FINRA recently released the 2026 FINRA Annual Regulatory Oversight Report, which highlights key compliance issues that led to enforcement actions and regulatory findings. In this article, we provide five key takeaways to help you avoid common mistakes.
2026 FINRA Report: Findings & What They Mean For You
1. Inadequate Anti-Money Laundering (AML) Monitoring
What Firms Got Wrong:
- Failed to detect and investigate red flags of suspicious trading and money movement
- Didn't reasonably verify customer identities during account opening
- Auto-approved accounts without catching fake Social Security numbers or deceased individuals' information
- Failed to update customer information based on risk profiles
Q: Why does this matter to me as a new hire?
A: You're often the first person to interact with clients and spot unusual activity. If you open an account, process a transaction, or notice something doesn't add up (such as a customer's stated income not matching their investment size), you have a responsibility to escalate the issue. Firms were fined for missing these red flags; don't be the person who ignores them.
Q: What should I actually do?
A: Follow your firm's customer identification procedures carefully. If something feels off, like inconsistent information, requests for unusual transactions, or pressure to rush through paperwork, ask your supervisor. Document what you see. It's better to ask questions than to unknowingly facilitate fraud.
2. Failures in Communications with Customers
What Firms Got Wrong:
- Posted false or misleading information through social media influencers
- Failed to supervise and retain records of communications on mobile apps and social media
- Made promissory claims or omitted material risks in "push notifications" to customers
- Used personal email or messaging apps for business communications without firm approval
Q: Can I text clients or use WhatsApp for work?
A: Not unless your firm explicitly approves it and has systems to capture those communications. Firms were cited for failing to retain text messages and off-channel communications. Using unapproved platforms, even if they are more convenient, can put both you and your firm in serious trouble.
Q: What if a client texts my personal phone?
A: Respond by directing them to use approved channels (firm email, phone system, approved messaging platform). If they share important information via text, immediately document it in your firm's systems and notify your supervisor. Never conduct business conversations on personal apps.
3. Regulation Best Interest (Reg BI) Violations
What Firms Got Wrong:
- Recommended products without understanding costs, fees, and reasonably available alternatives
- Made recommendations that benefited the firm or representative more than the customer
- Failed to conduct reasonable due diligence on private placements before recommending them
- Recommended complex products (like variable annuities) without considering if they fit the customer's needs
Q: What is Reg BI, and how does it affect my daily work?
A: Reg BI requires that when you recommend investments to retail customers, you must act in their best interest, not yours, not the firm's. This means you need to understand what you're recommending, compare alternatives, consider costs, and ensure it actually fits the customer's situation. "The customer asked for it" is not enough.
Q: What happens if I recommend the wrong product?
A: You could face disciplinary action, termination, and regulatory sanctions. More importantly, you could harm a client financially. Before recommending anything, ask yourself: "Would I recommend this to my own family member in this situation?" If you're unsure, get supervisory approval and document your reasoning.
[product-callout]
4. Inadequate Supervision of Customer Accounts and Transactions
What Firms Got Wrong:
- Failed to establish reasonable supervisory procedures for new products and technologies
- Didn't monitor for excessive trading or unsuitable investment concentrations
- Failed to supervise representatives' outside business activities and private securities transactions
- Inadequate review of variable annuity exchanges that harmed customers
Q: I'm not a supervisor. Why should I care about supervision findings?
A: Because you're being supervised! These findings illustrate the consequences of failing to identify problems early. Understanding what supervisors look for helps you stay compliant. Additionally, many of these issues originated from representatives who failed to follow procedures, didn't disclose their activities, or didn't document the rationale behind their recommendations.
Q: What does "reasonable supervision" mean for me?
A: It means your firm should have clear procedures, and you should follow them. Document why you're making recommendations. Disclose outside activities in writing. If you're doing something that feels like it's in a gray area, it probably is. Ask before you act. The representatives who got their firms in trouble often thought they were being helpful or entrepreneurial.
5. Books and Records Violations
What Firms Got Wrong:
- Failed to capture and retain business-related communications (emails, texts, chats)
- Didn't maintain accurate financial records, leading to incorrect regulatory filings
- Used personal email accounts or off-channel platforms to communicate with customers
- Failed to supervise part-time compliance officers' electronic communications
Q: Why is recordkeeping such a big deal?
A: Records prove what happened. If a customer complains, regulators investigate, or a dispute arises, your communications are evidence. Firms were sanctioned because they couldn't produce records of what representatives told customers. If it's not documented, it didn't happen, and you can't defend yourself.
Q: What's the biggest recordkeeping mistake new professionals make?
A: Using personal email, texts, or messaging apps for business. It may seem harmless, but it constitutes a serious violation. All business communications must go through firm-approved channels that capture and retain records. This includes discussing markets, answering client questions, or scheduling meetings. Keep business and personal separate, always.
Bottom Line: Three Rules to Protect Your Career
- When in doubt, ask. It's always better to check with compliance or your supervisor than to make an assumption.
- Document everything. Your notes, emails, and rationale for recommendations protect you and your clients.
- Follow the procedures. They exist because someone before you got it wrong. Learn from their mistakes.
Understanding these findings now will help you build a long, successful, and compliant career. You can read the entire report from FINRA here: https://www.finra.org/rules-guidance/guidance/reports/2026-finra-annual-regulatory-oversight-report
