Customer Account Information

Quick Answer

The FINRA customer-account-information requirement requires every member firm to capture and maintain core customer-account data: name, residence, legal age, taxpayer identification number (TIN), the names of the registered representative servicing the account and the principal who approved it, and (for non-institutional accounts) a Trusted Contact Person (TCP) request, employment information, and FINRA-affiliation disclosure. The firm must verify and update the record at least every 36 months and preserve it for 6 years after the account is closed.

The customer-account-information requirement is the firm-level intake rule: it tells the broker-dealer (BD) what to collect at account opening and how long to keep it. Two scope notes:

  • It does not address the customer's investment objectives or risk tolerance; those live under the suitability and Reg BI framework in a later unit
  • The exam tests it as a recordkeeping and onboarding rule, paired with the SEC customer-account-record requirement

Required Customer Information for Every Account

The core record requirement obligates the firm to maintain a record for each account that includes:

  • The customer's name and residence
  • Whether the customer is of legal age (the firm's home-state age of majority)
  • The names of the associated person(s) responsible for the account (the registered representative) and the principal who accepted the account
  • The customer's TIN (Social Security Number for individuals; Employer Identification Number for entities)
  • The signature of the registered representative introducing the account and the signature of the principal who accepted it

Think of it this way: this core record is the spine of the account file. Two humans must put their names on every account: the rep who recommends it and the principal who approves it. The customer's identity, age, and tax ID anchor the file.

Exam Tip: Gotchas

  • Both signatures are required, not just the principal's. The exam will sometimes describe a sole-principal approval and ask whether the file is complete. It is not unless the rep also signed.
  • Legal age is determined by the customer's state of residence, not the firm's home state. A 19-year-old in Alabama (age of majority 19) can open an account; a 19-year-old in Mississippi (age of majority 21) cannot.

Additional Information for Non-Institutional Accounts

The customer-account-information requirement layers extra obligations on non-institutional accounts (retail individuals and most small entities). For each non-institutional account, the firm must make a reasonable effort to obtain:

  • A Trusted Contact Person (TCP): the name and contact information of an individual at least age 18 whom the firm may contact about possible financial exploitation, cognitive impairment, or simple inability to reach the customer
  • Employment status and employer details (employer name, occupation)
  • Whether the customer (or any household member) is affiliated with another FINRA member firm (this triggers the employee-account-disclosure workflow elsewhere in FINRA's rulebook)

The TCP request is the most-tested feature of the customer-account-information requirement. The firm must ask for a TCP at account opening or at the next account update. The customer is not required to designate one; the firm satisfies the customer-account-information requirement by making the request and documenting the customer's response (designation or refusal).

Exam Tip: Gotchas

  • The TCP request is mandatory for the firm; the TCP designation is optional for the customer. A firm that never asks violates the customer-account-information rule. A firm that asks and is refused complies.
  • A TCP must be at least 18 years old. The exam tests this age floor; the customer cannot designate a 16-year-old child or grandchild as the TCP.
  • The TCP is contact-only; the TCP cannot trade. Designation does not confer trading authority. Trading authority requires a separate written authorization under the discretionary-account requirement (discretion) or a power of attorney.

Discretionary, Custodial, and Margin Accounts

The customer-account-information requirement also addresses three account-type overlays:

  • Discretionary accounts: The firm must keep a record of every customer who has given written discretionary authority and a separate record showing the dates each transaction was effected on a discretionary basis
  • Custodial accounts under UTMA/UGMA: The firm must record the custodian's name and the minor's TIN; the minor's TIN is the reportable TIN, not the custodian's
  • Margin accounts: The customer must sign a margin agreement and hypothecation agreement before the first margin transaction; the customer's signature is the trigger for the firm's right to use customer securities as collateral

Exam Tip: Gotchas

  • A custodial account uses the minor's TIN, not the custodian's. The exam will sometimes describe an UTMA account opened with the custodian's SSN and ask whether the file is correct. It is not.
  • The margin agreement is required before the first margin trade, not at the first margin call. A firm that lets a customer trade on margin without a signed agreement violates the customer-account-information requirement.

Verification, Update, and Retention Cycle

The retention provisions govern the lifetime of the record:

RequirementFrequency / DurationSource
Verify and update customer account informationAt least every 36 monthsthe customer-account-information rule
Preserve updated account informationAt least 6 years after the updatethe customer-account-information rule
Preserve the most recent version after closureAt least 6 years after the account is closedthe customer-account-information rule and the SEC customer-account-record retention requirement
Easily accessible portionMost recent 2 yearsthe SEC customer-account-record retention requirement

The 36-month cycle is a make a reasonable effort standard, not a guarantee. A firm that mails an update form to a customer who never responds has met the obligation; a firm that does not even attempt to verify violates it.

Think of it this way: The rule treats the customer file as a living document. It must be touched at least every 3 years and held for 6 years after the account closes. The most recent 2 years live within arm's reach (easily accessible); older records can be archived.

Exam Tip: Gotchas

  • The 36-month update cycle is the most-tested time period in the customer-account-information requirement. Pair it with the 6-year retention rule: 36 months to verify, 6 years to keep after the update or after closure.
  • Reasonable effort is the standard, not actual update. A documented attempt that the customer ignored still satisfies the rule. The violation is not asking.

Scope: What the Customer-Account-Information Rule Does Not Cover

The customer-account-information requirement captures firm-level account data: identity, contact, tax, employment, TCP. It does not capture suitability or recommendation profile data: investment objectives, risk tolerance, time horizon, liquidity needs.

Those data elements are required by the FINRA suitability requirement and Reg BI (Care Obligation), both addressed in Unit 12. A firm that records a customer's name and TIN but never captures investment objectives violates the suitability / Reg BI framework, not the customer-account-information rule.

Exam Tip: Gotchas

  • The customer-account-information rule = identity and contact; the suitability / Reg BI framework = investment profile. The exam will sometimes mix the two and ask which rule a missing risk-tolerance field violates. The answer is the suitability / Reg BI framework, not the customer-account-information rule.