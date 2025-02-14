Welcome to the latest issue of Bracewell's FINRA Facts and Trends, a monthly newsletter devoted to condensing and digesting recent FINRA developments in the areas of enforcement, regulation and dispute resolution. We dedicate this month's issue to FINRA's 2025 Annual Regulatory Oversight Report. Read about the Report's findings and observations, below.

FINRA Issues 2025 Regulatory Oversight Report

On January 28, 2025, FINRA published its 80-page 2025 Regulatory Oversight Report (the Report), offering insights and observations on key regulatory topics and emerging risks that firms should consider when evaluating their compliance programs and procedures. Broadly speaking, the Report identifies relevant rules, summarizes noteworthy findings, highlights key considerations for member firms' compliance programs, and provides helpful and practical considerations as member firms analyze their existing procedures and controls.

The 2025 Report discusses 24 topics relevant to the securities industry. While many of these are perennially important topics, the Report also includes two new sections: third-party risk landscape and extended hours trading. Below, we provide an overview of the Report's new priorities, together with certain continuing priorities highlighted in the Report.

A FINRA Unscripted podcast episode about the report — featuring Executive Vice President and Head of Member Supervision, Greg Ruppert, Executive Vice President and Head of Market Regulation and Transparency Services, Stephanie Dumont, and Executive Vice President and Head of Enforcement, Bill St. Louis — is available on FINRA's website.

Newly Identified Priorities

Third-Party Risk Landscape: The most significant addition to the Report is a new top-level section on Third-Party Risk Landscape. Firms' reliance on third parties for many of their day-to-day functions create risks, and, as the Report indicates, this new section was prompted by "an increase in cyberattacks and outages at third-party vendors" firms use.



As the broad heading indicates, the newly added material outlines effective practices and general steps to be taken by firms, including:

maintaining a list of all third-party vendor-provided services, systems and software components that the firm can leverage to assess the impact on the firm in the event of a cybersecurity incident or technology outage at a third-party vendor; adopting supervisory controls and establishing contingency plans in the event of a third-party vendor failure; affirmatively inquiring if potential third-party vendors incorporate generative AI into their products or services, and evaluating and reviewing contracts with these third parties to ensure they comply with the firms' regulatory obligations, i.e., adding contractual language that prohibits firm or customer information from being ingested into the vendor's open-source generative AI tool; assessing third-party vendors' ability to protect sensitive firm and customer non-public information and data; ensuring that a vendor's access to a firm's systems and data is revoked when the relationship ends; and periodically reviewing the third party's vendor tool default features and settings.





The Report recommends the following best practices to address any perceived risks associated with extended hours trading:

conducting best execution reviews geared toward evaluating how extended hours orders are handled, routed and executed; reviewing customer disclosures to ensure they address the risks associated with extended hours trading; establishing and maintaining supervisory processes designed to address the "unique characteristics or risks" of extended hours trading; and evaluating the operational readiness and customer support needs during extended hours trading.

Continuing Priorities

In addition to the Report's new topics, each of the Report's sections — Financial Crimes Prevention, Firm Operations, Member Firms' Nexus to Crypto, Communications and Sales, Market Integrity, and Financial Management — places special emphasis on certain continuing priorities that will remain key focus areas for FINRA in 2025: