What FINRA’s 2026 Oversight Report Signals for Surveillance, Market Abuse, and “Whole Program” Control
FINRA’s 2026 Annual Regulatory Oversight Report is not a list of new rules; it is a practical map of where breakdowns keep happening, and what FINRA expects firms to do about it. The through-line is simple: it is no longer enough to have policies, systems, and committees on paper.
FINRA repeatedly emphasizes evidence: evidence that surveillance is calibrated, that alerts and red flags are investigated, that conflicts are identified and controlled, that communications are captured, and that outside activity is surfaced and supervised in a way that is operationally real.
Market integrity is still about surveillance, but the standard is “detect, investigate, document.”
In the Manipulative Trading section, FINRA ties the supervisory obligation directly to a firm’s ability to identify and investigate potential insider trading and manipulative conduct. Under FINRA Rule 3110, firms must maintain a process to review transactions “reasonably designed” to identify trades that may violate Exchange Act or FINRA rules prohibiting insider trading or manipulation, and must promptly conduct an internal investigation when a trade raises that possibility.
This framing matters for compliance leaders: FINRA is reinforcing that market abuse risk is not just a trading surveillance problem; it is a supervision + workflow + escalation problem. A good program does not just generate alerts, it shows:
- Why the alert fired
- What was reviewed
- What decision was made
- How that decision was evidenced and retained
FINRA also highlights specific market-abuse vectors, including restrictions around trading while in possession of material, nonpublic information about an imminent customer block transaction (for example, Rule 5270 front running). This is where watch and restricted list controls stop being “best practice” and become the connective tissue between deal activity, information barriers, and surveillance outcomes.
Conflicts: FINRA continues to treat “identify and mitigate” as the operational test
In Reg BI and Form CRS, FINRA’s stated findings focus heavily on failures to identify conflicts, to disclose them fully and fairly, and to mitigate conflicts that create incentives to place firm or representative interests ahead of retail customers. (FINRA)
One practical takeaway: firms often approach conflicts as a disclosure exercise. FINRA’s language and examples keep pulling the industry toward conflict controls that change behavior, not just describe it. That includes constraints on product access, compensation structures, sales practices, and escalation requirements when conflicts cannot be adequately mitigated.
Private placements: the compliance gap is frequently “process proof,” not policy language
FINRA’s Private Placements section is a reminder that private markets compliance remains a high-friction area because the facts are messy, and the risks are multi-dimensional. FINRA reiterates expectations around reasonable investigation, recordkeeping of diligence, and conflict handling, especially where firms characterize activity as “not a recommendation” despite evidence of a tailored “call to action.”
For firms, this creates a familiar pressure point: if private placement diligence, approvals, selling compensation, and conflicts live in disconnected systems (or worse, email), the program becomes difficult to defend under examination.
Outside business activities and private securities transactions: FINRA is explicit about attestations, scope, and supervision
FINRA devotes a discrete section to Outside Business Activities (OBAs) and Private Securities Transactions (PSTs) and grounds it in FINRA Rules 3270 and 3280, including the requirement that registered persons (OBAs) and associated persons (PSTs) provide written notice so the firm can prohibit, limit, or approve the activity, and supervise compensated PSTs as if executed on the firm’s behalf.
FINRA’s “effective practices” are especially direct on operationalizing these controls. It highlights the use of detailed questionnaires at onboarding and periodically thereafter, with regular attestations, and prompts that are open-ended enough to capture reality (ownership interests, fundraising, “finder” activity, and direct or indirect financial benefits).
FINRA also calls out common failure patterns, narrow interpretations of selling compensation, weak approval processes, lack of documentation and supervision, and inadequate controls to enforce firm limitations (such as solicitation restrictions).
FINRA also notes it requested comment on a proposal to streamline outside activities obligations via a proposed new FINRA Rule 3290, but it is explicit that existing requirements remain in effect until SEC approval and effectiveness.
Why this matters: “program integrity” is becoming the exam narrative
Taken as a whole, the 2026 Report can be interpreted as describing a maturity model. The firms that struggle tend to share the same structural issues:
- Surveillance and supervision are treated as separate disciplines, so issues fail to escalate coherently.
- Conflicts are documented but not operationalized through controls.
- Private activity (private placements, OBAs, PSTs) is managed through fragmented disclosures and manual follow-ups.
- Attestations happen, but they do not drive workflow, review, evidence retention, or monitoring.
Where StarCompliance Fits
This is precisely where a unified workflow and control layer becomes valuable. A solution like Star’s Compliance Control Room (CCR) is designed to bring MNPI oversight, conflicts, and trading controls into a single, auditable operating model, so watch and restricted list decisions, wall-crossing events, investigations, and approvals align to surveillance outputs and supervisory expectations. And on the employee compliance side, the Report’s emphasis on questionnaires, periodic attestations, documentation, and supervision for OBAs and PSTs maps directly to the need for structured disclosure workflows that do not degrade into inbox-driven compliance.
To learn more about how Star can advance your employee and firm compliance platform, click [HERE] for a demo.
The Compliance Officer’s Guide To Employee Compliance
