The Financial Industry Regulatory Authority highlighted persistent failures in firms’ anti-money laundering compliance programs in its 2025 annual regulatory oversight report. The report underscored ongoing concerns about inadequate customer due diligence, failures to respond to red flags and insufficient independent testing, all of which make companies more vulnerable to financial crime. 

Under FINRA Rule 3310, firms must implement written AML programs that comply with the Bank Secrecy Act and its regulations. These programs should include independent compliance testing, ongoing training for personnel and risk-based procedures for monitoring customer activities. However, FINRA found widespread deficiencies in these areas. 

“We are entering an era of significant uncertainty in financial regulation,” says Robert Cruz, vice president of regulatory and information governance at Smarsh Inc. “While no one can predict with certainty what the future regulatory structures will look like, one key message to advisers is that even in an era of ‘deregulation,’ you cannot afford to neglect the essentials of compliance.”  

According to Cruz, insider trading, market manipulation and money laundering now have a much larger playing field, as innovations in artificial intelligence and cryptocurrency are making misconduct significantly harder to detect.   

Key Compliance Gaps 

One major concern specified in the FINRA report was firms’ failure to properly conduct customer identification programs and customer due diligence. Some firms misinterpreted their obligations, failing to recognize formal customer relationships or neglecting to verify identities at account opening. Others lacked clear policies, making compliance inconsistent. 

Another critical issue raised in the report was a failure to act on red flags. Some firms auto-approved accounts, despite warning signs like identity mismatches, nominee accounts and suspicious trading activity. Many companies also lacked effective procedures to detect identity theft and synthetic identity fraud. 

FINRA found that some firms had weak AML procedures for detecting and reporting suspicious transactions. Deficiencies included insufficient resources for monitoring, failure to investigate high-risk transactions and overlooking red flags in wire transfers and securities trades. 

Additionally, some firms failed to notify their AML departments of suspicious activities, such as cybersecurity breaches and fraudulent transfers. Others did not respond adequately to regulatory and law enforcement inquiries, raising further compliance concerns. 

Testing and Training Weaknesses 

Independent testing of AML programs and training programs were often inadequate, FINRA noted, with firms skipping required annual reviews or conducting superficial assessments that failed to evaluate the company’s ability to detect suspicious activities. In some cases, firms failed to adjust their AML testing to reflect new products, services or client bases that shifted their risk profile. 

FINRA also found that some firms did not adequately train employees to recognize and respond to suspicious activities, which weakened the companies’ ability to prevent financial crimes. 

“Unfortunately, many advisers continue to rely on outdated, single-purpose compliance technology that was built in an era of email,” said Cruz. “The importance of investing in modern approaches to compliance that understand today’s communications formats and can be used to spot potential red flags has never been greater.”  

Best Practices for Strengthening AML Compliance 

FINRA’s report suggested AML practices that firms can adopt to improve compliance: 

• Investigating unusual withdrawals: scrutinizing large or suspicious withdrawals, especially from elderly or vulnerable customers (e.g. a disbursement from a retirement account), to prevent fraud;  

• Enhancing transaction monitoring: regularly reviewing clearing firm transactions to detect suspicious activity patterns; 

• Updating corporate AML policies: aligning policies with regulatory updates from the SEC, FinCEN and FINRA; 

• Strengthening customer verification: using multiple ID verification methods and cross-referencing information with third-party sources; 

• Improving cross-department coordination: ensuring AML teams communicate with compliance, risk management and business units; and 

• Enhancing training programs: tailoring training to employees’ roles and incorporating lessons from independent testing. 

The FINRA report pointed out that financial crime threats are evolving and companies should expect increased regulatory scrutiny of AML programs. Firms may face penalties for failing to address deficiencies. Strengthening AML frameworks is critical, the regulator noted, to prevent financial crimes and ensure compliance with FINRA regulations.