FINRA's Exam Priorities Letter and What It Means for Compliance Technology Buyers

FINRA's 2024 examination priorities letter identifies surveillance deficiencies and electronic communications recordkeeping gaps as top-tier concerns for the third consecutive year. For registered broker-dealers and investment advisers, this is a clear signal about where examination scrutiny is concentrated. For compliance technology companies, it is a mandate letter.

Surveillance deficiencies — specifically the inability to effectively monitor for conflicts of interest, front-running, and unsuitable recommendations in electronic communications — are the dominant category because the problem has gotten harder, not easier. The proliferation of messaging channels in financial services (WhatsApp, Signal, Teams, Slack, in addition to email) has created a surveillance surface that many firms' existing archiving and monitoring systems were not built to handle. The fines FINRA and SEC levied in 2022 and 2023 on major broker-dealers for failures in off-channel communications archiving — totaling over $2 billion — established clearly that the regulatory expectation is that all business communications are captured, searchable, and review-ready.

The technology response has two components. The first is archiving: capturing communications across all channels in an immutable, retrievable format that satisfies the SEC's books and records rules. Several companies have built strong positions here. The second component — the one we find more interesting from an investment perspective — is AI-driven surveillance: intelligent monitoring that can identify potentially problematic communications without requiring manual review of millions of messages per day.

The AI surveillance problem has a specific shape that favors compliance-native architecture. A model trained to flag potentially problematic investment communications needs to understand the regulatory context — what constitutes an unsuitable recommendation, what constitutes front-running, how to distinguish aggressive sales language from prohibited conduct — at a level of specificity that general-purpose models do not provide. The companies building here that we find most compelling are the ones that have incorporated FINRA and SEC rule frameworks directly into their model training and output architecture, not the ones applying off-the-shelf NLP to a domain they are learning on the fly.