%2010.svg){kind=logo}
Table Of Contents
The RIA Portfolio Supervision Rulebook: 206(4)-7, FINRA 3110, and 2026 SEC Exam Priorities
Every registered investment adviser (RIA) operates under a specific statutory duty: design and enforce policies reasonably sufficient to prevent violations of the federal securities laws. For compliance leaders, that duty collapses into a single operational question — what does good RIA portfolio supervision compliance actually look like on paper, and which rules define the perimeter? This post is the rule-by-rule reference we wish existed: a single document a Chief Compliance Officer can send to outside counsel, a new hire, or the board's audit committee without additional context.
We cover the rules that most directly shape portfolio and trading supervision at advisory firms — SEC Rule 206(4)-7, FINRA Rule 3110, FINRA Rule 3120, Regulation Best Interest, FINRA Rule 2111, and DOL PTE 2020-02 — then translate those rules into a supervisory obligation map and a firm-type matrix distinguishing pure RIAs from hybrid and dual registrants. We close with a framing of the SEC Division of Examinations' 2026 priorities, because RIA portfolio supervision compliance cannot be evaluated in isolation from what examiners are actively looking at.
Throughout, every paraphrase is linked to the primary source. Where nuance matters — particularly at the dual-registrant seam — we flag it explicitly. This is reference material, not guidance; firms should validate application with qualified counsel.
SEC Rule 206(4)-7 — Investment Adviser Supervisory Obligations
SEC Rule 206(4)-7, adopted under Section 206(4) of the Investment Advisers Act of 1940, is the single most important compliance rule for a federally registered investment adviser. The rule deems it a fraudulent, deceptive, or manipulative act for an SEC-registered adviser to provide investment advice unless the adviser has adopted and implemented written compliance policies and procedures reasonably designed to prevent violations of the Advisers Act. See the SEC's adopting release, Compliance Programs of Investment Companies and Investment Advisers.
The rule imposes three affirmative obligations on every SEC-registered adviser that define the baseline for SEC 206(4)-7 compliance requirements:
- Adopt and implement written policies and procedures reasonably designed to prevent violations of the Advisers Act and its rules by the firm and its supervised persons.
- Review those policies and procedures at least annually for their adequacy and the effectiveness of their implementation.
- Designate a Chief Compliance Officer responsible for administering the compliance program — an individual with sufficient seniority, authority, and knowledge of the Advisers Act.
The critical legal standard is "reasonably designed." The SEC has consistently declined to publish a prescriptive checklist because adequacy is calibrated to each firm's business model, client base, conflicts, and risks. A small fee-only RIA advising high-net-worth individuals will have a materially different compliance program than a $50B multi-strategy manager, and both can be "reasonably designed" within the meaning of the rule.
Applied to portfolio supervision specifically, Rule 206(4)-7 requires written policies addressing:
- Trading activity review (including excessive trading, allocation, and best execution)
- Investment Policy Statement (IPS) adherence and drift monitoring
- Concentration, suitability, and client-mandate compliance
- Conflicts of interest, including affiliate trades and principal transactions
- Books and records under Rule 204-2
- Annual review documentation — the review itself must be evidenced in writing
It is not enough to adopt a manual and shelve it. In SEC deficiency letters and enforcement matters, the most common Rule 206(4)-7 finding is that written policies existed but were not implemented — meaning the firm could not produce evidence of actual supervisory review. For a deeper look at how the annual review obligation works in practice, see our companion post on rule 206 4 7 annual review requirements rias. For a broader treatment of trading-side supervision, see sec trading activity monitoring ria 2026.
FINRA Rule 3110 for RIAs — Broker-Dealer Supervision
FINRA Rule 3110 is the broker-dealer analog to SEC Rule 206(4)-7 and applies to every FINRA member firm — including dual registrants (firms that are both SEC-registered advisers and FINRA-registered broker-dealers) and hybrid models where advisers conduct some business through an affiliated BD. The complete rule text is maintained in the FINRA Rulebook at Rule 3110.
Core obligations under Rule 3110 include:
- Written supervisory procedures (WSPs): Every member must establish, maintain, and enforce written procedures to supervise the types of business in which it engages and to supervise the activities of its associated persons.
- Supervisory system: The firm must designate registered principals with authority and responsibility for supervision.
- Office inspections: Member firms must conduct periodic inspections of all branches and offices; supervisory branch offices must be inspected at least annually, and non-supervisory branch offices at least every three years under the rule's current framework.
- Correspondence and internal communications: Firms must review incoming and outgoing written (including electronic) correspondence of registered persons.
- Investment banking / securities-business separation: Supervisory procedures must reasonably address conflicts between investment banking and research functions where applicable.
