n8n for WealthTech & Investment Platform Vendors
200th article milestone. WealthTech SaaS vendors operate at the intersection of the strictest U.S. financial regulations: SEC Regulation Best Interest, FINRA Rule 3110, the Investment Advisers Act §206, ERISA §408(b)(2), CFTC large trader reporting, SOX §302+906, and GLBA Safeguards. Every workflow tool your engineering team touches becomes part of the regulatory examination surface.
This article gives you 5 production-ready n8n workflows — with complete import JSON — covering the full compliance stack for investment platforms.
Customer tiers covered
| Tier | Primary Regulations |
|---|---|
LARGE_RIA_PLATFORM |
IA Act §202/§206, ADV §204-2, Reg S-P |
BROKER_DEALER_PLATFORM |
SEC Reg BI 17 CFR §240.15l-1, FINRA Rule 3110 |
ROBO_ADVISOR_PLATFORM |
Reg BI, IA Act §206 fiduciary, GLBA |
WEALTHTECH_MIDDLEWARE |
GLBA Safeguards, SOC2, API data egress |
ALTERNATIVE_INVESTMENT_PLATFORM |
SEC Reg D, CFTC 17 CFR Part 18, IA Act |
RETIREMENT_PLAN_PLATFORM |
ERISA §408(b)(2), Form 5500, DOL EBSA |
FAMILY_OFFICE_TECH |
IA Act §202, Reg S-P, GLBA Safeguards |
Why self-hosted n8n matters for WealthTech
Reg BI documentation chain. SEC examiners look for a documented basis for every investment recommendation (17 CFR §240.15l-1(a)(1)(ii)). If that recommendation data flows through Zapier or Make, the audit trail passes through a third-party cloud the examiner can subpoena during a branch examination — and one where the chain of custody is not yours.
FINRA Rule 3110 supervision gap. FINRA Rule 3110 requires supervisory procedures that cover all systems handling order-related workflows. Zapier or Make as a middleware layer between your platform and a CRM or order management system creates a supervision gap that FINRA examiners specifically look for in broker-dealer reviews.
ERISA §408(b)(2) indirect service provider disclosure. If your SaaS routes plan data through a cloud automation platform, that middleware relationship may constitute indirect compensation flowing through the plan's service providers — a disclosure obligation under ERISA §408(b)(2) that most WealthTech vendors overlook.
Workflow 1: New Wealth Management Customer Onboarding Drip
7-tier segmentation with compliance flag injection. Broker-dealer customers get a FINRA Rule 3110 supervision setup note on Day 0. RIA platforms get ADV annual amendment calendar. ERISA plan vendors get fee disclosure chain setup.
{
"name": "WealthTech Customer Onboarding Drip",
"nodes": [
{
"id": "w1n1",
"name": "Webhook",
"type": "n8n-nodes-base.webhook",
"typeVersion": 1,
"position": [
240,
300
],
"parameters": {
"path": "wealthtech-onboarding",
"responseMode": "onReceived"
}
},
{
"id": "w1n2",
"name": "Classify Tier and Flags",
"type": "n8n-nodes-base.code",
"typeVersion": 2,
"position": [
460,
300
],
"parameters": {
"jsCode": "const d=$input.first().json;\nconst firm_type=(d.firm_type||'').toUpperCase();\nconst tiers=['LARGE_RIA_PLATFORM','BROKER_DEALER_PLATFORM','ROBO_ADVISOR_PLATFORM','WEALTHTECH_MIDDLEWARE','ALTERNATIVE_INVESTMENT_PLATFORM','RETIREMENT_PLAN_PLATFORM','FAMILY_OFFICE_TECH'];\nconst tier=tiers.includes(firm_type)?firm_type:'WEALTHTECH_MIDDLEWARE';\nconst flags={\n SEC_REG_BI_APPLICABLE:['BROKER_DEALER_PLATFORM','ROBO_ADVISOR_PLATFORM'].includes(tier),\n FINRA_MEMBER_FIRM:tier==='BROKER_DEALER_PLATFORM',\n INVESTMENT_ADVISERS_ACT_REGISTERED:['LARGE_RIA_PLATFORM','ROBO_ADVISOR_PLATFORM','FAMILY_OFFICE_TECH'].includes(tier),\n ERISA_PLAN_VENDOR:tier==='RETIREMENT_PLAN_PLATFORM',\n CFTC_REGULATED:!!d.cftc_registered,\n SOX_302_906_APPLICABLE:!!d.public_company,\n GLBA_SAFEGUARDS_APPLICABLE:true\n};\nlet note;\nif(flags.SEC_REG_BI_APPLICABLE&&flags.FINRA_MEMBER_FIRM){note='FINRA Rule 3110 supervisory procedures must cover your automation stack \u2014 Zapier/Make as middleware creates a FINRA supervision gap examiners look for.';}\nelse if(flags.SEC_REG_BI_APPLICABLE){note='SEC Reg BI (17 CFR \u00a7240.15l-1) requires documented recommendation basis \u2014 automation tools outside your control create attribution gaps in branch examinations.';}\nelse if(flags.ERISA_PLAN_VENDOR){note='ERISA \u00a7408(b)(2) requires disclosure of all direct and indirect compensation including automation middleware \u2014 review your service provider disclosure chain.';}\nelse{note='GLBA Safeguards Rule 16 CFR Part 314 annual written risk assessment is required within 12 months of go-live.';}\nreturn [{json:{...d,tier,flags,compliance_note:note,onboarding_ts:new Date().toISOString()}}];}"
