FINRA Audit Obligations for Broker-Dealers

Broker-dealers registered with the Financial Industry Regulatory Authority (FINRA) operate under a layered audit framework that spans annual financial statement audits, internal compliance reviews, and ongoing supervisory system examinations. These obligations derive from FINRA rules, Securities Exchange Act of 1934 requirements, and Securities and Exchange Commission (SEC) regulations. Understanding the structure of these requirements is essential for broker-dealer principals, compliance officers, and the independent auditors who serve the industry.

Definition and scope

FINRA audit obligations for broker-dealers encompass a set of mandatory examination, verification, and reporting requirements designed to ensure the accuracy of financial statements, the adequacy of net capital, and the integrity of customer asset protection mechanisms. The foundational authority for these obligations sits in SEC Rule 17a-5 under the Securities Exchange Act of 1934, which governs the annual reporting and audit requirements applicable to registered broker-dealers.

FINRA supplements SEC rules through its own rulebook — primarily FINRA Rule 4370 (Business Continuity Planning) and FINRA Rule 3110 (Supervision), with financial condition obligations addressed through the Net Capital Rule (SEC Rule 15c3-1) and the Customer Protection Rule (SEC Rule 15c3-3).

Scope varies by firm classification. Introducing broker-dealers (those that do not hold customer funds or securities) face a narrower set of audit requirements than carrying broker-dealers (those that maintain custody of customer assets). Carrying firms must file audited financial statements prepared by a Public Company Accounting Oversight Board (PCAOB)-registered auditor, while certain introducing firms may qualify for a less extensive review engagement. This classification boundary is one of the most consequential distinctions in financial audit types for the broker-dealer sector.

How it works

The annual audit cycle for a broker-dealer follows a structured sequence dictated primarily by SEC Rule 17a-5 and amplified by FINRA guidance.

1. Fiscal year-end financial preparation. The broker-dealer closes its books and prepares financial statements, including a balance sheet, income statement, and statement of cash flows, consistent with U.S. Generally Accepted Accounting Principles (U.S. GAAP).

2. Auditor engagement. A PCAOB-registered independent public accounting firm is retained. The auditor must be independent under both SEC and PCAOB independence standards, and must not have been the subject of a PCAOB sanction that would impair their eligibility. See auditor independence requirements for the full independence framework.

3. Audit execution. The auditor examines the broker-dealer's financial statements, net capital computation, reserve formula calculation (for carrying firms), and the schedule of possession or control of securities. Under SEC Rule 17a-5(d)(3), carrying broker-dealers must also undergo an audit of their compliance with the Customer Protection Rule.

4. Supplemental schedules and reports. Beyond the core financial statements, audited supplemental schedules — including the Computation of Net Capital under Rule 15c3-1 and the Computation for Determination of Reserve Requirements under Rule 15c3-3 — must be filed with FINRA and the SEC.

5. Filing deadlines. Annual audited reports must be filed within 60 calendar days after fiscal year-end for most broker-dealers (SEC Rule 17a-5(d)(5)). Firms that are SIPC members must also provide copies of their audited reports to the Securities Investor Protection Corporation.

6. FINRA examination. Separately from the external audit, FINRA conducts cycle examinations of member firms — typically on a 1-to-4-year cycle depending on firm risk profile — reviewing supervisory systems, sales practices, financial condition, and anti-money laundering programs.

The external financial audit and the FINRA regulatory examination are distinct processes. The audit produces an opinion on financial statements; the examination produces findings on regulatory compliance. Internal vs. external audit differences elaborates on how these functions interact without fully overlapping.

Common scenarios

Carrying broker-dealer annual audit. A firm holding customer securities and cash must engage a PCAOB-registered auditor to opine on both financial statements and compliance schedules. The auditor issues separate reports on the financial statements and on the supplemental schedules — an important structural distinction from a standard corporate audit.

Introducing broker-dealer limited review. Introducing broker-dealers that do not hold customer funds may qualify for a review engagement rather than a full audit, reducing cost and audit scope, provided the firm meets the exemption criteria under SEC Rule 17a-5(e)(1).

Net capital deficiency trigger. If a broker-dealer's net capital drops below the required minimum — which varies by business model but is no less than $5,000 under the aggregate indebtedness standard for introducing firms (SEC Rule 15c3-1) — the firm must immediately notify FINRA and cease certain business activities. Auditors discovering a deficiency during the audit engagement are required to report it directly to FINRA within 24 hours under SEC Rule 17a-11.

Anti-money laundering (AML) program audit. Under FINRA Rule 3310, broker-dealers must establish a written AML program and conduct an independent test of the program at least annually. This test — often performed by internal audit or a qualified outside party — is distinct from the financial statement audit. The anti-money laundering audit requirements framework provides detailed scope expectations for these tests.

FINRA cycle examination. A FINRA exam team reviews supervisory procedures, trade surveillance records, customer complaint handling, and financial records. Unlike an external financial audit governed by GAAP and PCAOB standards, the FINRA examination is a regulatory review governed by FINRA's examination program and applicable SEC rules.

Decision boundaries

Determining which audit obligations apply to a specific broker-dealer requires analysis across four primary variables:

Custody status. Carrying broker-dealers face full audit scope under SEC Rule 17a-5(d), including audited compliance schedules. Introducing broker-dealers may qualify for the reduced reporting requirements under Rule 17a-5(e).

PCAOB registration requirement. Any broker-dealer that is a public company or that voluntarily engages a PCAOB-registered auditor triggers PCAOB oversight of the engagement. As of the PCAOB's expanded jurisdiction under the Dodd-Frank Wall Street Reform and Consumer Protection Act (2010), auditors of broker-dealers — not just issuers — must be registered with the PCAOB and are subject to PCAOB inspection. The Dodd-Frank audit provisions page examines this expansion in detail.

SIPC membership. Most broker-dealers are SIPC members and must provide audited financial reports to SIPC following the annual filing. Non-SIPC members follow a narrower reporting path but remain subject to SEC Rule 17a-5 obligations.

Internal audit function. Large or complex broker-dealers — particularly those affiliated with bank holding companies or publicly traded parents — typically maintain internal audit departments that perform risk-based reviews of trading operations, compliance systems, and financial controls throughout the year. These internal reviews feed into, but do not replace, the external annual audit. Risk-based auditing in financial services describes the methodology commonly applied in this context.

The distinction between the FINRA regulatory examination and the SEC-mandated external financial audit is critical: the former is a supervisory inspection conducted by the self-regulatory organization; the latter is an independent attestation engagement governed by professional auditing standards. Firms that conflate these two functions risk gaps in both regulatory preparation and financial reporting compliance.

References

• SEC Rule 17a-5 — Reports to Be Made by Certain Brokers and Dealers (eCFR)
• SEC Rule 15c3-1 — Net Capital Requirements for Brokers or Dealers (eCFR)
• SEC Rule 15c3-3 — Customer Protection Rule (eCFR)
• FINRA Rule 3110 — Supervision (FINRA Rulebook)
• FINRA Rule 3310 — Anti-Money Laundering Compliance Program (FINRA Rulebook)
• FINRA Rule 4370 — Business Continuity Plans and Emergency Contact Information (FINRA Rulebook)