As generative artificial intelligence (GenAI) continues to gain traction across the financial services industry, regulatory scrutiny is intensifying. On December 9, 2025, the Financial Industry Regulatory Authority (FINRA) released its 2026 Annual Regulatory Oversight Report, introducing a dedicated section on GenAI for the first time. The inclusion signals a clear message from the regulator: GenAI adoption is accelerating, and firms must ensure its use aligns with existing regulatory obligations.
The 2026 Report represents FINRA’s latest annual assessment of risks, trends, and effective practices observed through its examination, surveillance, and enforcement programs. While the report does not impose new rules, it offers critical guidance intended to help member firms evaluate and strengthen their supervisory and compliance frameworks in light of emerging technologies.
FINRA’s View: GenAI Is Here to Stay
FINRA’s analysis acknowledges that GenAI is becoming embedded in firm operations and is likely to remain a permanent feature of the financial services landscape. The regulator stops short of discouraging innovation; instead, it emphasizes that GenAI tools must be deployed responsibly, with appropriate governance, controls, and human oversight.
Importantly, FINRA reiterates that existing securities laws and FINRA rules are technology-neutral. In other words, firms remain subject to the same regulatory expectations regardless of whether tasks are performed by humans, traditional software, or GenAI systems.
Common GenAI Use Cases Observed at Member Firms
According to the 2026 Report, most firms are currently using GenAI to improve operational efficiency rather than to perform core regulated decision-making functions. FINRA identified the following as the most frequently observed use cases:
- Summarization and information extraction (the most common application)
- Conversational AI and question-answering tools
- Sentiment analysis
- Translation services
- Content generation and drafting
- Classification and categorization
- Workflow automation and process optimization
- Coding assistance
- Data querying
- Synthetic data generation
- Personalization and recommendation engines
- Analytical and pattern-recognition tools
- Data transformation
- Modeling and simulation
FINRA noted that publishing this list also serves a secondary purpose: helping standardize terminology around GenAI use within the financial services industry, which can otherwise vary widely across firms and vendors.
Key Risks Associated with GenAI Adoption
While GenAI offers measurable efficiency benefits, FINRA cautions that it also introduces a range of new and amplified risks. The 2026 Report highlights several areas of concern:
- Hallucinations, where models generate inaccurate or misleading information presented as fact
- Bias, resulting from flawed model design or incomplete, outdated, or skewed training data
- Cybersecurity threats, including deepfakes, synthetic identities, and polymorphic malware enabled by AI
- Agentic AI risks, referring to autonomous systems that may execute actions without sufficient predefined rules or human supervision
- Data sensitivity and privacy concerns, particularly where confidential or regulated information is involved
FINRA stresses that these risks apply not only to internally developed tools but also to GenAI solutions provided by third-party vendors. As a result, firms may need to enhance due diligence, contractual safeguards, and ongoing monitoring of vendor-supplied AI technologies.
Compliance Expectations: Governance and Human Oversight Remain Central
A central theme of the 2026 Report is that GenAI does not diminish a firm’s supervisory responsibilities. FINRA emphasizes that robust governance, supervision, and risk management frameworks must extend to GenAI use cases.
Member firms are encouraged to assess whether their existing policies and procedures adequately address:
- GenAI use cases and limitations
- Model risk management and validation
- Fair and balanced communications
- Approval and escalation processes
- Vendor selection and oversight
- Technology change management
FINRA also highlights the importance of regular testing and ongoing monitoring of GenAI tools, including review of prompts, outputs, and performance metrics. Human review remains essential, particularly where GenAI outputs may influence customer communications or regulated activities.
Recordkeeping and Communications Obligations
The report further reminds firms that FINRA’s record retention requirements apply equally to AI-generated content. Depending on how outputs are used and distributed, GenAI-produced materials may qualify as correspondence, retail communications, or institutional communications. Each category carries distinct review, approval, and retention obligations under FINRA and SEC rules.
Firms should therefore ensure that AI-enabled communications—including chatbot interactions—are captured, retained, and supervised in accordance with applicable regulatory requirements.
Takeaway for Member Firms
FINRA’s 2026 Annual Regulatory Oversight Report makes clear that GenAI adoption is no longer theoretical. While the regulator recognizes the technology’s potential benefits, it expects firms to integrate GenAI thoughtfully, with governance structures that reflect the same rigor applied to other regulated activities.
In short, GenAI may be new—but compliance expectations are not.
For further details, firms are encouraged to review the full report: 2026 FINRA Annual Regulatory Oversight Report | FINRA.org