}
},
{
"id": "w1n3",
"name": "Gmail Day 0 Welcome",
"type": "n8n-nodes-base.gmail",
"typeVersion": 2,
"position": [
680,
300
],
"parameters": {
"operation": "send",
"toList": "={{ $json.contact_email }}",
"subject": "Welcome to [Platform] \u2014 {{ $json.tier }} compliance resources enclosed",
"message": "Hi {{ $json.contact_name }},\n\nWelcome. {{ $json.compliance_note }}\n\nYour {{ $json.tier }} integration guide and SEC/FINRA calendar template are attached.\n\nBest,\nThe [Platform] Team",
"options": {}
}
},
{
"id": "w1n4",
"name": "Log to Sheets",
"type": "n8n-nodes-base.googleSheets",
"typeVersion": 4,
"position": [
900,
300
],
"parameters": {
"operation": "append",
"documentId": "YOUR_SHEET_ID",
"sheetName": "onboarding_log",
"columns": {
"mappingMode": "autoMapInputData"
}
}
},
{
"id": "w1n5",
"name": "Wait 3 Days",
"type": "n8n-nodes-base.wait",
"typeVersion": 1,
"position": [
1120,
300
],
"parameters": {
"amount": 3,
"unit": "days"
}
},
{
"id": "w1n6",
"name": "Gmail Day 3 Integration Tips",
"type": "n8n-nodes-base.gmail",
"typeVersion": 2,
"position": [
1340,
300
],
"parameters": {
"operation": "send",
"toList": "={{ $json.contact_email }}",
"subject": "Day 3: CRM, order management, and custodian API integrations",
"message": "Hi {{ $json.contact_name }},\n\nDay 3 check-in. Top integrations our {{ $json.tier }} customers connect first:\n\n1. CRM or client portal (webhook or REST API)\n2. Custodian/clearing firm API (for account data sync)\n3. Order management system\n\nAll three qualify for self-hosted n8n deployment \u2014 keeping client data inside your compliance perimeter.\n\nDoc: [link]\n\nBest,\nThe [Platform] Team",
"options": {}
}
},
{
"id": "w1n7",
"name": "Wait 4 More Days",
"type": "n8n-nodes-base.wait",
"typeVersion": 1,
"position": [
1560,
300
],
"parameters": {
"amount": 4,
"unit": "days"
}
},
{
"id": "w1n8",
"name": "Gmail Day 7 Compliance Check-in",
"type": "n8n-nodes-base.gmail",
"typeVersion": 2,
"position": [
1780,
300
],
"parameters": {
"operation": "send",
"toList": "={{ $json.contact_email }}",
"subject": "Day 7: Compliance check-in for your {{ $json.tier }} account",
"message": "Hi {{ $json.contact_name }},\n\nWeek 1 complete. Three questions before your first examination cycle:\n\n1. ADV/BrokerCheck filing calendar configured?\n2. Reg BI documentation workflow tested?\n3. {{ $json.compliance_note }}\n\nBook a 30-min compliance review: [link]\n\nBest,\nThe [Platform] Team",
"options": {}
}
}
],
"connections": {
"Webhook": {
"main": [
[
{
"node": "Classify Tier and Flags",
"type": "main",
"index": 0
}
]
]
},
"Classify Tier and Flags": {
"main": [
[
{
"node": "Gmail Day 0 Welcome",
"type": "main",
"index": 0
}
]
]
},
"Gmail Day 0 Welcome": {
"main": [
[
{
"node": "Log to Sheets",
"type": "main",
"index": 0
}
]
]
},
"Log to Sheets": {
"main": [
[
{
"node": "Wait 3 Days",
"type": "main",
"index": 0
}
]
]
},
"Wait 3 Days": {
"main": [
[
{
"node": "Gmail Day 3 Integration Tips",
"type": "main",
"index": 0
}
]
]
},
"Gmail Day 3 Integration Tips": {
"main": [
[
{
"node": "Wait 4 More Days",
"type": "main",
"index": 0
}
]
]
},
"Wait 4 More Days": {
"main": [
[
{
"node": "Gmail Day 7 Compliance Check-in",
"type": "main",
"index": 0
}
]
]
}
}
}
Workflow 2: SEC EDGAR / FINRA / CFTC / DOL ERISA API Health Monitor
5 regulatory endpoints monitored every 5 minutes:
| Endpoint | Regulation |
|---|---|
sec_edgar_api |
SEC EDGAR ADV filings §202 / Reg BI documentation chain |
finra_broker_check_api |
FINRA Rule 3110 / BrokerCheck §15b / Form U4-U5 |
cftc_reporting_api |
CFTC large trader reports 17 CFR Part 18 |
dol_erisa_ebsa_api |
DOL Form 5500 / ERISA §408(b)(2) fee disclosure |
sox_internal_controls_api |
SOX §302+906 certification pipeline |
DOWN on any of these endpoints triggers a Slack alert with the specific regulatory citation so your team knows the downstream obligation immediately.
