Skip to content
AltsWire
Click Here to Subscribe to Our Free Daily News Updates

New FINRA Report Warns of Gen AI, Cyber Fraud, and Vendor Risk Exposure

By Mari Nicholson

New FINRA Report Warns of Gen AI, Cyber Fraud, and Vendor Risk Exposure

The Financial Industry Regulatory Authority has published its 2026 FINRA Regulatory Oversight Report, a resource that draws insights from FINRA’s regulatory operations programs that member firms can use to strengthen their compliance programs.

FINRA noted it had published the report earlier than usual after this year’s FINRA Forward initiative feedback revealed positive support for the resource, particularly as member firms do their annual compliance planning. The previous report, which touched on generative AI and Regulation Best Interest for the first time, wasn’t available until late January 2025.

According to FINRA, member firms said they use the report to:

  1. Identify the findings and effective practices that are applicable to their businesses;
  2. Incorporate the reports’ topics in their risk assessment processes;
  3. Perform a gap analysis of their compliance programs; and
  4. Support training, among other uses, which are detailed in the report.

“Our 2026 FINRA Regulatory Oversight Report captures important findings and translates them into practical guidance our member firms can act on immediately. We are not just identifying risks, we are equipping our member firms with the intelligence and resources needed to mitigate risks effectively,” said Greg Ruppert, executive vice president and chief regulatory operations officer at FINRA.

By sharing these insights, FINRA is engaging with members to help strengthen their defenses. Ultimately, this report is essential because member firm compliance protects investors and safeguards the integrity of our markets,” added Ruppert.

Among the topics covered in the report are Gen AI, cybersecurity and cyber-enabled fraud, and third-party risk landscape. For each topic area covered, the report identifies the relevant rule(s); summarizes noteworthy findings from recent oversight activities involving firms; outlines firms’ effective practices that FINRA observed through its oversight activities; and provides additional resources that may be helpful to firms in reviewing their supervisory procedures and controls and fulfilling their compliance obligations.

Gen AI

FINRA recognizes that firms have started to implement Gen AI solutions with a focus on efficiency gains, particularly with respect to internal processes and information retrieval; and that the top Gen AI use case among FINRA member firms is “summarization and information extraction,” which refers to condensing large volumes of text and extracting specific entities, relationships or key information from unstructured documents.

As stated in the report, AI agents – systems or programs that are capable of autonomously performing and completing tasks on behalf of a user – can enhance Gen AI capabilities by providing users with additional opportunities for task automation and the ability to interact with a wider range of data and systems faster and at a potentially lower cost than more traditional process automation.

However, the report details challenges that could result in adverse impacts to investors, firms or the markets. Risks noted include:

  • Autonomy: AI agents acting autonomously without human validation and approval;
  • Auditability and transparency: Complicated, multi-step agent reasoning tasks can make outcomes difficult to trace or explain, complicating auditability;
  • Domain knowledge: General-purpose AI agents may lack the necessary domain knowledge to effectively and consistently carry out a complex and industry-specific tasks; and
  • Unique risks of Gen AI: Bias, hallucinations, privacy, etc., also remain present and applicable for AI agents and their outputs.

Cybersecurity and Cyber-Enabled Fraud

FINRA has observed a variety of sophisticated cybersecurity threats targeting member firms and their customers, as discussed in the 2026 report, including ransomware and extortion events, data breaches, phishing and related activities, new account fraud, account impersonations and takeovers.

Third-Party Risk Landscape

There has been an increase in the reporting of cyberattacks and outages at firms’ third-party vendors. Given the financial industry’s reliance on third-party vendors to support key systems and covered functions, an attempted cyberattack or an outage at a third-party provider could potentially impact a large number of member firms.

According to FINRA, it continues to monitor third-party provider risks in the interests of member firms, and the report outlines effective practices, such as conducting initial and ongoing due diligence on third-party vendors supporting mission-critical systems, maintaining an inventory of firm data types accessed or stored by the firm’s vendors, and monitoring third-party vendor services for vulnerabilities or data breaches.

“Whether it’s about the evolving threat of cyberattacks including those powered by bad actors exploiting artificial intelligence, the increase in manipulation tactics that exploit market participants, or the need to protect senior investors from potential fraud and other threats, this report delivers useful, real-world insights from our regulatory oversight work,” Ruppert added.

FINRA is a not-for-profit organization dedicated to investor protection and market integrity. It regulates member brokerage firms doing business in the United States and is overseen by the U.S. Securities and Exchange Commission.

Click here to visit the AltsWire directory page.

AltsWire