FINRA has released its 2026 Regulatory Oversight Report earlier than ever, a move the regulator says is meant to give firms more time to prepare for emerging risks. “We heard the industry loud and clear,” said Ornella Bergeron, acting head of member supervision. “They wanted the report out sooner so that they can leverage it as part of their compliance planning for 2026.”
The report covers areas like Reg BI, AML, and best execution, but it also tackles newer concerns such as generative AI, cyber-enabled fraud, tokenization, and overnight trading, reflecting both the regulator’s and the industry’s growing worries about digital threats.
The report was also the focus of a recent FINRA podcast, “Navigating the 2026 Regulatory Oversight Report: Key Insights from FINRA Leadership.” The episode featured Bergeron alongside Bill St. Louis, head of enforcement; Feral Talib, head of market oversight; and Bryan Smith, acting head of Strategic Intelligence.
They discussed takeaways from the report and practical ways firms can leverage its insights to strengthen compliance programs. “The Annual Regulatory Oversight Report is one of FINRA’s most valued resources for member firms, and this year, we’re publishing it earlier than ever in response to member feedback,” Bergeron said on the podcast.
She added that the 2026 Report features guidance on cyber-enabled fraud, senior investor protection, generative AI, and more, reflecting FINRA Forward’s commitment to empowering firms with actionable intelligence from across regulatory operations.
Smith emphasized that the report is meant not just to summarize past enforcement actions but to provide firms actionable insights. “It provides transparency as to what FINRA is seeing,” he said. “But perhaps more importantly, it provides insight and intelligence from across the industry, so that member firms can better understand the risks and threats those firms may be facing.”
Market manipulation, particularly in low-priced securities, is a growing concern. Talib explained that the risk is shifting from OTC markets into listed stocks. “The primary risk we’re seeing right now is market manipulation in low-price securities,” he said. “It used to be heavily concentrated in OTC markets, but now we’re seeing the activity in listed stocks.”
He also warned that account takeovers are becoming increasingly sophisticated. “Two-factor authentication is no longer a guarantee to hold an account safe when you’re dealing with technologies that allow you to spoof phone numbers and imitate people’s voices,” he said. Generative AI is adding another layer of risk. “We are seeing AI used to create fake news reports that look entirely authentic and coordinated social media activity designed to simulate retail enthusiasm. Investors really need to approach everything with suspicion unless they’re talking to their registered representative or a regulator.”
Cyber-enabled fraud continues to be a major threat. Bergeron said attackers are increasingly impersonating both firms and FINRA staff to defraud customers. “Threats include account impersonation, imposter sites, attacks leveraging spoofed domains and social media profiles… all to defraud customers and firms,” she said.
Third-party vendor risk is also rising. “Firms are relying quite a bit on third parties to support key systems and critical functions. We continue to see an increase in cyberattacks and operational issues involving third-party vendors,” she added. St. Louis emphasized the importance of testing and monitoring systems. “This all comes back to testing, testing, testing—making sure the systems are working the way we expect them to work,” he said.
Traditional areas of enforcement remain significant. St. Louis noted that Reg BI cases have already surpassed last year’s total, with firms continuing to make fundamental errors. Best execution failures and AML deficiencies, including weak customer due diligence and inadequate independent testing, remain common. “There will be more to come on that,” he said, especially regarding pump-and-dump schemes involving foreign issuers listed in the U.S. He added that firms should not underestimate the regulatory focus on smaller or mid-sized firms, which often face the same scrutiny as larger players despite fewer resources.
Generative AI is a central focus of the report. Bergeron said FINRA is seeing firms experiment with AI for summarization, workflow automation, and content generation. “With all the benefits,” she warned, “firms really do need to understand that this transformative technology could cause significant operational and compliance risks.” Talib described the situation as “a digital arms race. As bad actors become more sophisticated, control systems have to keep up.” He also emphasized that AI can accelerate not just fraud but human error, pointing to instances where algorithmic recommendations in trading systems caused unintended market disruptions.
FINRA’s leaders urged firms to use the report proactively. Bergeron advised firms to “review the report and identify the areas that are most relevant. All topics contain new content.” St. Louis recommended incorporating the findings into training programs, while Talib reminded firms not to neglect existing risks: “If you have a risk that was covered historically, don’t move past it quickly. Bad actors evolve.” Smith emphasized that the report is meant as guidance, not a new regulatory requirement. “We are here listening. We are here trying to provide you with the information and intelligence you need to better protect your firms and your investors,” he said.
For traders navigating an increasingly complex environment, the report is both a warning and a roadmap. It underscores that technology, whether AI or blockchain, is reshaping not just opportunities but vulnerabilities. Smith said: “Staying ahead requires vigilance, investment in controls, and a mindset that anticipates threats before they become crises.”
