On January 28, 2025, FINRA published its Annual Regulatory Oversight Report (the Report). The Report highlights emerging risk areas and recent developments, common compliance deficiencies, and best practices for member firms. The Report is important not only because it identifies areas where FINRA is likely to be focused over the coming months but also because it provides insight into FINRA’s expectations for the types of controls, procedures, and supervisory frameworks that firms should have in place to address priority risk areas and activities. This year, the Report highlights new considerations relating to the use of artificial intelligence (AI), which implicate multiple regulatory areas and activities – including third-party vendors and outsourcing, cybersecurity, communications with the public, and Regulation Best Interest.
In this Alert, we do not cover every topic addressed in the Report, but rather discuss the more notable additions to the Report for 2025 and our key takeaways, which we divide into the following topics: (1) the use of AI tools and technology, (2) the use of third-party vendors, (3) financial crimes prevention (cybersecurity, AML, and manipulation), (4) sales and trading, and (5) back-office and operations (including recordkeeping). By leveraging the insights highlighted in these areas and the Report more generally, firms can mitigate their regulatory risk and better position themselves for 2025.