FINRA’s 2026 Oversight Report Continues to Emphasize Recordkeeping
AI is heavily featured in FINRA’s 2026 Annual Regulatory Oversight Report, but that doesn’t mean recordkeeping is a solved problem.
In fact, books and records violations remain among the most persistent and preventable sources of regulatory exposure. Business technologies may change, but the underlying issue does not: firms fail when business-related communications are not captured, retained, and reviewed. Off-channel communications continue to feature prominently in FINRA findings, often as a contributing factor in broader investigations.
Why FINRA 2026 oversight priorities on recordkeeping matters to financial services firms
FINRA’s 2026 report signals that recordkeeping failures are no longer viewed as isolated control gaps, but as systemic weaknesses that undermine supervision, accountability, and case defensibility. As communications sprawl across tools, vendors, and roles, assumptions about capture, oversight, and outsourcing break down. Firms that treat recordkeeping as static risk losing the ability to reconstruct events, defend decisions, and control regulatory narratives when it matters most.
What FINRA’s 2026 report says about recordkeeping
According to Jeff Ziesman, Partner at Norton Rose Fulbright and former FINRA Deputy Regional Chief Counsel, regulators increasingly view these failures as part of a larger narrative.
“It may not be the central part [of an arbitration case], but it's certainly a material incidental part of the investigation,” says Ziesman. He notes that off-channel communications will show up in suitability matters, arbitrations, and investigations because they undermine a firm’s ability to reconstruct what actually happened.
As more firms rely on capture and archive services, vendor reliance without verification is another recurring weakness. Firms may assume third parties are retaining records appropriately, only to discover gaps during exams or enforcement actions.
FINRA has also sharpened its focus on individual accountability, including part-time or outsourced roles. Communications involving compliance officers and other associated persons must be supervised just as rigorously as those of registered representatives. Responsibility cannot be outsourced even when technology is.
Even if firms outsource a function, they’re not outsourcing accountability. Firms are still accountable for those actions, so they need to make sure their partners and vendors are doing what they say they’re doing.
How can firms respond to FINRA’s 2026 oversight report?
Recordkeeping breaks down when oversight doesn’t scale with the many ways communications are sent and received. FINRA remains technology-neutral, but governance, documentation, testing and accountability continue to be emphasized. Firms are expected to:
- Reframe recordkeeping as business protection
Leaders should position books and records not as a regulatory burden, but as a core control that enables defensibility during exams, investigations, and disputes. - Extend supervision to all contributors of firm records
Oversight must encompass outsourced providers, part-time roles, and associated persons whose communications affect the firm’s regulatory obligations. - Hold vendors to contractual obligations, not assurances
Leaders should require proof that vendors can meet retention, retrieval, and supervision requirements across jurisdictions.
“So many times, we see firms kind of set [lexicons] and forget it,” says Olivia Eori, Kroll’s Director of Compliance Consulting. “They talk about it when they first get registered, or they set it once and then they don't look at those lexicon keywords ever again. And that really isn't effective oversight or supervision. [Firms should] look at those on a monthly or quarterly basis and update them for new risk areas.”
Fortunately, there are practical next steps firms can take:
- Conduct simulated exam and investigation requests
Test whether records can be retrieved accurately, completely, and within regulatory timeframes. - Refresh lexicons and surveillance logic regularly
Update search terms and review workflows to reflect evolving communication behaviors and tools. - Trigger targeted reviews after risk events
Departures, complaints, or unusual activity should automatically prompt focused record and communication reviews.
How can Smarsh help
Smarsh helps firms translate recordkeeping expectations into action. Through comprehensive multi-channel capture, AI-driven supervision, and immutable, audit-ready archives, Smarsh enables compliance teams to use AI supervision and review technologies — and demonstrate defensibility.
Share this post!
- FINRA’s 2026 Oversight Report Continues to Emphasize Recordkeeping - February 3, 2026
- FINRA’s 2026 Oversight Report Identifies AI as Both Opportunity and Risk - January 27, 2026
- SEC Marketing Rule FAQs (2026): What the Latest Guidance Means for Compliance Teams - January 20, 2026
Smarsh Blog
Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.
Ready to enable compliant productivity?
Join the 6,500+ customers using Smarsh to drive their business forward.
More Resources
Subscribe to the Smarsh Blog Digest
Subscribe to receive a monthly digest of articles exploring regulatory updates, news, trends and best practices in electronic communications capture and archiving.
Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing [email protected].
FOLLOW US