Key Insights from FINRA’s 2025 Annual Regulatory Oversight Report

Written By K. Braeden Anderson

The Financial Industry Regulatory Authority (FINRA) has released its 2025 Annual Regulatory Oversight Report, offering critical insights into the regulatory landscape for broker-dealers. As expected, the report revisits foundational compliance areas such as anti-money laundering (AML), financial crimes prevention, market integrity, communications and sales practices, and cybersecurity. However, this year’s report introduces several new focus areas that firms should carefully evaluate, including third-party risk, extended-hours trading, and registered index-linked annuities (RILAs).

Although the report does not create new regulatory obligations, it provides a roadmap for FINRA’s examination and enforcement priorities in 2025. Firms should review the report thoroughly to assess whether enhancements to their compliance programs are warranted. Below, we summarize the most noteworthy additions and updates from this year’s report.

New Areas of Focus in 2025

1. Third-Party Risk and Cybersecurity

With increased reliance on third-party vendors for essential services such as electronic communications storage, trading platforms, and compliance support, FINRA highlights concerns about cyberattacks and operational disruptions affecting these providers. The report urges firms to:

  • Implement supervisory controls for vendor relationships.

  • Conduct periodic risk assessments of third-party service providers.

  • Review data security protocols and access permissions for sensitive customer information.

  • Assess whether third-party vendors utilize generative AI (GenAI) and ensure appropriate governance structures are in place.

2. Registered Index-Linked Annuities (RILAs)

Sales of RILAs surged to $47.4 billion in 2023 (a 15% increase from 2022), prompting FINRA to reinforce its expectations for Regulation Best Interest (Reg BI) compliance. The report notes:

  • Many firms lack adequate supervisory procedures to prevent over-concentration in RILAs and variable annuities.

  • Firms must ensure that recommendations align with customers’ investment profiles, including age, risk tolerance, and financial objectives.

  • FINRA will scrutinize firms’ supervisory controls for RILA sales to detect potential conflicts of interest.

3. Extended-Hours Trading

The report underscores the growing trend of extended-hours and overnight trading, emphasizing that firms’ regulatory obligations extend beyond traditional market hours. Specifically, firms should:

  • Ensure compliance with best execution requirements (FINRA Rule 5310).

  • Maintain adequate supervision policies (FINRA Rule 3110) for after-hours trading.

  • Provide customers with clear risk disclosures (FINRA Rule 2265) about liquidity and volatility concerns.

  • Evaluate business continuity plans to account for risks unique to extended-hours trading.

Evolving Regulatory Priorities

Artificial Intelligence (AI) and Market Manipulation

As AI-powered tools become more sophisticated, bad actors are leveraging GenAI for fraudulent activities, including:

  • Synthetic identities and phishing scams impersonating firm executives.

  • Deepfake videos and AI-generated misinformation designed to manipulate stock prices.

  • Fake websites and AI-assisted pump-and-dump schemes targeting retail investors.

FINRA advises firms to:

  • Educate employees and customers on the heightened risks posed by AI-driven fraud.

  • Monitor GenAI-generated communications and ensure compliance with recordkeeping obligations.

  • Conduct enhanced surveillance for potential AI-fueled market manipulation tactics.

Cybersecurity and Fraud Prevention

With cyber threats growing in complexity, FINRA reiterates the importance of robust cybersecurity measures. Key recommendations include:

  • Regularly testing cybersecurity defenses through penetration testing and red-teaming exercises.

  • Segmenting network access to limit the potential spread of breaches.

  • Engaging senior leadership in cybersecurity oversight and response planning.

Anti-Money Laundering (AML) and Fraud Detection

FINRA continues to emphasize AML compliance, noting that many firms fail to scale their AML programs in response to business expansion. Common deficiencies include:

  • Inadequate monitoring of suspicious transactions.

  • Insufficient resources allocated to AML compliance functions.

  • Lack of customer due diligence (CDD) enhancements when transaction volumes increase.

Firms should ensure that AML programs evolve in tandem with business growth and emerging financial crime tactics.

