Bitcoin FINRA Examination Gaps

FINRA Examination Gaps for Custody Compliance

This memo is published by CustodyStress, an independent Bitcoin custody stress test that produces reference documents for individuals, families, and professionals.

What FINRA Examinations Normally Test

FINRA conducts examinations of member broker-dealers to verify compliance with securities regulations and FINRA rules. Examiners review policies, procedures, communications, and transactions. They test whether member firms adequately supervise registered representatives and protect customer interests. Bitcoin FINRA examination introduces questions about assets that are not securities and custody practices that do not fit traditional regulatory frameworks.

Registered representatives sometimes discuss Bitcoin with clients. Some provide education about cryptocurrency. Others help clients consider Bitcoin as part of broader financial planning. These activities occur within FINRA member firms but involve assets that FINRA does not directly regulate. Bitcoin FINRA examination encounters this regulatory boundary and tests supervision of activities in areas where clear rules do not yet exist.

---

What FINRA Examinations Normally Test

Traditional FINRA examinations follow established patterns. Examiners review how the firm supervises stock recommendations, bond sales, and mutual fund transactions. They examine email communications for compliance with advertising rules. They verify the firm maintains proper books and records. Decades of precedent guide what examiners look for and what findings constitute violations.

These examinations assume the assets being discussed are securities subject to FINRA jurisdiction. The rules were written for traditional financial products sold through traditional intermediaries. Examiners test whether the firm followed those rules when representatives sold stocks, recommended bonds, or managed brokerage accounts.

Bitcoin FINRA examination tests supervision of conversations about an asset that is not a security. The firm has supervisory obligations over its registered representatives regardless of what those representatives discuss with clients. But the specific rules governing securities recommendations do not cleanly apply to cryptocurrency discussions. Examiners and firms both operate in areas where the regulatory framework provides incomplete guidance.

---

The Custody Conversation During Examinations

A registered representative discusses Bitcoin custody with a client during a financial planning conversation. The representative explains that Bitcoin held on an exchange involves counterparty risk. Bitcoin held in self-custody requires managing private keys. The conversation is documented in the client file. The client subsequently purchases Bitcoin outside the broker-dealer firm.

Bitcoin FINRA examination reviews this conversation. The examiner asks whether the firm supervised this discussion appropriately. The firm must demonstrate its supervisory system captured and reviewed the conversation. But the examiner also asks whether providing Bitcoin custody education constitutes investment advice requiring additional supervision or disclosure.

The answer is unclear because regulatory guidance does not definitively address educational conversations about non-security assets. The firm thought it was helping a client understand a topic relevant to their financial situation. The examiner asks whether this crossed into advice requiring heightened supervision. Neither party has clear regulatory guidance to reference.

---

Outside Business Activities and Bitcoin Holdings

FINRA rules require registered representatives to disclose outside business activities. If a representative operates a separate business, consults for another company, or engages in other compensated activities, the firm must know about it and approve it. This allows the firm to identify potential conflicts of interest and supervise appropriately.

Some registered representatives hold Bitcoin personally. They might discuss their holdings casually with clients. They might operate social media accounts where they post about cryptocurrency. Bitcoin FINRA examination asks whether these activities constitute outside business activities requiring disclosure and firm approval.

If the representative receives no compensation for discussing Bitcoin, is it an outside business activity? If they hold Bitcoin but do not recommend it to clients, does the holding create a conflict requiring disclosure? The rules were written assuming business activities involve compensation and that conflicts arise from financial interests in securities. Bitcoin holding and discussions fit imperfectly into these categories.

---

Communications Review and Bitcoin Content

FINRA member firms review communications with customers. Emails, letters, and marketing materials undergo compliance review before or after distribution depending on the type of communication. The review process checks for compliance with advertising rules, disclosure requirements, and fair dealing standards.

