FINRA’s latest Regulatory Oversight Report signals significant shifts in regulatory focus, introducing new priorities while reinforcing existing concerns. Here’s what compliance officers need to know for 2025.

New Priority Areas

The report introduces two major additions to FINRA’s oversight agenda.

  • First, there’s an expanded focus on third-party risk management, prompted by increasing cyberattacks and vendor outages. Firms must now maintain comprehensive vendor inventories, establish robust contingency plans, and carefully evaluate vendors using generative AI.
  • Extended hours trading emerges as another key focus area. Firms offering these services must ensure clear risk disclosures, maintain strong supervisory processes, and demonstrate best execution practices during extended trading hours.

Enhanced Cybersecurity Focus

FINRA’s cybersecurity concerns have evolved to include quantum computing risks and sophisticated attack methods. The report warns about new threats including “quishing” (QR code-based phishing), generative AI-enabled fraud, and cybercrime-as-a-service. Firms are advised to implement network segmentation and conduct regular tabletop exercises to test their response capabilities.

Continuing Priorities with New Emphasis

Reg BI compliance remains crucial, with new attention on complex product recommendations and account-type recommendations. FINRA particularly emphasizes the need for enhanced supervision of rollover recommendations and account switches.

Senior investor protection continues as a priority, with increased emphasis on establishing Trusted Contact Persons and implementing temporary holds when financial exploitation is suspected.

Looking Ahead

For 2025, compliance officers should prioritize:

  • Reviewing and updating third-party risk management programs
  • Strengthening cybersecurity defenses against emerging threats
  • Enhancing senior investor protection protocols
  • Ensuring robust Reg BI compliance frameworks, especially for complex products

The message is clear: FINRA expects firms to adapt their compliance programs to address both emerging technologies and evolving market risks while maintaining strong core compliance functions.