{
"name": "SEC EDGAR / FINRA / CFTC / DOL ERISA API Health Monitor",
"nodes": [
{
"id": "w2n1",
"name": "Schedule Every 5 Minutes",
"type": "n8n-nodes-base.scheduleTrigger",
"typeVersion": 1,
"position": [
240,
300
],
"parameters": {
"rule": {
"interval": [
{
"field": "cronExpression",
"expression": "*/5 * * * *"
}
]
}
}
},
{
"id": "w2n2",
"name": "Define Regulatory Endpoints",
"type": "n8n-nodes-base.code",
"typeVersion": 2,
"position": [
460,
300
],
"parameters": {
"jsCode": "return [\n {json:{name:'sec_edgar_api',url:'https://efts.sec.gov/LATEST/search-index?q=&dateRange=custom&startdt=2020-01-01&enddt=2020-01-01&hits.hits.total.value=0',regulation:'SEC EDGAR \u2014 Investment Adviser ADV filings \u00a7202 IA Act / Reg BI documentation chain',threshold_ms:2000}},\n {json:{name:'finra_broker_check_api',url:'https://api.brokercheck.finra.org/search/firm?query=test&hl=true&nrows=1',regulation:'FINRA BrokerCheck \u2014 Rule 3110 supervisory record access / Form U4-U5 amendments',threshold_ms:2000}},\n {json:{name:'cftc_reporting_api',url:'https://www.cftc.gov/MarketReports/files/dea/history/deacot2024.zip',regulation:'CFTC large trader position reports 17 CFR Part 18 / NFA registration status',threshold_ms:5000}},\n {json:{name:'dol_erisa_ebsa_api',url:'https://efts.dol.gov/LATEST/search-index?q=5500&dateRange=custom&startdt=2020-01-01&enddt=2020-01-01',regulation:'DOL EBSA Form 5500 \u2014 ERISA \u00a7408(b)(2) fee disclosure / plan fiduciary records',threshold_ms:3000}},\n {json:{name:'sox_internal_controls_api',url:'YOUR_INTERNAL_CONTROLS_ENDPOINT',regulation:'SOX \u00a7302+906 certification pipeline \u2014 internal controls attestation audit chain',threshold_ms:2000}}\n];"
}
},
{
"id": "w2n3",
"name": "HTTP Check Each Endpoint",
"type": "n8n-nodes-base.httpRequest",
"typeVersion": 4,
"position": [
680,
300
],
"parameters": {
"method": "GET",
"url": "={{ $json.url }}",
"options": {
"timeout": 8000,
"response": {
"response": {
"fullResponse": true
}
}
}
}
},
{
"id": "w2n4",
"name": "Evaluate Status",
"type": "n8n-nodes-base.code",
"typeVersion": 2,
"position": [
900,
300
],
"parameters": {
"jsCode": "const d=$input.first().json;\nconst prev=$input.all()[0];\nconst status_code=prev.statusCode||0;\nconst latency_ms=prev.headers&&prev.headers['x-response-time']?parseInt(prev.headers['x-response-time']):null;\nlet status,severity;\nif(status_code>=200&&status_code<300){status='OK';severity='NONE';}\nelse if(status_code>=500){status='DOWN';severity='CRITICAL';}\nelse if(status_code===429){status='RATE_LIMITED';severity='HIGH';}\nelse if(status_code>=400){status='DEGRADED';severity='HIGH';}\nelse{status='UNKNOWN';severity='MEDIUM';}\nif(latency_ms&&latency_ms>d.threshold_ms){status='SLOW';severity='MEDIUM';}\nreturn [{json:{...d,status_code,status,severity,checked_at:new Date().toISOString(),latency_ms}}];"
}
},
{
"id": "w2n5",
"name": "Filter Non-OK",
"type": "n8n-nodes-base.filter",
"typeVersion": 1,
"position": [
1120,
300
],
"parameters": {
"conditions": {
"string": [
{
"value1": "={{ $json.status }}",
"value2": "OK",
"operation": "notEqual"
}
]
}
}
},
{
"id": "w2n6",
"name": "Slack #regulatory-infra",
"type": "n8n-nodes-base.slack",
"typeVersion": 2,
"position": [
1340,
300
],
"parameters": {
"operation": "post",
"channel": "#regulatory-infra",
"text": "=:warning: *WealthTech Regulatory API Alert \u2014 {{ $json.severity }}*\nEndpoint: {{ $json.name }}\nStatus: {{ $json.status }} ({{ $json.status_code }})\nRegulation: {{ $json.regulation }}\nChecked: {{ $json.checked_at }}",
"otherOptions": {}
}
}
],
"connections": {
"Schedule Every 5 Minutes": {
"main": [
[
{
"node": "Define Regulatory Endpoints",
"type": "main",
"index": 0
}
]
]
},
"Define Regulatory Endpoints": {
"main": [
[
{
"node": "HTTP Check Each Endpoint",
"type": "main",