For portfolio supervision purposes, the most operationally relevant piece of Rule 3110 is the WSP requirement and the duty to supervise registered persons' transaction activity — including the review of trading practices that could harm clients (excessive trading, unsuitable recommendations, discretionary authority abuse). The rule's suitability and transaction-review implications interact directly with FINRA Rule 2111; see our deep-dive at finra rule 2111 excessive trading ria.
A pure RIA with no broker-dealer affiliation is not directly subject to Rule 3110. However, a dual registrant must comply with both Rule 3110 and Rule 206(4)-7 in parallel — this is where supervisory overlap and gap risk concentrates, which we address in the firm-type matrix below.
FINRA Rule 3120 — Supervisory Control System and Testing
FINRA Rule 3120 is the annual testing companion to Rule 3110. It requires every FINRA member to designate principals who will establish, maintain, and enforce a system of supervisory control policies and procedures that:
- Test and verify that the firm's supervisory procedures are reasonably designed to achieve compliance with applicable laws, regulations, and rules, and
- Create additional or amend existing supervisory procedures where the testing reveals a need.
Rule 3120 also requires a written annual report to senior management summarizing the test results, the system of supervisory controls, and any significant compliance problems with a plan for correction. For broker-dealers and dual registrants, the Rule 3120 report is the single most examined artifact after the WSPs themselves — it is how examiners confirm that Rule 3110 procedures are not merely documented but actively tested.
In practice, a firm's Rule 3120 testing plan should cover:
- Trade review and exception handling
- Customer account activity surveillance
- Correspondence review processes
- The supervisory structure itself — including principal assignments and escalation procedures
Each element should be calibrated to the firm's risk profile — the same "reasonably designed" calibration logic that underpins Rule 206(4)-7.
Reg BI Portfolio Supervision — Retail Recommendations by Broker-Dealers
Regulation Best Interest (Reg BI), adopted by the SEC under the Securities Exchange Act of 1934, establishes a best-interest standard of conduct for broker-dealers and their associated persons when making a recommendation of any securities transaction or investment strategy to a retail customer. Reg BI became effective in 2019 with a compliance date of June 30, 2020.
Reg BI comprises four component obligations:
- Disclosure Obligation: Provide certain prescribed disclosures before or at the time of the recommendation, including material facts relating to the scope and terms of the relationship and all material conflicts of interest.
- Care Obligation: Exercise reasonable diligence, care, and skill in making the recommendation, understanding potential risks and rewards, and having a reasonable basis to believe it is in the retail customer's best interest.
- Conflict of Interest Obligation: Establish, maintain, and enforce written policies and procedures reasonably designed to identify and disclose, and either eliminate or mitigate, conflicts of interest.
- Compliance Obligation: Establish, maintain, and enforce written policies and procedures reasonably designed to achieve compliance with Reg BI as a whole.
Reg BI replaced the FINRA-suitability-only standard for retail recommendations but did not eliminate FINRA Rule 2111. Rule 2111 still applies to transactions with non-retail customers, and its reasonable-basis, customer-specific, and quantitative suitability components are incorporated by reference into Reg BI's Care Obligation in practice. Dual registrants therefore operate under Reg BI for retail recommendations and under Rule 206(4)-7 fiduciary obligations simultaneously — two different standards for adjacent activity.
DOL PTE 2020-02 — ERISA and IRA Rollover Recommendations
The Department of Labor's Prohibited Transaction Exemption 2020-02 applies to investment advice fiduciaries under ERISA and the Internal Revenue Code, including advice to plan participants and IRA holders and — most consequentially — advice to roll over assets from an ERISA-covered plan to an IRA. When a recommendation meets the DOL's five-part test for fiduciary advice, PTE 2020-02 provides a prohibited-transaction exemption for receiving otherwise-conflicted compensation, provided the adviser satisfies the exemption's conditions.
Core conditions under PTE 2020-02 include the Impartial Conduct Standards:
- Act in the retirement investor's best interest
- Charge no more than reasonable compensation
- Avoid materially misleading statements
The exemption also requires written acknowledgment of fiduciary status, specific disclosures, written policies and procedures mitigating conflicts, an annual retrospective review by the firm, and documented rollover-recommendation rationale.
For an RIA that advises retirement accounts or recommends IRA rollovers, DOL PTE 2020-02 IRA rollovers documentation adds a layer to RIA portfolio supervision compliance that Rule 206(4)-7 alone does not require — specifically, the rollover rationale and the retrospective review. Firms should validate current applicability with counsel given the evolving DOL fiduciary-rule landscape.
SEC Division of Examinations 2026 Priorities
Each year the SEC Division of Examinations publishes its annual examination priorities. We will not quote specific 2026 priority text here, because priorities are released and periodically updated and firms should read the published document directly.
