January is often a time for kickstarting New Year’s resolutions, but, recent enforcement actions from the Financial Industry Regulatory Authority (FINRA) have made clear that its goals for 2026 are much the same as they were last year – deterring misconduct and reinforcing compliance expectations for both firms and individuals.
Get with the AML compliance program – or pay the price
In January, FINRA levied a $1.1 million fine against three subsidiary firms, collectively known as Cetera Firms, for various noncompliance violations. These included supervisory system deficiencies and anti-money laundering (AML) compliance failings that led to missing signs of potential financial misconduct.
FINRA found that Cetera Firms’ AML compliance program was not sufficiently “designed to detect and cause the reporting of suspicious transactions.” From March 2019 to August 2021, the firm did not have adequate procedures in place to monitor for and identify potentially suspicious transactions involving low-priced securities, meaning that 800 million shares were sold without having been assessed for red flags.
Although Cetera Firms’ policies did require monthly reviews of low-priced security deposits and transactions prior to December 2019, they did not specifically assess suspicious activity, nor did they provide guidance on how to identify suspicious transactions. Post December 2019, the firm conducted daily report reviews, though they still did not include historical information to identify patterns of suspicious activity for low-priced securities.
Since Cetera’s AML compliance program did not accurately outline appropriate risk-based procedures, the firm failed to take steps toward identifying and investigating red flags, such as a customer’s trading activity representing a large portion of the daily volume (with one instance seeing three customers accounting for between 40% – 88% of daily market volume), or when unrelated customers opened accounts at the same time, then deposited and liquidated the same low-priced security.
In one instance, three unrelated customers opened accounts, collectively deposited over 100 shares of “Security B,” and then instantly began to liquidate those shares – with proceeds totaling $375,000.
It was found that Cetera failed to oversee and retain tens of thousands of consolidated reports that representatives shared with customers via their internal systems or third-party platforms, leading to additional violations of Books and Records requirements.
Which FINRA Rules were breached?
- FINRA Rule 3110: Also known as the “supervisory responsibility rule,” this regulation mandates that firms establish a system to supervise activities of any “associated persons.” This enables firms to monitor for fraudulent transactions or criminal activity.
- FINRA Rule 2010:This regulation promotes high standards of honor for members within the securities market to ensure that market integrity and fairness are upheld.
- FINRA Rules 4511:This regulation states that member firms must create and preserve complete records of business communications for a specified length of time as required under FINRA and Securities and Exchange Commission (SEC) Books and Records rules, such as SEC Rule 17a-4.
A clear message on off-channel communications
FINRA also barred previous securities representative, Jay Zornes, for refusing to provide information related to an investigation into whether he used unapproved channels to communicate with customers.
Cambridge Investment Research, the firm Zornes previously worked for, stated that he was under investigation for “using unapproved email addresses and an unapproved text messaging number.”
While FINRA enforcement streak against firms has not broken, last year saw the regulator intensify its concentration on individual accountability. In August 2025, it fined a broker $5,000 for cheating on CE requirements, and in December 2025, it issued a $10,000 fine for off-channel communications use, underscoring that the regulator will not hesitate to act against individual noncompliance as well as organizational issues.
In its 2026 Annual Regulatory Oversight Report, FINRA also highlighted that investigations had discovered multiple failures to maintain electronic communications records. The regulator suggested that firms continue to simulate regulatory examinations and request records from vendors, monitor associated persons for unapproved channel use, and refresh keywords used for communications surveillance to remain compliant.
New year, same priorities
As stated in its recently launched FINRA Forward initiative, the regulator is scaling efforts to help firms empower compliance programs and combat fraud risks, although it still stands ready to “bring enforcement actions to address wrongdoing, deter future misconduct, and protect…from significant harm.”
FINRA’s enforcement actions may not indicate any new or surprising priorities going into 2026 – yet – but they do drive home a critical point – compliance is central to a regulators’ mission, and firms cannot afford to drop the ball on familiar, foundational elements of compliance.
FINRA’s commitment to fight against compliance violations remains as clear as before, and to remain on the right side of regulation, firms should make sure they’ve taken steps to establish robust recordkeeping and risk monitoring solutions.
