FINRA has placed generative AI and cyber-enabled fraud high on its 2026 regulatory agenda, warning broker-dealers and RIAs that emerging technology and long‑standing compliance gaps are converging into higher risk for investors.
On Tuesday, the self-regulator unveiled its 2026 Annual Regulatory Oversight Report, an expanded playbook that pulls together findings from exams, surveillance and enforcement, along with examples of practices Finra sees as effective.
The latest report is being published earlier than in prior years to help firms fold it into 2026 compliance planning.
Greg Ruppert, executive vice president and chief regulatory operations officer at Finra, said the document “captures important findings and translates them into practical guidance our member firms can act on immediately,” adding that member firm compliance “protects investors and safeguards the integrity of our markets.”
A new section on generative AI maps out how firms are already deploying the technology, most often to summarize large documents and extract key data points. Many firms are piloting Gen AI for internal efficiency – for example, surfacing information from policies, procedures, or client files – rather than for direct client-facing advice.
FINRA urged firms exploring Gen AI tools to think beyond productivity gains and build supervisory and governance frameworks around any models they use. That includes testing for accuracy and bias, logging prompts and outputs, and making sure existing rules on supervision, communications, recordkeeping and fair dealing still hold when AI is in the loop.
The report also zeroes in on AI “agents” – systems that can plan and execute tasks on their own across multiple data sources and applications. These agents can accelerate automation and cut costs, but FINRA said they bring a different risk profile: tools that act without human sign-off, stretch beyond their intended authority, are hard to audit, or mishandle sensitive data. Poorly designed reward structures and gaps in domain knowledge could translate directly into investor harm if firms let agents make or influence real‑world decisions.
Cybersecurity remains a core concern. Finra says member firms are facing an expanding mix of ransomware and extortion incidents, data breaches involving personally identifiable information, phishing and text‑based “smishing” campaigns, and so‑called “quishing” attacks that use QR codes to steer users to malicious sites. New‑account fraud, account takeovers, imposter domains, and relationship‑based investment scams were also called out as priorities in the sprawling threat landscape.
FINRA also underscored GenAI as an accelerant for cyber fraud, with criminals weaponize large language models to generate convincing phishing lures, fake documents and deepfake audio or video, or to lower the skill barrier for would‑be fraudsters.
Beyond technology, the report highlights persistent weaknesses in anti‑money‑laundering programs, including failures to tailor monitoring to a firm’s business, investigate red flags, and keep pace with small‑cap fraud schemes and identity‑theft driven account activity.
With respect to communication and sales practice failures, FINRA highlighted continuing struggles at many firms to supervise social media influencers who post on their behalf, to pre‑approve static content, and to archive and review influencer and other digital communications at the same standard as email. It found that reviews of electronic communications are often too shallow and may miss non‑English content.
On the product side, FINRA flagged problems around variable annuities and registered index‑linked annuities, especially recommendations to exchange or surrender contracts. In some cases, it said firms failed to weigh costs, surrender charges and lost benefits, or allowed concentrations that did not line up with a customer’s risk profile and time horizon under Regulation BI.
“Whether it's about the evolving threat of cyberattacks including those powered by bad actors exploiting artificial intelligence ... this report delivers useful, real-world insights from our regulatory oversight work,” Ruppert said. "Our goal is simple: help firms build stronger compliance programs and more resilient operations so that investors can participate in markets with greater confidence."
Janus Henderson Investors research reveals demand for transparency, but lack of awareness of AI’s prevalence in the corporate world.
New research reveals rising expenses, forced early exits, and a widening gap between how long people live and how long their money lasts.
Firms continue their quest to attract and retain the best advisor teams.
A survey from TacticalMind AI found 69% of advisors say a high-quality AI platform that makes investment recommendations and constructs portfolios is worth $500 monthly, while research-only tools are valued closer to $250.
The alts tech provider's latest integration lets advisors query fund data and surface portfolio insights without leaving their primary workspace.
As technical expertise becomes increasingly commoditized, advisors who can integrate strategy, relationships, and specialized expertise into a cohesive client experience will define the next era of wealth management
Growth may get the headlines, but in my experience, longevity is earned through structure, culture, and discipline
