The 2025 FINRA Annual Conference brought together compliance professionals, regulators, and industry leaders to discuss the evolving challenges facing financial firms today. From their newest initiative FINRA Forward and sophisticated cyber threats to AI’s expanding role in operations, the sessions made one thing clear: success in this environment requires a strong compliance foundation, a proactive mindset, and an openness to modernizing long-standing processes.

Below, we’ve highlighted the major themes from this year’s conference and what they mean for firms moving forward.

1. FINRA Forward: Rethinking the Rulebook for a Modern Market

Kicking off the conference was FINRA Forward, the organization’s initiative to modernize outdated regulations and create a more adaptive, innovation-friendly compliance framework. This effort reflects a growing recognition that many existing rules no longer match the way firms operate today.

Rethinking the OBA and PST Rules

A central focus of FINRA Forward is the proposed consolidation of the Outside Business Activity (OBA) and Private Securities Transactions (PST) rules. The goal? Simplify oversight, reduce unnecessary reporting, and focus regulatory attention where it matters most.

Much of the conversation centered on scaling back requirements for non-investment-related activities, think Uber driving, PTA involvement, or even, in one real-life example shared at the conference, goat herding. Under the current framework, firms have been required to supervise or disclose these types of activities.

The proposed updates would remove that burden, allowing firms to concentrate on investment-related OBAs that present real compliance risks.

Updating the $100 Gift Rule

FINRA also signaled potential changes to its long-standing $100 gift limit, which hasn’t been adjusted since 1995. Panelists discussed the possibility of raising the threshold to account for nearly three decades of inflation, providing a more realistic and modern standard for firms to follow.

Together, these proposed changes are part of a broader shift to make compliance more practical, risk-focused, and reflective of how the industry operates today. While nothing is finalized, the message was clear: FINRA is open to feedback, and firms have an opportunity to help shape what comes next.

2. Cybersecurity & Fraud: A Coordinated Response to a Growing Threat

Fraud was a major focus throughout the conference, with panelists warning that cyber threats are becoming faster, broader, and more sophisticated. With more internet-connected devices than people on the planet, firms now face an expanded attack surface, and bad actors are evolving just as quickly.

In response, both the FBI and FINRA have updated their approach. The FBI shared that it has redesigned its cyber threat strategy to focus more on prevention and rapid response. FINRA, for its part, has issued over 750 threat alerts to firms this year alone, built direct communication lines with member firms, and launched a fraud-fighting partnership with Meta to respond faster to social engineering campaigns and impersonation scams.

Evolving Threat Landscape

Panelists outlined several high-impact trends shaping the current threat environment. One standout example was FINRA’s collaboration with Microsoft to take down 250 malicious domains operated by the Onyx group, part of a broader effort to cut off fraud at its source.

A growing area of fraud involves deepfake technology, where scammers use AI-generated videos or audio to impersonate registered representatives, often in fake social media ads. These attacks can be highly convincing and have led to real investor harm. As part of its fraud prevention strategy, FINRA is working with Meta to identify and remove deepfake-driven scams from major platforms before they spread.

While newer threats like “quishing” (QR code phishing) were also discussed, the overarching message was clear: surveillance alone isn’t enough. Firms need to understand these tactics, monitor beyond their perimeter, and stay plugged into FINRA’s alerting systems and intelligence tools.

To stay ahead of cyber-enabled fraud, check out our latest course Cybersecurity and Cyber-Enabled Fraud

3. Artificial Intelligence: Educating, Exploring, and Embedding Responsibly

Artificial intelligence was another major topic at this year’s conference, with FINRA devoting significant time to understanding how firms are beginning to implement generative AI. Through more than 500 outbound calls, FINRA has been gathering insights directly from member firms, seeking to educate itself just as much as it aims to support industry adoption.

From Chatbots to Autonomous Agents

The most common use cases shared by firms include summarizing policies, drafting communications, and answering internal questions with the goal of improving speed, clarity, and consistency. But the conversation didn’t stop there. Panelists described emerging applications where AI “agents” perform research tasks independently and even collaborate by handing off work to one another with minimal human oversight.

While these innovations are promising, they come with equally important compliance implications. When implemented thoughtfully, AI tools can support faster document creation, accelerated learning, and more accurate proofreading. But that’s only possible when firms take the time to build strong foundations first.

Guidance for Implementation

To help firms navigate this space, panelists laid out several best practices:

  • Start with a clear business objective, identify specific pain points AI can address, rather than chasing trends.
  • Pilot first, then scale. Begin with a small proof-of-concept, test it thoroughly, and iterate as needed.
  • Integrate AI into existing workflows. Compliance, IT, and business teams should collaborate early to ensure tools are embedded responsibly.

