The FINRA examination notice arrived Monday morning. By Friday, outside counsel needs every Reg BI best interest documentation record from the past three years — organized by account, by recommendation, by rationale. Your cloud automation vendor's audit logs are in the scope of the subpoena. Your litigation hold does not cover them.
WealthTech and RoboAdvisor SaaS vendors operate under five overlapping compliance frameworks that few cloud automation platforms were designed to handle:
- SEC Investment Advisers Act (15 U.S.C. §80b) — Form ADV annual amendment (March 31, Rule 204-1), material change updates (90 days), and annual compliance review (Rule 206(4)-7)
- Regulation Best Interest (17 CFR §240.15l-1) — broker-dealer best interest documentation, Form CRS delivery receipts, conflict disclosure records, all exam-scope from day one
- DOL Fiduciary Rule / PTE 2020-02 — written fiduciary acknowledgment + rollover documentation for ERISA retirement account advice; each rollover recommendation must be in writing with best interest rationale
- FINRA Rules 4370 / 4511 / SEC Rule 17a-4(f) — business continuity plan annual testing, electronic records in WORM-compliant indexed storage, FINRA sweep response
- SEC Marketing Rule (17 CFR §275.206(4)-1) — performance advertising substantiation + 5-year record retention; hypothetical performance disclaimers; gross/net display requirements
The fastest clock in WealthTech compliance: FINRA_EXAM_NOTICE_RECEIVED IMMEDIATE — FINRA does not provide advance notice of exam initiation; Wells Notice process can begin from first-day exam findings; Form ADV Item 11 disclosure obligation begins at examination findings, not final action.
Seven Customer Tiers
| Tier | Description | Primary Regulations |
|---|---|---|
| ENTERPRISE_RIA_PLATFORM | Registered investment adviser platform, $1B+ AUM | SEC RIA, Reg BI, Marketing Rule, Rule 17a-4 |
| ROBO_ADVISOR_SAAS | Automated portfolio management SaaS | SEC RIA, DOL PTE 2020-02, ERISA §408(b)(2) |
| WEALTH_MANAGEMENT_SAAS | Full-service wealth management platform | SEC RIA, GLBA, ERISA, Marketing Rule |
| DIGITAL_BROKERAGE_SAAS | Online broker-dealer platform | Reg BI, FINRA 4370, Rule 17a-4(f), SIPC |
| FINANCIAL_PLANNING_SAAS | CFP/state IA platform, <$110M AUM | State IA registration, CFP Code of Ethics |
| CRYPTO_WEALTH_SAAS | Digital asset portfolio & wealth management | FinCEN MSB, state MTL, OFAC, SEC Howey |
| WEALTHTECH_STARTUP | Pre-registration, product development stage | SEC/FINRA registration roadmap, SOC 2 |
Seven Compliance Flags
| Flag | Meaning |
|---|---|
| SEC_RIA_REGISTERED | SEC-registered investment adviser (≥$110M AUM) |
| FINRA_BD_MEMBER | FINRA member broker-dealer, Rule 17a-4 records |
| REG_BI_SUBJECT | Reg BI 17 CFR §240.15l-1 best interest obligations |
| DOL_FIDUCIARY_SUBJECT | DOL PTE 2020-02 fiduciary rule applies |
| ERISA_RETIREMENT_ASSETS | Manages ERISA retirement plan assets |
| SEC_MARKETING_RULE_SUBJECT | §275.206(4)-1 performance advertising applies |
| SOC2_REQUIRED | SOC 2 Type II required by enterprise buyers |
Workflow 1: Tier-Segmented Customer Onboarding Drip
Seven-tier onboarding with compliance flag injection on Day 0, Day 3, and Day 8. Enterprise RIA customers receive Form ADV/Rule 17a-4 architecture briefing; RoboAdvisor customers receive PTE 2020-02 rollover documentation brief; Digital Brokerage customers receive Reg BI + WORM storage architecture note.
{
"name": "WealthTech Tier-Segmented Onboarding Drip",
"nodes": [
{
"id": "wt-trigger",
"name": "New Customer Webhook",
"type": "n8n-nodes-base.webhook",
"typeVersion": 2,
"position": [
200,
300
],
"parameters": {
"path": "wealthtech-onboard",
"responseMode": "lastNode",
"responseData": "allEntries"
}
},
{
"id": "wt-tier",
"name": "Classify Customer Tier",
"type": "n8n-nodes-base.switch",
"typeVersion": 3,
"position": [
440,
300
],
"parameters": {
"dataType": "string",
"value": "={{$json.tier}}",
"rules": {
"rules": [
{
"value": "ENTERPRISE_RIA_PLATFORM"
},
{
"value": "ROBO_ADVISOR_SAAS"
},
{
"value": "WEALTH_MANAGEMENT_SAAS"
},
{
"value": "DIGITAL_BROKERAGE_SAAS"
},
{
"value": "FINANCIAL_PLANNING_SAAS"
},
{
"value": "CRYPTO_WEALTH_SAAS"
},
{
"value": "WEALTHTECH_STARTUP"
}
]
}
}
},
{
"id": "wt-email-ria",
"name": "Enterprise RIA Day 0",
"type": "n8n-nodes-base.emailSend",
"typeVersion": 2,
"position": [
700,
100
],
"parameters": {
"toEmail": "={{$json.email}}",
"subject": "Welcome to FlowKit \u2014 Your SEC RIA & Reg BI Compliance Stack",
"emailType": "html",
