FINRA Prioritizes AI Risks and Cyber Fraud in 2026 Regulatory Agenda

FINRA has prioritized generative AI and cyber-enabled fraud as central themes in its 2026 regulatory agenda, signaling heightened risks for broker-dealers and Registered Investment Advisers (RIAs) from emerging technologies combined with existing compliance gaps. The 2026 Annual Regulatory Oversight Report integrates findings from examinations, surveillance, and enforcement activities, offering practical guidance to enhance compliance frameworks earlier in the planning cycle. Firms are increasingly deploying generative AI mainly to increase internal efficiencies such as document summarization and data extraction, though FINRA cautions that supervision and governance over these tools must be robust to address accuracy, bias, and regulatory obligations around communications and recordkeeping. The report highlights the evolution of AI "agents"—automated systems capable of independently conducting complex tasks across data environments—pointing out their unique risk profiles related to autonomy beyond authorized limits, audit challenges, and potential mishandling of sensitive information. FINRA emphasizes that flawed incentive systems or insufficient domain expertise in such AI agents may directly harm investors if unchecked. Cybersecurity threats remain a core concern, with member firms encountering a growing variety of tactics including ransomware, data breaches, phishing scams, and increasingly sophisticated attacks leveraging AI-generated content such as deepfakes and convincingly crafted phishing messages. Additionally, anti-money laundering (AML) program weaknesses persist, particularly in risk monitoring that fails to adapt to the specifics of business models, inadequate investigation of red flags, and difficulties addressing fraud schemes linked to smaller-cap stocks and identity theft. Communication and sales practice compliance also present challenges, especially in the regulation of social media influencers and digital communication archiving that often falls short of supervisory standards, including the oversight of non-English content. On product oversight, FINRA flagged concerns with variable and registered index-linked annuities, noting deficiencies in evaluating costs, surrender penalties, benefits loss, and suitability under Regulation Best Interest (Reg BI) criteria. The report collectively underscores the importance of strengthening compliance programs to respond effectively to evolving technological risks and fraud schemes, thereby enhancing market integrity and investor confidence. FINRA's 2026 report aims to facilitate proactive risk management, encouraging firms to integrate these regulatory insights into their operational and compliance strategies promptly.