The start of a new year is always a time for reflection and goal setting. The Financial Industry Regulatory Authority (FINRA) is no different—the agency just released its 2026 Annual Regulatory Oversight Report, which includes “new and updated content on cyber-enabled fraud, senior investors and trends in generative artificial intelligence (GenAI), among other topics.” According to FINRA’s Chief Regulatory Operations Officer, “These insights from our oversight activities—combined with other intelligence—are designed to help member firms identify emerging risks and implement effective controls as needed.” As an individual advisor or member firm, it’s important to understand these emerging topics, trends, and risks so that you can navigate the rapidly changing regulatory landscape with greater clarity and confidence. It’s also worth familiarizing yourself with FINRA’s enforcement investigation priorities and areas of focus so that you can respond to and participate in these matters with less stress and confusion.
With the rapid arrival and dominance of generative AI technologies and other transformative capabilities, now is the time for financial advisors to take clear and proactive steps to safeguard their firms and their clients as effectively as possible. Today, we will take a look at some of the key takeaways from FINRA’s 2026 Regulatory Oversight Report, identify emerging risks in securities, and review the benefits of enlisting the guidance of a highly qualified and caring securities law attorney to support you in the new year and beyond.
GenAI Usage Considerations For Member Firms in 2026
FINRA’s 2026 Regulatory Oversight Report includes an entirely new section that addresses the consideration and caution that member firms should take before integrating GenAI technology into their practices. The report clarifies that “Using GenAI can implicate rules regarding supervision, communications, recordkeeping and fair dealing. Pursuant to FINRA Rule 3110 (Supervision), a member firm must have a reasonably designed supervisory system tailored to its business. If a firm is relying on GenAI tools as part of its supervisory system, its policies and procedures may consider the integrity, reliability and accuracy of the AI model.” In other words, FINRA is actively encouraging member firms to establish governance frameworks to supervise the use of all GenAI usage. Failing to take any steps or to create any policies regarding the firm’s use of GenAI technologies may leave firms vulnerable to costly risks and potential enforcement actions. The Oversight Report provides a few examples of the actions member firms can take to proactively plan for the implementation and use of GenAI tools, such as:
- Establishing controls to minimize and eliminate hallucinations, bias, and cybersecurity risks
- Creating protocols for ongoing human monitoring of model outputs and performance
- Approaching the use of AI Agents with the utmost caution, as these autonomous programs may result in adverse impacts to investors, firms, or financial markets
If your firm is exploring how GenAI will be used in your operations, it’s worth enlisting the guidance of a highly experienced and trusted securities law attorney to help you identify the emerging risks in securities and create clear protocols for minimizing them.
Developing a Robust Plan For Financial Crimes Prevention
Another key takeaway from FINRA’s 2026 Regulatory Oversight Report is the emphasis on financial crimes prevention. FINRA identifies the range of sophisticated cybersecurity threats that have targeted member firms and their customers, including ransomware and extortion events, data breaches, phishing, new account fraud, account takeovers, account impersonations, imposter sites, relationship investment scams, and insider threats. To combat these threats, FINRA offers several practices for member firms to incorporate into their services to keep sensitive data as safe and secure as possible, such as:
- Requiring multi-factor authentication
- Monitoring for impostor domains or accounts
- Monitoring for customer account takeovers (i.e., reviewing unusual or suspicious activities immediately)
- Conducting training and security awareness
- Practicing identity verification
- Establishing reasonable supervision for firm staff regarding the secure use of “bring your own device (BYOD)”
- Engaging in cross-team communication
- Monitoring third-party vendor risk
As your firm reviews its current practices and policies, it can be helpful to involve an experienced securities law attorney to assess potential risks and implement effective measures to keep your firm and your clients safe.
Reviewing Firm Operations Obligations to Ensure Compliance
In recent years, FINRA has tightened its expectations for member firms considerably. Protocols for effective and safe technology management have become the main focus of FINRA examinations and enforcement actions. According to FINRA, “FINRA expects firms to establish and maintain a reasonably designed supervisor system, including establishing, maintaining and enforcing written supervisory procedures for outsourcing activities to ensure compliance with applicable securities laws and regulations and FINRA rules.” This means that member firms must be able to show that they have taken concrete steps to establish and follow practices that minimize risk and ensure regulatory compliance. Some of FINRA’s recommendations to member firms include:
- Maintaining an inventory of all third-party vendor-provided services, hardware, systems and software components used by the firm
- Maintaining an inventory of firm data types accessed or stored by the firm’s vendors
- Conducting initial and ongoing due diligence on third-party vendors that support mission-critical systems
- Monitoring third-party vendor services for data breaches or other vulnerabilities
- Involving any third-party vendors in firm Incident Response Plan testing efforts
In addition to firm operations considerations, FINRA acknowledges how cryptocurrency (crypto) is still a relatively new frontier, encouraging member firms to actively monitor and respond to the market, legislative, and policy shifts in the crypto landscape. To learn more about the latest best practices your firm can use to protect your clients and your operations, consider reaching out to a dedicated and experienced securities law attorney for the customized support you need to make more informed decisions with greater certainty.
Looking Forward With Confidence
While it may feel a bit overwhelming in the midst of these rapidly changing technologies and capabilities, continuing to prioritize data security and your firm’s overall integrity is still essential. At Judex Law LLC, we believe in serving our clients with the attention, care, and respect they deserve. Founding attorney Tosh Grebenik has successfully defended professionals in the financial and securities industries and is fully prepared to advocate on your behalf. Please reach out to our Broomfield, Colorado office today by calling (303) 523-4022 to get started with a trusted and friendly securities law attorney.