FINRA’s 2026 Annual Regulatory Oversight Report has set a clear tone for the year ahead, placing generative AI (GenAI) governance and off-channel communications squarely at the centre of supervisory and enforcement attention.
According to Theta Lake, for broker-dealers and other FINRA-regulated firms, the message is unambiguous: emerging technologies and electronic communications risks are no longer peripheral concerns but core regulatory priorities.
Compliance leaders are being urged to review their supervisory systems, identify weaknesses, and ensure that frameworks are robust enough to withstand heightened scrutiny.
A notable development in this year’s report is the introduction of a dedicated section on GenAI, signalling that the technology has shifted from a theoretical innovation risk to a practical compliance obligation.
FINRA makes it clear that its existing rules apply to GenAI tools in the same way they apply to any other technology used within a firm. This means that model outputs, automated drafting tools, conversational interfaces and data extraction systems all fall within established supervisory and recordkeeping expectations.
FINRA identifies summarisation and information extraction as the most common GenAI use cases among member firms, followed by conversational AI, content drafting and data querying. While these tools promise operational efficiencies, they also introduce new layers of risk, particularly around data protection, output accuracy and unintended disclosures.
Compliance functions must therefore embed GenAI oversight into enterprise risk management rather than treating it as a standalone IT initiative. Read the full article.
