The Financial Industry Regulatory Authority (“FINRA”) and the U.S. Department of the Treasury (“Treasury”) (as part of a public-private partnership) have recently issued guidance regarding the use of AI by the financial services industry. This alert summarizes certain AI-related updates from the 2026 FINRA Annual Regulatory Oversight Report (the “Report”), and the Treasury
Under new regulations effective January 1, 2026, California regulators now expect businesses to conduct an annual “cybersecurity audit” that assesses “how the business’s cybersecurity program protects personal information from unauthorized access, destruction, use, modification, or disclosure; and protects against unauthorized activity resulting in the loss of availability of personal information.”
Now is the time to
Under newly implemented regulations of the California Consumer Privacy Act (CCPA), California now requires a formal risk assessment “before initiating any processing activity” of certain (sensitive) sorts. The regulation explicitly contemplates that businesses will complete risk assessments now, in 2026.
Eventually, such risk assessments – including those completed this year – must be signed by