Table of Contents
SERIES 7 | SERIES 65 | FINANCIAL REGULATION COURSES
FINRA Rule 2090 — Know Your Customer — requires every FINRA member firm to use reasonable diligence, in regard to the opening and maintenance of every account, to know and retain the essential facts concerning every customer and concerning the authority of each person acting on behalf of such customer — establishing the foundational customer knowledge obligation that is the prerequisite for every other conduct standard in the FINRA rulebook, from the suitability analysis required by FINRA Rule 2111 to the anti-money laundering obligations of FINRA Rule 3310 to the account information requirements of FINRA Rule 4512.
Rule 2090 is universally known as the Know Your Customer rule — or KYC — and its three-word description captures its essential purpose precisely. Before a registered representative can make a suitable recommendation, before a member firm can detect suspicious activity, before a compliance programme can effectively supervise customer accounts, and before a broker-dealer can fulfil any of its investor protection obligations — it must know its customer. Rule 2090 establishes that foundational knowledge obligation and makes it legally enforceable as a condition of conducting any securities business with any customer.
The know your customer obligation is not a one-time formality satisfied at account opening — it is a continuous obligation applicable throughout the life of every customer relationship, requiring ongoing attention to changes in the customer's circumstances, periodic updating of customer profile information, and continuous monitoring of account activity to ensure that the member firm's understanding of the customer remains current and accurate.
The supplementary material to Rule 2090 defines essential facts as those required to satisfy four specific purposes — effectively service the customer's account, act in accordance with any special handling instructions for the account, understand the authority of each person acting on behalf of the customer, and comply with applicable laws, regulations, and rules.
Effectively servicing the customer's account requires knowing the information necessary to manage the account in a manner consistent with the customer's investment objectives and financial situation — including the customer's financial profile, investment goals, risk tolerance, time horizon, and liquidity needs. A member firm cannot effectively service an account whose owner's financial situation and objectives it does not understand — recommendations made without this knowledge may be unsuitable, portfolio management conducted without it may be inconsistent with the customer's actual needs, and account monitoring conducted without it cannot identify deviations from expected patterns.
Acting in accordance with special handling instructions requires knowing any specific directions the customer has provided about how their account should be managed — including restrictions on certain types of investments, directions about communication preferences, instructions about account authority granted to third parties, and any other specific requirements the customer has established for the management of their account.
Understanding account authority requires knowing who is authorised to give instructions for the account — whether the account is held by an individual, jointly, in trust, through a power of attorney, or through any other ownership or authority structure that determines who can legally direct account activity. A member firm that accepts instructions from an unauthorised person — or that fails to follow instructions from an authorised person because it does not know their authority — has failed its essential facts obligation regardless of the outcome of any specific transaction.
Complying with applicable laws and regulations requires knowing the information necessary to satisfy the member firm's legal obligations in connection with the account — including the customer identification programme requirements of the USA PATRIOT Act, the anti-money laundering obligations of the Bank Secrecy Act enforced through FINRA Rule 3310, the beneficial ownership requirements applicable to legal entity customers, and any other regulatory requirements that depend on knowledge of the customer's identity, background, or account relationships.
The know your customer obligation commences at the moment a customer decides to open an account with a member firm — before any recommendation has been made and before any transaction has been executed. Rule 2090's obligation is triggered by the decision to open an account, not by the first recommendation or transaction, reflecting the regulatory recognition that adequate customer knowledge must precede rather than follow the commencement of the customer relationship.
The account opening process — governed jointly by Rule 2090's essential facts requirement and the account information requirements of FINRA Rule 4512 — requires collection of a comprehensive customer profile including full name, date of birth, residential address, social security number, employment status, annual income, net worth, investment objectives, investment experience, time horizon, liquidity needs, risk tolerance, and tax status. This information collectively constitutes the investment profile that underpins the suitability analysis required by FINRA Rule 2111 for every subsequent recommendation made to the customer.
The customer identification programme requirements of the USA PATRIOT Act — implemented for broker-dealers through 31 CFR 1023.220 — operate alongside Rule 2090's essential facts requirement, adding the specific identity verification requirements applicable to anti-money laundering compliance. Together these two frameworks ensure that member firms know both who their customers are — for regulatory and anti-money laundering purposes — and what their customers need — for suitability and account servicing purposes.
Rule 2090's obligation applies not only to the opening of accounts but to their ongoing maintenance — creating a continuous obligation throughout the life of every customer relationship to keep essential customer facts current and accurate.