"index": 0
}
]
]
},
"HTTP Check Each Endpoint": {
"main": [
[
{
"node": "Evaluate Status",
"type": "main",
"index": 0
}
]
]
},
"Evaluate Status": {
"main": [
[
{
"node": "Filter Non-OK",
"type": "main",
"index": 0
}
]
]
},
"Filter Non-OK": {
"main": [
[
{
"node": "Slack #regulatory-infra",
"type": "main",
"index": 0
}
]
]
}
}
}
Workflow 3: SEC Reg BI / FINRA / ERISA / CFTC / GLBA Compliance Deadline Tracker
12 deadline types with regulatory citations:
| Deadline | Regulation |
|---|---|
SEC_REG_BI_ANNUAL_REVIEW |
17 CFR §240.15l-1(a)(1)(ii) — annual best interest review |
INVESTMENT_ADVISERS_ACT_ADV_ANNUAL |
IA Act §204 — ADV within 90 days of FYE |
FINRA_RULE_3110_SUPERVISION_ANNUAL |
FINRA Rule 3110 — annual supervisory review |
FINRA_FORM_U4_UPDATE |
FINRA Rule 3110 — material change within 30 days |
ERISA_FORM_5500_ANNUAL |
ERISA §103 — 7th month after plan year end |
ERISA_408B2_FEE_DISCLOSURE |
ERISA §408(b)(2) — 60-day advance notice |
CFTC_LARGE_TRADER_REPORTING |
CFTC 17 CFR Part 18 |
GLBA_SAFEGUARDS_ANNUAL_RISK_ASSESSMENT |
16 CFR §314.4(a) |
SOX_302_CERTIFICATION_QUARTERLY |
SOX §302 — CEO/CFO cert each 10-Q/10-K |
SOX_906_CERTIFICATION_ANNUAL |
SOX §906 — criminal cert each annual report |
SEC_EDGAR_ADV_ANNUAL_AMENDMENT |
§204-2 — 90 days after FYE |
ANNUAL_PENTEST |
SOC2 CC7.1 / vendor risk requirement |
{
"name": "SEC Reg BI / FINRA / ERISA / CFTC / GLBA Compliance Deadline Tracker",
"nodes": [
{
"id": "w3n1",
"name": "Schedule Weekdays 8AM",
"type": "n8n-nodes-base.scheduleTrigger",
"typeVersion": 1,
"position": [
240,
300
],
"parameters": {
"rule": {
"interval": [
{
"field": "cronExpression",
"expression": "0 8 * * 1-5"
}
]
}
}
},
{
"id": "w3n2",
"name": "Read Compliance Calendar",
"type": "n8n-nodes-base.googleSheets",
"typeVersion": 4,
"position": [
460,
300
],
"parameters": {
"operation": "readAllRows",
"documentId": "YOUR_SHEET_ID",
"sheetName": "compliance_calendar"
}
},
{
"id": "w3n3",
"name": "Evaluate Deadlines",
"type": "n8n-nodes-base.code",
"typeVersion": 2,
"position": [
680,
300
],
"parameters": {
"jsCode": "const today=new Date();\nconst DEADLINE_TYPES={\n SEC_REG_BI_ANNUAL_REVIEW:'SEC Reg BI 17 CFR \u00a7240.15l-1 \u2014 annual best interest review and documentation update',\n INVESTMENT_ADVISERS_ACT_ADV_ANNUAL:'IA Act \u00a7204 \u2014 ADV annual amendment within 90 days after fiscal year end',\n FINRA_RULE_3110_SUPERVISION_ANNUAL:'FINRA Rule 3110 \u2014 annual supervisory review of procedures and controls',\n FINRA_FORM_U4_UPDATE:'FINRA Rule 3110 \u2014 material change to Form U4/U5 within 30 days',\n ERISA_FORM_5500_ANNUAL:'ERISA \u00a7103 \u2014 Form 5500 by end of 7th month after plan year end',\n ERISA_408B2_FEE_DISCLOSURE:'ERISA \u00a7408(b)(2) \u2014 60-day advance notice for material changes to fee disclosure',\n CFTC_LARGE_TRADER_REPORTING:'CFTC 17 CFR Part 18 \u2014 large trader position report deadlines',\n GLBA_SAFEGUARDS_ANNUAL_RISK_ASSESSMENT:'GLBA Safeguards Rule 16 CFR \u00a7314.4(a) \u2014 annual written information security risk assessment',\n SOX_302_CERTIFICATION_QUARTERLY:'SOX \u00a7302 \u2014 CEO/CFO certification with each 10-Q and 10-K',\n SOX_906_CERTIFICATION_ANNUAL:'SOX \u00a7906 \u2014 criminal certification with each annual report filing',\n SEC_EDGAR_ADV_ANNUAL_AMENDMENT:'SEC EDGAR \u2014 ADV annual amendment within 90 days of fiscal year end \u00a7204-2',\n ANNUAL_PENTEST:'Annual penetration test \u2014 SOC2 CC7.1 / vendor risk requirement'\n};\nconst alerts=$input.all().map(item=>{\n const d=item.json;\n if(!DEADLINE_TYPES[d.deadline_type])return null;\n const due=new Date(d.due_date);\n const days=Math.ceil((due-today)/(1000*60*60*24));\n let urgency;\n if(days<0)urgency='OVERDUE';\n else if(days<=14)urgency='CRITICAL';\n else if(days<=45)urgency='URGENT';\n else if(days<=90)urgency='WARNING';\n else if(days<=120)urgency='NOTICE';\n else return null;\n return {json:{...d,urgency,days_until_due:days,regulatory_note:DEADLINE_TYPES[d.deadline_type]}};\n}).filter(Boolean);\nif(alerts.length===0)return [{json:{no_alerts:true}}];\nreturn alerts;"
