Guidance

FINRA has developed a secure electronic portal to replace email as the primary method for the filing and service of documents in Office of Hearing Officers (OHO) proceedings. These amendments modernize service and filing processes in a manner that will protect investors and the public interest by promoting efficiency while preserving fair process in OHO proceedings. The amendments become effective on October 7, 2025.

As member firm activity increases in blockchain and crypto assets, FINRA is launching a Crypto and Blockchain Education Program designed to empower member firm compliance and combat crypto fraud.

FINRA member firms should be aware of a supply chain attack leveraging data exfiltrated from Salesloft Drift—a third-party platform that connects the Drift AI chat agent with a Salesforce or Google Workspace instance, among others. The breach described below exposed data that could increase the risk of credential stuffing, spear phishing and social engineering attacks against member firms and their vendors. To date, we are aware of multiple impacted third-party vendors used by FINRA firms. FINRA has notified the member firms who use the affected vendors or Salesloft.

FINRA member firms that use Cisco Secure Firewall Management Center (FMC) Software should be aware of a critical vulnerability that could allow a remote attacker to run malicious code on firm systems with full administrative privileges. This Cybersecurity Alert includes a link to a Cisco Security Advisory describing the vulnerability that includes additional guidance. FINRA recommends that member firms review this information with appropriate information technology and information security personnel.

FINRA rules require members to provide associated persons with specified information relating to the uniform registration forms and predispute arbitration. FINRA has observed that members currently satisfy some of these requirements through manual processes, such as delivery of the information via U.S. mail. As part of the FINRA Forward initiatives, FINRA has made enhancements to its systems to give members the option of satisfying these requirements electronically via FINRA’s Financial Professional Gateway (FinPro GatewayTM) beginning November 3, 2025.

In 2009, the FINRA Investor Education Foundation launched the first national study of financial capability of adults in the United States. Since its start, the National Financial Capability Study has provided data on multiple indicators of capability, including financial behaviors, attitudes, and knowledge. National Financial Capability Study survey data is collected every three years. The 2024 survey, which was published in July, represents the sixth wave of data. This episodes dives into the report that serves as an important barometer of Americans financial health, and continues to be an essential resource for policymakers, researchers, financial firms, educators, and other stakeholders seeking to better understand and address the financial capability needs of Americans.

FINRA member firms that use Microsoft SharePoint should be aware of a critical vulnerability that affects certain versions of the web-based platform. This Cybersecurity Alert includes a link to a Microsoft Advisory describing the vulnerability as well as a recommendation to protect your firm. In addition, FINRA recommends that firms review this information with appropriate information technology and information security personnel to alert them to an ongoing threat.

At the 2025 FINRA Annual Conference on May 14, FINRA Chair Scott Curtis discusses topics of interest to FINRA member firms and other stakeholders, in conversation with President and CEO Robert Cook.

In an effort to increase public awareness and understanding about the broad range of FINRA-registered firms and individuals, FINRA shares an annual snapshot of some of the data collected in the course of our work.

FINRA Dispute Resolution Services (DRS) and FINRA News

The Special Investigations Unit (SIU) within FINRA’s National Cause and Financial Crimes Detection program issued this alert to highlight the U.S. Department of Treasury’s Financial Crimes Enforcement Network (FinCEN) orders under new authority to counter illicit opioid trafficking. The alert further reminds firms of their requirements under FINRA Rule 3310 (Anti-Money Laundering Compliance Program).

At FINRA’s annual conference on May 13, 2025, President and CEO Robert Cook discusses the FINRA Forward initiative and other topics of interest to FINRA member firms and other stakeholders, in conversation with Kayte Toczylowski, VP, Member Relations and Education.

FINRA member firms should be aware of an ongoing phishing campaign involving threat actors targeting executive employees at broker-dealers and investment advisors with fraudulent emails purporting to be from FINRA executives. The campaign began on or around May 21, 2025. These emails are not from FINRA, and firms should delete them and consider blocking the indicators of compromise contained at the end of this alert.

FINRA member firms that use SentinelOne Endpoint Detection and Response (EDR) protections—and potentially other EDR service providers—should be aware of a vulnerability which could allow threat actors to gain local administrative access to publicly accessible servers. This Cybersecurity Advisory describes the vulnerability as well as recommendations to protect your firm.

The staffs of the Division of Trading and Markets and the Office of General Counsel of the Financial Industry Regulatory Authority, Inc. have withdrawn the July 8, 2019 Joint Staff Statement on Broker-Dealer Custody of Digital Asset Securities.

Third-party risk is the most clicked-on topic in FINRA's 2025 Regulatory Oversight Report. But what is third-party risk and why are people so interested in it? What can FINRA member firms do to mitigate that risk? And how can FINRA help? These questions will be answered on the latest episode of FINRA Unscripted, featuring a returning guest, FINRA's Executive Vice President of Member Supervision Greg Ruppert.

FINRA member firms should be aware of a technique threat actors use to avoid network defenders detecting the required communications of malware. On April 3, 2025, the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), Canadian Centre for Cyber Security (CCCS) and New Zealand National Cyber Security Centre (NCSC-NZ) issued a joint cybersecurity advisory (CSA) to warn organizations of the ongoing threat of one such technique: fast flux.

FINRA created a quick reference guide to help firm users review and understand RSL indicators and dates in various scenarios in the FINRA Gateway Profiles application and FINRA Gateway Reports.

Member firms should be aware of an alleged large-scale data breach possibly affecting Oracle Cloud services at firms and third-party providers. FINRA recommends that firms review this information to assess any potential impact to their operations, as well as with third-party providers who provide services to the firm. FINRA previously delivered an email to firms whose domain names appeared in the threat actor post, as well as any firms that previously informed FINRA of their use of Oracle products and services.

This month, we are marking the 10th anniversary of the FINRA Securities Helpline for Seniors—an important milestone for a critical service that FINRA provides to protect vulnerable investors and assist harmed investors. On this FINRA Unscripted podcast episode, we will be speaking with leaders from FINRA’s Vulnerable Adults and Seniors Team—Elizabeth Yoka, the manager of VAST Intake, and Michael Paskin, the manager of the VAST Investigations, to discuss the Helpline and its 10 years of protecting investors.

Request for TRACE Reporting Exemption Under FINRA Rule 6732

As of March 14, 2025, Texas’ and Washington’s Form BR settings were updated to reflect that they now accept Residential Supervisory Locations.

Member firms should be aware of an ongoing phishing campaign involving fraudulent emails targeting executives and purporting to be from FINRA employees, with the goal of harvesting credentials. As indicated by the full, expanded email address hidden under a masked email display name, these emails are not from FINRA, and firms should delete them and consider blocking the fraudulent domains.