That said, the Division's priority themes have been remarkably consistent across recent cycles, and firms can expect continued emphasis in areas such as:
- Fiduciary duty and the duty of care for investment advisers, particularly around conflicts of interest, fees, and compensation arrangements
- Adequacy of compliance programs under Rule 206(4)-7, including annual review documentation and CCO empowerment
- Recommendations and investment advice, including complex or illiquid products, private fund advisers, and rollover recommendations
- Dually-registered advisers and hybrid firms, where supervisory overlap and conflicts are concentrated
- Information security, operational resilience, and data protection
- Emerging areas such as artificial intelligence in advisory processes and crypto-related recommendations
For RIAs, the practical implication is straightforward: the same set of core artifacts — written policies, evidence of annual review, conflicts disclosures, trade surveillance logs, rollover documentation, and the Rule 3120 report where applicable — will be requested on virtually any exam. The question examiners are asking is not whether your policies exist, but whether they are implemented, tested, and evidenced.
Firms should consult the Division's published SEC Division of Examinations 2026 priorities document directly when scoping their annual compliance calendar.
Rule-by-Rule Obligation Map
The table below consolidates the rules discussed above into a single supervisory-obligation reference.
| Rule | Issuing Body | Applies To | Key Obligation | Supervisory Requirement |
|---|---|---|---|---|
| Rule 206(4)-7 | SEC | SEC-registered investment advisers | Written policies reasonably designed to prevent Advisers Act violations | Annual review; designated CCO; evidence of implementation |
| Rule 3110 | FINRA | FINRA member broker-dealers (and dual registrants) | Written supervisory procedures and supervision of associated persons | Principal designation; office inspections; correspondence review |
| Rule 3120 | FINRA | FINRA member broker-dealers | Supervisory control system and annual testing | Annual written report to senior management |
| Regulation Best Interest | SEC | Broker-dealers making retail recommendations | Best-interest standard; disclose, mitigate, or eliminate conflicts | Disclosure, Care, Conflict, and Compliance obligations |
| Rule 2111 | FINRA | Broker-dealers (non-retail recommendations; still informs Reg BI Care) | Suitability — reasonable-basis, customer-specific, quantitative | Documented suitability analysis; trade-pattern surveillance |
| PTE 2020-02 | DOL | Fiduciary advice to retirement investors (ERISA plans, IRAs) | Impartial Conduct Standards for conflicted compensation | Rollover rationale; annual retrospective review; written disclosures |
Hybrid RIA BD Supervision — Pure RIA vs Hybrid vs Dual-Registrant Matrix
The supervisory perimeter is not uniform across advisory firms. The matrix below summarizes which rules apply to three common firm archetypes and which regulator is the primary examiner.
| Firm Type | Rules That Apply | Supervisory Documentation | Primary Examiner |
|---|---|---|---|
| Pure RIA (no BD affiliation) | Rule 206(4)-7; PTE 2020-02 if advising retirement accounts | Compliance manual, annual review memo, trade surveillance log, rollover file | SEC Division of Examinations (or state securities regulator if state-registered) |
| Hybrid RIA with affiliated BD | Rule 206(4)-7, Rule 3110, Rule 3120, Reg BI, Rule 2111, PTE 2020-02 (as applicable) | Combined compliance manual, WSPs, 3120 annual report, Reg BI disclosures | SEC (for advisory side) and FINRA (for BD side) |
| Dual Registrant (single entity, both SEC- and FINRA-registered) | All of the above, applied simultaneously to the same associated persons | Integrated WSPs/compliance manual mapping each activity to the correct standard | SEC and FINRA with coordinated (and sometimes overlapping) exam scope |
The highest supervisory risk is in the dual registrant category — the same human may make an advisory recommendation subject to the Advisers Act fiduciary duty in one meeting and a broker-dealer recommendation subject to Reg BI in the next. Firms in this category need supervisory procedures that identify which hat is on for each client interaction and document it contemporaneously.
2026 SEC Exam Priorities Cross-Reference
The table below maps recurring SEC Division of Examinations priority themes to the specific rules implicated, examiner focus areas, and self-assessment questions compliance teams should be asking now.
