January 31, 2025 - On January 28, 2025, the Financial Industry Regulatory Authority (FINRA) released its 2025 Annual Regulatory Oversight Report. The 80-page report highlights critical insights from FINRA’s regulatory operations program to help member firms strengthen their compliance programs and address emerging risks.

Designed as a continuously evolving resource, the Report provides firms with:

1. Relevant rules
2. Key findings from FINRA’s recent oversight activities
3. Effective practices to help tailor compliance programs
4. A comprehensive list of FINRA notices, reports, tools, and resources

Key Highlights and Takeaways

Cybersecurity: Cybersecurity remains a top concern due to more frequent and sophisticated threats, including ransomware, new account fraud, insider threats, and data breaches. Emerging risks such as “quishing” and attacks on third-party vendors are raising alarms about potential supply chain disruptions and data security breaches.

Fraud: Investment fraud schemes are evolving, with scammers leveraging investment clubs, relationship scams, tech support fraud, and imposter websites. FINRA also highlights increasing ACH-related fraud involving internal and external bad actors.

Artificial Intelligence (AI): FINRA closely monitors firms’ use of generative AI and the compliance challenges that arise. It is also studying how criminals exploit AI to target firms and clients, with plans to offer further guidance and best practices for protection.

Manipulative Trading: Preventing manipulative trading remains a key area of focus. FINRA highlights surveillance issues with detecting schemes like layering, spoofing, and social media-driven fraud. The rise of fraudulent activity involving investment clubs has prompted more rigorous oversight and reviews of firms’ supervisory practices.

Consolidated Audit Trail (CAT): Many firms continue to struggle with accurate and timely CAT reporting and lack adequate supervisory procedures. As CAT is a key regulatory tool, the integrity of underlying CAT data is expected to remain an area of regulatory focus.

Anti-Money Laundering (AML): FINRA underscores numerous enforcement cases related to failures in customer identification programs (CIP) and customer due diligence (CDD). Firms relying on automated systems must ensure proper calibration and testing to prevent compliance gaps.

Regulation Best Interest (Reg BI): Reg BI enforcement has increased, especially regarding complex products like variable annuities and registered index-linked annuities (RILAs). Firms are urged to have robust policies and supervisory systems to ensure recommendations and sales meet Reg BI standards.

Extended Trading Hours: This new focus area reflects the rise in overnight trading and related risks. FINRA monitors issues like manipulative trading, best execution, audit trail reporting, customer disclosures, and supervision during extended trading sessions.

Net Capital: FINRA continues to uncover issues involving inadequate supervision, incorrect capital charges for underwriting commitments, inaccurate net capital deductions, improper recording of revenue and expenses, delayed or insufficient filings, inadequate capital for underwriting participation, and errors in OCC charges.

Third-Party Risk: As the financial industry becomes increasingly interconnected, FINRA emphasizes the risks associated with third-party vendors and service providers, including the potential for cyberattacks, data breaches, or outages.

The Report offers valuable insights into areas likely to be included in upcoming examinations. With this knowledge, firms can proactively identify and address potential compliance gaps and prepare for any regulatory scrutiny.

Practical Action Steps for Firms

Firms can leverage FINRA’s reports to enhance their compliance programs through:

• Applicability Assessment: Conduct a comprehensive review of the Report to identify which topics, risks, and best practices are relevant based on their business models, size, and practices.
• Risk Assessment: Integrate key insights from the Report into broader risk assessments and compliance evaluations to help identify potential vulnerabilities.
• Gap Analysis: Following a risk assessment, perform a gap analysis to pinpoint areas where compliance efforts can be improved or where additional controls may be needed.

How Can Citrin Cooperman Help

In addition to our core assurance, tax, and advisory services, Citrin Cooperman provides relevant specialty practices, including our dedicated Broker-Dealer practice and Forensic & Litigation Services team. Our professionals have extensive experience across a wide range of FINRA-related matters, from providing guidance on the technical aspects of daily operations to assisting clients in responding to potential rule violations.

If you have any questions regarding this alert, please contact the Citrin Cooperman professional with whom you usually work or reach out directly to the contributors: Alexander Reyes, Daniel McGuire, Kevin Tanaka, or Atul Chandra.

For additional information, FINRA has also released a special episode of its FINRA Unscripted podcast titled “Unpacking the 2025 FINRA Regulatory Oversight Report,” in which FINRA’s regulatory leaders highlight takeaways from the Report and insights for member firms.