FINRA published today the 2025 FINRA Regulatory Oversight Report—a vital information resource comprising observations from across FINRA’s Member Supervision, Market Regulation and Enforcement programs that member firms can use throughout the year to strengthen their compliance programs.
The report reflects FINRA’s commitment to providing transparency to member firms and the investing public about its regulatory observations and activities.
“This report is a valuable tool that we provide to member firms in support of our self-regulatory mission to protect investors and ensure market integrity. The topics reflect areas where FINRA has observed gaps in firm compliance programs as well as areas of emerging or increased risk. The report contains new topics, including a section addressing the third-party risk landscape, and many that will be familiar—such as cybersecurity and cyber-enabled fraud, communications with the public, and Regulation Best Interest and Form CRS—which have been updated to reflect evolving risks, industry trends and exam findings,” said Greg Ruppert, Executive Vice President and Head of Member Supervision at FINRA.
“Monitoring the markets, anticipating and addressing risks, identifying and investigating trading violations, and leveraging data are all part of the important work that FINRA does to safeguard the integrity of our vibrant capital markets to ensure that everyone can invest with confidence. Part of this work is reflected in our observations about manipulative trading, customer order handling and extended hours trading, among others, in this year’s Regulatory Oversight Report,” said Stephanie Dumont, Executive Vice President and Head of Market Regulation and Transparency Services at FINRA.
“Transparency is essential to a healthy regulatory program, and that is what we aim to provide with the Regulatory Oversight Report. This report contains information and insights that were gathered during the course of our regulatory operations activities, as well as some of the effective practices we have observed, to help member firms enhance their compliance programs,” said Bill St. Louis, Executive Vice President and Head of Enforcement at FINRA.
The report covers 24 topics, including new content. For each area, the report identifies the relevant rule(s); summarizes noteworthy findings or observations, as well as effective practices observed, from recent oversight activities; and provides additional resources that may be helpful to member firms in reviewing their supervisory procedures and controls, and fulfilling their compliance obligations.
New content covered in the report:
Third-party risk landscape. In recent years, FINRA has observed an increase in cyberattacks and outages at third-party vendors used by member firms. Given the financial industry’s reliance on third-party vendors to support key systems and covered activities, an attempted cyberattack or an outage at a third-party vendor could potentially impact a large number of firms.
Sales practice and Reg BI compliance regarding complex products (e.g., RILAs). The Securities and Exchange Commission’s Regulation Best Interest establishes a “best interest” standard of conduct for broker-dealers and associated persons when they make recommendations to retail customers of any securities transaction or investment strategy involving securities, including recommendations of variable annuities and registered index-linked annuities.
Extended hours trading. Over the last few years, trading in National Market System stocks and other securities has increasingly stretched beyond regular trading hours. As a result, FINRA has observed a growing number of firms offering varying degrees of extended hours trading services, in some instances including the overnight period of 8:00 p.m. to 4:00 a.m. ET.
Artificial intelligence (AI). FINRA has noted that AI-based tools have been widely used in the financial services for a number of years, and recognizes their potential value for investors, member firms and markets, etc.—and also the need for all those involved to manage potential risks. FINRA has observed that firms are proceeding cautiously with their use of Generative AI (Gen AI) technology, generally exploring or implementing vendor-supported Gen AI tools to increase efficiency of internal functions.
Investment fraud by bad actors that directly targets investors. FINRA has observed an increase and evolution in investment fraud committed by bad actors who engage directly with investors. This typically includes enticing victims to withdraw funds from their securities accounts and send the funds to the bad actors as part of a fraudulent scheme.
FINRA rules concerning the Remote Inspections Pilot Program and Residential Supervisory Location designation. Advances in technology and communications in the financial industry have significantly changed the way in which firms and their associated persons conduct business. In recognition of these changes, FINRA adopted FINRA Rules 3110.18 (Remote Inspections Pilot Program) and 3110.19 (Residential Supervisory Locations), which reflect a measured, modernized approach to supervision while preserving investor protection objectives.
Trade reporting enhancements for fractional share transactions. FINRA is planning to implement enhancements to the FINRA facilities to support the reporting of fractional share quantities.