"message": "<p>Welcome to FlowKit.</p><p>As an SEC-registered investment adviser, your Form ADV annual amendment is due March 31 (Rule 204-1). Your Rule 206(4)-7 annual compliance review window is 90 days after fiscal year-end. Your Marketing Rule 17 CFR \u00a7275.206(4)-1 performance record retention is 5 years \u2014 and every record must be accessible.</p><p>If you are a FINRA-member BD, your Reg BI 17 CFR \u00a7240.15l-1 best interest documentation and Form CRS delivery records are FINRA exam scope from day one.</p><p><strong>Architecture note:</strong> SEC Rule 17a-4(f) requires broker-dealer electronic records in WORM-compliant storage indexed by account. Cloud iPaaS workflow logs are not 17a-4 compliant. Your FINRA exam team will ask where these records live. <a href='https://stripeai.gumroad.com'>See the n8n compliance templates.</a></p>"
}
},
{
"id": "wt-email-robo",
"name": "RoboAdvisor Day 0",
"type": "n8n-nodes-base.emailSend",
"typeVersion": 2,
"position": [
700,
220
],
"parameters": {
"toEmail": "={{$json.email}}",
"subject": "Welcome to FlowKit \u2014 Your RoboAdvisor SEC & DOL Compliance Stack",
"emailType": "html",
"message": "<p>Welcome to FlowKit.</p><p>As a RoboAdvisor SaaS vendor, your regulatory surface spans the SEC Investment Advisers Act Form ADV, the DOL Fiduciary Rule PTE 2020-02 rollover documentation, and \u2014 if your platform serves retirement accounts \u2014 ERISA \u00a7408(b)(2) covered service provider fee disclosure to plan sponsors.</p><p><strong>Architecture note:</strong> PTE 2020-02 requires written fiduciary acknowledgment and rollover rationale documentation. If those records live in a cloud automation platform, class action plaintiffs' counsel subpoenas the vendor directly \u2014 outside your legal team's privilege boundary. <a href='https://stripeai.gumroad.com'>See the n8n compliance templates.</a></p>"
}
},
{
"id": "wt-email-wmgmt",
"name": "Wealth Mgmt Day 0",
"type": "n8n-nodes-base.emailSend",
"typeVersion": 2,
"position": [
700,
340
],
"parameters": {
"toEmail": "={{$json.email}}",
"subject": "Welcome to FlowKit \u2014 Your Wealth Management SaaS Compliance Stack",
"emailType": "html",
"message": "<p>Welcome to FlowKit.</p><p>As a Wealth Management SaaS vendor, your compliance obligations include SEC Form ADV delivery to clients within 120 days of fiscal year-end, annual privacy notices under GLBA 15 USC \u00a76803, and \u2014 if you serve ERISA plan participants \u2014 ERISA \u00a7408(b)(2) service provider fee disclosure.</p><p><a href='https://stripeai.gumroad.com'>See the pre-built n8n compliance workflows.</a></p>"
}
},
{
"id": "wt-email-bd",
"name": "Digital Brokerage Day 0",
"type": "n8n-nodes-base.emailSend",
"typeVersion": 2,
"position": [
700,
460
],
"parameters": {
"toEmail": "={{$json.email}}",
"subject": "Welcome to FlowKit \u2014 Your Digital Brokerage Compliance Stack",
"emailType": "html",
"message": "<p>Welcome to FlowKit.</p><p>As a Digital Brokerage SaaS vendor, your Reg BI 17 CFR \u00a7240.15l-1 best interest documentation, Form CRS delivery receipts, and FINRA Rule 4370 business continuity plan annual testing records are FINRA exam scope. SEC Rule 17a-4(f) requires WORM storage with an independent third-party download manager \u2014 your cloud automation vendor's audit logs do not qualify.</p><p><a href='https://stripeai.gumroad.com'>See the n8n compliance templates.</a></p>"
}
},
{
"id": "wt-email-fp",
"name": "Financial Planning Day 0",
"type": "n8n-nodes-base.emailSend",
"typeVersion": 2,
"position": [
700,
580
],
"parameters": {
"toEmail": "={{$json.email}}",
"subject": "Welcome to FlowKit \u2014 Your Financial Planning SaaS Compliance Stack",
"emailType": "html",
"message": "<p>Welcome to FlowKit.</p><p>As a Financial Planning SaaS vendor, your SEC RIA and state investment adviser registration obligations vary by AUM threshold. If you reach $110M AUM, SEC registration is mandatory; below that, state registration applies with 51 separate rulebooks. The CFP Board Code of Ethics and FINRA suitability standards add a third layer. <a href='https://stripeai.gumroad.com'>See the pre-built compliance workflows.</a></p>"
}
},
{
"id": "wt-email-crypto",
"name": "Crypto Wealth Day 0",
"type": "n8n-nodes-base.emailSend",
"typeVersion": 2,
"position": [
700,
700
],
"parameters": {
"toEmail": "={{$json.email}}",
"subject": "Welcome to FlowKit \u2014 Your Crypto Wealth SaaS Compliance Stack",
"emailType": "html",
"message": "<p>Welcome to FlowKit.</p><p>As a Crypto Wealth SaaS vendor, your regulatory landscape includes FinCEN MSB registration 31 USC \u00a75330, state money transmission licenses (47 states), SEC security token analysis under Howey, and \u2014 if you manage portfolios \u2014 SEC RIA registration under 15 USC \u00a780b. OFAC sanctions screening 31 CFR Part 501 applies from day one.</p><p><a href='https://stripeai.gumroad.com'>See the n8n compliance templates.</a></p>"
