FINRA Updates

Modernizing FINRA Rules for the Modern Workplace

June 24, 2025by Robert Cruz
subscribe iconSUBSCRIBE TO BLOG

Subscribe to the Smarsh Blog Digest

Subscribe to receive a monthly digest of articles exploring regulatory updates, news, trends and best practices in electronic communications capture and archiving.

Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.

Earlier this month, FINRA closed the public comment period for Regulatory Notice 25-4: “Modernizing FINRA Rules, Guidance, and Processes for the Organization and Operations of Member Workplaces.” The notice explores how rules should evolve to meet the realities of today’s digital-first work environment — including the use of modern communication tools and emerging technologies like artificial intelligence.

While the SEC is pursuing parallel modernization efforts (especially around crypto), the broader goal is the same: reduce regulatory friction while enabling responsible innovation. In that spirit, below are perspectives we hold here at Smarsh on key questions from the notice — particularly those tied to digital communications and compliance.

Why it matters

FINRA is set to modernize outdated rules, and this blog offers valuable insights into how firms can navigate compliance challenges related to digital communication tools, AI, and evolving supervision standards.

FINRA question 1:

The phrase “business as such” under Exchange Act Rule 17a-4(b)(4) is not defined. What concerns or challenges does this raise for compliance with recordkeeping requirements?

Smarsh:
The term “business as such” is outdated and ill-defined, leading to excessive debate over what qualifies as a record. We've reached the point where firms are archiving emails about leftover lunches — clearly not the original intent of the rule.

In today’s hybrid, tech-enabled workplace, the lines between business and personal communication have blurred. Clarity is essential. However, ambiguity around the phrase doesn’t inherently create difficulty in capturing communications. Most modern technologies can record a broad range of formats, and those that can’t shouldn’t be used for regulated business.

If a firm chooses to rely on outdated or inadequate technology — whether it was built for email or metaphorically delivered by carrier pigeon — that's a business choice. The difficulty in capturing communication shouldn't dictate regulatory scope. The same logic should apply to whiteboards, breakout rooms, generative AI, or video calls.

Recordkeeping requirements must be technology-agnostic, with compliance determined by content and context — not channel. What matters is whether firms apply and follow internal policies to govern sensitive communications, regardless of platform.

FINRA question 2:

What supervision standards have proven effective for digital communications, including off-channel messaging?

Smarsh:
As outlined in our off-channel communications e-book, the most effective strategies combine:

  • Clear, updated policies and procedures
  • Ongoing employee training and behavioral reinforcement
  • Modern surveillance tools that capture approved channels and surface off-channel indicators

This is not a new challenge. Regulators have made it clear that firms must demonstrate active efforts to manage it. As new tools and client expectations evolve, firms must continually reassess supervision strategies to ensure alignment with both the technology landscape and communication behaviors.

FINRA question 3:

What recordkeeping challenges do AI-generated communications pose?

Smarsh:
Firms are rapidly building governance programs to manage AI use. The pace of innovation — and pressure to implement AI — hasn’t slowed. However, leading firms are approaching AI systematically:

  • Assessing use case risk vs. reward
  • Prioritizing low-risk internal applications (e.g., meeting summaries, contract review)
  • Piloting with clear ROI targets and learning loops

As use cases expand, clarity from regulators — especially the SEC — on AI-related obligations is becoming mission-critical. At this year’s FINRA Annual Conference, the most frequently asked question from firms was around compliance expectations for generative AI.

FINRA question 4:

How do firms handle recordkeeping for dynamic digital content, such as website interactions or account onboarding systems?

Smarsh:
Many firms have moved beyond static archiving strategies that flatten dynamic interactions into disjointed snapshots. Modern compliance solutions can capture entire workflows over time, preserving context and reducing the need for inefficient post-hoc reconstruction.

Best practice is to deploy purpose-built technology that can capture rich, evolving content — not to retrofit outdated systems designed for email. Attempting to force old tools to handle today’s communication complexity adds unnecessary risk and operational burden.

FINRA question 5:

Should FINRA change public communications rules (e.g., disclosure requirements) to account for new technologies like layered disclosures?

Smarsh:
Rules should remain technology-neutral to avoid creating endless permutations that quickly become obsolete. Instead, FINRA can play a valuable role as a facilitator — engaging with firms and tech providers to:

  • Surface emerging risks and best practices
  • Promote responsible innovation
  • Ensure firms are using tools optimally, while proactively addressing new compliance considerations

Technology vendors often see patterns across markets, and can help regulators understand how tools are being used (or misused) in aggregate.

Key takeaways on the proposed FINRA rule updates

The financial services industry welcomes rule modernization efforts from both FINRA and the SEC. The goal isn’t to eliminate the gap between technology and regulation — it’s to narrow it enough so that firms can adopt modern tools without compromising compliance.

Whether it’s Microsoft Teams, Zoom, WhatsApp, or generative AI, firms need clarity and flexibility to govern these tools effectively in a hybrid workplace. The days of rules designed around landlines, interoffice envelopes, and typewriters are long gone. Regulation must now reflect how work actually gets done.

featured guide icon

FEATURED GUIDE

Financial Services and Generative AI: Navigating a New Era of Innovation

How financial services firms are embracing — and governing — generative AI

Get Guide

Share this post!

Robert Cruz
Latest posts by Robert Cruz (see all)
Smarsh Blog

Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.

CONTACT US

FEATURED CONTENT

Ready to enable compliant productivity?

Join the 6,500+ customers using Smarsh to drive their business forward.

watch it work
CONTACT SALES

More Resources

data points network connected featured img
Modernizing FINRA Rules for the Modern Workplace
by Robert Cruz
on June 24, 2025
Read more
ediscovery legal law compliance regulations featured img
Streamlining Discovery: How Smarsh, Exterro, FTI Technology, and Relativity Are Connecting the Dots
by Smarsh
on June 23, 2025
Read more
ai machine learning new advanced technology featured img
How APIs Unlock AI and Data Innovation
by Sonya Duffin
on June 12, 2025
Read more

Contact Us

Tell us about yourself, and we’ll be in touch right away.