FINRA Updates

Q1 2025 Regulatory Roundup: What Financial Services Compliance Teams Should Watch

June 04, 2025by Tiffany Magri
subscribe iconSUBSCRIBE TO BLOG

Subscribe to the Smarsh Blog Digest

Subscribe to receive a monthly digest of articles exploring regulatory updates, news, trends and best practices in electronic communications capture and archiving.

Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.

In our recent quarterly webinar, Smarsh and Eversheds Sutherland unpacked the regulatory trends that shaped the start of 2025. From enforcement priorities to AI governance and crypto oversight, this roundup provides financial services firms with key insights and compliance takeaways for the year ahead.

Why it matters

Regulators are adjusting their posture — but not lowering their expectations. As firms adopt new technologies, expand their digital footprint, and test the limits of communication platforms, supervision must keep pace. Enforcement may evolve in tone, but compliance obligations remain high-stakes.

Regulatory enforcement trends: Familiar themes, evolving expectations

The SEC reported 200 enforcement actions in the first quarter of FY25 — a record high for Q1 activity and a capstone to an aggressive enforcement era. However, our panel noted that many of these actions were filed under the prior administration. Expectations are that standalone off-channel communications cases may taper off in the coming months.

Still, firms shouldn’t get complacent. The volume and variety of enforcement actions in recent months make clear that regulators are continuing to scrutinize communications practices and supervisory controls, even as the enforcement tone may soften.

"We don’t expect to see these standalone record retention cases, but we do expect them to bring some record retention cases where there are other violations."

-- Brian Rubin, Eversheds Sutherland

Recent regulatory enforcement examples:

  • In January, the SEC fined 12 firms a combined $63M for failing to preserve off-channel communications, reinforcing that recordkeeping remains a high priority
  • One firm was fined $45M for a mix of violations, including cybersecurity gaps and off-channel communications issues, signaling that recordkeeping lapses will still appear in multi-violation cases
  • Social media promotions came under the microscope, with FINRA fining firms up to $750K for influencer campaigns that featured misleading or noncompliant content 

"You can't just prohibit spoofing... You need to have effective policies and procedures designed to prohibit and catch it."

-- Adam Pollet, Eversheds Sutherland

The takeaway? Regulators are looking beyond written policies. Implementation, monitoring, and enforcement of supervision programs are now central to compliance expectations.

Update on FINRA oversight: Back to basics, with a tech twist

FINRA’s 2025 Regulatory Oversight Report emphasized four areas:

  • Books and records
  • Public communications
  • Third-party vendor risk
  • AI use 

While none are new to compliance professionals, the nuance in FINRA’s expectations has deepened.

Books and records remain foundational. But FINRA made it clear that supervisory effectiveness includes a firm’s ability to detect activity across all communication channels — including messaging apps, video, and non-English language messages.

"It’s hard for a firm to meet its supervisory obligations if it doesn’t have an adequate handle on what the firm’s associated persons are communicating about on firm systems."

-- Issa Hanna, Eversheds Sutherland

To support effective oversight, regulators encourage firms to:

  • Define and enforce clear boundaries for permitted digital tools
  • Implement supervisory systems tailored to each channel
  • Take disciplinary action when policies are ignored 

The latest on AI governance: Regulation still lags, expectations don’t

On AI governance, FINRA is watching closely. Most are still finding their footing with AI compliance. That’s not surprising. Regulatory frameworks were never designed with generative AI models in mind.

"There’s no specific regulation for AI today, so you’re mapping to things like Reg BI, the Advisers Act, and trying to determine what’s fair and balanced in an AI-generated statement."

-- Andrew Mount, Eversheds Sutherland

While explicit AI rules are still emerging, regulators are signaling that firms should begin to approach AI use with the same care applied to other business tools. That includes evaluating supervisory, documentation, and risk management practices. 

What should firms consider when complying with communications regulations?

  • Supervision: Are outputs from tools like Copilot or generative AI chat platforms reviewed or monitored before reaching clients or the public?
  • Recordkeeping: Can AI-generated content or decisions be captured and archived under your existing books and records policies?
  • Governance: Do you have cross-functional policies in place to assess who can use AI tools, for what purposes, and with what level of oversight?
  • Compliance mapping: How are you aligning AI-related communications and advice to existing regulatory standards, such as Reg BI, the Advisers Act, or FINRA communications rules? 

What’s next for regulatory enforcement: The shape of things to come

The panel forecasted a few directional shifts for the remainder of 2025:

  • Crypto and meme coins: Expect continued — but more targeted — oversight of speculative investments as the SEC’s new administration recalibrates its approach. The newly formed Cyber and Emerging Technologies Unit (CETU) replaces the Crypto Assets and Cyber Unit and includes approximately 30 fraud specialists focused on digital asset scams, meme coins, and AI-related fraud. This shift signals a clear move from broad-based crypto crackdowns to more fraud-centric targeting.
  • Finfluencers: Enforcement involving social media influencers is likely to broaden. Firms using influencers should be prepared to document their review processes and ensure claims are balanced and not misleading.
  • A pragmatic path forward: Perhaps the biggest shift? A more measured approach to recordkeeping enforcement. Two SEC commissioners recently signaled support for a “pragmatic and privacy-respecting” framework, suggesting a possible move away from one-size-fits-all enforcement and toward expectations that reflect each firm’s risk profile, supervisory efforts, and good-faith compliance measures. 

"We’re witnessing [deregulation] happen at lightning speed at the SEC..."

-- Adam Pollet, Eversheds Sutherland

Final takeaway: Reasonableness is the new watchword in regulatory compliance

As firms continue to assess their risk posture in 2025, it’s no longer just about checking regulatory boxes. The shift in tone at the SEC and FINRA points toward a renewed focus on reasonableness in supervision, emphasizing that while perfection may be unrealistic, gaps in oversight and documentation may still lead to enforcement.

Expectations are still clear: Firms must demonstrate a proactive, documented, and evolving approach to compliance — especially as the lines between communications, promotions, and day-to-day operations increasingly intersect across digital channels. 

Looking ahead to Q2: Don't miss the latest regulatory enforcement news

Now may be the time to:

  • Review your influencer and digital marketing policies
  • Reassess your AI governance framework and supervisory readiness
  • Revalidate your archiving and supervision programs — with a focus on off-channel communications and control gaps 
featured guide icon

FEATURED GUIDE

Financial Services and Generative AI: Navigating a New Era of Innovation

How financial services firms are embracing — and governing — generative AI

Get Guide

Share this post!

Tiffany Magri
Latest posts by Tiffany Magri (see all)
Smarsh Blog

Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.

CONTACT US

FEATURED CONTENT

Ready to enable compliant productivity?

Join the 6,500+ customers using Smarsh to drive their business forward.

watch it work
CONTACT SALES

More Resources

review supervision eye tech focus featured img
AI in Financial Services: Enhancing Review, Elevating Oversight
by Tiffany Magri
on June 26, 2025
Read more
ai homepage cc 2024
How Smarsh AI and APIs Turn Compliance Chaos into Confidence
by Tom Padgett
on June 26, 2025
Read more
data points network connected featured img
Modernizing FINRA Rules for the Modern Workplace
by Robert Cruz
on June 24, 2025
Read more

Contact Us

Tell us about yourself, and we’ll be in touch right away.