EY helps clients create long-term value for all stakeholders. Enabled by data and technology, our services and solutions provide trust through assurance and help clients transform, grow and operate.
At EY, our purpose is building a better working world. The insights and services we provide help to create long-term value for clients, people and society, and to build trust in the capital markets.
Explore FINRA’s 2025 priorities, which emphasize Reg BI enforcement, cybersecurity, market surveillance and emerging risks.
In brief
The agency emphasizes protecting seniors from investment scams and enhancing market surveillance to combat manipulation and ensure compliance.
FINRA has identified key emerging risks that it is focusing on, including third-party risk, artificial intelligence and its use, and cyber-enabled fraud.
In 2025, the Financial Industry Regulatory Authority (FINRA) will continue to enforce priority issues in addition to addressing emerging risks. Recently, EY Forensics heard from FINRA representatives directly who spoke as part of a forum hosted in New York titled FINRA's 2025 Regulatory Operations Programs to further understand the agency’s priorities for the year ahead.
Enforcement of regulations for Best Interest (Reg Bl), best execution, Consolidated Audit Trail (CAT), market manipulation and cybersecurity
Increased volumes of best execution cases as well as a focus on the handling of Regulation Crowd Funding (Reg CF) offerings by broker-dealers and funding portals
Commitment to protecting seniors from investment scams, as FINRA is expected to see more cases addressing elder abuse
Issues in focus
Regulation Best Interest
FINRA discussion points and focus:
Advisors providing recommendations without developing a sufficient understanding of the associated features and risks
Inadequate disclosures, conflicts of interest, and insufficient training of associated persons and supervisors
Firm cooperation — thoughtful cooperation and remediation can result in reduced penalties.
Emerging trends:
Advisor recommendations involving Registered Index-Linked Annuities (RILAs), which essentially force liquidation at a specified date, even if market conditions are unfavorable.
There are liquidity concerns given the tie to indexes.
Firms should evaluate what the customer is losing in this exchange given the terms that can be applied to RILAs (e.g ., cap rate, surrender charges, participation rate) as well as how firms surveil advisor and RILA activity for Reg Bl implications.
Double-dipping on fees: opening accounts and then changing/moving the account (e.g., from variable annuity to RILA)
Market surveillance
FINRA discussion points and focus:
Emphasis on market surveillance protecting against market manipulation
Reasonable supervision of CAT, timely corrections, design of surveillance systems, and accurate recordkeeping
Emerging trends:
Market access and the focus on CAT continues to be a staple. Customer and Account Information System (CAIS) reporting obligations were made effective as of May 2024.
Firms that participate in extended hours trading must comply with trade reporting, CAT reporting, and provide a risk disclosure statement for customers.
The customer should understand what happens when trading during that time.
There is growth with extended hours trading as Alternative Trading Systems (ATS) and exchanges increasingly announcing them.
From an enforcement perspective, FINRA observed that firms are not conducting testing on surveillance systems, and external tips are not responded to.
Firms must follow up on red flags (e.g., layering, spoofing , close sales, wash sales, small cap IPO manipulation).
Emerging risks
Key considerations
Third-party risk
In recent years, FINRA has observed an increase in cyber attacks and outages at third-party vendors used by member firms.
Firms are encouraged to have ongoing discussions with their Risk Monitoring Analysts (RMAs) on potential bad actors and changes to third-party artificial intelligence (AI) systems.
FINRA advises firms to be proactive in establishing adequate third-party risk management policies, such as assessments and contingency plans. Firms are obligated to maintain supervisory procedures and conduct ongoing due diligence on third-party vendors.
Artificial intelligence
FINRA is concerned with the “speed to market” of AI, which may cause firms to overlook concerns such as accuracy or bias, exploitation by bad actors and compliance with regulatory requirements.
Firms should consider risks associated with third-party vendors’ use of Generative AI (GenAI) (e.g., leakage of personally identifiable information (PII) and proprietary information).
FINRA views AI from a technologically neutral stance. Firms should test before deploying, incorporate controls and include all relevant stakeholders in discussions.
Cyber-enabled fraud
New account fraud: malicious use of GenAI to create synthetic IDs and falsified customer information (e.g. false identification documents, deepfake media).
Continued focus on managing customer information through Customer Identification Program (CIP)/Customer Due Diligence (CDD) efforts. Automated tools and software are often utilized to address customer onboarding and maintenance, which should be calibrated and tested accordingly.
Increase in digital “boiler room” schemes where chat rooms and social media lure investors into opening accounts via online investment clubs.
Summary
In 2025, FINRA will focus on enforcing regulations for Reg BI, CAT, market manipulation and cybersecurity. The agency expects increased volumes of best execution cases and more cases addressing elder abuse.
Institutions facing class action lawsuits and regulatory scrutiny over cash sweep accounts. Forensics can provide litigation and investigation support.
