Welcome to the Regulatory Roundup. Each month, Eversheds Sutherland Investment Services attorneys review significant regulatory developments (including notable rulemakings and guidance from securities regulators) from the previous month that are of interest to retail broker-dealer and investment adviser firms.
FINRA Releases 2026 Annual Regulatory Oversight Report
- On December 9, 2025, FINRA published its 2026 Annual Regulatory Oversight Report, which provides insights into FINRA’s Member Supervision, Market Regulation, and Enforcement programs. The report builds upon similar reports issued between 2021 and 2025 both substantively and stylistically by adding new topics denoted “New for 2026” and new material to existing sections where appropriate. The below represents just a small window into the report. Firms are encouraged to review the full report for FINRA’s view on additional topics, including third-party vendor risk, senior investors and trusted contact persons, communications with the public, and Regulation Best Interest.
- FINRA has introduced a new section to the report, titled “GenAI: Continuing and Emerging Trends,” in which it expounds on various topics related to generative AI (GenAI). FINRA first notes that its rules, as well as broader securities laws, are applicable when firms incorporate GenAI or similar technologies into their business operations. Firms are advised to carefully consider regulations related to supervision, communications, recordkeeping, and fair dealing. The report also identifies key risks associated with GenAI, such as hallucinations, bias resulting from limited or skewed training data, and concerns regarding cybersecurity. FINRA emphasizes the importance of implementing robust testing, monitoring, and governance frameworks, including human-in-the-loop oversight. Additionally, FINRA highlights the emerging trend of firms utilizing AI agents–autonomous systems capable of performing tasks and making decisions without predefined rules–which introduces further challenges related to autonomy, scope of authority, auditability, and data sensitivity.
- The report also adds significant new content to existing sections, “Cybersecurity and Cyber-Related Fraud” and “Anti-Money Laundering, Fraud and Sanctions.” In the cybersecurity section, FINRA highlighted, among other things, the importance of monitoring for customer account takeovers, establishing clear policies and procedures for secure use of “bring your own device” programs, and reviewing email addresses and verifying signatures associated with third-party accounts if funds are requested to be sent to or from those outside accounts. In the anti-money laundering (AML) section, FINRA highlighted as effective practices the clear delegation of AML-related responsibilities across individuals and business units that are in the best position to identify red flags of suspicious activities, conducting comprehensive independent testing, and periodically assessing alerts or exception reports to confirm they are functioning as intended.
FINRA Board of Governors Holds December Meeting
- On December 10 and 11, FINRA’s Board of Governors held its final 2025 meeting, approving three rule proposals and reviewing FINRA’s financial performance and 2026 budget.
- The Board first approved a proposal to permit electronic delivery as the default method for providing information to customers under FINRA rules while preserving customers’ option to choose paper delivery, with plans to file the proposal with the Securities and Exchange Commission (SEC) and publish related guidance in a Regulatory Botice. A second proposal would aim to enhance protection against financial exploitation by strengthening trusted contact person provisions, allowing greater flexibility for temporary holds when financial exploitation of seniors or vulnerable adults is suspected, and introducing an optional “speed bump” hold to protect customers of any age from suspected fraud. This proposal will be subject to comment through a forthcoming Regulatory Notice. Finally, the Board approved a proposal to provide collective investment funds with more flexibility to receive initial public offering allocations under FINRA’s new issue rules, treating them as comparable to other pooled investments.
SEC Division of Examinations Issues Risk Alert on Marketing Rule Compliance
- On December 16, 2025, the SEC’s Division of Examinations issued a Risk Alert (the Alert) identifying common deficiencies in registered investment advisers’ compliance with the Marketing Rule’s testimonial, endorsement, and third-party rating provisions, marking the fourth such alert since the rule was overhauled in 2022. The Division noted in the Alert that it “continues to focus on advisers’ compliance with the Marketing Rule.”
- The most commonly found deficiency was testimonials or endorsements lacking one or more of the required clear and prominent disclosures—for example, whether the promoter was a current client or investor in a private fund advised by the adviser, and, if applicable, whether the promoter received cash or non-cash compensation or had a material conflict of interest. The Alert also identified advisers (i) failing to disclose the material terms of compensation arrangements, including providing generic disclosures about compensation arrangements that omitted certain material information; (ii) failing to disclose material conflicts resulting from their relationships with promoters; and (iii) failure to maintain oversight and compliance processes to support a reasonable belief that testimonials or endorsements complied with the Marketing Rule.
- Regarding third-party ratings, the Division observed advisers (i) failing to have sufficient information to form a reasonable basis about the design or structure of questionnaires that were used in the preparation of third-party ratings included in advertisements and (ii) including third-party ratings in advertisements without providing some or all of the required clear and prominent disclosures.
SEC Staff Issues Guidance on Broker-Dealer Possession of Crypto Assets
- On December 17, 2025, the SEC’s Division of Trading and Markets issued staff guidance providing its view on the application of paragraph (b)(1) of Rule 15c3-3 under the Exchange Act to crypto asset securities. By way of background, paragraph (b)(1) requires a broker-dealer to promptly obtain and thereafter maintain physical possession or control of all fully paid and excess margin securities it carries for the accounts of customers.
- According to SEC staff, to achieve “physical possession” of a crypto asset securities under Rule 15c3-3(b)(1), broker-dealers must maintain full access to private keys necessary to sign transactions on the relevant blockchain, establish written policies and procedures to protect against unauthorized access to private keys, and continuously assess risks associated with the distributed ledger technology and networks. Additionally, broker-dealers must implement procedures to address potential blockchain events, such as malfunctions, 51% attacks, hard forks, and airdrops; comply with lawful seizure or freezing orders; and facilitate asset transfers to a trustee if the firm self-liquidates or ceases operations. This guidance represents the latest move by SEC staff to provide a pathway for the custody of crypto assets by broker-dealers.
[View source.]
