US Recordkeeping
- SEC Rule 17a-4 Requires broker-dealers to retain all business communications — including mobile messaging. Here's what a compliant archive actually needs.
- FINRA Rule 4511 FINRA's books and records rule requires broker-dealers to create and preserve every required book and record, including all electronic communications.
- SEC Rule 17a-3 Requires firms to create records of every business communication. Most firms focus on storage and skip this rule. What compliance means in practice.
- FINRA Rule 3110 Requires broker-dealers to establish a supervisory system and written supervisory procedures reasonably designed to achieve compliance — and prove it works.
- FINRA Off-Channel Communications FINRA and the SEC have issued $2B+ in fines since 2021 for off-channel messaging failures. What the enforcement record shows and what a compliant approach requires.
- FINRA Rule 2210 FINRA Rule 2210 requires broker-dealers to review, approve, and retain all public communications, including social media. What a compliant program actually needs.
- SEC/FINRA Exam-Ready Checklist A practical checklist for RIAs and broker-dealers preparing for examination — archive readiness, WSPs, supervision documentation, and what examiners actually check.
Global Financial Frameworks
- BCBS 239 Basel Committee principles for effective risk data aggregation and risk reporting. Increasingly applied by global supervisors as a data-governance benchmark for AI activity and communications pipelines at G-SIBs and D-SIBs.
- DORA (Digital Operational Resilience Act) EU regulation in force since 17 January 2025. Applies to every EU financial entity and the ICT third parties that serve them - including AI systems and communications-capture vendors.
- MAR (Market Abuse Regulation) EU regulation requiring firms to retain communications and orders related to financial instruments. Off-channel and AI-assisted messages are routinely requested in MAR investigations.
- MiFID II EU markets directive requiring recording of electronic communications and phone calls relating to financial instruments. The benchmark for European communications compliance.
AI Governance
- EU AI Act Largest AI-specific law in force globally. Article 12 (logging), Article 14 (human oversight), and Annex III (high-risk use cases including credit, insurance, and access to financial services) govern AI activity at regulated firms.
- NIST AI RMF US National Institute of Standards and Technology framework for managing AI risk across the lifecycle. Voluntary but widely cited; the de facto US AI risk standard.
- ISO/IEC 42001 International AI management systems standard published in 2023. Increasingly cited on enterprise RFPs as the SOC 2 of AI governance.
- SR 11-7 Federal Reserve guidance on model risk management. The de facto US standard for AI and ML risk at supervised banks; examiners increasingly apply it to generative AI and agentic deployments.
Coming soon
- FINRA Rule 2220 — Options Communications
- Dedicated deep-dive pages for BCBS 239, DORA, MAR, EU AI Act, NIST AI RMF, ISO/IEC 42001, and SR 11-7
See how Comma keeps you exam-ready.
Book a 20-minute walkthrough — real capture, real-time flagging, and exports built for regulators.
Related reading