Regulation Best Interest Applied to Digital Securities Recommendations

Regulation Best Interest (Reg BI), effective June 30, 2020, imposes a “best interest” standard on broker-dealers when recommending securities to retail customers. For broker-dealers operating in the tokenized securities market, Reg BI creates specific compliance obligations related to the unique risks, liquidity characteristics, and technological complexity of security tokens. FINRA’s 2024 examination priorities explicitly included Reg BI compliance for firms recommending digital asset securities — the first time digital securities received dedicated attention in the examination program. With the security token market reaching cumulative issuance of $6.66 billion in 2025 (up from $5.6 billion in 2024) and the broader RWA on-chain market at $19.4 billion according to RWA.xyz, broker-dealer recommendations of tokenized securities are increasing — making Reg BI compliance a growing operational priority across the approximately 3,394 FINRA member firms.

The Four Component Obligations

Reg BI imposes four distinct obligations on broker-dealers making recommendations:

Disclosure Obligation

Broker-dealers must disclose, in writing, before or at the time of recommendation: the material facts about the scope and terms of the relationship; all fees and costs applicable to the recommendation; the type and scope of services provided; and all material conflicts of interest.

For digital security recommendations, disclosure requirements expand to include:

Technology risk disclosure. The broker-dealer must disclose risks specific to blockchain-based securities, including smart contract vulnerabilities, protocol upgrade risks, blockchain congestion costs, and the potential for network forks that could affect token value or functionality.

Liquidity risk disclosure. Security tokens typically trade on a limited number of ATS platforms with thin order books. The broker-dealer must disclose the limitations on secondary market liquidity, including the risk that the customer may be unable to sell at a desired price or time.

Custody risk disclosure. The method of token custody — whether through the broker-dealer’s own custody solution, a third-party custodian, or customer self-custody — creates specific risks that must be disclosed. The impact of SAB 121 on custodial arrangements is relevant to this disclosure.

Care Obligation

The broker-dealer must exercise reasonable diligence, care, and skill in making recommendations. This requires understanding the security token’s investment profile, including its risks, rewards, and costs, and having a reasonable basis to believe the recommendation is in the customer’s best interest.

For digital securities, the care obligation requires the broker-dealer to evaluate factors that do not apply to traditional securities: the security and audit status of the token’s smart contracts; the operational status and decentralization of the underlying blockchain; the regulatory classification risk (i.e., the possibility that the token’s securities classification could change); and the counterparty risks specific to blockchain-based settlement.

Conflict of Interest Obligation

Broker-dealers must establish policies and procedures to identify and address conflicts of interest. In the digital securities context, relevant conflicts include:

Token holdings. If the broker-dealer or its affiliates hold significant positions in a recommended security token, this creates a conflict that must be managed through disclosure or elimination.

Platform economics. Broker-dealers that operate or have economic arrangements with ATS platforms face conflicts when recommending tokens that trade on those platforms.

Custody revenue. If the broker-dealer earns custody fees for holding the recommended security tokens, this revenue creates a conflict with the recommendation.

Compliance Obligation

The broker-dealer must establish, maintain, and enforce written policies and procedures reasonably designed to achieve compliance with the other three obligations. For firms operating in the digital securities market, compliance programs must address the technological and regulatory complexities unique to tokenized assets.

FINRA Examination Focus

FINRA has incorporated digital securities into its Reg BI examination program. Areas of examination focus include:

• Whether firms recommending security tokens have adequate supervisory procedures for evaluating blockchain-specific risks.
• Whether Reg BI disclosures adequately address the unique characteristics of digital securities.
• Whether firms have implemented appropriate due diligence processes for evaluating security token issuers and their underlying technology.
• Whether firms appropriately consider liquidity constraints when determining whether a digital security recommendation is in the customer’s best interest.

For broker-dealers active in the security token market, Reg BI compliance is inseparable from broader market structure obligations. The recommendation of a security token necessarily involves consideration of the token’s trading venue, custody arrangement, and settlement mechanism — each of which carries regulatory obligations that interact with Reg BI’s four components.

Suitability Analysis for Security Tokens

Reg BI’s care obligation requires broker-dealers to perform suitability analysis that accounts for the distinctive characteristics of security tokens. Key considerations include:

Investor experience with digital assets. A customer who has never held digital assets faces learning curves related to wallet management, private key security, and blockchain transaction mechanics. The broker-dealer must assess whether the customer has sufficient understanding to manage these risks, or whether additional education is required before a recommendation is appropriate.

Concentration risk. Security tokens are illiquid relative to publicly traded securities. A recommendation to allocate a significant portfolio percentage to security tokens could create concentration risk that is inconsistent with the customer’s overall investment objectives. FINRA has indicated that concentration in illiquid digital securities warrants heightened scrutiny under Reg BI.

Time horizon alignment. Security tokens issued under Reg D 506(c) are subject to Rule 144 holding period restrictions (6-12 months). A recommendation to a customer with short-term liquidity needs would not satisfy the care obligation, as the customer could not access their capital during the restriction period.

Risk tolerance assessment. The volatility profile of security tokens — driven by thin order books, limited market making, and technology risk — may exceed the risk tolerance of customers who are accustomed to traditional fixed-income or equity investments.

Reg BI and Investment Adviser Fiduciary Duty

Reg BI applies to broker-dealers, not investment advisers. Investment advisers recommending security tokens are subject to the separate fiduciary duty under the Investment Advisers Act of 1940, which imposes a duty of loyalty and duty of care that the SEC views as at least as stringent as Reg BI.

For dual-registrants (firms registered as both broker-dealers and investment advisers), the applicable standard depends on the capacity in which the firm acts. When recommending a security token purchase through the firm’s brokerage function, Reg BI applies. When providing ongoing investment advice about a security token portfolio through the advisory function, the fiduciary duty applies.

