus over $1 million in restitution. Approximately 100 customer accounts affected. Customers incurred $2.5 million in excessive trading costs through an unsuitable options day-trading strategy. Root cause: failure to supervise Care and Compliance obligations.

Detection signal → Documentation gap → Enforcement action → Monetary penalty + remediation

Why this matters: both cases involved process and supervision failures, not fraud. The firms were not accused of intentional misconduct. They were penalized for inadequate controls. That is the pattern regulators are targeting—and it is the pattern compliance teams must build against.

Common Pitfalls (And How to Avoid Them)

Pitfall 1: Treating Reg BI as a point-of-sale obligation only. Reg BI's Compliance Obligation requires ongoing policies, periodic review, and remediation. Firms that train representatives once and never audit the process will fail examinations. (The Compliance Obligation is a firm-level, continuous requirement.)

Pitfall 2: Incomplete customer profiles on migrated or legacy accounts. Account migrations are a known trigger for documentation gaps. If you acquire accounts, assume every profile needs revalidation before any derivative recommendation.

Pitfall 3: Missing alternatives analysis for complex products. The Care Obligation requires documented consideration of reasonably available alternatives. "We only offer one structured note" is not a defense—if the platform offers simpler instruments that could meet the customer's objective, those must be evaluated.

Pitfall 4: Undisclosed or unidentified conflicts on derivative desks. Embedded margins, inventory positioning, and hedging arrangements create conflicts that differ from commission-based products. The Conflict of Interest Obligation requires written policies to identify and mitigate these—not just disclose them after the fact.

Pitfall 5: Ignoring SBSD reporting deadlines. Derivatives credit risk reports are due within 17 business days after month-end. Valuation disputes exceeding $20 million must be reported within 3 to 5 business days depending on counterparty type. Missing these deadlines is a separate violation from any Reg BI deficiency.

Reg BI Derivative Sales Compliance Checklist

Essential (High ROI) — Prevents 80% of Examination Deficiencies

• Complete customer investment profile (risk tolerance, experience with derivatives, liquidity needs, investment horizon) documented and current before any derivative recommendation
• Form CRS delivered and acknowledged prior to or at the time of first recommendation
• Alternatives analysis documented for every complex product recommendation, showing why the derivative serves the customer better than simpler options on the platform
• Supervisory pre-approval recorded for all derivative and complex product recommendations

High-Impact (Workflow and Automation)

• Pre-trade compliance gate in order management system—no derivative trade ticket generated until all four Reg BI obligations are satisfied and documented
• Conflict of interest inventory maintained and updated quarterly, covering embedded margins, compensation incentives, and inventory positioning on derivative desks
• Periodic review cycle (at minimum annually) of Reg BI policies and procedures, with documented findings and remediation tracking
• SBSD reporting calendar with automated alerts for the 17-business-day credit risk reporting deadline and 3/5-business-day valuation dispute escalation window

Optional (For Firms with Large Derivative Books)

• Account migration protocol requiring full Reg BI documentation revalidation before derivative recommendations on any acquired or transferred accounts
• Complex product committee that reviews and approves new derivative products before they enter the recommendation set
• Examination readiness drill (mock regulatory exam) conducted annually, focusing on derivative recommendation documentation and SBSD reporting compliance

Your Next Step

Pull a sample of 10 derivative or structured product recommendations from the last 90 days. For each one, verify that the file contains: (1) a complete and current customer investment profile, (2) Form CRS delivery confirmation, (3) a written alternatives analysis, and (4) a supervisory approval record. Any recommendation missing one or more of these elements represents the same gap that cost First Horizon $325,000 and Western International over $1.5 million. Fix the process that allowed the gap before the next recommendation goes out.