Table of Contents
SERIES 24 | FINANCIAL REGULATION COURSES
FINRA Rule 8210 is the cornerstone of FINRA's investigative authority — the rule that gives FINRA the practical power to carry out its self-regulatory mission. For the purpose of any investigation, complaint, examination, or proceeding authorized by the FINRA By-Laws or rules, FINRA Rule 8210 grants Adjudicators and FINRA staff the right to require any member, person associated with a member, or other person subject to FINRA's jurisdiction to provide information orally, in writing, or electronically and to testify under oath or affirmation at a location specified by FINRA; and to inspect and copy the books, records, and accounts of such member or person with respect to any matter in the investigation that is in the member's or person's possession, custody, or control. The rule provides that no member or person shall fail to provide information, testimony, or access to books and records pursuant to these authorities. It further authorizes FINRA to share information with other domestic federal agencies and foreign regulators through formal agreements, establishes the framework for serving notices, permits electronic interface programs for regular information submission, and requires encryption of information provided on portable media devices.
FINRA Rule 8210 sits within the 8200 Investigations subsection of the 8000 Investigations and Sanctions series. Its antecedents reach back to the earliest formal investigative powers of the NASD, where it was previously designated as Rule 4615. The rule was most recently substantively amended by SR-FINRA-2009-060, effective February 25, 2013, as announced in Regulatory Notice 13-06 — an amendment that clarified the possession, custody, and control standard for books and records, added the authority to serve notices on counsel for represented parties, and made other structural clarifications. Prior amendments include SR-FINRA-2010-021 effective December 29, 2010 adding the encryption requirement for portable media devices, SR-FINRA-2008-021 effective December 15, 2008 and SR-FINRA-2008-056 effective November 6, 2008 updating the CRD notice delivery provisions, and earlier NASD amendments stretching back to 1992. Regulatory Notice 25-11, published September 25, 2025, reaffirmed and elaborated the rule's extraterritorial reach — confirming that FINRA Rule 8210 applies to members and associated persons regardless of where they or their books and records are located.
FINRA Rule 8210 serves as FINRA's primary tool for obtaining information necessary to conduct investigations. This characterization — drawn directly from the SEC's own appellate decisions affirming FINRA Rule 8210 proceedings — reflects a fundamental structural reality: FINRA, unlike the SEC and other government regulators, lacks subpoena power. The SEC can compel testimony and document production through formal subpoenas backed by federal court enforcement authority. FINRA cannot. What FINRA has instead is FINRA Rule 8210 — a rule that imposes a direct contractual and regulatory obligation on members and their associated persons to cooperate fully with FINRA's investigative demands, backed by the sanction of expulsion or bar for non-compliance.
This structural reality makes compliance with FINRA Rule 8210 uniquely consequential. An SEC subpoena non-compliance requires the SEC to seek judicial enforcement — a process that takes time and allows for legal challenge. A FINRA Rule 8210 non-compliance is itself an immediate rule violation that FINRA can charge and for which the standard sanction — confirmed in the FINRA Sanction Guidelines as updated through March 2024 — is a bar from the industry for individuals or expulsion from membership for firms. Courts and the SEC have consistently upheld FINRA's authority to impose these sanctions for FINRA Rule 8210 non-compliance without requiring FINRA to establish that the underlying investigation would have revealed a substantive violation.
FINRA Rule 8210(a)(1) grants the right to require any member, associated person, or other person subject to FINRA's jurisdiction to provide information orally, in writing, or electronically. The electronic form obligation is triggered when the requested information is, or is required to be, maintained in electronic form — a standard that encompasses virtually all modern securities business records given the pervasive requirement to maintain records electronically under Exchange Act Rule 17a-4. Testimony may be compelled at a location specified by FINRA staff under oath or affirmation administered by a court reporter or notary public. The location requirement — FINRA staff specifies where — means that a respondent located in Chicago cannot insist on testifying by video if FINRA requires in-person testimony at a FINRA office; equally, as Regulatory Notice 25-11 confirms, a person located overseas cannot refuse to travel to a FINRA office in the United States if directed to testify there.
FINRA Rule 8210(a)(2) grants the right to inspect and copy books, records, and accounts with respect to any matter in the investigation that is in the member's or person's possession, custody, or control. The possession, custody, or control standard — clarified in Supplementary Material .01 and confirmed in the 2013 amendments — is interpreted broadly. Control includes situations where records are in the possession of another person or entity but the member or associated person has the legal right, authority, or ability to obtain them on demand. A registered representative whose personal bank account records are held by a financial institution has control over those records for FINRA Rule 8210 purposes — they can obtain them upon demand. A firm whose records are held by an outside service provider in a cloud storage arrangement has control over those records. Neither the fact that records are not currently in hand nor the fact that they are held by a third party eliminates the obligation to produce them if they are controllable.
