Advisor Perspectives welcomes guest contributions. The views presented here do not necessarily represent those of Advisor Perspectives.
It started with JPMorgan in December 2021 — a $125 million fine for WhatsApp recordkeeping failures that seemed, at the time, like a high-profile warning shot. It wasn't. Over the next three years, the SEC and CFTC charged over 100 firms and imposed more than $3 billion in combined penalties for the same category of violation. The most recent wave came in January 2025 — $63 million across 12 firms. Every chief compliance officer (CCO) in financial services was paying attention.
Then the SEC stepped back. A new administration signaled less interest in technical recordkeeping violations, pivoting toward fraud and investor harm cases instead. No new off-channel enforcement actions followed in the first half of 2025. For many, the conclusion was straightforward: The pressure was off.
But what they missed is that one regulator going quiet doesn't mean the issue goes away. The rules haven't changed. The obligation to capture, retain, and supervise communications is exactly what it was in 2021. What changed was the enforcement spotlight — and firms that have mistaken a quieter SEC for a changed regulatory landscape are building exposure that will surface eventually.
1 Rulebook, 2 Agendas
The SEC's headlines dominated conversation so completely that FINRA's parallel enforcement activity barely registered. For broker-dealers, that's a significant blind spot. FINRA operates independently and runs its own cycle under its own authority. While these two organizations share a rulebook, they do not share a calendar. A firm that concluded the off-channel pressure had eased in mid-2025 was making a judgement about FINRA based entirely on SEC behavior, and 2025 showed exactly what that assumption costs.
What FINRA Was Doing While Everyone Watched the SEC
While the compliance industry was processing the administration change and watching for signals from the new SEC, FINRA kept issuing fines. In June 2025, Velox Clearing received $1.3 million in FINRA sanctions — plus a further $500,000 from the SEC — for off-channel failures uncovered during a routine cycle examination. The firm's CEO and senior staff had routinely conducted client business over WeChat. Over 10,000 messages went unretained — compliance had flagged it, and nothing was done.
The enforcement continued. In October, a former Wells Fargo Advisors broker was fined and suspended for off-channel messaging — and then deleting the evidence. A $65,000 fine against a member firm followed in November. Into 2026, FINRA barred an individual from associating with any member firm for off-channel communications use entirely. Where the SEC sweep largely targeted institutions, FINRA is increasingly holding individuals personally accountable. Personal devices can bring personal liability.
The 2026 Oversight Report
The FINRA 2026 Annual Regulatory Oversight Report is the clearest available signal of where examiner attention is going. Electronic communications capture failures, off-channel use, and inadequate supervision procedures all feature explicitly as findings from recent examinations. FINRA flags recordkeeping lapses more than 50 times across the report and recommends firms simulate regulatory examinations, monitor for unapproved channel use, and regularly refresh communications surveillance keywords. For broker-dealers planning their compliance priorities for 2026, this document deserves serious attention.
A Dangerous Cycle
For mid-market firms, the SEC's billion-dollar enforcement wave was always a somewhat distant threat, as those headline actions mostly landed on major Wall Street institutions. The SEC broadly leaves broker-dealer examinations and discipline to FINRA, except at the top end of the market. The more immediate risk has always been the FINRA cycle examination. An examiner finding off-channel failures in a routine exam doesn't generate a headline, but it does generate findings, remediation requirements, and heightened supervision plans — consequences that hit a mid-market firm disproportionately hard and linger well after the examination closes.
The absence of news is not the absence of risk. The rules haven't changed, and firms that stopped paying attention during a quieter enforcement period will find that out the hard way. Gaps that opened in 2025 don't disappear — they show up in the next cycle exam, often at the worst possible time.
The baton didn't get dropped; it just changed hands.
Read more by Jamie Hoyle:
Jamie Hoyle is VP, product at MirrorWeb, where he leads product strategy for the company. He joined MirrorWeb as lead software engineer in 2017, eventually transitioning to product and spearheading the development of their flagship communications surveillance platform, MirrorWeb Insight.
A message from Advisor Perspectives and VettaFi: Discover something new! Click here to register for our upcoming webcasts.
Read more articles by Jamie Hoyle
Advisor Perspectives welcomes guest contributions. The views presented here do not necessarily represent those of Advisor Perspectives.