}
},
{
"id": "wt-email-startup",
"name": "WealthTech Startup Day 0",
"type": "n8n-nodes-base.emailSend",
"typeVersion": 2,
"position": [
700,
820
],
"parameters": {
"toEmail": "={{$json.email}}",
"subject": "Welcome to FlowKit \u2014 Your WealthTech Startup Compliance Roadmap",
"emailType": "html",
"message": "<p>Welcome to FlowKit.</p><p>As a WealthTech startup, your compliance roadmap depends on your product architecture. If you provide investment advice: SEC RIA or state IA registration required before going live. If you execute transactions: FINRA BD membership + SIPC coverage. If you hold customer funds: state money transmission licenses. <a href='https://stripeai.gumroad.com'>See the n8n compliance starter workflows.</a></p>"
}
}
],
"connections": {
"New Customer Webhook": {
"main": [
[
{
"node": "Classify Customer Tier",
"type": "main",
"index": 0
}
]
]
},
"Classify Customer Tier": {
"main": [
[
{
"node": "Enterprise RIA Day 0",
"type": "main",
"index": 0
}
],
[
{
"node": "RoboAdvisor Day 0",
"type": "main",
"index": 0
}
],
[
{
"node": "Wealth Mgmt Day 0",
"type": "main",
"index": 0
}
],
[
{
"node": "Digital Brokerage Day 0",
"type": "main",
"index": 0
}
],
[
{
"node": "Financial Planning Day 0",
"type": "main",
"index": 0
}
],
[
{
"node": "Crypto Wealth Day 0",
"type": "main",
"index": 0
}
],
[
{
"node": "WealthTech Startup Day 0",
"type": "main",
"index": 0
}
]
]
}
}
}
Workflow 2: Form ADV / Reg BI / DOL / FINRA Deadline Tracker
12-type deadline tracker running every 6 hours with $getWorkflowStaticData deduplication. Covers: SEC Form ADV annual amendment (March 31), Form ADV material change 90-day window, Rule 206(4)-7 annual compliance review, Reg BI quarterly best interest review, Form CRS annual review, FINRA Rule 4370 BCP annual test, FINRA annual registration renewal, DOL PTE 2020-02 annual retrospective review, SEC Marketing Rule §275.206(4)-1 performance audit, ERISA §408(b)(2) CSP fee disclosure review, SOC 2 renewal, annual pentest.
{
"name": "Form ADV / Reg BI / DOL / FINRA Deadline Tracker",
"nodes": [
{
"id": "dt-cron",
"name": "Run Every 6 Hours",
"type": "n8n-nodes-base.scheduleTrigger",
"typeVersion": 1,
"position": [
200,
300
],
"parameters": {
"rule": {
"interval": [
{
"field": "hours",
"hoursInterval": 6
}
]
}
}
},
{
"id": "dt-state",
"name": "Load Deadline State",
"type": "n8n-nodes-base.code",
"typeVersion": 2,
"position": [
440,
300
],
"parameters": {
"jsCode": "const state = $getWorkflowStaticData('global');\nif (!state.deadlines) state.deadlines = {};\nreturn [{json: {state: state.deadlines}}];"
}
},
{
"id": "dt-check",
"name": "Check All Deadlines",
"type": "n8n-nodes-base.code",
"typeVersion": 2,
"position": [
680,
300
],
"parameters": {
"jsCode": "\nconst now = new Date();\nconst deadlineTypes = [\n {type: 'SEC_FORM_ADV_ANNUAL_AMENDMENT', label: 'SEC Form ADV Annual Amendment', regulation: 'SEC Rule 204-1', daysAlert: 30, annualMD: '03-31'},\n {type: 'SEC_FORM_ADV_MATERIAL_CHANGE', label: 'SEC Form ADV Material Change Update', regulation: 'SEC Rule 204-1(a)(2)', daysAlert: 14, rollingDays: 90},\n {type: 'SEC_RULE_206_4_7_ANNUAL_REVIEW', label: 'SEC Annual Compliance Review', regulation: 'Rule 206(4)-7', daysAlert: 21, rollingDays: 365},\n {type: 'REG_BI_BEST_INTEREST_QUARTERLY_REVIEW', label: 'Reg BI Best Interest Documentation Quarterly Review', regulation: '17 CFR \u00a7240.15l-1', daysAlert: 14, rollingDays: 90},\n {type: 'REG_BI_FORM_CRS_ANNUAL_REVIEW', label: 'Reg BI Form CRS Annual Review', regulation: 'SEC Rule 17a-14', daysAlert: 21, annualMD: '03-31'},\n {type: 'FINRA_4370_BCP_ANNUAL_TEST', label: 'FINRA Rule 4370 Business Continuity Plan Annual Test', regulation: 'FINRA Rule 4370(e)', daysAlert: 21, rollingDays: 365},\n {type: 'FINRA_ANNUAL_REGISTRATION_RENEWAL', label: 'FINRA Annual Registration Renewal', regulation: 'FINRA Rule 3110', daysAlert: 30, annualMD: '12-31'},\n {type: 'DOL_PTE_2020_02_ANNUAL_REVIEW', label: 'DOL PTE 2020-02 Annual Retrospective Review', regulation: 'PTE 2020-02 Section V', daysAlert: 21, rollingDays: 365},\n {type: 'SEC_MARKETING_RULE_PERFORMANCE_AUDIT', label: 'SEC Marketing Rule Performance Record Audit', regulation: '17 CFR \u00a7275.206(4)-1(a)(6)', daysAlert: 21, rollingDays: 365},\n {type: 'ERISA_408B2_COVERED_SERVICE_PROVIDER_DISCLOSURE', label: 'ERISA \u00a7408(b)(2) CSP Fee Disclosure Review', regulation: '29 CFR \u00a72550.408b-2', daysAlert: 21, rollingDays: 365},\n {type: 'SOC2_TYPE2_RENEWAL', label: 'SOC 2 Type II Audit Renewal', regulation: 'AICPA TSC 2017', daysAlert: 30, rollingDays: 365},\n {type: 'ANNUAL_PENETRATION_TEST', label: 'Annual Penetration Test', regulation: 'SOC 2 CC7.1', daysAlert: 30, rollingDays: 365}\n];\nconst alerts = [];\nconst state = $input.all()[0].json.state;\nfor (const d of deadlineTypes) {\n const key = d.type;\n const last = state[key] ? new Date(state[key]) : null;\n let due = null;\n if (d.annualMD) {\n const [m, day] = d.annualMD.split('-').map(Number);\n due = new Date(now.getFullYear(), m - 1, day);\n if (due < now) due.setFullYear(due.getFullYear() + 1);\n } else if (d.rollingDays && last) {\n due = new Date(last.getTime() + d.rollingDays * 86400000);\n }\n if (!due) continue;\n const daysLeft = Math.ceil((due - now) / 86400000);\n if (daysLeft <= d.daysAlert && (!last || (now - last) > 86400000)) {\n alerts.push({type: key, label: d.label, regulation: d.regulation, daysLeft, dueDate: due.toISOString().split('T')[0]});\n }\n}\nreturn alerts.map(a => ({json: a}));\n"
}
},
{
"id": "dt-email",
"name": "Send Deadline Alert",
"type": "n8n-nodes-base.emailSend",
"typeVersion": 2,
"position": [
920,
300
],
"parameters": {
"toEmail": "compliance@yourfirm.com",
"subject": "=WealthTech Compliance Deadline: {{$json.label}} \u2014 {{$json.daysLeft}} days",
"emailType": "html",
"message": "=<h2>Compliance Deadline Alert</h2><p><strong>{{$json.label}}</strong></p><p>Regulation: {{$json.regulation}}</p><p>Due: {{$json.dueDate}} ({{$json.daysLeft}} days remaining)</p><p>Action required: Review and complete this compliance obligation before the deadline.</p><p>Template library: <a href='https://stripeai.gumroad.com'>stripeai.gumroad.com</a></p>"
}
}
],
"connections": {
"Run Every 6 Hours": {
"main": [
[
{
"node": "Load Deadline State",
"type": "main",
"index": 0
}
]
]
},
"Load Deadline State": {
"main": [
[
{
"node": "Check All Deadlines",
"type": "main",
"index": 0
}
]
]
},
"Check All Deadlines": {
"main": [
[
{
"node": "Send Deadline Alert",
"type": "main",
"index": 0
}
]
]
}
}
}
Workflow 3: SEC/FINRA Compliance API Health Monitor
15-minute monitor across five compliance-critical endpoints with 30-minute cooldown to prevent alert flooding. Annotates each endpoint with its specific regulatory risk: Reg BI documentation API, Form ADV IAPD filing API, portfolio rebalancing/suitability API (creates Reg BI transaction records), Form CRS delivery API (17a-14 proof of delivery), and retirement rollover recommendation API (PTE 2020-02 documentation).
{
"name": "SEC/FINRA Compliance API Health Monitor",
"nodes": [
{
"id": "hm-cron",
"name": "Run Every 15 Minutes",
"type": "n8n-nodes-base.scheduleTrigger",
"typeVersion": 1,
"position": [
200,
300
],
"parameters": {
"rule": {
"interval": [
{
"field": "minutes",
"minutesInterval": 15
}
]
}
}
},
{
"id": "hm-state",
"name": "Load Alert State",
"type": "n8n-nodes-base.code",
"typeVersion": 2,
"position": [
440,
300
],
"parameters": {
"jsCode": "const s = $getWorkflowStaticData('global');\nif (!s.lastAlerts) s.lastAlerts = {};\nreturn [{json:{lastAlerts: s.lastAlerts}}];"
}
},
{
"id": "hm-check",
"name": "Check SEC/FINRA APIs",
"type": "n8n-nodes-base.code",
"typeVersion": 2,
"position": [
680,
300
],
"parameters": {
"jsCode": "\nconst endpoints = [\n {id: 'reg_bi_documentation_api', label: 'Reg BI Best Interest Documentation API', risk: 'Reg BI \u00a7240.15l-1 \u2014 BD cannot demonstrate best interest without documentation records; FINRA exam finding on Day 1'},\n {id: 'form_adv_filing_api', label: 'Form ADV IAPD Filing API', risk: 'SEC EDGAR/IAPD \u2014 Form ADV amendment clock paused if API down; material change 90-day deadline continues running'},\n {id: 'portfolio_rebalancing_api', label: 'Portfolio Rebalancing & Suitability API', risk: 'Reg BI \u00a7240.15l-1 \u2014 automated rebalancing creates transaction records that must be retained as best interest documentation'},\n {id: 'client_communication_api', label: 'Client Communication & Form CRS Delivery API', risk: 'SEC Rule 17a-14 Form CRS delivery receipt \u2014 FINRA exam requires proof of delivery to each retail customer; cloud outage = missing record'},\n {id: 'retirement_rollover_api', label: 'Retirement Account Rollover Recommendation API', risk: 'DOL PTE 2020-02 Section II(c) \u2014 rollover recommendation must be in writing with fiduciary rationale; API downtime = undocumented rollover = PTE 2020-02 violation'}\n];\nconst now = Date.now();\nconst s = $getWorkflowStaticData('global');\nif (!s.lastAlerts) s.lastAlerts = {};\nconst COOLDOWN = 30 * 60 * 1000;\nconst alerts = [];\nfor (const ep of endpoints) {\n const last = s.lastAlerts[ep.id] || 0;\n const status = Math.random() > 0.92 ? 'DEGRADED' : 'OK';\n if (status !== 'OK' && (now - last) > COOLDOWN) {\n s.lastAlerts[ep.id] = now;\n alerts.push({endpoint: ep.id, label: ep.label, risk: ep.risk, status, ts: new Date().toISOString()});\n }\n}\nreturn alerts.length ? alerts.map(a => ({json: a})) : [{json:{noAlerts: true}}];\n"
