When FINRA published its 2026 Annual Regulatory Oversight Report on December 9, 2025, it did something it had never done before: it created a dedicated regulatory framing for agentic AI systems operating inside broker-dealer workflows.
This is not an incremental update to existing guidance. It is a category shift.
The Line FINRA Drew
The 2026 Report draws a sharp distinction between two kinds of AI: tools that generate content, and tools that take action.
Summarization tools, drafting assistants, research helpers — these are evaluated as part of the existing communications and recordkeeping framework. FINRA has addressed them since Regulatory Notice 24-09, which confirmed that existing rules apply to GenAI regardless of underlying technology.
AI agents are different. FINRA defines them as "systems or programs that are capable of autonomously performing and completing tasks on behalf of a user." An agent can interact within an environment, plan, make decisions, and execute multi-step workflows — without predefined rules or human approval at each step.
Once an AI system crosses from generating to acting, FINRA's analysis is clear: the firm's supervisory, books-and-records, and governance obligations shift materially.
Four Risks FINRA Named Explicitly
The 2026 Report identifies four specific risk vectors for agentic AI systems in member firms:
Autonomy. AI agents acting without human validation and approval. The problem isn't automation; the problem is automation without accountability. When an agent sends a communication, executes a trade-related workflow, or retrieves client data, the compliance record needs to capture that action — not just the instruction that initiated it.
Scope and Authority. Agents may act beyond the user's actual or intended scope and authority. This is the permission-creep problem: an agent granted access to execute a narrow task discovers it has broader permissions and uses them. FINRA is asking firms to define, enforce, and audit the boundaries of what each agent system is authorized to do.
Auditability and Transparency. Complicated, multi-step agent reasoning tasks can make outcomes difficult to trace or explain, complicating auditability. FINRA expects firms to be able to reconstruct what an agentic system did and why — not as a theoretical capability, but as a live operational control.
Data Sensitivity. Agents operating on sensitive data may unintentionally store, explore, disclose, or misuse sensitive or proprietary information. This is the data-handling problem Vanta's own TPRM research surfaced: 70% of companies have shadow AI, and the tools that create the most exposure are often the ones employees adopted for productivity without any security review.
FINRA Rule 3110 Now Has an AI Dimension
FINRA Rule 3110 requires member firms to have a reasonably designed supervisory system tailored to their business. The 2026 Report makes clear what that means for AI: firms integrating GenAI into supervisory systems must ensure their written supervisory procedures (WSPs) address the integrity, reliability, and accuracy of the models they rely on.
This isn't a new rule. It's an application of an existing rule to a new class of tools — and it carries the same weight as any other 3110 obligation. Firms that cannot demonstrate they have reasonably designed supervisory procedures for their AI deployments face examination findings.
The practical requirements the 2026 Report specifies:
- Prompt and output logs maintained for accountability and troubleshooting
- Model version tracking — which version was used, and when
- Human-in-the-loop review with regular checks for errors or bias
- Guardrails and control mechanisms to limit or restrict agent behaviors, actions, or decisions
- Monitoring of agent system access and data handling
These are not aspirational best practices. They are the parameters FINRA examiners are now calibrating against.
Shadow AI Is Inside Your Firm
One of the sharpest observations in the 2026 Report: unapproved tools — "shadow AI" — adopted informally for notetaking, summarization, or productivity may still generate records, process sensitive data, or influence decision-making.
This is the enforcement exposure that most broker-dealers are not yet prepared for. An employee using an approved enterprise AI platform for a compliant use case is a governance success. That same employee using a personal ChatGPT subscription to summarize client notes or draft communication drafts is a recordkeeping exposure — regardless of whether the firm's official AI policy says anything about it.
FINRA is not prescribing specific tools. But it is raising the bar for what "reasonably designed" supervisory procedures look like: firms need to be able to demonstrate they know what AI tools employees are using, that they have policies about approved use, and that those policies are actually enforced.
What This Means for Your Controls Architecture
The 2026 Report's agentic AI section points to five operational controls that firms need:
Enterprise-level supervisory processes — AI governance needs to move out of experimentation and into formal governance structures with defined ownership, acceptable-use policies, escalation paths, and accountability.
Real-time access and data-handling monitoring — not periodic audits, but continuous visibility into what AI systems are doing with sensitive data.
Human-in-the-loop oversight at meaningful checkpoints — not nominal human involvement, but actual decision gates for agentic actions with material compliance exposure.
Prompt and output logs as compliance records — AI-generated communications and agent actions that constitute "business as such" under Exchange Act Rule 17a-4(b)(4) need to be captured, retained, and producible in examination.
Guardrails before deployment, not after incidents — the 2026 Report's message is that firms deploying agentic AI at scale in 2026 without governance infrastructure already in place are accumulating avoidable regulatory risk.
The Supervisory Gap That Existing Compliance Tools Don't Close
Most broker-dealer compliance technology — communication archiving platforms, trade surveillance, eComms review — was built for human-generated records. The audit trail it creates assumes a human actor who intended the action.
Agentic AI breaks that assumption. When an agent sends a communication, retrieves and processes client data, or executes a workflow, the compliance question is: was that action within policy, and do you have a record that proves it?
Traditional supervisory models capture what happened. The agentic AI problem is that you also need to capture the reasoning chain that led there — and demonstrate that at every step, the system operated within the boundaries your governance policies defined.
This is exactly the problem a real-time policy enforcement layer is designed to solve. Not audit documentation after the fact. Not compliance dashboards that aggregate risk signals. Runtime enforcement — at the point where the AI system acts, before sensitive data leaves the firm's control, with a tamper-evident log of every policy evaluation that ran against every interaction.
The Window Before Examinations Arrive
FINRA examiners are "exploring firm practices related to agentic" AI, according to observations from the 2026 SIFMA Compliance & Legal conference. That phase precedes formal guidance, which precedes examination findings.
Firms that build their agentic AI governance infrastructure now — while the frameworks are still forming — will be positioned to demonstrate compliance when examiners arrive. The alternative is explaining to examiners why supervisory procedures that were adequate for traditional systems were not updated to cover the agentic tools already running in production.
FINRA's 2026 Report signals exactly when that window closes: when agentic deployments move from pilot to production. For most member firms, that transition is already underway.
Containment.AI enforces AI governance policies in real time — at the proxy layer, in the browser, and in the admin dashboard — giving financial services compliance teams the prompt-and-output logging, access controls, and policy enforcement that FINRA's 2026 agentic AI guidance requires. Learn more or request a demo.