Report Highlights Third-Party Risk Landscape and Other New Topics; Includes Observations About Cybersecurity, Artificial Intelligence, Investment Fraud and Others
WASHINGTON—FINRA published today the 2025 FINRA Regulatory Oversight Report—a vital information resource comprising observations from across FINRA’s Member Supervision, Market Regulation and Enforcement programs that member firms can use throughout the year to strengthen their compliance programs. The report reflects FINRA’s commitment to providing transparency to member firms and the investing public about its regulatory observations and activities.
 Greg Ruppert |  Stephanie Dumont |  Bill St. Louis |
“This report is a valuable tool that we provide to member firms in support of our self-regulatory mission to protect investors and ensure market integrity. The topics reflect areas where FINRA has observed gaps in firm compliance programs as well as areas of emerging or increased risk. The report contains new topics, including a section addressing the third-party risk landscape, and many that will be familiar—such as cybersecurity and cyber-enabled fraud, communications with the public, and Regulation Best Interest and Form CRS—which have been updated to reflect evolving risks, industry trends and exam findings,” said Greg Ruppert, Executive Vice President and Head of Member Supervision at FINRA.
“Monitoring the markets, anticipating and addressing risks, identifying and investigating trading violations, and leveraging data are all part of the important work that FINRA does to safeguard the integrity of our vibrant capital markets to ensure that everyone can invest with confidence. Part of this work is reflected in our observations about manipulative trading, customer order handling and extended hours trading, among others, in this year’s Regulatory Oversight Report,” said Stephanie Dumont, Executive Vice President and Head of Market Regulation and Transparency Services at FINRA.
“Transparency is essential to a healthy regulatory program, and that is what we aim to provide with the Regulatory Oversight Report. This report contains information and insights that were gathered during the course of our regulatory operations activities, as well as some of the effective practices we have observed, to help member firms enhance their compliance programs,” said Bill St. Louis, Executive Vice President and Head of Enforcement at FINRA.
The report covers 24 topics, including new content. For each area, the report identifies the relevant rule(s); summarizes noteworthy findings or observations, as well as effective practices observed, from recent oversight activities; and provides additional resources that may be helpful to member firms in reviewing their supervisory procedures and controls, and fulfilling their compliance obligations.
New content covered in the report:
- Third-party risk landscape. In recent years, FINRA has observed an increase in cyberattacks and outages at third-party vendors used by member firms. Given the financial industry’s reliance on third-party vendors to support key systems and covered activities, an attempted cyberattack or an outage at a third-party vendor could potentially impact a large number of firms.
- Sales practice and Reg BI compliance regarding complex products (e.g., RILAs). The Securities and Exchange Commission’s Regulation Best Interest establishes a “best interest” standard of conduct for broker-dealers and associated persons when they make recommendations to retail customers of any securities transaction or investment strategy involving securities, including recommendations of variable annuities and registered index-linked annuities.
- Extended hours trading. Over the last few years, trading in National Market System stocks and other securities has increasingly stretched beyond regular trading hours. As a result, FINRA has observed a growing number of firms offering varying degrees of extended hours trading services, in some instances including the overnight period of 8:00 p.m. to 4:00 a.m. ET.
- Artificial intelligence (AI). FINRA has noted that AI-based tools have been widely used in the financial services for a number of years, and recognizes their potential value for investors, member firms and markets, etc.—and also the need for all those involved to manage potential risks. FINRA has observed that firms are proceeding cautiously with their use of Generative AI (Gen AI) technology, generally exploring or implementing vendor-supported Gen AI tools to increase efficiency of internal functions.
- Investment fraud by bad actors that directly targets investors. FINRA has observed an increase and evolution in investment fraud committed by bad actors who engage directly with investors. This typically includes enticing victims to withdraw funds from their securities accounts and send the funds to the bad actors as part of a fraudulent scheme.
- FINRA rules concerning the Remote Inspections Pilot Program and Residential Supervisory Location designation. Advances in technology and communications in the financial industry have significantly changed the way in which firms and their associated persons conduct business. In recognition of these changes, FINRA adopted FINRA Rules 3110.18 (Remote Inspections Pilot Program) and 3110.19 (Residential Supervisory Locations), which reflect a measured, modernized approach to supervision while preserving investor protection objectives.
- Trade reporting enhancements for fractional share transactions. FINRA is planning to implement enhancements to the FINRA facilities to support the reporting of fractional share quantities.
A FINRA Unscripted podcast episode about the report—featuring Ruppert, Dumont and St. Louis and guest hosted by Kayte Toczylowski, Vice President, Member Relations and Education at FINRA—is available on FINRA’s website (a transcript is available). In addition, the subjects covered in the report will be featured in other FINRA-related compliance and education resources throughout the year, including at the 2025 FINRA Annual Conference taking place May 13-15 in Washington, D.C.
About FINRA
FINRA is a not-for-profit organization dedicated to investor protection and market integrity. FINRA regulates one critical part of the securities industry—member brokerage firms doing business in the U.S. FINRA, overseen by the SEC, writes rules, examines for and enforces compliance with FINRA rules and federal securities laws, registers broker-dealer personnel and offers them education and training, and informs the investing public. In addition, FINRA provides surveillance and other regulatory services for equities and options markets, as well as trade reporting and other industry utilities. FINRA also administers a dispute resolution forum for investors and brokerage firms and their registered employees. For more information, visit www.finra.org.