What we learned at the 2025 FINRA Annual Conference

FINRA’s Annual Conference in Washington, D.C., is a cornerstone event in the regulatory calendar, bringing together member firms, FINRA staff, and industry leaders to exchange insights on the future of risk and compliance. With over 30 sessions covering communications supervision, vendor risk management, AI, cybersecurity, and remote oversight, the event offered a valuable lens into FINRA’s evolving priorities. The eflow Global team was on the ground, and in this blog, we share some of our key takeaways for surveillance and compliance professionals.

Expect closer collaboration

“Member firm engagement is critical to what we do.”

Robert Cook, FINRA CEO

One of the clearest themes across the three-day event was cooperation. The tone from FINRA leadership was notably collaborative, with repeated invitations for firms to engage, challenge, and partner with the regulator. “We want to work with you… Getting direct feedback from [members] really does benefit us,” one official emphasized. There was a consistent message that FINRA wants to be a co-pilot in building stronger, safer markets.

FINRA openly acknowledged the resource pressures facing firms, particularly smaller members, and framed its role as enabling, not obstructing, innovation. The message felt genuine and constructive: tell us what’s working, what’s not, and how we can help.

The sentiment at the event reflects the supervisor’s recent initiatives. It’s investing in practical support: tailored guidance, clearer feedback loops, and more efficient oversight processes. The goal is to reduce regulatory friction and give firms more room to anticipate risks and innovate confidently.

This collaborative spirit mirrors a broader global trend called out in our Global Market Abuse Surveillance Report, released in March 2025. In it, we predicted that global regulators would move away from purely reactive enforcement and toward more preventative, data-informed and collaborative supervision. We’re now seeing that play out in real time. For surveillance and compliance teams, there’s a real opportunity to shape how oversight evolves through open dialogue, transparency, and shared insight. In today’s environment, that kind of partnership is vital.

Artificial Intelligence poses questions for recordkeeping

Another standout topic was the growing influence of generative AI on compliance, supervision, and communications. While AI has long been used in financial services, FINRA sees the latest wave of generative tools as fundamentally reshaping workflows, bringing both powerful efficiencies and complex regulatory challenges. From summarization tools to client-facing automation, firms are exploring transformative capabilities. But this evolution raises an important question: how do these tools fit within existing compliance frameworks?

FINRA’s approach is refreshingly open. The April 2025 request for comment on modernizing workplace rules signals a clear intent to understand how member firms are deploying AI in practice. There’s growing recognition that oversight frameworks, especially those focused on communication surveillance, must evolve to reflect the realities of decentralized teams, cloud infrastructure, and increasingly autonomous systems.

Implications for Recordkeeping and Risk Monitoring

A key question posed by FINRA: When does an AI-generated output - whether a chatbot reply, meeting summary, or suggested client communication - cross the line into becoming a regulated communication or business record?

This matters because recordkeeping rules exist to ensure accountability, auditability, and investor protection. If generative AI produces content that informs or interacts with clients or even internal stakeholders, should that content be retained and supervised like traditional electronic communications?

FINRA hasn’t provided a firm answer yet, but it wants firms to engage with the issue and help shape the response. For surveillance and compliance teams, that’s a critical opportunity to define policies and controls that ensure transparency and defensibility as generative AI becomes more deeply embedded in day-to-day operations. FINRA’s principles-based stance offers space for innovation, but it also places the onus on firms to build governance frameworks that can stand up to regulatory scrutiny.

Expect to see more eComms enforcement

Retail communications, particularly those involving digital assets, remain firmly in FINRA’s sights. During the conference, officials shared updates on an ongoing review launched in late 2022, shortly after the collapse of FTX. While enforcement actions have not yet been announced, the findings were notable: potential violations of Rule 2210 were identified in 70% of the communications reviewed, across more than 500 materials.

The review included messaging related to crypto assets offered directly by firms or through affiliates and third parties. Common issues included comparisons between crypto and cash-like products, vague disclosures about risk, and unclear statements regarding regulatory protections. In many cases, a small subset of firms accounted for most of the problematic content.

For firms still handling client interest in digital assets, from custody to compliance, our takeaway was that communications must be fair, balanced, and accurate. As new product categories emerge, the burden is on firms to ensure their messaging holds up to scrutiny. The focus from FINRA isn’t just on what’s being offered, but how it’s being explained.

Some final thoughts

As FINRA continues to evolve its approach, firms have a clear opportunity to shape the path forward. Surveillance and compliance teams that engage proactively, particularly around AI, communications, and recordkeeping, will be better positioned to stay ahead of regulatory expectations.

At eflow Global, we help firms simplify surveillance, automate control testing, and prepare confidently for the future of regulation. To learn how we can support your compliance strategy, get in touch or explore our solutions here.