The Financial Industry Regulatory Authority (FINRA) recently released its 2025 Annual Regulatory Oversight Report, and one of the most significant updates focuses on using Artificial Intelligence (AI) in financial services. The guidance reflects FINRA’s commitment to ensuring that firms adopting AI do so responsibly, while meeting long-standing compliance obligations.
So, how can your financial services institution leverage AI in a compliant way? Here are the key considerations from FINRA’s latest report:
1. Define and Disclose Your AI Use
FINRA expects firms to define AI clearly within their organization and apply that definition consistently. If you disclose AI capabilities in marketing or client communication, those disclosures must accurately reflect your actual use of AI. Misrepresentation, even unintentionally, can lead to regulatory issues.
2. Incorporate AI into Your Supervisory Framework
AI systems, including generative AI tools, fall under the same supervisory obligations as any other technology under FINRA Rule 3110. This means firms need governance practices around accuracy, bias, data integrity, and model risk.
Don’t treat AI as a “black box.” Document how decisions are made, review outputs, and ensure human oversight.
3. Manage Vendor and Third-Party Risks
Many firms use AI-powered vendors or third-party tools. FINRA emphasizes that due diligence must extend beyond the first layer of providers. Understand whether vendors are using AI, how they manage data, and what controls they have in place. To avoid compliance gaps, contracts should outline data handling, record retention, and offboarding processes.
4. Address Cybersecurity and Fraud Risks
AI isn’t just a tool for good; cybercriminals are also using it. FINRA warns about threats like deepfakes, synthetic identities, and AI-driven phishing. Your cybersecurity program should evolve to counter these risks through enhanced monitoring, phishing simulations, identity validation, and ongoing employee training. This includes enhancing your identity verification process for account opening and high-risk transactions.
5. Review AI-Generated Communications for Compliance
If AI influences client communications or recommendations, those materials are still subject to the same review and recordkeeping requirements under FINRA rules and Regulation Best Interest (Reg BI). Automated messages and chatbots must be accurate, transparent about their limitations, and free from misleading claims.
What Should Firms Do Now To Stay Compliant?
FINRA’s message is clear: existing compliance rules apply to AI. Firms should:
- Update policies to define and govern AI use.
- Train staff on both the benefits and risks of AI tools.
- Strengthen vendor oversight and cybersecurity measures.
- Ensure human supervision for any AI-driven recommendations or client interactions.
- Establish risk mitigation frameworks that specifically address AI-related accuracy, bias, and cybersecurity concerns.
Adopting AI can create real advantages in efficiency and client service, but only if it’s implemented responsibly. FINRA’s 2025 guidance does not limit innovation; it ensures innovation aligns with regulatory obligations and client trust.
At GadellNet, we help firms navigate this evolving landscape, building frameworks that balance technological advancement with compliance. If your financial organization is considering AI adoption, let’s discuss how to do it securely, effectively, and in full compliance with FINRA standards.
Contact us for more information.