The SEC’s June 2019 interpretive release on the standard of conduct for investment advisers specifically noted that advisers must consider the full range of costs — including technology costs, custody costs, and platform fees — when evaluating digital asset recommendations. For custody considerations affecting advisory recommendations, see our analysis.

Enforcement and Examination Trends

FINRA and the SEC have taken several enforcement actions related to Reg BI compliance in the digital securities context:

FINRA 2024 examination findings. FINRA’s 2024 examination cycle identified deficiencies at several firms recommending digital asset securities, including inadequate documentation of technology risk assessments, insufficient disclosure of ATS platform limitations, and failure to update customer profiles to account for digital asset experience.

SEC risk alerts. The Division of Examinations has issued risk alerts reminding firms that Reg BI’s care obligation extends to all aspects of a digital security recommendation, including the custody arrangement, the settlement mechanism, and the trading platform. Firms cannot limit their analysis to the token’s investment characteristics while ignoring its operational infrastructure.

Common deficiencies identified:

Practical Compliance Framework

Broker-dealers seeking to comply with Reg BI for digital security recommendations should implement the following:

1. Enhanced customer profile. Add digital asset experience, blockchain literacy, and self-custody capability assessments to the customer profile questionnaire.
2. Token due diligence template. Develop standardized due diligence procedures for evaluating security token issuers, smart contract security, transfer agent arrangements, and secondary market liquidity.
3. Digital asset-specific disclosures. Create supplemental disclosure documents covering blockchain technology risks, custody arrangements, and platform limitations — delivered before or at the time of recommendation.
4. Conflict identification procedures. Map all revenue streams and economic arrangements related to digital asset activities, including custody fees, platform revenue shares, and token holdings.
5. Training program. Implement mandatory training for registered representatives covering digital asset technology, regulatory classification, and the specific risks of tokenized securities.

Reg BI and Token Classification Risk

A unique challenge for Reg BI compliance in the digital securities context is token classification risk — the possibility that a digital asset currently classified as a security could be reclassified as a non-security (or vice versa) based on changes in its network’s decentralization, the outcome of enforcement actions, or new regulatory guidance from the SEC Crypto Task Force.

This classification risk creates a moving target for Reg BI compliance — particularly given Chairman Atkins’ November 12, 2025 Project Crypto statement that most crypto assets should not be considered securities outright, and the March 2026 SEC-CFTC joint token taxonomy guidance establishing formal classification standards. A broker-dealer that recommends a digital asset as a security must reassess that classification if circumstances change. The Hinman speech concept of “sufficient decentralization” implies that a token’s securities status can evolve over time — meaning a security token recommended today might not be a security (and therefore might not be subject to Reg BI) in three years.

Conversely, a digital asset initially recommended as a non-security could later be classified as a security through SEC enforcement action, exposing the broker-dealer to retroactive Reg BI compliance questions. The practical response has been for firms to apply Reg BI standards to all digital asset recommendations, regardless of current classification, as a risk management measure.

Reg BI Documentation Requirements for Digital Securities

FINRA examination guidance specifies documentation requirements that apply to digital security recommendations:

Recommendation documentation. Firms must maintain records of each digital security recommendation, including the analysis supporting the recommendation, the customer’s investment profile, and any material discussions about risk factors. For security tokens, this documentation should include the token’s offering memorandum, smart contract audit results, and transfer agent arrangements.

Conflict documentation. Records of identified conflicts, the method of addressing each conflict (disclosure, mitigation, or elimination), and any changes to conflict status over time. For firms operating ATS platforms alongside advisory or brokerage functions, this includes documentation of revenue-sharing arrangements, proprietary trading activity, and affiliated custody relationships.

Supervisory review documentation. Records of supervisory review of digital security recommendations, including the qualifications of the supervising principal and any escalation procedures triggered by the recommendation. FINRA expects that supervising principals reviewing digital security recommendations have sufficient knowledge of blockchain technology and token economics to evaluate the recommendation’s merits.

Customer communication records. All communications with the customer related to the digital security recommendation, including risk disclosures, performance projections, and responses to customer inquiries. These records must be retained for six years under Exchange Act Rule 17a-4.

For enforcement actions involving broker-dealer conduct in digital securities, see our tracker. For the Howey test analysis that determines whether a digital asset is subject to Reg BI, see our guide. For FINRA’s official Reg BI resources, see FINRA Reg BI Resources.

Reg BI and Tokenized Fund Products

The emergence of tokenized fund structures — led by BlackRock’s BUIDL fund ($1.87 billion AUM, 45% of the tokenized treasuries market) and managed through Securitize ($4 billion+ in total tokenized AUM) — creates additional Reg BI considerations for broker-dealers. When recommending a tokenized fund interest — whether a tokenized limited partnership interest, a tokenized REIT share, or a tokenized closed-end fund — the broker-dealer must evaluate not only the fund’s investment characteristics but also the token’s technical infrastructure, including the smart contract’s audit status, the fund administrator’s ability to process token redemptions, and the availability of secondary market liquidity on registered ATS platforms.

FINRA has indicated that tokenized fund recommendations warrant heightened supervisory review because they combine traditional fund risks (investment performance, manager risk, leverage) with blockchain-specific risks (smart contract vulnerability, protocol upgrade risk, custody complexity). Firms recommending tokenized funds should document both layers of analysis in their recommendation records.

For additional analysis of broker-dealer regulatory requirements, see our guides to broker-dealer registration and FINRA compliance for digital securities. For the accredited investor definition that determines which customers can access certain digital security offerings, see our analysis. For comparison of investor protection frameworks across jurisdictions, see our analysis of US vs. EU regulation.