FINRA Rule 3110 is one of the most fundamental obligations in securities regulation: member firms must establish, maintain, and enforce a supervisory system that is reasonably designed to ensure compliance with applicable securities laws and FINRA rules. It's been on the books in various forms since before FINRA existed.
Yet supervision is among the most frequently cited deficiencies in FINRA examinations — and the reason isn't usually that firms aren't trying. It's that the communications landscape has expanded faster than most supervisory systems have been designed to handle. The gap between what Rule 3110 requires and what most firms' supervisory programs actually accomplish has widened significantly as business communication has moved beyond email.
What Rule 3110 Actually Requires
Rule 3110 has several components. The two most directly affected by the shift to digital communications are the written supervisory procedures (WSP) requirement and the review of correspondence requirement.
Under Rule 3110(b), firms must establish written supervisory procedures that are reasonably designed to prevent and detect violations. Those procedures must address the supervision of digital communications used to conduct business — not just email. If your WSPs cover email and don't address Slack, Teams, text messages, or any other channel your reps actually use, the procedures themselves are deficient.
Under Rule 3110(b)(4), firms must implement supervisory procedures for reviewing incoming and outgoing correspondence, including electronic correspondence with customers. This is the communications review requirement — the obligation to have a principal actually review a representative sample of rep communications on an ongoing basis.
The rule's plain meaning: A supervisor must be able to read what your reps are saying to clients and flag anything that warrants follow-up. That requires access to the communications. If the communications are happening on platforms outside your supervisory review workflow, the review isn't happening — regardless of what your WSPs say.
How the Supervision Gap Forms
The supervision gap isn't a policy failure. It's an architectural one. It forms when business communications happen on more platforms than the firm's supervisory review system can monitor.
The typical mid-size broker-dealer today has reps communicating across email, an enterprise chat platform, personal text messages, and — in some cases — consumer platforms like WhatsApp when clients initiate contact on those channels. The firm's supervisory review workflow may cover email. It may even cover the official enterprise chat platform. It almost certainly doesn't cover everything.
The platform proliferation problem
Each communication platform your firm uses creates a separate data silo. Conducting a meaningful supervisory review means having a principal log into each silo, navigate each platform's interface, and export or search records in whatever format that platform supports. In practice, principals with supervisory review responsibilities are doing this for email and not for much else.
That's not negligence. It's resource allocation under constraint. Supervisory review is time-consuming when done properly, and doing it across ten platforms is not a realistic ask for most small and mid-size firms operating with lean compliance teams.
The off-channel communications problem
Even if a firm has comprehensive supervisory review workflows for its sanctioned platforms, the deeper risk is communications that happen outside those platforms entirely. A rep who text messages a client from a personal phone isn't conducting business on a supervised channel — but the substance of that conversation is still a business communication subject to Rule 3110.
FINRA has addressed off-channel communications directly in examination findings and enforcement actions. The standard doesn't change because the channel is unsanctioned. If a rep is conducting business, the firm is responsible for supervising it. If the firm can't supervise it, the firm is responsible for prohibiting it effectively — which means more than an email policy that reps sign and ignore.
What FINRA Looks For in an Examination
When FINRA examiners assess supervisory compliance, they look at the written supervisory procedures, evidence of actual supervisory review activity, and any findings that resulted from that review. They're looking for a coherent picture: the procedures describe what should happen, and the evidence shows it's actually happening.
The failure pattern that generates examination findings looks like this: the WSPs state that digital communications are reviewed monthly. The compliance officer can produce documentation showing that email reviews occurred. But when the examiner asks for evidence of review activity across other channels — the Slack workspace, the Teams environment, any review of personal device usage — the documentation doesn't exist. The review wasn't happening for those channels.
That gap between what the WSPs say and what the documentation shows is a finding. It demonstrates that the supervisory system is not being maintained as written — which under Rule 3110 is itself a violation, separate from whether any underlying misconduct occurred.
The documentation issue: Supervisory review requires evidence. A principal who reviews communications but doesn't document the review has created ambiguity that benefits no one in an examination. The practice has to happen, and the practice has to be documented — both the review and any follow-up actions it triggered.
The Consolidation Principle
The firms that do supervisory review well share a common characteristic: their supervisory review workflow covers everything in one place. Business communications happen on a single platform. The supervisory review interface gives a principal visibility into all communications across all reps from a single view. There's no log-in-here, export-this, review-separately workflow that creates platform-by-platform review burden.
That consolidation isn't just operationally convenient — it's the structural foundation for a Rule 3110-compliant supervisory program. When a principal can conduct a genuinely comprehensive review in a manageable amount of time, supervisory review actually happens. When it requires navigating a maze of platforms and formats, it becomes a perfunctory exercise that doesn't satisfy the rule's intent and doesn't survive examination scrutiny.
The Written Supervisory Procedures Gap
One final note on WSPs: many firms updated their WSPs to reference digital communications when email became the primary business communication channel. Far fewer have updated them to address the full range of platforms reps now use.
WSPs that don't address the communication channels actually in use at the firm are deficient on their face. An examiner who asks to see the WSP section on digital communication supervision and finds it covers only email will note the gap — before even getting to the question of whether actual review is happening.
Updating WSPs to reflect current communications practice isn't a long project. It's a focused exercise in mapping what channels are in use, what the supervisory review workflow covers, and where the gaps are. Closing those gaps — either by extending supervision to cover the channels currently in use, or by credibly prohibiting channels that can't be supervised — is the work Rule 3110 requires.
Supervisory review that actually covers everything.
Cruve gives compliance principals a dedicated review interface across all firm communications — one view, no exports, no platform-hopping. Built for Rule 3110 from the start. Now in beta for regulated financial firms.
Request Early Access