Law and Order – April 2026: A.C.T. Now or Act Later
The Financial Industry Regulatory Authority, Inc. (FINRA) posts the disciplinary actions it took to an online database. It also publishes a monthly summary of these actions, which is a worthwhile read for those in the industry—if only for insight into FINRA’s current priorities. Below, I offer a thought on FINRA’s April 2026 edition.
FINRA described a number of cases with a common theme: firms saw problems seemingly early enough to address them, but failed to do so. This suggests a response framework of A.C.T.
A — Address the Issue
One matter involved undisclosed facts in a private placement, including missed payments, interest and fee issues, and a guaranty that FINRA characterized as “worthless.” It also found supervisory failures where the principal allegedly knew of warning signs and still did not require disclosure to investors.
Awareness without action is not enough. Regulators pay close attention to what the firm did in response to red flags. Did it escalate it to the appropriate persons? Did it disclose the issue to its investors? (Did it need to?) Did the firm restrict or take other action concerning the product? Was remediation necessary? At a minimum, I recommend documenting the analysis of those considerations.
C — Control the Systems
Another matter presented this issue in a different context. FINRA alleged that the firm’s surveillance systems and supervisory reviews were not reasonably designed to identify potentially manipulative trading activity. The findings focused heavily on surveillance gaps, unreasonable thresholds, and failures to properly escalate or review alerts.
This case is a useful reminder that surveillance technology is not automatically effective because it has dashboards and impressive reports. These systems run the risk of becoming institutional furniture if a firm stops asking whether the assumptions on which the system was built or deployed still matches the business the firm actually conducts.
FINRA Rule 3110 requires supervisory systems “reasonably designed” to achieve compliance. That phrase matters. Before FINRA asks uncomfortable questions, a firm should at least know the answers to:
- What activity does the system exclude?
- What are an alert’s parameters?
- Who reviews alerts, and how quickly?
- Can the firm document meaningful escalation and review?
These answers cannot be some derivation of “the vendor handles that”.
T — Tone at the Top Matters
Another matter concerned a regulatory favorite: off-channel communications. FINRA alleged the firm’s supervisors knew its representatives used personal email accounts for securities business, and some supervisors were copied on the communications themselves.
People rarely follow the policy binder. They follow the behavior leadership tolerates. A firm can distribute policies all day long. It can require annual certifications written in very serious compliance language. But when supervisors and principals ignore conduct happening directly in front of them, employees learn the real rules quickly. When supervisors treat exceptions casually, representatives tend to do the same. Culture works that way.
FINRA’s April report does not describe exotic misconduct; it describes supervisory systems that did not act timely or at all. Better to A.C.T. sooner than act (with a regulator) later.
Broker-dealers and registered investment advisers want to spend their time serving the clients, not their regulators.
Read More:
- Law and Order – March 2026
- Law and Order – February 2026
- Law and Order – January 2026
- Law and Order – December 2025
- The CAT is Back on the Vet’s Exam Table: What the SEC’s New Concept Release Means
- Finally Something to Welcome on April 15
- December at the SEC: DTC Tokenization Pilot and Marketing Rule Risk Alert
- Lessons from the Marine Corps Marathon
- With Apologies to Jerry West
- About