The Financial Industry Regulatory Authority (FINRA) released its 2024 Annual Regulatory Oversight Report, formerly known as the Report on FINRA’s Examination and Risk Monitoring Program. The report delivers essential guidance for compliance officers and is devised to inform member firms’ compliance programs by delivering annual insights from FINRA’s ongoing regulatory operations. This year’s report provides insights from examiners on various evolving issues in the industry, including AI as an emerging risk, developments in crypto assets, cybersecurity trends, and more.

Overview

The comprehensive report from FINRA’s regulatory operations covers twenty-six topics across six sections, including Financial Crimes, Crypto Asset Developments (new in 2024), Firm Operations, Communications and Sales, Market Integrity, and Financial Management. Also new this year are three new topics within the Market Integrity section, including OTC Quotations in Fixed Income Securities, Advertised Volume, and Market Access Rule.

In a press release, Greg Ruppert, EVP of Member Supervision at FINRA, stated: “The report’s findings from across FINRA’s Member Supervision, Market Regulation and Enforcement programs can serve as a valuable resource for member firms. As our industry evolves, so do the compliance challenges faced by firms, which is why the report is so critical. Some of the topics covered will be familiar from past reports, updated for 2024, while others are new and represent emerging risks and evolving trends that are of growing importance as we look ahead.”

Key Takeaways

Artificial Intelligence
The financial services industry is using AI technology to create operational efficiencies and improve customer service. However, FINRA considers the use of AI an “emerging risk” due to concerns about accuracy, privacy, bias, and intellectual property. The regulatory obligations of member firms may be affected by the use of AI tools, and firms should take into account these implications before deploying the technology. It’s important to note that the regulatory landscape may change as AI’s use in the financial services industry continues to develop.

Crypto
Crypto Asset Developments is a newly added section that provides guidance for firms engaging in crypto asset activities and addresses related risks. Member firms are required to have their crypto asset securities business line assessed by the self-regulatory organization to ensure that it meets all the application rules set forth by the SEC under its member application program. Additionally, FINRA has requested that member firms notify the organization if they, or any of their affiliates, engage or plan to engage in any crypto-related activities.

Cybersecurity
FINRA’s 2024 report emphasizes the importance of cybersecurity and compliance nuances, urging firms to prioritize robust frameworks to mitigate risks. The report highlights the importance of complying with cybersecurity regulations, citing SEC and FINRA protocols for protecting customer data, ensuring business continuity, and reporting incidents. The SEC has new rules requiring public companies to report on cybersecurity incidents and risk management. The report provides a checklist covering cybersecurity, urging firms to implement supervisory controls and thorough identity verifications.

 

FINRA’s latest report reinforces the breadth and depth of FINRA’s rules and reveals practices member firms ought to consider for maintaining effective compliance programs. Member firms should review the report to identify potential gaps and areas for enhancement in their compliance programs and supervisory controls. Moreover, firms should use the report in their preparation for regulatory exams and pay close attention to emerging areas of risk pertinent to their business operations and practices.

FINRA Audit Guide