A registered representative sends a newsletter to clients that includes a section about Bitcoin. The compliance department reviews it. They ask whether describing Bitcoin price volatility constitutes a prediction requiring specific disclosures. They ask whether explaining custody options constitutes a recommendation subject to suitability requirements. The newsletter discusses Bitcoin as a topic of client interest, but the regulatory classification remains unclear.

Bitcoin FINRA examination reviews how the firm classified and supervised this communication. Did the firm treat it as institutional communication, retail communication, or correspondence? Did they apply securities advertising rules even though Bitcoin is not a security? Different classification choices lead to different supervisory requirements, and the firm made those choices without clear regulatory guidance about which classification Bitcoin content requires.

---

Suitability and Non-Security Recommendations

FINRA suitability rules require representatives to have a reasonable basis for believing a recommendation is suitable for the customer based on their financial situation and investment objectives. These rules apply to securities recommendations. They do not apply to non-securities like real estate, commodities held physically, or collectibles.

A client asks a registered representative whether they think Bitcoin is appropriate for the client's portfolio. The representative discusses Bitcoin's risk characteristics and the client's risk tolerance. The client decides to purchase Bitcoin through a separate cryptocurrency platform. Bitcoin FINRA examination asks whether this discussion triggered suitability obligations.

The firm's position is that no recommendation occurred because the representative did not suggest the client buy Bitcoin through the firm or any specific platform. The examiner asks whether discussing appropriateness in the context of the client's overall financial picture constitutes investment advice regardless of where the transaction occurs. The suitability rule's applicability to non-security discussions is unsettled.

---

Supervision of Third-Party Platforms

Some FINRA member firms allow clients to link external accounts for consolidated reporting. A client links their cryptocurrency exchange account to the firm's financial planning platform. The client's Bitcoin holdings appear on statements alongside their securities holdings. Bitcoin FINRA examination asks what supervisory obligations this creates.

The firm does not custody the Bitcoin. The firm does not execute Bitcoin transactions. The firm simply displays information the client imported from an external platform. But the information appears on firm-branded materials alongside FINRA-regulated securities. Examiners ask whether displaying Bitcoin holdings creates supervision responsibilities over those holdings or the platforms where they are held.

Firms face a dilemma. Clients want comprehensive financial pictures including all assets. Providing that view requires integrating cryptocurrency data. But integration creates examination questions about supervision scope when displaying assets the firm does not control and platforms the firm does not supervise. The regulatory framework does not clearly define where firm responsibility begins and ends in these scenarios.

---

Training and Competency Testing

FINRA requires member firms to train registered representatives on the products and services they offer customers. Representatives must maintain competency in areas where they provide advice. Firms test representatives periodically and document training completion.

Bitcoin FINRA examination reviews whether representatives discussing Bitcoin with clients have adequate training. The examiner asks what training the firm provided on cryptocurrency basics, custody risk, and regulatory status. The firm must demonstrate it equipped representatives with sufficient knowledge before allowing client discussions.

But FINRA has not established specific training requirements for Bitcoin discussions because Bitcoin is not a FINRA-regulated product. Firms develop their own training programs without clear benchmarks for what constitutes adequate preparation. One firm provides extensive cryptocurrency education. Another provides minimal training, believing representatives are discussing client interests rather than providing advice. Bitcoin FINRA examination tests supervision decisions firms made without regulatory standards to guide them.

---

Documentation and Recordkeeping for Bitcoin Discussions

FINRA recordkeeping rules require firms to maintain certain records about customer accounts and transactions. Account opening documents must be retained. Trade confirmations must be kept. Communications about investment recommendations must be preserved. These requirements are specific to securities transactions and communications.

A registered representative has ongoing conversations with a client about the client's Bitcoin holdings purchased outside the firm. The representative reviews the holdings as part of comprehensive financial planning. Bitcoin FINRA examination asks whether these conversations must be documented and retained under FINRA recordkeeping rules.