Customer circumstances change over time — financial situations improve or deteriorate, investment objectives evolve as life circumstances change, risk tolerance shifts as customers age or experience market events, and account authority arrangements may be modified through new powers of attorney, trust amendments, or changes in family circumstances. A member firm that collected adequate essential facts at account opening but failed to update that information when the customer's circumstances changed materially has failed its Rule 2090 obligation — the essential facts must reflect the customer's current situation, not merely their situation at the time the account was opened.
The ongoing maintenance obligation creates a practical compliance challenge for member firms — how frequently must customer information be updated, and what triggers a required update? FINRA's guidance indicates that firms must update customer information when they become aware of material changes in the customer's circumstances, when customers directly report changes, or periodically as part of a systematic account review programme. Many member firms implement annual or biennial customer profile reviews as a systematic compliance mechanism — supplemented by event-triggered reviews when specific circumstances suggest that customer information may have changed.
Rule 2090 and FINRA Rule 2111 — the suitability rule described in the FINRA Rule 2111 entry of this dictionary — are operationally inseparable because adequate customer knowledge is the prerequisite for a valid suitability analysis.
Rule 2111's customer-specific suitability obligation requires that a registered representative have a reasonable basis to believe that a recommendation is suitable for the specific customer based on information obtained through reasonable diligence to ascertain the customer's investment profile. That investment profile — age, other investments, financial situation and needs, tax status, investment objectives, investment experience, time horizon, liquidity needs, and risk tolerance — is precisely the essential facts that Rule 2090 requires the member firm to know and retain.
A suitability analysis conducted without adequate essential facts is not a valid suitability analysis — it is a guess about what might be appropriate for a customer whose actual circumstances are unknown. This means that a Rule 2111 violation is often simultaneously a Rule 2090 violation — the registered representative who made an unsuitable recommendation may have done so partly because they failed to gather the essential facts that would have revealed the recommendation's unsuitability.
This operational interdependence explains why FINRA regulators and examination professionals consistently evaluate Rule 2090 compliance as the foundation of suitability programme effectiveness — a firm that does not know its customers cannot make suitable recommendations for them, and a firm that makes unsuitable recommendations has frequently failed first at the essential facts obligation that should have prevented the unsuitable recommendation.
Rule 2090's essential facts obligation directly supports the anti-money laundering compliance programme required by FINRA Rule 3310 — connecting the customer knowledge obligation to the broader framework of financial crime prevention that applies to all FINRA member firms.
The Bank Secrecy Act and its implementing regulations require broker-dealers to establish anti-money laundering programmes that include procedures for identifying and reporting suspicious activity — and effective suspicious activity detection depends fundamentally on knowing what normal activity looks like for each specific customer. A member firm that knows its customer's financial profile, investment objectives, typical transaction patterns, and sources of funds can identify deviations from expected behaviour that may indicate suspicious activity. A member firm that does not know its customer cannot distinguish normal from suspicious behaviour in that customer's account.
The beneficial ownership requirements — requiring identification of the natural persons who own or control legal entity customers — extend the Rule 2090 essential facts obligation specifically to legal entity accounts where the direct account holder may be a corporation, trust, or other entity rather than an individual. Knowing who ultimately owns or controls the account is essential both to effective account servicing and to the anti-money laundering obligations that require knowledge of the true beneficial owners of customer accounts.
FINRA Rule 2090 is tested on the Series 7 and Series 65 examinations as the foundational know your customer rule — the prerequisite customer knowledge obligation that underlies every subsequent conduct standard applicable to broker-dealer registered representatives.
The key points to retain are these.
FINRA Rule 2090 — Know Your Customer — requires every member firm to use reasonable diligence in the opening and maintenance of every account to know and retain the essential facts concerning every customer and every person acting on their behalf. Essential facts are defined as those required to effectively service the account, follow special handling instructions, understand account authority, and comply with applicable laws and regulations.
The know your customer obligation commences at account opening — before any recommendation or transaction — and continues throughout the life of the customer relationship as a continuous maintenance obligation requiring updates when customer circumstances change materially. Rule 2090 is the prerequisite for the suitability analysis required by FINRA Rule 2111 — a valid customer-specific suitability determination requires adequate essential facts about the specific customer, making Rule 2090 compliance the foundation of the entire suitability framework. Rule 2090 also supports the anti-money laundering compliance programme required by FINRA Rule 3310 — effective suspicious activity detection requires knowing what normal activity looks like for each specific customer, making the essential facts obligation central to both investor protection and financial crime prevention.
