FINRA Market Oversight Report 2026 – What you need to know

The Financial Industry Regulatory Authority (FINRA) has published its 2026 Annual Regulatory Oversight Report (the Report).

Member firms are expected to incorporate relevant elements of the Report into their compliance programs in a way that reflects their specific activities and risk profiles. For market abuse, there are several noteworthy updates to FINRA's commentary on manipulative trading, along with a new section covering the use of generative AI (GenAI) by member firms. In this blog, we focus on the key need-to-know developments.

Manipulative trading deficiencies

Deficient WSPs highlighted again

Weak supervisory procedures for identifying manipulative trading once again featured prominently in FINRA's findings, with much of the language mirroring last year's report.

At a high level, the issues remain familiar: procedures are not sufficiently tailored to firms' actual business models, accountability for monitoring is poorly defined, and escalation processes lack clarity.

What is new this year is FINRA's explicit focus on firms failing to consider red flags from external sources. The Report highlights gaps where firms do not factor in inquiries from regulators, trading venues, service providers, or publicly available information about known manipulators.

As with other areas such as financial crime, firms are expected to leverage third-party and public data as part of their market abuse framework. Firms should clearly document how this data is ingested into surveillance workflows and how it informs monitoring, escalation, and decision-making.

Trade surveillance deficiencies remain a problem

FINRA also continues to flag long-standing weaknesses in firms' surveillance frameworks. These largely relate to systems that are not reasonably designed to detect the full range of manipulative behaviors, or that rely on poorly calibrated or static thresholds.

Common issues include:

• Gaps in coverage for specific manipulation typologies (layering, spoofing, wash trades, marking the close, and odd-lot manipulation are named examples).
• Thresholds that are either too narrow or too blunt to identify meaningful activity.
• Failure to reassess controls as business models, customer bases, or market conditions change.

What's new in 2025 is FINRA's sharper focus on the big picture. In essence, FINRA is signaling that many firms' surveillance approaches are too narrow. They may detect isolated suspicious events, but fail to identify coordinated or sustained manipulation.

This reflects a broader regulatory concern that manipulative behavior is becoming more sophisticated and deliberately designed to evade simple, rules-based alerts. FINRA highlights several recurring gaps:

1. Limited time horizons: Manipulative schemes like pump-and-dumps or marking-the-close may be deliberately spread over multiple sessions to stay below same-day alert thresholds, making the behavior harder to detect when viewed in isolation.
2. Siloed customer reviews: where potential prearranged or coordinated trading across multiple accounts is missed.

Alert-by-alert analysis: spoofing activity earlier in the day may be used to move prices, followed by marking the close to lock those prices in. When reviewed separately, each alert may seem low risk.

What FINRA is seeing in small-cap manipulation

FINRA has observed an evolution in small-cap pump-and-dump schemes involving exchange-listed equities:

• Shift in timing: Schemes are moving away from the IPO date, often occurring months later or repeating multiple times for the same stock.
• Nominee & omnibus accounts: Bad actors use "nominee" accounts to control the stock during the IPO, then funnel shares to foreign omnibus accounts to hide the true concentration of ownership.
• Secondary offering abuse: Companies may sell large blocks of shares privately to foreign investors without proper disclosure. These shares are then "dumped" into the U.S. market via brokerage accounts.
• Account takeovers: A newer, aggressive tactic where scammers hack legitimate investor accounts, sell their actual holdings, and use the cash to buy the manipulated stock.
• Social engineering: Scammers use "Investment Clubs" on social media and text apps to trick victims into buying at specific times, creating the "pump" that allows the bad actors to sell at a profit.

Best practice for trade surveillance

While much of FINRA's guidance on effective practices remains consistent with prior years, subtle wording shifts in the 2026 Report signal a higher bar for how firms design and operate their controls.

Tailored “control parameters and thresholds”

FINRA places greater emphasis on granular calibration of surveillance controls, commending firms that move beyond out-of-the-box settings. A single set of thresholds cannot reasonably apply across highly liquid equities, volatile OTC securities, and fixed income products. Thresholds set too wide risk missing manipulation; too narrow, and firms generate excessive noise.

Monitoring across platforms

FINRA has expanded its expectations for multi-platform monitoring by explicitly including platforms that “support trading”, not just those where trades ultimately execute. This signals a move beyond post-trade surveillance of the tape toward monitoring pre-trade activity on electronic trading platforms, alternative trading systems, and dark pools, where behaviors such as spoofing or layering may occur without an execution.

The update also reinforces expectations around cross-product and cross-border visibility, particularly where activity on offshore or alternative venues may be used to influence prices in U.S.-listed securities.

The role of Generative AI

FINRA's commentary on GenAI is deliberately broad. It offers a snapshot of how FINRA-regulated firms are currently using the technology across their businesses.

The dominant theme among the use cases identified is efficiency, not necessarily autonomy. Firms are primarily deploying GenAI to streamline internal processes, improve access to information, and reduce manual effort, rather than to make autonomous decisions.

The most common use case cited is summarization and information extraction: “condensing large volumes of text and extracting specific entities, relationships or key information from unstructured documents.”

Importantly, FINRA strikes a constructive tone. It recognizes the potential benefits of GenAI, while clearly reiterating that its technology-neutral rules and broader securities laws continue to apply. In other words, the use of GenAI does not change firms' regulatory obligations around supervision, governance, or accountability.

Generative AI use cases in surveillance

Some of the GenAI applications FINRA references map closely to how we are seeing firms deploy these technologies in surveillance today. These use cases are explored in depth in our latest eBook, “AI in Trade Surveillance”.

FINRA category	Surveillance application
“Conversational AI and Question Answering: Providing interactive, natural language responses to user queries. Delivered through chatbots, virtual assistants, and voice interfaces”	LLM-based co-pilots allow analysts to query surveillance data using natural language. By combining retrieval-augmented generation (RAG) with secure access to trade data, eComms, and historical decisions, firms can reduce reliance on technical queries and make insights accessible to non-technical users.
“Sentiment Analysis: Assessing whether text is positive, neutral, or negative”	LLMs supplement traditional keyword-based systems by interpreting context, intent, and tone. This helps surface suspicious behavior that may be missed by static lexicons, particularly where coded language, slang, emojis, or non-standard phrasing is used.
“Workflow Automation and Process Intelligence: Optimizing business processes through intelligent routing, automation, and agent-based workflows”	GenAI is increasingly used to support alert prioritization and investigation workflows. Common applications include assembling context across data sources, summarizing evidence, ranking alerts by likely risk, and learning from analyst outcomes to reduce false positives over time.

Holistic surveillance is the name of the game

FINRA's latest report reinforces a clear message: firms must move beyond static, siloed surveillance and generic procedures. Expectations now centre on contextual monitoring, external data integration, and holistic analysis of manipulation. GenAI offers real efficiency gains, but accountability, governance, and supervisory rigor remain firmly non-negotiable.