FINRA Rule 8210(a) is triggered by any investigation, complaint, examination, or proceeding authorized by the FINRA By-Laws or rules. This four-part trigger is deliberately broad. An investigation may be initiated before any formal complaint has been filed — FINRA staff can issue FINRA Rule 8210 requests during the pre-complaint investigative phase. A complaint is the formal charging document that initiates a disciplinary proceeding. An examination is the routine examination of a member firm by FINRA's Member Supervision program — FINRA Rule 8210 applies to examination requests just as it applies to enforcement investigation requests. A proceeding encompasses the full range of adjudicative processes in the 9000 series including disciplinary proceedings, statutory disqualification proceedings, and expedited proceedings.
The phrase any matter involved in the investigation, complaint, examination, or proceeding does not require that the matter be directly relevant to a known or charged violation — FINRA's investigative authority extends to materials that may reveal violations or that may assist FINRA in understanding the context of the conduct under review. Courts and the SEC have consistently declined to narrow the scope of FINRA's Rule 8210 authority to materials already shown to be directly relevant to a specific allegation, recognizing that the investigative function necessarily requires the ability to follow the evidence wherever it leads.
FINRA Rule 8210(b) authorizes FINRA staff to enter into agreements with domestic federal agencies and foreign regulators to share information in FINRA's possession for regulatory purposes. These information-sharing agreements — the condition that the agreement require the receiving party to treat information confidentially and assert applicable privileges against third-party requests — reflect the modern reality of cross-border and cross-regulatory investigations in which multiple regulators may be investigating the same or related conduct simultaneously.
FINRA Rule 8210(b)(2) separately authorizes FINRA staff to exercise its FINRA Rule 8210(a) investigative authority on behalf of another domestic or foreign SRO, securities market, or regulator with which FINRA has a qualifying exchange-of-information agreement, for market surveillance, investigative, enforcement, or other regulatory purposes. This provision enables FINRA to conduct investigations on behalf of, for example, a foreign SRO that has identified suspicious trading in U.S.-listed securities by parties subject to FINRA's jurisdiction but not the foreign regulator's direct jurisdiction.
FINRA Rule 8210(c) is the operative compliance provision — no member or person shall fail to provide information or testimony or to permit an inspection and copying of books, records, or accounts pursuant to the rule. The word shall transforms the investigative authority in FINRA Rule 8210(a) into a direct affirmative obligation on members and associated persons. Non-compliance is not merely unhelpful to FINRA — it is a per se rule violation. There is no defense of inconvenience, burden, or even foreign law. As Regulatory Notice 25-11 explicitly states, FINRA Rule 8210 does not provide any exception to complying with its requirements based on foreign law — a direct response to situations where members with operations in jurisdictions such as China, France, or Switzerland have invoked local blocking statutes or data privacy laws as grounds for not producing records to FINRA.
The practical consequence of this absolute obligation is that members considering establishing operations, personnel, or data storage in foreign jurisdictions must affirmatively assess whether the local legal environment would prevent compliance with FINRA Rule 8210, and must structure their operations to preserve that compliance. Regulatory Notice 25-11 confirms that FINRA's examination program actively reviews the ability of members with offshore operations and personnel to comply with FINRA Rule 8210, and that FINRA will initiate enforcement action — potentially resulting in expulsion from membership or bar of associated persons — where compliance cannot be assured.
FINRA Rule 8210(d) establishes how a FINRA Rule 8210 notice is deemed received. For members and currently or formerly registered persons, the notice is deemed received by mailing or transmitting it to the last known business address for the member or last known residential address for the person as reflected in the Central Registration Depository — the CRD. For persons currently associated with a member in an unregistered capacity, notice is deemed received by transmitting to the member's last known business address in the CRD. For persons formerly associated in an unregistered capacity over whom FINRA retains jurisdiction, personal service is required under FINRA Rule 9134(a)(1).
Two significant qualifications apply. Where the responsible Adjudicator or FINRA staff knows the CRD address is out of date or inaccurate, notices must be sent to both the CRD address and any more current address known to FINRA staff. Where FINRA staff knows the member or person is represented by counsel regarding the specific matter, the notice must be served on counsel instead of the member or person directly, and service on counsel constitutes deemed receipt by the member or person. The counsel service provision — added in the 2013 amendments — codifies common professional courtesy practice while ensuring that represented parties cannot object that FINRA communicated directly rather than through their counsel.
