Representing financial professionals, financial institutions and investors in investment loss, employment and disclosure matters, and in regulatory investigations nationwide.

FINRA releases 2025 regulatory report to help firms strengthen compliance programs

On Behalf of | Feb 4, 2025 | FINRA Compliance

The Financial Industry Regulatory Authority has released its 2025 Annual Regulatory Oversight Report to provide member firms with an important informational resource over the coming year.

The report contains insights and observations from recent activities of FINRA’s regulatory operations to help firms strengthen their compliance programs, FINRA said in a news release.

Included in the oversight report are observations from across FINRA’s Member Supervision, Market Regulation and Enforcement programs covering 24 topics. One of this year’s new topics is the third-party risk landscape.  In recent years, FINRA said it has observed an increase in cyberattacks and outages at third-party vendors used by member firms. An attempted cyberattack or an outage at a third-party vendor could potentially impact a large number of firms, the report said, given the industry’s reliance on third-party vendors to support key systems and activities.

FINRA recommends that firms set up “adequate third-party vendor risk management policies” that include “initial or ongoing due diligence” of vendors, validation of their data protection controls, and a list of all vendors being used

“This report is a valuable tool that we provide to member firms in support of our self-regulatory mission to protect investors and ensure market integrity,” said Greg Ruppert, Executive Vice President and Head of Member Supervision at FINRA.  “The topics reflect areas where FINRA has observed gaps in firm compliance programs as well as areas of emerging or increased risk. The report contains new topics, including a section addressing the third-party risk landscape, and many that will be familiar—such as cybersecurity and cyber-enabled fraud, communications with the public, and Regulation Best Interest and Form CRS—which have been updated to reflect evolving risks, industry trends and exam findings.”

FINRA said the report reflects the authority’s commitment to providing transparency to member firms and the investing public about its regulatory observations and activities.

“Transparency is essential to a healthy regulatory program, and that is what we aim to provide with the Regulatory Oversight Report,” said Bill St. Louis, Executive Vice President and Head of Enforcement at FINRA.  “This report contains information and insights that were gathered during the course of our regulatory operations activities, as well as some of the effective practices we have observed, to help member firms enhance their compliance programs.”

Along with third-party risks, other areas of new content covered in the report include:

-Sales practice and Reg BI compliance regarding complex products. The Securities and Exchange Commission’s Regulation Best Interest establishes a “best interest” standard of conduct for broker-dealers and associated persons when they make recommendations to retail customers of any securities transaction or investment strategy involving securities, including recommendations of variable annuities and registered index-linked annuities.

-Extended hours trading. Over the last few years, trading in National Market System stocks and other securities has increasingly stretched beyond regular trading hours. As a result, FINRA has observed a growing number of firms offering varying degrees of extended hours trading services, in some instances including the overnight period of 8:00 p.m. to 4:00 a.m. ET.

-Artificial intelligence (AI). FINRA has noted that AI-based tools have been widely used in the financial services for a number of years, and recognizes their potential value for investors, member firms and markets, etc.—and also the need for all those involved to manage potential risks. FINRA said firms are proceeding cautiously with their use of Generative AI (Gen AI) technology.

-Investment fraud by bad actors that directly targets investors. FINRA has observed an increase in investment fraud that typically includes enticing victims to withdraw funds from their securities accounts and send the funds to the bad actors as part of a fraudulent scheme.

-FINRA rules concerning the Remote Inspections Pilot Program and Residential Supervisory Location designation. In light of the technological advances that have changed the way business is conducted, FINRA adopted FINRA Rules 3110.18 (Remote Inspections Pilot Program) and 3110.19 (Residential Supervisory Locations), which modernize the approach to supervision while preserving investor protection objectives.

The attorneys at Lewitas Hyman regularly monitor SEC, FINRA and other self-regulatory organizations’ rule-making activities to help ensure that our clients are aware of any new policies, while assisting them in implementing any recommended changes. Our clients include broker-dealers, RIAs, banks, investment companies and hedge funds, along with registered representatives and other individuals participating in the securities industry.  Should you be in need of experienced counsel regarding a matter involving a regulatory agency, please contact Lewitas Hyman at (888) 655-6002 or through our online contact form.