Helping clients meet their business challenges begins with an in-depth understanding of the industries in which they work. That’s why KPMG LLP established its industry-driven structure. In fact, KPMG LLP was the first of the Big Four firms to organize itself along the same industry lines as clients.

How We Work

We bring together passionate problem-solvers, innovative technologies, and full-service capabilities to create opportunity with every insight.

Learn more

Careers & Culture

What is culture? Culture is how we do things around here. It is the combination of a predominant mindset, actions (both big and small) that we all commit to every day, and the underlying processes, programs and systems supporting how work gets done.

Learn more

Regulatory Oversight: FINRA 2024 Annual Report

Key supervisory risk areas

flag flying in front of capital building

KPMG Regulatory Insights

  • Emerging/Key Risks: Call out of risk areas, including AI, fraud, crypto, cybersecurity, and off-channel communications.
  • Future Exam Focus: Puts forth a “roadmap” for upcoming 2024 exam expectations.
  • Regulatory Environment: Consider FINRA’s insights and findings in concert with the SEC’s 2024 Examination Priorities and regulatory agenda (see KPMG Regulatory Alerts, here and here


January 2024

The Financial Industry Regulatory Authority (FINRA) issues its 2024 Annual Regulatory Oversight Report. The report contains insights and findings from FINRA’s Member Supervision, Market Regulation, and Enforcement programs. (Note: FINRA previously issued this report under the title “Report on FINRA’s Examination and Risk Monitoring Program”. The new title reflects “ongoing efforts to increase both the integration among our regulatory operations programs and the utility of the Report for member firms as an information source they can use to strengthen their compliance programs”.)

Key Sections. The report covers twenty-six (26) topics across six (6) key sections, including 1) Financial Crimes; 2) Crypto Asset Developments; 3) Firm Operations; 4) Communications and Sales; 5) Market Integrity; and 6) Financial Management. For each topic, FINRA:

  • Identifies relevant rules
  • Highlights key considerations for compliance
  • Summarizes findings or observations from recent oversight activities
  • Outlines effective practices

While the structure and content of the report is consistent with previous years, FINRA specifically highlights areas of emerging risk, new topics, and other areas of interest (e.g., new material, new findings).

Emerging Risks. FINRA highlights two areas of emerging risk, both of which are related to technology management and financial crime:

  • Artificial Intelligence: FINRA cautions that the development and deployment of AI, and generative AI in particular, raises concerns about accuracy, privacy, bias and intellectual property. Firms are encouraged to be mindful of the implications that using such technology may have on regulatory obligations spanning across areas such as AML, books and records, model risk management, SEC Regulation Best Interest, customer information protection, and cybersecurity, among others.
  • New account fraud (NAF): Examiners note observed increases in suspicious and fraudulent activity related to new account fraud (which FINRA defines as an occurrence of a bad actor utilizing stolen or synthetic identification information to fraudulently open an account), especially related to fully online account opening processes. FINRA cautions that NAF may be a precursor to other fraud schemes and encourages firms to evaluate and enhance their processes related to new account opening and monitoring customer account activity.

New Topics. FINRA adds one new section and three new topics to the report:

  • Crypto Asset Developments (New Section): FINRA provides considerations for firms engaged in or seeking to engage in crypto-related activities. Highlighted regulatory and compliance challenges and risks include supervisory programs and controls, and compliance policies and procedures, in areas such as cybersecurity, AML compliance, communications with customers, manipulative trading, performing due diligence on crypto asset private placements, and supervising associated persons’ involvement in crypto asset-related activities and transactions.
    • Call outs highlight FINRA’s Membership Application Program for proposed crypto asset securities business lines; potential crypto asset-related market abuses; and a forthcoming report on findings and effective practices identified as part of a recent targeted exam on crypto asset-related retail communications.
  • Market Integrity (three new topics): new topics highlight findings and effective practices.
    • OTS Quotations in Fixed-Income Securities – findings include inadequate supervisory controls and procedures and failure to test applicability.
    • Advertised Volume – findings include overstating or inflating trade volumes and failing to establish and maintain “supervisory systems that are reasonably designed to achieve compliance with Rule 5210.”
    • Market Access Rule – findings include insufficient or inadequate controls, reliance on third-party vendors, and failure to consider additional data.

Additional Areas of Interest.

  • Book and Records: Acknowledging the growing scrutiny of data retention and recordkeeping, especially with regard to off-channel electronic communications where FINRA states “there is an increased risk that they are not maintained and preserved as part of the firm’s books and records.” Firms are encouraged to consider their policies, procedures, and controls related to maintaining and preserving business-related off-channel communications as well as communications to associated persons regarding compliance with the policies, prohibitions against unapproved communications, and corrective or disciplinary measures. (See KPMG Regulatory Alert, here.)
  • Cybersecurity: FINRA states that cybersecurity continues to be a persistent threat to financial services firms. The report highlights an increase in the variety, frequency, and sophistication of cyber incidents, including imposter websites, insider threats, ransomware, and events at critical vendors and notes the importance of combatting cyber threats by establishing supervisory controls in areas such as vendor management, change management, and business continuity. Call outs highlight new and anticipated SEC rulemakings (see KPMG Regulatory Alerts, here, here, here, and here.)
  • T+1 Settlement: Compliance required beginning May 28, 2024, for FINRA rule updates conforming to the SEC’s final rule. FINRA notes the move to T+1 has implications for numerous rules, including Regulation SHO, SEC financial responsibility rules, and FINRA rules related to clearly erroneous transactions.

A FINRA podcast featuring highlights of FINRA’s report is available here. In addition to the points above, FINRA principals also address Regulation Best Interest, regulatory reporting, liquidity risk management, net capital, and Consolidated Audit Trail compliance.  

Dive into our thinking:

Regulatory Oversight: FINRA 2024 Annual Report

Key supervisory risk areas

Download PDF

Explore more

Get the latest from KPMG Regulatory Insights

KPMG Regulatory Insights is the thought leader hub for timely insight on risk and regulatory developments.

Thank you

Thank you for signing up to receive Regulatory Insights thought leadership content. You will receive our next issue when we publish.

Get the latest from KPMG Regulatory Insights

KPMG Regulatory Insights is the thought leader hub for timely insight on risk and regulatory developments. Get the latest perspectives on evolving supervisory, regulatory, and enforcement trends. 

To receive ongoing KPMG Regulatory Insights, please submit your information below:
(*required field)

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP's Privacy Statement.

An error occurred. Please contact customer support.

Thank you!

Thank you for contacting KPMG. We will respond to you as soon as possible.

Contact KPMG

Use this form to submit general inquiries to KPMG. We will respond to you as soon as possible.

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP's Privacy Statement.

An error occurred. Please contact customer support.

Job seekers

Visit our careers section or search our jobs database.

Submit RFP

Use the RFP submission form to detail the services KPMG can help assist you with.

Office locations

International hotline

You can confidentially report concerns to the KPMG International hotline

Press contacts

Do you need to speak with our Press Office? Here's how to get in touch.