FINRA Rule 8210(g) requires that any member or person who provides information on a portable media device in response to a FINRA Rule 8210 request must ensure that information is encrypted. A portable media device is defined broadly to include flash drives, CD-ROMs, DVDs, portable hard drives, laptop computers, discs, diskettes, and any other portable device for storing and transporting electronic information. Encrypted means transformation of data into a form in which meaning cannot be assigned without the use of a confidential process or key, using an industry-standard strong encryption method, with the confidential process or key transmitted to FINRA staff separately from the encrypted device itself.
This encryption requirement — adopted through SR-FINRA-2010-021 effective December 29, 2010 — addresses the data security risks created when sensitive investigation materials are transmitted to FINRA on physical media that could be lost or intercepted in transit. The separate transmission of the encryption key ensures that an intercepted device cannot be accessed without the key that arrives through a different channel.
Supplementary Material .01 clarifies the scope of the books, records, and accounts subject to FINRA Rule 8210(a)(2) inspection. The phrase of such member or person refers to records that the broker-dealer or its associated persons make or keep relating to operation as a broker-dealer or relating to the person's association with the member. This encompasses records relating to outside business activities, private securities transactions, possible violations of just and equitable principles of trade, other FINRA rules, MSRB rules, and the federal securities laws. It does not ordinarily include records in the possession, custody, or control of a member or associated person whose bona fide ownership is held by an independent third party and which are unrelated to the broker-dealer's business. The requirement to produce records held by a third-party service provider — where the member or associated person controls or has a right to demand those records — is explicitly confirmed.
The consequences of failing to comply with a FINRA Rule 8210 request are severe and well-established. For individual registered representatives and associated persons, the standard sanction for complete non-compliance is a permanent bar from association with any FINRA member firm — the most severe sanction available in FINRA's disciplinary arsenal. For member firms, the standard sanction is expulsion from FINRA membership, effectively destroying the firm's ability to operate as a registered broker-dealer. These sanctions apply whether or not the underlying investigation would have revealed any substantive violation — the obligation to cooperate with FINRA's regulatory process is independent of the merits of the investigation, and the sanction for non-compliance is imposed for the non-compliance itself.
Even partial or incomplete responses to FINRA Rule 8210 requests — producing some but not all requested documents, providing testimony that is evasive or intentionally incomplete, or failing to produce records within the required timeframe — can result in disciplinary action under FINRA Rule 8210(c) alongside charges under FINRA Rule 2010 for conduct inconsistent with just and equitable principles of trade. The combination of the per se compliance obligation and the severe sanctions for non-compliance makes FINRA Rule 8210 one of the rules with the highest practical stakes for any FINRA member or registered person who receives a FINRA investigation request.
FINRA Rule 8210 is tested on the Series 24 General Securities Principal examination as one of the most important rules in the 8000 series, addressing FINRA's investigative authority, the scope of the production obligation, the consequences of non-compliance, and the supervisory obligations for ensuring that firms can satisfy FINRA Rule 8210 requests. It is also relevant to the Series 7 examination in the context of regulatory framework questions about FINRA's investigative powers.
The key points to retain are these: FINRA Rule 8210 grants Adjudicators and FINRA staff the right to require any member, associated person, or other person subject to FINRA's jurisdiction to provide information orally, in writing, or electronically and to testify under oath for the purpose of any investigation, complaint, examination, or proceeding; the right extends to inspect and copy any books, records, and accounts in the member's or person's possession, custody, or control; no member or person shall fail to comply — non-compliance is a per se rule violation regardless of inconvenience, burden, or foreign law; the standard sanction for individual non-compliance is a permanent industry bar and for firm non-compliance is expulsion from membership; the possession, custody, or control standard reaches records held by third parties that the member or associated person has the legal right to obtain on demand; notice is deemed received by delivery to the CRD address, with additional requirements when the CRD address is known to be outdated or when the party is represented by counsel; information provided on portable media devices must be encrypted using industry-standard strong encryption with the encryption key transmitted separately; FINRA may share information with domestic and foreign regulators through formal agreements meeting specific confidentiality and reciprocity conditions; the rule applies regardless of the geographic location of the member, associated person, their personnel, or their books and records, as confirmed in Regulatory Notice 25-11 published September 25, 2025; members with operations outside the United States must establish supervisory systems and procedures under FINRA Rule 3110 designed to ensure compliance with FINRA Rule 8210 notwithstanding potentially conflicting foreign law; and the rule was last substantively amended effective February 25, 2013, as announced in Regulatory Notice 13-06.