}
},
{
"id": "w3n4",
"name": "IF Alerts Exist",
"type": "n8n-nodes-base.if",
"typeVersion": 1,
"position": [
900,
300
],
"parameters": {
"conditions": {
"boolean": [
{
"value1": "={{ $json.no_alerts }}",
"value2": true,
"operation": "notEqual"
}
]
}
}
},
{
"id": "w3n5",
"name": "Slack #compliance-ops",
"type": "n8n-nodes-base.slack",
"typeVersion": 2,
"position": [
1120,
220
],
"parameters": {
"operation": "post",
"channel": "#compliance-ops",
"text": "=*[{{ $json.urgency }}] WealthTech Compliance Deadline \u2014 {{ $json.days_until_due }} days*\nType: {{ $json.deadline_type }}\nDue: {{ $json.due_date }}\nNote: {{ $json.regulatory_note }}\nOwner: {{ $json.owner }}",
"otherOptions": {}
}
},
{
"id": "w3n6",
"name": "Gmail Compliance Owner",
"type": "n8n-nodes-base.gmail",
"typeVersion": 2,
"position": [
1120,
420
],
"parameters": {
"operation": "send",
"toList": "={{ $json.owner_email }}",
"subject": "[{{ $json.urgency }}] {{ $json.deadline_type }} due {{ $json.due_date }}",
"message": "Compliance Deadline Alert\n\nType: {{ $json.deadline_type }}\nDue: {{ $json.due_date }} ({{ $json.days_until_due }} days)\nRegulatory basis: {{ $json.regulatory_note }}\n\nPlease confirm on track or escalate to Chief Compliance Officer.",
"options": {}
}
}
],
"connections": {
"Schedule Weekdays 8AM": {
"main": [
[
{
"node": "Read Compliance Calendar",
"type": "main",
"index": 0
}
]
]
},
"Read Compliance Calendar": {
"main": [
[
{
"node": "Evaluate Deadlines",
"type": "main",
"index": 0
}
]
]
},
"Evaluate Deadlines": {
"main": [
[
{
"node": "IF Alerts Exist",
"type": "main",
"index": 0
}
]
]
},
"IF Alerts Exist": {
"main": [
[
{
"node": "Slack #compliance-ops",
"type": "main",
"index": 0
},
{
"node": "Gmail Compliance Owner",
"type": "main",
"index": 0
}
],
[]
]
}
}
}
Workflow 4: WealthTech Security Incident and SEC/FINRA/ERISA/GLBA Breach Pipeline
8 incident types with pre-mapped regulatory windows:
| Incident | Window | Regulation |
|---|---|---|
INVESTMENT_ADVISER_PII_BREACH |
72h → 30d | IA Rule 204A-1 client notification |
FINRA_REPORTABLE_EVENT |
24h | FINRA Rule 3110 Form U4/U5 update |
SEC_REG_BI_DOCUMENTATION_GAP |
24h | 17 CFR §240.15l-1 — examiner surface |
ERISA_PLAN_DATA_BREACH |
72h | ERISA §409 fiduciary duty |
CFTC_POSITION_DATA_FAILURE |
24h | CFTC 17 CFR Part 18 |
SOX_INTERNAL_CONTROL_FAILURE |
96h | SOX §302/906 material weakness |
GLBA_NPI_UNAUTHORIZED_DISCLOSURE |
30d | 16 CFR §314.15 |
CLIENT_ACCOUNT_UNAUTHORIZED_ACCESS |
1h | SEC Reg S-P / FINRA Rule 4370 |
{
"name": "WealthTech Security Incident and SEC/FINRA/ERISA/GLBA Breach Pipeline",
"nodes": [
{
"id": "w4n1",
"name": "Webhook Incident",
"type": "n8n-nodes-base.webhook",
"typeVersion": 1,
"position": [
240,
300
],
"parameters": {
"path": "wealthtech-incident",
"responseMode": "onReceived"
}
},
{
"id": "w4n2",
"name": "Classify Incident",
"type": "n8n-nodes-base.code",
"typeVersion": 2,
"position": [
460,
300
],
"parameters": {
"jsCode": "const d=$input.first().json;\nconst INCIDENTS={\n INVESTMENT_ADVISER_PII_BREACH:{severity:'CRITICAL',window_hours:72,notify:'IA Rule 204A-1 \u2014 notify clients within 30 days; SEC may require Form ADV update',slack:'#incident-response'},\n FINRA_REPORTABLE_EVENT:{severity:'CRITICAL',window_hours:24,notify:'FINRA Rule 3110 \u2014 update Form U4/U5 within 30 days; immediate escalation to CCO',slack:'#incident-response'},\n SEC_REG_BI_DOCUMENTATION_GAP:{severity:'CRITICAL',window_hours:24,notify:'Reg BI 17 CFR \u00a7240.15l-1 \u2014 document the gap immediately; SEC