Manipulative Trading and Market Surveillance

FINRA’s report highlights increased enforcement actions related to spoofing, layering, and wash trades, particularly in small-cap IPOs and foreign issuers. The agency urges firms to:

  • Strengthen trade surveillance systems to detect and prevent manipulative activities.

  • Adapt monitoring frameworks to address social media-driven pump-and-dump schemes.

  • Review trading patterns to identify anomalies in market behavior.

Ongoing Compliance Obligations and Emerging Trends

Outside Business Activities (OBA) and Private Securities Transactions (PST)

FINRA reiterates its long-standing concerns about unreported OBAs and PSTs, particularly in cryptocurrency-related ventures. Although no immediate rule changes have been introduced, FINRA plans to solicit public comments in 2025 on a proposed consolidated Outside Activities Rule.

Crypto Regulatory Nexus

While FINRA’s jurisdiction remains limited to securities-related activities, the report highlights:

  • The need for firms to ensure compliance when offering crypto assets that qualify as securities.

  • Potential oversight of non-securities activities if they involve associated persons of FINRA-member firms.

  • Continued focus on crypto trading platforms and custody arrangements.

Regulation Best Interest (Reg BI) and Form CRS Compliance

FINRA found that many firms fail to adequately document their compliance with Reg BI, particularly regarding:

  • Inadequate suitability reviews for complex investment products.

  • Failure to disclose material conflicts of interest.

  • Poor supervision of investment recommendations and account transitions.

Firms should implement data-driven reviews to confirm the appropriateness of recommendations and compliance with Reg BI obligations.

Consolidated Audit Trail (CAT) and Trade Reporting

FINRA continues its focus on trade reporting compliance, particularly in:

  • Supervisory procedures for CAT reporting accuracy.

  • Timely remediation of reporting deficiencies.

  • New fractional share transaction reporting requirements set to take effect in 2025.

Regulation SHO and Short Sale Compliance

FINRA remains focused on Reg SHO violations, particularly regarding:

  • Misuse of ETF conversions for closing out fails.

  • Inadequate documentation of close-out processes.

  • Failure to develop written supervisory procedures for compliance with short sale regulations.

Final Thoughts

FINRA’s 2025 Annual Regulatory Oversight Report serves as a comprehensive guide to regulatory expectations for broker-dealers. As the financial industry continues to evolve, firms must remain proactive in enhancing their supervisory frameworks, trade surveillance mechanisms, and cybersecurity defenses. The focus on AI, extended-hours trading, RILAs, and third-party risk management signals key areas for heightened scrutiny in the year ahead.

At Anderson P.C., we provide tailored legal guidance to help firms navigate FINRA compliance, regulatory investigations, and enforcement actions. Our deep experience in securities enforcement, internal investigations, and financial regulatory matters positions us as trusted advisors for broker-dealers and financial institutions.

* * *

Attorney Advertising—Anderson P.C. is a U.S. law firm and provides this information as a service to clients, prospective clients, and other friends for educational purposes only. It should not be construed or relied on as legal advice or to create a lawyer-client relationship.

Anderson P.C. is a boutique law firm dedicated to defending clients in government investigations and securities enforcement actions initiated by the SEC, FINRA, DOJ, and other regulatory bodies. We provide focused, strategic counsel and regulatory guidance across the full spectrum of federal laws and regulations affecting broker-dealers, investment advisers, banks, asset managers, private funds, public companies, senior executives, and digital assets. Our deep expertise allows us to navigate complex legal challenges and deliver results-driven solutions tailored to our clients' unique needs.

If you have any questions or need legal assistance related to government investigations, securities enforcement actions, or regulatory compliance, please don't hesitate to contact us. Our team at Anderson P.C. is here to provide the expert guidance and support you need to navigate these complex challenges.

K. Braeden Anderson
Previous

SEC Crypto Enforcement Pauses in Select Matters; But Uncertainty Remains for Many
Next

Bondi Pivots Justice Department’s Stance on White Collar Under Trump