| Priority Area | Rule Implicated | What Examiners Look For | Self-Assessment Question |
|---|---|---|---|
| Fiduciary duty and conflicts of interest | Rule 206(4)-7; Reg BI Conflict Obligation | Written conflicts inventory; mitigation documentation; fee disclosures | Can we produce our conflicts inventory and mitigation evidence within 48 hours of a request? |
| Adequacy of compliance programs | Rule 206(4)-7 annual review requirement | Annual review memo; CCO authority and resources; evidence of policy implementation | Does our annual review memo document both what was tested and what changed as a result? |
| Rollover recommendations | PTE 2020-02; Rule 206(4)-7 | Rollover rationale documentation; retrospective review; Impartial Conduct Standards compliance | Is every rollover recommendation documented with a contemporaneous rationale comparing plan options to IRA alternatives? |
| Dually-registered and hybrid firms | Rule 206(4)-7; Rule 3110; Reg BI | Clear delineation of advisory vs. brokerage activity; integrated supervisory procedures | Do our WSPs identify which standard applies to each client interaction and document it contemporaneously? |
| Information security and operational resilience | Rule 206(4)-7 (as reasonably designed policies extend to operational risk) | Business continuity plans; incident response documentation; vendor due diligence | Have we tested our BCP in the last 12 months and documented the results? |
| Trading activity and best execution | Rule 206(4)-7; Rule 3110; Rule 2111 | Trade surveillance logs; exception-review documentation; best-execution analysis | Can we demonstrate systematic trade-level review with documented escalation of exceptions? |
Where StratiFi Fits
Most firms read the rules above, then find that the hardest part of compliance is not understanding the obligations — it is producing the supervisory evidence examiners expect, on demand, across every client account. StratiFi's ComplianceIQ and AdvisorIQ provide the intelligence layer that translates Rule 206(4)-7 "reasonably designed" policies into continuous IPS-drift, concentration, and trading-activity monitoring — with audit-ready documentation mapped back to each obligation above.
For the full cluster context, see our pillar piece on portfolio supervision ria ips intelligence, our framework for documenting ips supervision 206 4 7 framework, and our companion post on sec enforcement actions ips supervision failures.
Frequently Asked Questions
What does SEC Rule 206(4)-7 require?
SEC Rule 206(4)-7 requires every SEC-registered investment adviser to (1) adopt and implement written compliance policies and procedures reasonably designed to prevent violations of the Advisers Act, (2) review those policies at least annually for adequacy and implementation effectiveness, and (3) designate a Chief Compliance Officer responsible for administering the program. The standard is "reasonably designed" — calibrated to the firm's specific business, clients, and risks rather than a prescriptive checklist.
Does FINRA Rule 3110 apply to pure RIAs?
No. FINRA Rule 3110 applies to FINRA member broker-dealers. A pure RIA with no broker-dealer affiliation is not a FINRA member and is not directly subject to Rule 3110. However, hybrid firms (RIAs with an affiliated BD) and dual registrants (entities registered as both an IA and a BD) are subject to Rule 3110 on the broker-dealer side in addition to Rule 206(4)-7 on the advisory side.
What are the 2026 SEC Division of Examinations priorities?
The SEC Division of Examinations publishes annual exam priorities; firms should consult the Division's official 2026 priorities document directly for specific priority text. Priority themes have been consistent across recent cycles and typically include fiduciary duty and conflicts of interest, adequacy of compliance programs under Rule 206(4)-7, investment recommendations (including complex products and rollovers), dually-registered advisers, and information security and operational resilience.
What is DOL PTE 2020-02?
DOL Prohibited Transaction Exemption 2020-02 is a Department of Labor exemption that permits investment-advice fiduciaries to receive otherwise-conflicted compensation when recommending investments to retirement investors — including plan participants, IRA holders, and prospective IRA rollovers — provided they satisfy the exemption's Impartial Conduct Standards and documentation requirements. Firms should validate current applicability with counsel given the evolving DOL fiduciary-rule landscape.
How do 206(4)-7 and FINRA 3110 differ for dual registrants?
SEC Rule 206(4)-7 imposes a fiduciary-grade compliance-program obligation on the advisory side, emphasizing "reasonably designed" written policies and annual review. FINRA Rule 3110 imposes a supervisory-structure obligation on the broker-dealer side, emphasizing WSPs, principal designation, office inspections, and correspondence review. For dual registrants, the same associated persons may trigger either standard depending on whether a given interaction is advisory or brokerage — the firm's supervisory procedures must identify which standard applies to which activity and document it contemporaneously.
What supervisory documentation does the SEC expect?
At minimum: the firm's written compliance manual, evidence of the annual review required by Rule 206(4)-7 (a memo or similar contemporaneous record), the CCO designation, trade surveillance and exception-review logs, conflicts-of-interest disclosures and mitigation records, rollover-recommendation files where PTE 2020-02 applies, and books and records retained under Advisers Act Rule 204-2. The common thread is implementation evidence — documentation that the policies were not only written but actually followed.
The rules are clear. The obligations are documented. What separates firms that pass exams confidently from firms that scramble is the quality and continuity of their supervisory evidence. If you want to see how StratiFi maps continuous monitoring to the obligations outlined above, the conversation starts here.