examiners look for this in branch reviews',slack:'#compliance-ops'},\n ERISA_PLAN_DATA_BREACH:{severity:'CRITICAL',window_hours:72,notify:'ERISA \u00a7409 fiduciary duty \u2014 notify plan sponsor immediately; DOL EBSA may require disclosure',slack:'#incident-response'},\n CFTC_POSITION_DATA_FAILURE:{severity:'HIGH',window_hours:24,notify:'CFTC 17 CFR Part 18 \u2014 large trader reporting deadline may be missed; NFA notification required',slack:'#compliance-ops'},\n SOX_INTERNAL_CONTROL_FAILURE:{severity:'HIGH',window_hours:96,notify:'SOX \u00a7302/906 \u2014 material weakness must be disclosed in next 10-Q/10-K; auditor notification required',slack:'#incident-response'},\n GLBA_NPI_UNAUTHORIZED_DISCLOSURE:{severity:'HIGH',window_hours:30,notify:'GLBA Safeguards Rule 16 CFR \u00a7314.15 \u2014 notify FTC if >500 customers affected; banking regulator if applicable',slack:'#incident-response'},\n CLIENT_ACCOUNT_UNAUTHORIZED_ACCESS:{severity:'CRITICAL',window_hours:1,notify:'SEC Reg S-P / FINRA Rule 4370 \u2014 immediate CCO notification; preserve all audit logs',slack:'#incident-response'}\n};\nconst type=d.incident_type||'UNKNOWN';\nconst meta=INCIDENTS[type]||{severity:'MEDIUM',window_hours:72,notify:'Internal review required \u2014 classify and escalate to CCO',slack:'#incident-response'};\nreturn [{json:{...d,incident_type:type,...meta,detected_at:new Date().toISOString()}}];"
}
},
{
"id": "w4n3",
"name": "Slack Immediate Alert",
"type": "n8n-nodes-base.slack",
"typeVersion": 2,
"position": [
680,
220
],
"parameters": {
"operation": "post",
"channel": "={{ $json.slack }}",
"text": "=:rotating_light: *WealthTech Incident \u2014 {{ $json.severity }}*\nType: {{ $json.incident_type }}\nDetected: {{ $json.detected_at }}\nWindow: {{ $json.window_hours }}h\nAction: {{ $json.notify }}",
"otherOptions": {}
}
},
{
"id": "w4n4",
"name": "Log to Postgres",
"type": "n8n-nodes-base.postgres",
"typeVersion": 2,
"position": [
680,
420
],
"parameters": {
"operation": "executeQuery",
"query": "INSERT INTO wealthtech_incidents(incident_type,severity,window_hours,regulatory_note,detected_at,raw_payload) VALUES($1,$2,$3,$4,$5,$6::jsonb)",
"additionalFields": {
"queryParams": "={{ [$json.incident_type,$json.severity,$json.window_hours,$json.notify,$json.detected_at,JSON.stringify($json)] }}"
}
}
},
{
"id": "w4n5",
"name": "Gmail CCO and Legal",
"type": "n8n-nodes-base.gmail",
"typeVersion": 2,
"position": [
900,
300
],
"parameters": {
"operation": "send",
"toList": "cco@yourcompany.com",
"ccList": "legal@yourcompany.com",
"subject": "[{{ $json.severity }}] WealthTech Incident \u2014 {{ $json.incident_type }} \u2014 {{ $json.window_hours }}h window",
"message": "Incident Type: {{ $json.incident_type }}\nSeverity: {{ $json.severity }}\nDetected: {{ $json.detected_at }}\nRegulatory window: {{ $json.window_hours }} hours\n\nRequired action: {{ $json.notify }}\n\nPreserve all logs. Do not communicate externally without legal review.",
"options": {}
}
}
],
"connections": {
"Webhook Incident": {
"main": [
[
{
"node": "Classify Incident",
"type": "main",
"index": 0
}
]
]
},
"Classify Incident": {
"main": [
[
{
"node": "Slack Immediate Alert",
"type": "main",
"index": 0
},
{
"node": "Log to Postgres",
"type": "main",
"index": 0
}
]
]
},
"Slack Immediate Alert": {
"main": [
[
{
"node": "Gmail CCO and Legal",
"type": "main",
"index": 0
}
]
]
},
"Log to Postgres": {
"main": [
[]
]
}
}
}
Workflow 5: Weekly WealthTech Platform KPI Dashboard
Monday 8AM. Dual Postgres queries (platform metrics + compliance queue). WoW MRR delta via $workflowStaticData. AUM on platform. Reg BI review count, FINRA events open, ERISA disclosures pending, CFTC reports open, SOX certifications open. HTML email to CEO with CCO BCC — closing the governance loop that SOX §302 requires.