Importantly, public AI tools were strongly discouraged. Firms were urged to host models in private cloud environments to protect data integrity and reduce risk exposure.

Risks That Can’t Be Ignored

As firms explore AI, they must also confront key risks. Panelists raised concerns around model hallucinations, record validation, and the lack of clarity on when AI-generated content becomes a record, a question FINRA is currently discussing with the SEC.

To stay ahead of AI-enabled compliance concerns, check out our latest course “AI in Finance: Navigating Compliance and Ethical Considerations”

4. Off-Channel Communications: Culture Over Controls

When it comes to off-channel communication, one theme resonated throughout the conference: you can’t surveil your way into compliance. While technology and surveillance tools play a role, panelists emphasized that the real key to reducing violations lies in building a strong, top-down compliance culture, one where expectations are clear, training is ongoing, and escalation is safe and encouraged.

Education as the First Line of Defense

Regardless of firm size, onboarding and education were cited as the most important drivers of success. While larger firms face greater volume and complexity, the underlying compliance structure doesn’t differ dramatically from smaller shops. What does make a difference is how quickly and consistently employees are educated on what’s allowed, and what isn’t.

That means setting expectations early, then reinforcing them regularly. Panelists recommended frequent training refreshers, formal attestations, and open conversations about how to handle gray areas. The stronger the culture, the more likely employees are to proactively stay within approved channels, or report missteps when they happen.

To stay ahead of off-channel communication, check out our latest course “On the Record: Off-Channel Communication Guide”

Monitoring What You Can’t Always See

One of the biggest challenges discussed was the idea of surveilling the “unknown.” Even with robust tools, not every off-channel communication leaves a footprint. That’s why firms are increasingly leaning on risk-based reviews and indirect indicators like customer complaints, regulatory intelligence, or changes in business lines to flag potential issues.

To support this approach, panelists recommended regularly re-assigning and re-communicating policies, especially when new collaboration tools or communication platforms are introduced. These reminders ensure employees stay informed and help reinforce that compliance expectations evolve alongside business needs.

5. IAR CE Still Tripping Up Firms

Investment Adviser Representative (IAR) continuing education remains a source of confusion for many firms, prompting FINRA to dedicate a popular session to addressing implementation challenges. A representative from NASAA spoke directly to the concerns firms have been raising about this relatively new requirement.

Key Clarifications:

Who’s Actually in Charge? Many firms mistakenly believe IAR CE is a FINRA requirement simply because reporting happens through FINRA’s FinPro system. FINRA clarified that this is actually a state-level requirement that must be adopted by individual states—FINRA is only providing the monitoring infrastructure to help track completion.

The 12-Credit Structure Another common misconception involves the structure of the 12 required credits. Some advisers assume they can complete any 12 credits to satisfy the requirement, but that’s incorrect. The credits must be split evenly:

  • 6 credits in products and practices
  • 6 credits in ethics

Understanding the “Grace Period” NASAA clarified an important misconception about the one-year grace period. This period isn’t without consequences—if advisers fail to complete their continuing education in the first year, they’ll be moved to “CE Inactive” status. Missing a second consecutive year results in license termination.

Dropped Licenses Still Count Even if an adviser drops their license in a state that requires IAR CE, they’re still obligated to complete those CE credits for that year. Failing to do so can create cascading problems across other states as they adopt IAR CE requirements, potentially affecting licenses in multiple jurisdictions.

Regulatory Element as a Bridge To help ease the transition, regulators intentionally designed the system so that Regulatory Element credits can count toward the six required products and practices credits. This flexibility acknowledges that continuing education needs are still evolving as the industry adapts to these new requirements.

The session emphasized that while IAR CE implementation has created genuine confusion, clearer guidance and systematic tracking through FinPro should help firms navigate these requirements more confidently moving forward.

Final Thoughts

The 2025 FINRA Annual Conference made it clear: the future of compliance will be shaped by firms that think proactively, adapt quickly, and engage meaningfully with evolving regulatory priorities. As rules modernize and threats become more complex, panelists urged compliance professionals to engage with FINRA’s comment opportunities to help shape the future rulebook. Submitting a letter, even if your message echoes others, shows support for regulatory reform and positions your firm as a proactive stakeholder.

Compliance isn’t just about reacting—it’s about preparing. And as this year’s conference showed, firms that prioritize clarity, culture, and collaboration are the ones best equipped to thrive in what comes next.