When Policies Fail, People Pay — Personal Liability Is Back

November 13, 2025by Tiffany Magri

TL;DR: FINRA’s recent enforcement actions highlight a growing trend — when supervisors ignore red flags or fail to enforce firm policies, they can face personal fines, suspensions, and accountability under FINRA Rule 3110.

Supervision failures continue to surface in communications cases, and regulators are reminding firms that leadership accountability is not theoretical. Recent FINRA actions show that when designated supervisors ignore red flags or fail to enforce clear procedures, personal consequences follow.

Why leadership accountability and personal liability matter under FINRA Rule 3110

Leadership accountability in financial services is no longer theoretical. Regulators are signaling that both executives and supervisors will be held personally responsible for failures in oversight, especially around communications governance and recordkeeping. In other words, when firm policies fail, it’s not just the firm that pays — it’s the people who ignored the warning signs.

A costly lesson in oversight: FINRA’s WeChat case and leadership accountability

During a recent webinar, Brian Rubin, Partner at Eversheds Sutherland, highlighted a case that illustrates this point.

“The CEO used WeChat to send and receive thousands of business-related messages — even after compliance told him to stop,” said Brian Rubin. “FINRA fined him $25,000, suspended him for a month in all capacities and four more months as a principal. This could be a good CE case to send to your executives with a note saying: CEOs can be charged too.”

The enforcement action also revealed a deeper supervisory breakdown. A principal knew that employees were conducting business conversations on WeChat, an unapproved messaging platform that the firm’s written supervisory procedures prohibited. Compliance staff had already warned that WeChat was being used for firm business, yet the supervisor continued to participate in group chats and took no steps to stop the conduct, ensure capture, or update the firm’s review process.

FINRA found that this inaction resulted in thousands of business-related communications going unrecorded, leaving the firm with incomplete books and records. The regulator imposed a significant fine, a multi-month suspension, and required the individual to complete continuing education on supervision and recordkeeping responsibilities.

This case highlights several recurring weaknesses:

Failure to act on red flags: Compliance concerns were acknowledged but not escalated.
Passive oversight: Supervisors did not verify whether policies were being followed or controls were functioning.
Poor documentation: There was no record of review, training, or corrective action.

FINRA Rule 3110 explained: How and when individual supervisors face liability

FINRA Regulatory Notice 22-10 provides helpful context for when personal liability attaches under Rule 3110 (Supervision). The rule places primary supervisory responsibility with “the firm’s business management, not compliance officials.” But once a person has been expressly or implicitly designated with supervisory duties, they can be held responsible for failing to perform them reasonably.

FINRA looks closely at whether an individual:

Ignored evidence of ongoing violations,
Failed to update or enforce written supervisory procedures,
Allowed known misconduct to continue, or
Created or tolerated gaps that resulted in recordkeeping or customer harm

In this case, the supervisor had direct oversight of electronic communications and clear awareness that WeChat was being used. The decision not to intervene was itself a supervisory failure.

Five steps leaders can take to avoid FINRA personal liability

To reduce regulatory risk and strengthen oversight, firm leaders should take proactive steps that demonstrate “reasonable supervision” under FINRA Rule 3110:

Clarify supervisory assignments: Make sure every policy area has a clearly designated owner who understands their responsibilities under Rule 3110.
Act on red flags: When compliance concerns are raised, address them quickly and document the response.
Reinforce supervision with training: Provide practical, scenario-based sessions for executives and principals on communication oversight and what “reasonable supervision” looks like.
Test and record supervisory follow-through: Verify that reviews, checks, and escalations are happening as written in procedures.
Support supervisors with resources: Provide the staffing, systems, and authority necessary to carry out delegated responsibilities effectively.

Taking these actions shows regulators that your firm’s leaders are active participants in oversight — not passive observers — and helps protect both the firm and individuals from enforcement risk.

Final thoughts: Personal liability is the new reality in compliance supervision

This case underscores a broader regulatory shift — one where leadership accountability is no longer theoretical. As Brian Rubin noted, the case was “strange but instructive” because it showed that even rank-and-file employees can be held accountable for incomplete records. “Just because the issue is firm-wide doesn’t mean individuals won’t be sanctioned,” he said. The message is clear: regulators expect leaders at every level to act when red flags appear. Ignoring compliance warnings or allowing unapproved communication tools to remain in use can quickly turn a firm-level infraction into a personal liability event.

The webinar closed with a reminder that sums up the tone of the year: Compliance isn’t just a firm responsibility anymore — it’s personal.

Frequently asked questions (FAQs)

What triggers personal liability under FINRA Rule 3110?

Personal liability under FINRA Rule 3110 arises when an individual is designated with supervisory responsibilities and fails to act reasonably. This includes ignoring red flags, allowing misconduct to continue, or failing to enforce written supervisory procedures and maintain proper recordkeeping.

What steps should senior management take to reduce the risk of personal liability?

Senior leaders can reduce liability by clearly assigning supervisory roles, promptly addressing compliance concerns, providing role-specific training, testing supervisory controls, and documenting all oversight activities. These actions demonstrate “reasonable supervision” and help protect both the firm and individuals.

What are common “red flags” that regulators cite in supervisory-liability cases?

Regulators commonly cite red flags such as unapproved communication channels (e.g., WeChat, WhatsApp), known but unaddressed misconduct, failure to update or follow supervisory procedures, and inadequate documentation of reviews and corrective actions.

FEATURED GUIDE

Intelligent Agent:

Global Detection. Local Precision.

Read Now

Share this post!

Author
Recent Posts

Tiffany Magri

Senior Regulatory Advisor at Smarsh

As a Regulatory Advisor at Smarsh, Tiffany Magri monitors, evaluates and consults on the financial services regulatory landscape. Tiffany has more than 10 years of experience facilitating compliance with laws and regulations, policies, and risk management. Prior to joining Smarsh, Tiffany was a Senior Associate at Benefit Street Partners and a Compliance Analyst at Broadstone and Manning & Napier Advisors.

Smarsh Blog

Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.

Ready to enable compliant productivity?

Join the 6,500+ customers using Smarsh to drive their business forward.

watch it work

More Resources

security concept data tablet featured img