The firm's interpretation is that conversations about non-security assets do not trigger securities recordkeeping requirements. The examiner asks whether the conversation's integration into overall financial planning makes it part of the investment advisory relationship the firm is documenting. Neither position has definitive regulatory support because the rules did not anticipate ongoing advisory discussions about non-security digital assets.

---

Conflicts of Interest When Representatives Hold Bitcoin

FINRA conflict of interest rules address situations where representatives have financial interests that could influence their recommendations. If a representative owns stock in a company they recommend, they must disclose it. If the firm receives compensation for selling certain products, that must be disclosed to customers.

Bitcoin FINRA examination encounters registered representatives who hold Bitcoin personally and discuss Bitcoin with clients. The examiner asks whether personal Bitcoin holdings create conflicts requiring disclosure. If the representative's Bitcoin increases in value when more people buy Bitcoin, does discussing Bitcoin with clients create an undisclosed conflict?

The conflict of interest framework assumes securities where the representative has direct financial interest in the specific security being recommended. Bitcoin presents a different situation. The representative holds an asset. Discussing that asset class generally might increase demand and therefore price. But the connection is indirect and not specific to any transaction. How conflict of interest rules apply to these circumstances remains open to interpretation.

---

When Examination Findings Lack Clear Standards

Traditional FINRA examinations result in findings based on specific rule violations. The firm failed to supervise email communications as required by Rule 3110. The firm did not maintain records as required by Rule 4511. Citations reference specific rules and explain how the firm's practices fell short of requirements.

Bitcoin FINRA examination sometimes produces findings where the rule citation is less clear. The examiner determines the firm's Bitcoin-related supervision was inadequate. But which specific rule requires what specific supervision of non-security cryptocurrency discussions? The finding may cite general supervision obligations without clear standards for what constitutes adequate supervision in this context.

Firms receiving such findings face challenges responding. They cannot point to industry best practices because those are still developing. They cannot cite FINRA guidance because detailed guidance does not exist. They must argue their supervision was reasonable without clear benchmarks defining reasonable. The examination process assumes regulatory clarity that has not yet developed for Bitcoin-related activities.

---

Evolving Guidance and Examination Consistency

FINRA periodically issues guidance through regulatory notices, FAQs, and examination priorities letters. This guidance helps firms understand regulatory expectations. For established products and practices, decades of guidance create clear roadmaps. For Bitcoin and cryptocurrency, guidance is sparse and evolving.

Different FINRA examination teams might interpret the same firm practices differently. One examiner views Bitcoin discussions as incidental to financial planning requiring only general supervision. Another examiner views the same discussions as investment advice requiring heightened supervision. The lack of detailed guidance creates examination inconsistency that firms experience as uncertainty about compliance expectations.

Firms preparing for Bitcoin FINRA examination cannot reliably predict what examiners will focus on or what answers will satisfy them. They implement supervision based on their interpretation of general principles applied to novel circumstances. Examination results reveal whether their interpretation matches the particular examiner's interpretation. The regulatory framework has not yet converged on consistent standards.

---

Conclusion

Bitcoin FINRA examination tests broker-dealer supervision of registered representative activities involving an asset that is not a security. FINRA rules were written for traditional securities sold through traditional intermediaries. Bitcoin discussions, custody education, and client Bitcoin holdings fall into regulatory gaps where existing rules provide incomplete guidance.

Firms supervise Bitcoin-related activities using their interpretation of general supervision obligations. Examiners test those supervision systems using their interpretation of regulatory requirements. Neither party has detailed regulatory standards to reference. The result is examination uncertainty where firms cannot predict what will be tested and examiners lack clear benchmarks for what constitutes compliance.

This memo has described how Bitcoin FINRA examination encounters regulatory gaps created by traditional financial regulation meeting novel digital assets. Understanding these gaps explains why examination outcomes vary and why both firms and examiners operate with limited guidance about supervision expectations for Bitcoin-related activities.

---

System Context

Examining Bitcoin Custody Under Stress

Bitcoin SEC Examination Framework

Bitcoin Municipal Pension

← Return to CustodyStress