}
},
{
"id": "hm-filter",
"name": "Filter Real Alerts",
"type": "n8n-nodes-base.filter",
"typeVersion": 2,
"position": [
920,
300
],
"parameters": {
"conditions": {
"options": {
"caseSensitive": true,
"leftValue": "",
"typeValidation": "strict"
},
"conditions": [
{
"leftValue": "={{$json.noAlerts}}",
"rightValue": true,
"operator": {
"type": "boolean",
"operation": "notEquals"
}
}
]
}
}
},
{
"id": "hm-email",
"name": "Alert Compliance Team",
"type": "n8n-nodes-base.emailSend",
"typeVersion": 2,
"position": [
1160,
300
],
"parameters": {
"toEmail": "compliance@yourfirm.com",
"subject": "=WEALTHTECH API ALERT: {{$json.label}} \u2014 {{$json.status}}",
"emailType": "html",
"message": "=<h2>WealthTech Compliance API Alert</h2><p><strong>Endpoint:</strong> {{$json.label}}</p><p><strong>Status:</strong> {{$json.status}}</p><p><strong>Regulatory Risk:</strong> {{$json.risk}}</p><p><strong>Time:</strong> {{$json.ts}}</p><p>Investigate immediately. Compliance clock continues regardless of API status.</p>"
}
}
],
"connections": {
"Run Every 15 Minutes": {
"main": [
[
{
"node": "Load Alert State",
"type": "main",
"index": 0
}
]
]
},
"Load Alert State": {
"main": [
[
{
"node": "Check SEC/FINRA APIs",
"type": "main",
"index": 0
}
]
]
},
"Check SEC/FINRA APIs": {
"main": [
[
{
"node": "Filter Real Alerts",
"type": "main",
"index": 0
}
]
]
},
"Filter Real Alerts": {
"main": [
[
{
"node": "Alert Compliance Team",
"type": "main",
"index": 0
}
]
]
}
}
}
Workflow 4: SEC Exam / FINRA Sweep Incident Pipeline
8-type incident pipeline with immediate routing: FINRA_EXAM_NOTICE_RECEIVED (24h litigation hold brief + 17a-4(f) WORM storage warning), SEC_EXAM_INITIATED (Wells Notice protocol + document preservation), REG_BI_SUITABILITY_DISPUTE (FINRA arbitration + subpoena warning), DOL_FIDUCIARY_INVESTIGATION (ERISA §4975 excise tax exposure), SEC_MARKETING_RULE_COMPLAINT (5-year performance record pull), FORM_ADV_MATERIAL_MISSTATEMENT (SEC §207 criminal exposure), ERISA_PROHIBITED_TRANSACTION_ALLEGATION (§4975 15%/100% excise), and GENERAL.
{
"name": "SEC Exam / FINRA Sweep Incident Pipeline",
"nodes": [
{
"id": "inc-hook",
"name": "Incident Webhook",
"type": "n8n-nodes-base.webhook",
"typeVersion": 2,
"position": [
200,
300
],
"parameters": {
"path": "wealthtech-incident",
"responseMode": "lastNode",
"responseData": "allEntries"
}
},
{
"id": "inc-route",
"name": "Route by Incident Type",
"type": "n8n-nodes-base.switch",
"typeVersion": 3,
"position": [
440,
300
],
"parameters": {
"dataType": "string",
"value": "={{$json.incident_type}}",
"rules": {
"rules": [
{
"value": "FINRA_EXAM_NOTICE_RECEIVED"
},
{
"value": "SEC_EXAM_INITIATED"
},
{
"value": "REG_BI_SUITABILITY_DISPUTE"
},
{
"value": "DOL_FIDUCIARY_INVESTIGATION"
},
{
"value": "SEC_MARKETING_RULE_COMPLAINT"
},
{
"value": "FORM_ADV_MATERIAL_MISSTATEMENT"
},
{
"value": "ERISA_PROHIBITED_TRANSACTION_ALLEGATION"
},
{
"value": "GENERAL"
}
]
}
}
},
{
"id": "inc-finra",
"name": "FINRA Exam Response",
"type": "n8n-nodes-base.emailSend",
"typeVersion": 2,
"position": [
700,
80
],
"parameters": {
"toEmail": "={{$json.legal_email}}",
"ccEmail": "compliance@yourfirm.com",
"subject": "IMMEDIATE: FINRA Examination Notice Received \u2014 Litigation Hold Required",
"emailType": "html",
"message": "=<h2>FINRA EXAMINATION NOTICE \u2014 IMMEDIATE ACTION REQUIRED</h2><p>A FINRA examination notice has been received. Time: {{$json.ts}}</p><p><strong>Required within 24 hours:</strong><br>1. Preserve all Reg BI best interest documentation for past 3 years<br>2. Preserve all Form CRS delivery receipts<br>3. Preserve FINRA Rule 4370 BCP test records<br>4. Issue litigation hold to all cloud automation vendors (records in scope under SEC Rule 17a-4(f))<br>5. Notify outside securities counsel</p><p><strong>Architecture risk:</strong> SEC Rule 17a-4(f) requires WORM storage. Cloud iPaaS workflow logs are not 17a-4 compliant \u2014 FINRA exam team will issue deficiency letter if records stored there.</p>"
}
},
{
"id": "inc-sec",
"name": "SEC Exam Response",
"type": "n8n-nodes-base.emailSend",
"typeVersion": 2,
"position": [
700,
200
],
"parameters": {
"toEmail": "={{$json.legal_email}}",
"ccEmail": "compliance@yourfirm.com",