{
"name": "Weekly WealthTech Platform KPI Dashboard",
"nodes": [
{
"id": "w5n1",
"name": "Schedule Monday 8AM",
"type": "n8n-nodes-base.scheduleTrigger",
"typeVersion": 1,
"position": [
240,
300
],
"parameters": {
"rule": {
"interval": [
{
"field": "cronExpression",
"expression": "0 8 * * 1"
}
]
}
}
},
{
"id": "w5n2",
"name": "Query Platform Metrics",
"type": "n8n-nodes-base.postgres",
"typeVersion": 2,
"position": [
460,
300
],
"parameters": {
"operation": "executeQuery",
"query": "SELECT\n COUNT(DISTINCT account_id) AS active_accounts,\n SUM(mrr_usd) AS mrr_usd,\n COUNT(CASE WHEN status='trial' THEN 1 END) AS active_trials,\n COUNT(CASE WHEN status='churned' AND churned_at >= NOW()-INTERVAL '7 days' THEN 1 END) AS churned_7d,\n SUM(api_calls_7d) AS api_calls_7d,\n SUM(aum_platform_usd) AS aum_platform_usd\nFROM accounts WHERE status IN ('active','trial')"
}
},
{
"id": "w5n3",
"name": "Query Compliance Counters",
"type": "n8n-nodes-base.postgres",
"typeVersion": 2,
"position": [
460,
500
],
"parameters": {
"operation": "executeQuery",
"query": "SELECT\n COUNT(CASE WHEN deadline_type='SEC_REG_BI_ANNUAL_REVIEW' AND status='open' THEN 1 END) AS reg_bi_reviews_open,\n COUNT(CASE WHEN deadline_type LIKE 'FINRA%' AND status='open' THEN 1 END) AS finra_events_open,\n COUNT(CASE WHEN deadline_type LIKE 'ERISA%' AND status='open' THEN 1 END) AS erisa_disclosures_open,\n COUNT(CASE WHEN deadline_type LIKE 'CFTC%' AND status='open' THEN 1 END) AS cftc_reports_open,\n COUNT(CASE WHEN deadline_type LIKE 'SOX%' AND status='open' THEN 1 END) AS sox_certs_open\nFROM compliance_events WHERE due_date >= NOW()-INTERVAL '90 days'"
}
},
{
"id": "w5n4",
"name": "Merge",
"type": "n8n-nodes-base.merge",
"typeVersion": 2,
"position": [
700,
400
],
"parameters": {
"mode": "combine",
"combinationMode": "mergeByPosition"
}
},
{
"id": "w5n5",
"name": "Build KPI HTML",
"type": "n8n-nodes-base.code",
"typeVersion": 2,
"position": [
920,
400
],
"parameters": {
"jsCode": "const prev=$workflowStaticData.last_mrr||0;\nconst d={...$input.first().json,...$input.all()[1]?.json};\nconst mrr=parseFloat(d.mrr_usd)||0;\nconst wow=prev>0?((mrr-prev)/prev*100).toFixed(1):'N/A';\n$workflowStaticData.last_mrr=mrr;\nconst html=`<h2>WealthTech Platform \u2014 Weekly KPI</h2><table border='1' cellpadding='6'><tr><th>Metric</th><th>Value</th><th>WoW</th></tr><tr><td>Active Accounts</td><td>${d.active_accounts||0}</td><td>-</td></tr><tr><td>AUM on Platform</td><td>$${(parseFloat(d.aum_platform_usd)||0).toLocaleString()}</td><td>-</td></tr><tr><td>MRR</td><td>$${mrr.toLocaleString()}</td><td>${wow}%</td></tr><tr><td>Active Trials</td><td>${d.active_trials||0}</td><td>-</td></tr><tr><td>Churned (7d)</td><td>${d.churned_7d||0}</td><td>-</td></tr><tr><td>API Calls (7d)</td><td>${(d.api_calls_7d||0).toLocaleString()}</td><td>-</td></tr></table><h3>Compliance Queue</h3><table border='1' cellpadding='6'><tr><th>Item</th><th>Open</th></tr><tr><td>Reg BI Annual Reviews</td><td>${d.reg_bi_reviews_open||0}</td></tr><tr><td>FINRA Events</td><td>${d.finra_events_open||0}</td></tr><tr><td>ERISA Disclosures</td><td>${d.erisa_disclosures_open||0}</td></tr><tr><td>CFTC Reports</td><td>${d.cftc_reports_open||0}</td></tr><tr><td>SOX Certifications</td><td>${d.sox_certs_open||0}</td></tr></table>`;\nreturn [{json:{html,wow,mrr}}];"
}
},
{
"id": "w5n6",
"name": "Gmail CEO BCC CCO",
"type": "n8n-nodes-base.gmail",
"typeVersion": 2,
"position": [
1140,
400
],
"parameters": {
"operation": "send",
"toList": "ceo@yourcompany.com",
"bccList": "cco@yourcompany.com",
"subject": "WealthTech Platform \u2014 Weekly KPI",
"message": "={{ $json.html }}",
"options": {
"bodyType": "html"
}
}
}
],
"connections": {
"Schedule Monday 8AM": {
"main": [
[
{
"node": "Query Platform Metrics",
"type": "main",
"index": 0
},
{
"node": "Query Compliance Counters",
"type": "main",
"index": 0
}
]
]
},
"Query Platform Metrics": {
"main": [
[
{
