Exploring FINRA’s 2026 Annual Regulatory Oversight Report: Key Risks and Insights

On December 9, 2025, the Financial Industry Regulatory Authority (FINRA) unveiled its 2026 Annual Regulatory Oversight Report (2026 Report). This comprehensive document, nearing 90 pages, sheds light on emerging risks ranging from cybersecurity to data privacy and generative artificial intelligence (GenAI). It also revisits critical perennial focus areas, such as Regulation Best Interest (Reg BI) compliance, third-party vendor management, and best execution protocols.

Key Takeaways

One of the foremost messages from the 2026 Report is the evolving landscape of threats and challenges within the financial industry. FINRA emphasizes that member firms should view this report as not just a statement of intent but as guidance for assessing compliance with established regulations. Some pivotal findings include:

• The necessity for corporate governance and supervisory frameworks to adapt along with technological advancements.
• The critical importance of prioritizing cybersecurity.
• A renewed focus on anti-money laundering (AML) testing, especially concerning customer due diligence.
• Timeless compliance challenges such as manipulative trading and best execution practices remain relevant.
• FINRA’s rules apply to all firms and associated persons, including activities involving crypto assets.
• A need for vigilance regarding evolving financial management and reporting standards concerning new asset types.

Spotlight on Emerging Technologies: GenAI

In a new section dedicated to GenAI, the 2026 Report highlights the imperative for firms to assess their regulatory compliance before deploying such technologies. FINRA encourages institutions to establish robust governance frameworks aimed at overseeing GenAI usage.

Key recommendations include:

• Implementing controls to mitigate risks of bias, hallucinations, and cybersecurity vulnerabilities associated with AI.
• Ensuring continuous human oversight of AI outputs.
• Tracking the activities of autonomous AI agents, which might necessitate innovative oversight mechanisms.

The Ongoing Battle Against Financial Crimes

Cybersecurity and Cyber-Enabled Fraud

Cybersecurity remains a formidable operational and compliance concern. FINRA underlines the expectation for firms to maintain robust cybersecurity programs that align with SEC and FINRA regulations. Recent amendments to Regulation S-P have elevated the stakes, mandating firms to create policies for detecting, responding to, and recovering from unauthorized accesses to customer data.

Identifying Key Threats

Among the myriad threats identified, some of the most pressing include:

1. Ransomware Attacks: These pose risks by compromising firm systems and seizing data.
2. Data Breaches: Such incidents can expose sensitive information about both firms and clients.
3. Social Engineering: This includes strategies like phishing and smishing aimed at tricking users into revealing confidential information.
4. New Account Fraud: This encompasses both the initiating of fraudulent accounts and of account takeovers using stolen identities.
5. GenAI-Enabled Fraud: Criminals are exploiting AI technologies to create sophisticated methods for committing fraud.

Anti-Money Laundering Strategies

FINRA reiterates the necessity for firms to proactively identify and mitigate potential fraud attempts against their clients. Effective anti-money laundering practices require:

• Establishing risk-based compliance programs to flag potential red flags.
• Training personnel and clients on recognizing scams.
• Reviewing supervisory procedures to ensure AML responsibilities are well-defined and effectively managed.

Addressing Manipulative Trading

The fight against manipulative trading practices remains a persistent focus for FINRA. The 2026 Report specifically addresses concerns about fraud in small-cap equities. The findings suggest that:

• Many firms lack adequate surveillance systems capable of identifying a variety of manipulative trading schemes.
• Firms may not be fully equipped to adapt their surveillance strategies as market conditions change.
• There is an urgency to bolster staff training and ensure investigations into surveillance alerts are thorough.

Importance of Vendor Management

In light of the rising dependence on third-party vendors, FINRA emphasizes the importance of maintaining effective supervisory systems. The 2026 Report outlines best practices, including:

• Conducting thorough due diligence for third-party vendors, especially those handling IT and cybersecurity functions.
• Managing the potential risks posed by vendor cyber incidents, as these can disrupt multiple firms.
• Establishing a robust vendor management framework that includes regular assessments of vendor performance and security.

Cryptocurrency: A Continued Focus

Unlike the SEC, which has sidestepped cryptocurrency in its recent examinations, FINRA remains vigilant about digital assets. The organization urges member firms to keep pace with changes in the cryptocurrency landscape, emphasizing:

• The need for comprehensive due diligence on unregistered investment offerings.
• Awareness of the potential for fraud or AML issues associated with trading or transferring cryptocurrencies.
• Clear communication with customers regarding the distinction between traditional brokerage and crypto accounts.

Communications and Sales Compliance

In today’s digital age, FINRA continues to highlight the importance of compliance in communication with the public. Firms are encouraged to:

• Monitor new communication channels and develop procedures for managing them, especially with the rise of social media.
• Ensure that staff is trained to adhere to Reg BI and other compliance standards when engaging with clients.

Best Execution and Order Handling

FINRA reiterates its ongoing focus on ensuring firms achieve best execution in their trading activities.

Key observations include:

• Continued enforcement actions against firms failing to assess execution quality adequately.
• Attention to the accuracy of Rule 606 reports, with increased scrutiny on the publishing of these documents.

Financial Management Concerns

Net Capital Compliance

FINRA identifies persistent issues with compliance related to net capital, including:

• Problems with revenue reporting and supervision for net capital deductions.
• The importance of ongoing monitoring of net capital amidst an evolving landscape of underlying business practices.

Liquidity Risk Management

Another critical focus is the management of liquidity risk. FINRA identifies weaknesses, urging firms to review and align their practices with current market realities.

Protecting Customer Assets

Lastly, as part of protecting customer assets, firms must comply with evolving rules affecting how they compute reserve formulas for asset protection, especially in light of the recently extended SEC compliance dates.

The FINRA 2026 Annual Regulatory Oversight Report serves as a crucial directive, guiding member firms through the complexities of an ever-evolving financial landscape. Emphasizing compliance and vigilance, the report lays a roadmap for institutions to navigate challenges in cybersecurity, emerging technologies, and financial crime prevention.