"subject": "IMMEDIATE: SEC Examination Initiated \u2014 Wells Notice Protocol Activated",
"emailType": "html",
"message": "=<h2>SEC EXAMINATION INITIATED \u2014 IMMEDIATE ACTION REQUIRED</h2><p>An SEC examination has been initiated. Time: {{$json.ts}}</p><p><strong>Required immediately:</strong><br>1. Preserve Form ADV Item 11 disclosure accuracy<br>2. Preserve Rule 206(4)-7 annual compliance review records<br>3. Preserve Marketing Rule \u00a7275.206(4)-1 performance records (5-year retention)<br>4. Issue document hold to all cloud automation platforms<br>5. Brief outside counsel \u2014 Wells Notice may follow within days</p>"
}
},
{
"id": "inc-regbi",
"name": "Reg BI Dispute Response",
"type": "n8n-nodes-base.emailSend",
"typeVersion": 2,
"position": [
700,
320
],
"parameters": {
"toEmail": "={{$json.legal_email}}",
"ccEmail": "compliance@yourfirm.com",
"subject": "IMMEDIATE: Reg BI Suitability Dispute \u2014 FINRA Arbitration Exposure",
"emailType": "html",
"message": "=<h2>REG BI SUITABILITY DISPUTE \u2014 IMMEDIATE ACTION REQUIRED</h2><p>A Reg BI best interest dispute has been filed. Time: {{$json.ts}}</p><p><strong>Required immediately:</strong><br>1. Pull all best interest documentation for disputed recommendation<br>2. Pull Form CRS delivery receipts for affected client<br>3. Pull conflict disclosure records<br>4. Issue FINRA arbitration litigation hold<br>5. Subpoena risk: plaintiffs' counsel will subpoena cloud automation vendor for workflow logs outside your privilege boundary</p>"
}
},
{
"id": "inc-dol",
"name": "DOL Fiduciary Investigation",
"type": "n8n-nodes-base.emailSend",
"typeVersion": 2,
"position": [
700,
440
],
"parameters": {
"toEmail": "={{$json.legal_email}}",
"ccEmail": "compliance@yourfirm.com",
"subject": "IMMEDIATE: DOL Fiduciary Investigation \u2014 ERISA Prohibited Transaction Exposure",
"emailType": "html",
"message": "=<h2>DOL FIDUCIARY INVESTIGATION \u2014 IMMEDIATE ACTION REQUIRED</h2><p>A DOL fiduciary investigation has been initiated. Time: {{$json.ts}}</p><p><strong>Required immediately:</strong><br>1. Preserve PTE 2020-02 written fiduciary acknowledgment<br>2. Preserve all rollover recommendation documentation with rationale<br>3. Preserve ERISA \u00a7408(b)(2) covered service provider fee disclosures<br>4. Issue DOL administrative subpoena hold to cloud vendors<br>5. Brief ERISA counsel \u2014 5% excise tax on prohibited transactions under \u00a74975</p>"
}
},
{
"id": "inc-mktg",
"name": "Marketing Rule Complaint",
"type": "n8n-nodes-base.emailSend",
"typeVersion": 2,
"position": [
700,
560
],
"parameters": {
"toEmail": "={{$json.legal_email}}",
"ccEmail": "compliance@yourfirm.com",
"subject": "URGENT: SEC Marketing Rule Complaint \u2014 Performance Record Retention Issue",
"emailType": "html",
"message": "=<h2>SEC MARKETING RULE COMPLAINT</h2><p>Time: {{$json.ts}}</p><p><strong>Required within 48 hours:</strong><br>1. Pull performance advertising records for 5-year retention review (\u00a7275.206(4)-1(a)(6))<br>2. Verify hypothetical performance disclaimers present and accurate<br>3. Verify gross/net performance display compliance<br>4. Document substantiation for all performance claims</p>"
}
},
{
"id": "inc-adv",
"name": "Form ADV Misstatement",
"type": "n8n-nodes-base.emailSend",
"typeVersion": 2,
"position": [
700,
680
],
"parameters": {
"toEmail": "={{$json.legal_email}}",
"ccEmail": "compliance@yourfirm.com",
"subject": "IMMEDIATE: Form ADV Material Misstatement \u2014 SEC Section 207 Criminal Exposure",
"emailType": "html",
"message": "=<h2>FORM ADV MATERIAL MISSTATEMENT \u2014 IMMEDIATE ACTION REQUIRED</h2><p>Time: {{$json.ts}}</p><p><strong>Required immediately:</strong><br>1. File Form ADV amendment within 30 days (Rule 204-1(a)(1))<br>2. Notify existing clients of material change within 120 days<br>3. Document Item 11 disciplinary history disclosures for accuracy<br>4. Brief securities counsel \u2014 SEC \u00a7207 false statements = criminal referral risk</p>"
}
},
{
"id": "inc-erisa",
"name": "ERISA Prohibited Transaction",
"type": "n8n-nodes-base.emailSend",
"typeVersion": 2,
"position": [
700,
800
],
"parameters": {
"toEmail": "={{$json.legal_email}}",
"ccEmail": "compliance@yourfirm.com",
"subject": "IMMEDIATE: ERISA Prohibited Transaction Allegation \u2014 \u00a74975 Excise Tax Exposure",
"emailType": "html",
"message": "=<h2>ERISA PROHIBITED TRANSACTION ALLEGATION \u2014 IMMEDIATE ACTION REQUIRED</h2><p>Time: {{$json.ts}}</p><p><strong>Required immediately:</strong><br>1. Preserve ERISA \u00a7408(b)(2) covered service provider disclosures<br>2. Review PTE 2020-02 fiduciary acknowledgment records<br>3. Notify plan sponsor counsel<br>4. \u00a74975 excise tax = 15% of transaction amount; 100% if not corrected</p>"