"node": "Merge",
"type": "main",
"index": 0
}
]
]
},
"Query Compliance Counters": {
"main": [
[
{
"node": "Merge",
"type": "main",
"index": 1
}
]
]
},
"Merge": {
"main": [
[
{
"node": "Build KPI HTML",
"type": "main",
"index": 0
}
]
]
},
"Build KPI HTML": {
"main": [
[
{
"node": "Gmail CEO BCC CCO",
"type": "main",
"index": 0
}
]
]
}
}
}
Why not Zapier or Make for WealthTech?
| Concern | Zapier/Make | n8n (self-hosted) |
|---|---|---|
| Reg BI recommendation data | Flows through third-party cloud (SEC exam surface) | Stays in your perimeter |
| FINRA Rule 3110 supervision | Middleware creates supervision gap | In-scope by design |
| ERISA §408(b)(2) disclosure | May constitute undisclosed indirect compensation | Internal infrastructure |
| ADV §204-2 books & records | Cloud export creates accessibility gap | git-versioned workflows |
| CFTC large trader data | Unregistered intermediary risk | Self-contained |
Self-hosting decision table
| Regulation | Self-hosting argument |
|---|---|
| SEC Reg BI 17 CFR §240.15l-1 | Recommendation basis documentation must be in systems you control for branch exam access |
| FINRA Rule 3110 | Supervision program must cover all order workflow systems including middleware |
| ERISA §408(b)(2) | Fee disclosure requires enumeration of all service providers including automation middleware |
| IA Act §204-2 | 5-year books & records in accessible form — cloud exports create accessibility gaps |
| CFTC 17 CFR Part 18 | Large trader position data must not flow through unregistered intermediaries |
5 buyer Q&A
Q: We use Salesforce for CRM — does the automation layer between our platform and Salesforce create a FINRA Rule 3110 supervision gap?
A: Potentially yes if the automation handles order routing or recommendation data. FINRA Rule 3110 requires your supervisory procedures to cover all systems in the order workflow path. n8n deployed in your infrastructure is covered by your existing supervisory policies; a cloud iPaaS introduces a third party outside your supervisory perimeter.
Q: How does n8n help us document Reg BI recommendation basis for SEC examinations?
A: n8n workflow execution logs (stored in your own Postgres or cloud database) provide a timestamped, auditable record of which automation ran, what data it processed, and what action it triggered — exactly the "basis for the recommendation" documentation that 17 CFR §240.15l-1(a)(1)(ii) requires. Export the workflow JSON and execution log as a single audit package.
Q: Our ERISA plan data flows through our automation tool — do we need to disclose that middleware as an indirect service provider under §408(b)(2)?
A: DOL has signaled that service providers whose systems handle plan assets or participant data may trigger §408(b)(2) disclosure obligations. Running n8n as internal infrastructure (not a contracted third-party SaaS) removes the vendor from the service provider chain entirely.
Q: We're applying for CFTC registration — does our automation stack affect NFA membership review?
A: NFA membership applications require disclosure of all material third-party service providers with system access. A cloud automation platform with access to large trader position data is a material provider. Self-hosted n8n is an internal system — not a third-party disclosure.
Q: Can n8n generate the audit trail required for SOX §302 CEO/CFO certification for our automated order processes?
A: Yes. n8n's execution history (stored in your own database) provides the process-level audit trail that supports the internal controls assertion in §302 certification. git-versioned workflow JSON provides the change-management record. Zapier/Make cannot provide either of these without exporting data through their own APIs.
All 5 workflows are available as part of the FlowKit n8n template library: stripeai.gumroad.com
FlowKit — n8n Automation Templates for compliance-driven SaaS vendors.
Top comments (0)