FINRA’s recently released Regulatory Notice 25-05 proposes significant changes to the rules governing outside business activities (OBAs) and private securities transactions (PSTs), aiming to replace Rules 3270 and 3280 with a single, more efficient rule.
With the proposed Rule still in the comment phase, now is the time to take a hard look at both the potential advantages and disadvantages of the reduced requirements and how they might impact your compliance program.
Understanding FINRA’s Proposed Rule on Outside Business Activities
FINRA’s Regulatory Notice 25-05 proposes merging Rules 3270 and 3280 to streamline oversight of outside business activities (OBAs) and private securities transactions (PSTs).
Currently, FINRA Rules 3270 and 3280 regulate OBAs and PSTs and require associated persons to disclose their outside business activities and private securities transactions to their firms. FINRA conducted a review of these rules to assess their effectiveness and identify areas for improvement. The review highlighted the need for a more streamlined approach to reduce regulatory burdens for firms while maintaining investor protections and market integrity.
Key Changes in FINRA’s Proposed OBA Framework
In addition to consolidation, the scope of the Proposed Rule is reduced. The proposal will focus on investment-related activities, meaning that other side gigs and part-time jobs will not be covered under the rule. The Rule defines an “investment-related activity” as one that pertains to financial assets, including securities, crypto assets, commodities, derivatives, including futures and swaps, currency, banking, real estate, or insurance. This is a broader definition of “investment-related activity” than FINRA has used in the past, adding crypto and currency to the mix.
By focusing on investment-related activities and no longer differentiating between OBAs and PSTs, the new Rule intends that firms can focus on the highest areas of actual risk.
Another key area of note is that under the Proposed Rule, a firm must assess whether a registered person’s outside activity or an associated person’s outside securities transaction involves a customer of the member.
What Stays the Same Under the Proposed Rule
Written disclosures and prior approvals
Registered persons who intend to participate in an investment-related activity outside the scope of their professional relationship with your firm must still provide prior written notice. The firm must still assess whether the proposed outside activity or securities transaction will interfere with the employee’s responsibility to the firm and its customers or would be viewed by customers or the public as a conflict of interest.
The employee must still adhere to the conditions specified and provide written notice of any changes. While the definition of what is covered under the Rule may be shifting, the framework that firms need to have in place to manage Outside Activities and provide defensible proof of compliance effectively must still be comprehensive and robust.
Recordkeeping
Recordkeeping requirements will not be lessened. As firms consider potential changes to their disclosure and evaluation processes, it’s essential to note that the books and records requirements will not be reduced as part of the Proposed Rule. This raises an interesting question regarding historical data. Will firms be scrutinized on their old data and the old rules in upcoming audits?
And in fact, the addition of some newer areas like crypto to OBA disclosure requirements might even make recordkeeping more complex for firms.
Form U4
It’s also important to note that there are currently no proposed reductions to Form U4 requirements. Section 13 still requires disclosure of outside business activities, including scope and nature of duties, location and time dedicated to identify any potential conflicts of interest. Firms could potentially have employees with outside activity that’s reportable on their U4 but not under the new OBA rules. Having two disparate sets of disclosure requirements for outside business activities could increase the risk of both added complexity and incomplete or inconsistent disclosure and identification of potential conflicts for firms.
Implications and Compliance Risks for Firms
Yes, simpler can be better, but there’s still risk involved and work to be done if the Proposed Rule is enacted.
Adapting firm policies and training
At the most basic level, compliance departments will need to ensure that their policies, processes, and systems are modified to adapt to the updated requirements. Employees will need to be trained on their obligations and attest to understanding their updated disclosure requirements.
It’s worth taking a closer look, however, at some of the nuances of the Proposed Rule and where that might equate to additional work for the compliance team or higher levels of potential risk.
Preventing overlooked conflicts of interest
Reduced requirements could widen the gap for potential conflicts to be overlooked, thereby increasing the risk of fines, reputational damage, and reduced market integrity. Firms will need to evaluate the level of information that they are requiring employees to disclose, asking questions including:
- Is there risk that employees will not disclose something because they are not aware that they need to?
- Do all of your employees know who all of your customers are, so they know when to declare a particular activity? Or will your disclosure process build in checks and balances to account for that?
- Will employees remember to disclose securities transactions that are new to the scope of the Proposed Rule, such as crypto transactions?
- Will your firm have the necessary data in place to catch lapses before regulators do?
Balancing streamlined operations with investor protection
If firms leave disclosure policies unchanged, though, that could lead to employee resentment and a missed opportunity to streamline processes and cut through “white noise” for both staff and compliance.
Crypto and Currency: Emerging Areas of OBA Compliance
The Proposed Rule explicitly includes crypto assets and currency within its definition of "investment-related activity." While this update aligns regulation with evolving markets, it may introduce additional monitoring considerations for firms.
Potential impacts could include:
- Expanded employee disclosure obligations, particularly around crypto wallets and currency trading accounts, possibly increasing the need for clarity and oversight.
- Additional monitoring needs, due to crypto markets operating 24 hours a day, potentially requiring firms to implement or enhance automated monitoring tools.
- More complex recordkeeping, given that crypto transactions can involve decentralized platforms.
- Updated employee training and policies, to ensure employees understand and follow new compliance requirements related to crypto and currency trading.
Thus, although the proposal simplifies certain compliance requirements, which are potentially less risky from a conflict of interest point of view, it may create new operational considerations around crypto and currency oversight.
Will Reduced Requirements Really Lessen the Compliance Burden?
Streamlined rules could mean fewer forms—but not necessarily fewer responsibilities. Compliance teams must still safeguard against hidden risks and information gaps.
It’s a gray area for firms—and a balancing act. Reduced regulatory burdens can lead to streamlined operations and less day-to-day work for a function that often operates under tight time constraints and limited resources. But reduced oversight can also open the door to unmitigated conflicts of interest, both intentional and otherwise. Firms will want to avoid scenarios where employees can game the system or where access to material non-public information becomes less restricted or unreported.
Comment Period and Next Steps for Firms
FINRA has opened a comment period for the proposal, which expires on May 13, 2025. Industry stakeholders are encouraged to provide feedback and participate in the comment process. The proposed Rule is also part of a broader effort by FINRA to review and modernize Rules regarding member firms and associated persons.
At the end of the day, your firm will still be required to ensure the integrity of employees and protect their best interests of your customers. Regardless of the outcome of the Proposed Rule, your firm must still have a best efforts solution in place to identify and manage employee conflicts of interest surrounding Outside Business Activities and Personal Securities Transactions. No one has a crystal ball to predict the future, but having policies, procedures and systems in place that cross the t’s and dot the i’s across your compliance program is always a good thing.
I recommend that firms take the time now to review the Proposed Rule and step back to consider how it would impact their compliance program – where would it potentially save time and effort for you and your employees? Where are the gray areas and the potential gaps?
This blog was written by Jon J. Simone, CSCP®. Jon is a Senior Presales Consultant at MCO.
Interested in speaking with Jon or one of our experts on how MCO can help your firm put a future-proof program Outside Business Activity Compliance framework in place today to be ready for the FINRA developments of tomorrow? Contact us for a demo today!
Resources
More on MCO's Outside Business Activity Solution
Download the Outside Business Activities Brochure
Blog: Optimal Outside Business Activities Compliance Goes Beyond Disclosures
FINRA Notice: https://www.finra.org/rules-guidance/notices/25-05
Text of proposed rule: Template for Regulatory Notices
Flowchart of proposed rule: OAR_Regulatory_Notice_Attachment_B.pdf
Hypothetical cases: Template for Regulatory Notices