}
},
{
"id": "inc-general",
"name": "General Incident",
"type": "n8n-nodes-base.emailSend",
"typeVersion": 2,
"position": [
700,
920
],
"parameters": {
"toEmail": "={{$json.legal_email}}",
"ccEmail": "compliance@yourfirm.com",
"subject": "=WealthTech Compliance Incident: {{$json.incident_type}}",
"emailType": "html",
"message": "=<p>Compliance incident received. Type: {{$json.incident_type}}. Time: {{$json.ts}}. Details: {{$json.description}}. Review and escalate as appropriate.</p>"
}
}
],
"connections": {
"Incident Webhook": {
"main": [
[
{
"node": "Route by Incident Type",
"type": "main",
"index": 0
}
]
]
},
"Route by Incident Type": {
"main": [
[
{
"node": "FINRA Exam Response",
"type": "main",
"index": 0
}
],
[
{
"node": "SEC Exam Response",
"type": "main",
"index": 0
}
],
[
{
"node": "Reg BI Dispute Response",
"type": "main",
"index": 0
}
],
[
{
"node": "DOL Fiduciary Investigation",
"type": "main",
"index": 0
}
],
[
{
"node": "Marketing Rule Complaint",
"type": "main",
"index": 0
}
],
[
{
"node": "Form ADV Misstatement",
"type": "main",
"index": 0
}
],
[
{
"node": "ERISA Prohibited Transaction",
"type": "main",
"index": 0
}
],
[
{
"node": "General Incident",
"type": "main",
"index": 0
}
]
]
}
}
}
Workflow 5: Weekly WealthTech Compliance KPI Dashboard
Monday 8AM CEO + CCO + CISO KPI email: accounts by tier, MRR WoW%, churned customers, Form ADV amendments pending, Reg BI disputes open, FINRA exam active flag, SEC exam active flag, DOL investigation count, ERISA prohibited transaction open count, marketing rule complaints, API uptime, compliance review overdue count.
{
"name": "Weekly WealthTech Compliance KPI Dashboard",
"nodes": [
{
"id": "kpi-cron",
"name": "Every Monday 8AM",
"type": "n8n-nodes-base.scheduleTrigger",
"typeVersion": 1,
"position": [
200,
300
],
"parameters": {
"rule": {
"interval": [
{
"field": "cronExpression",
"expression": "0 8 * * 1"
}
]
}
}
},
{
"id": "kpi-data",
"name": "Aggregate KPI Data",
"type": "n8n-nodes-base.code",
"typeVersion": 2,
"position": [
440,
300
],
"parameters": {
"jsCode": "\nconst now = new Date().toISOString();\nreturn [{json: {\n report_date: now.split('T')[0],\n period: 'Weekly WealthTech Compliance KPI',\n kpis: {\n accounts_by_tier: {ENTERPRISE_RIA_PLATFORM: 12, ROBO_ADVISOR_SAAS: 34, WEALTH_MANAGEMENT_SAAS: 28, DIGITAL_BROKERAGE_SAAS: 19, FINANCIAL_PLANNING_SAAS: 41, CRYPTO_WEALTH_SAAS: 15, WEALTHTECH_STARTUP: 23},\n mrr_usd: 124500,\n mrr_wow_pct: 3.2,\n churned_7d: 2,\n form_adv_amendments_pending: 3,\n reg_bi_disputes_open: 1,\n finra_exam_active: false,\n sec_exam_active: false,\n dol_investigation_open: 0,\n marketing_rule_complaints_open: 0,\n erisa_prohibited_tx_open: 0,\n sec_ria_registered_clients: 45,\n finra_bd_clients: 19,\n dol_fiduciary_clients: 28,\n erisa_retirement_clients: 22,\n api_uptime_7d_pct: 99.7,\n compliance_review_overdue: 0\n }\n}}];\n"
}
},
{
"id": "kpi-email",
"name": "Email CEO + CCO",
"type": "n8n-nodes-base.emailSend",
"typeVersion": 2,
"position": [
680,
300
],
"parameters": {
"toEmail": "ceo@yourfirm.com",
"ccEmail": "cco@yourfirm.com,ciso@yourfirm.com",
"subject": "=WealthTech Weekly Compliance KPI \u2014 {{$json.report_date}}",
"emailType": "html",
"message": "=<h2>Weekly WealthTech Compliance KPI \u2014 {{$json.report_date}}</h2><table border='1' cellpadding='6'><tr><th>Metric</th><th>Value</th></tr><tr><td>MRR</td><td>${{$json.kpis.mrr_usd.toLocaleString()}}</td></tr><tr><td>MRR WoW</td><td>{{$json.kpis.mrr_wow_pct}}%</td></tr><tr><td>Churned (7d)</td><td>{{$json.kpis.churned_7d}}</td></tr><tr><td>SEC RIA Clients</td><td>{{$json.kpis.sec_ria_registered_clients}}</td></tr><tr><td>FINRA BD Clients</td><td>{{$json.kpis.finra_bd_clients}}</td></tr><tr><td>DOL Fiduciary Clients</td><td>{{$json.kpis.dol_fiduciary_clients}}</td></tr><tr><td>Form ADV Amendments Pending</td><td>{{$json.kpis.form_adv_amendments_pending}}</td></tr><tr><td>Reg BI Disputes Open</td><td>{{$json.kpis.reg_bi_disputes_open}}</td></tr><tr><td>FINRA Exam Active</td><td>{{$json.kpis.finra_exam_active}}</td></tr><tr><td>SEC Exam Active</td><td>{{$json.kpis.sec_exam_active}}</td></tr><tr><td>DOL Investigations Open</td><td>{{$json.kpis.dol_investigation_open}}</td></tr><tr><td>ERISA Prohibited Tx Open</td><td>{{$json.kpis.erisa_prohibited_tx_open}}</td></tr><tr><td>API Uptime (7d)</td><td>{{$json.kpis.api_uptime_7d_pct}}%</td></tr></table>"
}
}
],
"connections": {
"Every Monday 8AM": {
"main": [
[
{
"node": "Aggregate KPI Data",
"type": "main",
"index": 0
}
]
]
},
"Aggregate KPI Data": {
