FINRA’s 2025 Oversight Report and the SEC’s Examination Priorities make one point clear: the risks firms face hasn’t changed, but regulators expect sharper oversight and modern approaches to managing them. Below, we break down the top five hot topics shaping Firm Element training in 2025.

1) Financial Crimes Prevention

What regulators said:
Financial crimes remain one of the most pressing risks for broker-dealers. Regulators continue to spotlight cyber fraud, evolving money-laundering methods, and manipulative trading as areas requiring ongoing vigilance.

What to teach:

  • How to recognize phishing, social engineering, and account takeover attempts
  • Common signs of manipulative trading (layering, spoofing, wash trades)

Takeaway for compliance teams: Refresh fraud scenarios in annual training, run short phishing simulations throughout the year, and ensure frontline staff are confident in escalating suspicious transactions.

Recommended Courses

  • Cybersecurity and Cyber-Enabled Fraud

          Course ID: 24216

  • AML and Evolving Threats: A Guide for Financial Professionals

          Course ID: 23888

2) Off-Channel Communications & Books/Records

What regulators said:
Maintaining accurate business communication records continues to challenge firms. Regulators are still issuing significant penalties for employees using personal devices or unapproved messaging apps, underscoring the need for stronger controls.

What to teach:

  • What qualifies as a business communication across email, text, chat, and social platforms
  • How to identify and avoid unapproved channels
  • How to escalate or move a client conversation into an approved system

Takeaway for compliance teams: Build “spot the violation” exercises into training to help staff recognize problematic communications, equip managers with clear escalation steps and reminders for monitoring off-channel activity.

Recommended Courses

  • On the Record: Off-Channel Communication Guide

          Course ID: 24355

  • Books and Records: Representative Responsibilities

          Course ID: 17678

3) Third-Party Risk

What regulators said:
For the first time, FINRA included third-party risk management as a formal priority in its oversight report. Firms are expected to strengthen vendor due diligence, monitor data handling, and ensure oversight when third parties play a role in client interactions or business operations.

What to teach:

  • Approval requirements for new apps, platforms, or tools
  • Data handling expectations when engaging with third-party vendors

Takeaway for compliance teams: Provide employees with a simple way to flag unapproved tools and consider running exercises that simulate a vendor outage or breach to test your firm’s response readiness.

Recommended Courses

  • Outsourcing to Third-PARTY Service Providers

           Course ID: 12058

  • Due Diligence for Investment Advisers

          Course ID: 11227

4) Artificial Intelligence & Technology Management

What regulators said:
Both FINRA and the SEC are closely monitoring how firms adopt AI. Regulators are focused on ensuring AI tools don’t create new risks in client communications, suitability, or surveillance, and that firms maintain proper human oversight.

What to teach:

  • When AI use is permitted versus prohibited
  • The importance of human review and recordkeeping of AI outputs
  • Data privacy and security risks tied to AI adoption

Takeaway for compliance teams: Add an AI attestation to annual compliance training and require AI-assisted communications to go through the same pre-approval process as traditional materials.

Recommended Courses

  • AI in Finance: Navigating Compliance and Ethical Considerations

          Course ID: 21862

  • Communicating with Clients in the Digital Age

          Course ID: 22206

5) Reg BI & Communications with the Public

What regulators said:
Standards of conduct and fair communications remain high on the regulatory agenda. Regulators are taking a closer look at how firms disclose conflicts, costs, and risks, especially in digital communications and when promoting complex or crypto-related products.

What to teach:

  • Avoiding promissory statements, misleading performance claims, and exaggerated testimonials
  • Specific risks and requirements for crypto and digital asset promotions

Takeaway for compliance teams: Ensure your communications review procedures cover newer digital formats and align with Reg BI standards. Pair that with scenario-based training that connects product recommendations, especially in crypto and other complex products, to care obligations and plain-language disclosures.

Recommended Courses

  • Regulation Best Interest: Practical Applications

          Course ID: 23865

  • Reg BI and Form CRS: Elevating Standards in Client Recommendations

          Course ID: 23844

While the topics regulators are prioritizing in 2025 may feel familiar, the expectations around oversight and documentation are rising. For compliance professionals, Firm Element training remains one of the most effective ways to ensure financial professionals are prepared to spot risks, act appropriately, and reinforce firm culture. By addressing these hot topics—financial crimes, off-channel communications, third-party risk, AI, and Reg BI—you can keep your training program both exam-ready and practically useful for your teams.