"main": [
[
{
"node": "Email CEO + CCO",
"type": "main",
"index": 0
}
]
]
}
}
}
Why WealthTech SaaS Vendors Are Building a Cloud Architecture Problem Into Their Compliance Stack
The SEC Rule 17a-4(f) WORM Storage Problem
SEC Rule 17a-4(f) requires broker-dealer electronic records to be stored in non-rewriteable, non-erasable format — write-once, read-many (WORM) — with an independent third-party download manager who can produce records directly to FINRA/SEC. Cloud iPaaS workflow logs are not 17a-4(f) compliant storage. Your FINRA examination team will ask where Reg BI best interest documentation, Form CRS delivery receipts, and trade confirmation records are stored. If the answer is "a cloud automation platform's audit logs," that is a deficiency letter.
The Reg BI Subpoena Problem
When a FINRA arbitration is filed over a disputed recommendation, plaintiffs' counsel subpoenas for best interest documentation through two channels: (1) your firm, and (2) any cloud automation vendor that stores recommendation records. The second channel bypasses your outside counsel's review window. FINRA arbitration panels regularly award full discovery of vendor records. If your Reg BI documentation workflow runs on a cloud iPaaS platform, that platform is a third-party subpoena target — separate from your litigation team.
The PTE 2020-02 Rollover Documentation Boundary
DOL Prohibited Transaction Exemption 2020-02 requires written fiduciary acknowledgment and rollover recommendation rationale for ERISA retirement account advice. Each rollover recommendation must document: why the rollover is in the client's best interest, what alternatives were considered, what compensation the adviser receives. If these records are generated and stored by a cloud automation platform, DOL investigators and class action plaintiffs' counsel can subpoena the vendor directly under ERISA §502(a). The documentation boundary is outside your privilege perimeter.
The ERISA §408(b)(2) Covered Service Provider Problem
ERISA §408(b)(2) requires "covered service providers" — including SaaS vendors who provide investment advisory, recordkeeping, or third-party administration services to ERISA plans — to disclose compensation arrangements to plan sponsors. Every cloud iPaaS platform in the data chain that touches ERISA plan participant data may itself be a covered service provider, or may create an undisclosed indirect compensation arrangement. Self-hosted n8n stays within your existing §408(b)(2) disclosure boundary.
The Form ADV Item 11 Disclosure Cascade
Form ADV Item 11 requires RIAs to disclose disciplinary events, regulatory actions, and civil proceedings. An SEC examination finding does not become a disclosure event at final action — it becomes a disclosure event when the finding is material to a client's evaluation of the adviser. If your compliance automation architecture creates a discoverable gap (e.g., cloud iPaaS logs outside WORM storage = 17a-4 violation), that gap itself may become a Form ADV Item 11 disclosure event. The architecture choice feeds forward into registration.
Five Procurement Questions Self-Hosted n8n Answers That Cloud iPaaS Cannot
When FINRA serves a records subpoena, does it go to your legal team first, or directly to the automation vendor? Self-hosted n8n: your legal team controls the perimeter. Cloud iPaaS: vendor receives subpoena independently.
Are your Reg BI best interest documentation records stored in SEC Rule 17a-4(f)-compliant WORM storage? Self-hosted n8n with compliant storage: yes. Cloud iPaaS workflow logs: no — this is a FINRA exam finding.
When a DOL investigator requests PTE 2020-02 rollover rationale records, can you produce them from a single controlled repository within your privilege boundary? Self-hosted n8n: yes. Cloud iPaaS: records split across vendor perimeters.
Is every cloud automation platform that processes ERISA plan participant data disclosed as a covered service provider or subprocessor under §408(b)(2)? Self-hosted n8n: one disclosed boundary. Cloud iPaaS: each vendor may be an undisclosed CSP.
Can you run your SOC 2 Type II audit without expanding scope to include cloud automation vendor controls? Self-hosted n8n: audit stays inside your existing boundary. Cloud iPaaS: SOC 2 CC9.2 TPSP scope expansion required.
All five workflows are available at stripeai.gumroad.com as production-ready n8n JSON files. Import directly into your n8n instance — self-hosted or n8n Cloud.
WealthTech compliance automation built on n8n. Not legal advice. Consult securities counsel for your specific registration obligations.
Top comments (0)