Compliance Risk Concepts

06/18/2026

On May 29, 2026, the CFTC approved Bitcoin perpetual futures on a registered U.S. exchange, with Kalshi the first domestic firm to receive that authorization and Coinbase Financial Markets granted parallel no-action relief through Coinbase Bermuda.

For FCMs, CPOs, CTAs, introducing brokers, and swap dealers, this is not a distant policy development. It is a supervisory reality to address now. Perpetual futures have no fixed expiration to force position resolution, leverage can accumulate without the discipline of a settlement date, and funding rate payments must be captured in margin calculations and books-and-records.

Our latest article breaks down what NFA Rule 2-51, Interpretive Notice 9079, and examination preparation mean for your firm.

Read it here: https://compliance-risk.com/bitcoin-perpetual-futures-nfa-compliance-what-fcms-cpos-and-ctas-need-to-know/

06/17/2026

Compliance Word of the Week: Cybersecurity 🔒

Cybersecurity policies must safeguard customer information and systems from unauthorized access. For advisers and broker-dealers, that means more than firewalls, it means written policies, ongoing training, and a response plan for incidents like phishing.

06/16/2026

CRC helps clients build and assess their Control Rooms and information barriers.

If your firm has access to material, nonpublic information (“MNPI”) and offers trading, sales, research and banking services, you have an obligation to have adequate policies, procedures and controls in place to prevent and detect the misuse of MNPI and address conflicts.

We assist clients in conducting Control Room framework assessments in the handling of MNPI and provide recommendations for developing, designing and implementation.

Learn more about our Service Model & Verticals:
https://compliance-risk.com/service/control-room-compliance/

06/12/2026

Compliance Word of the Week: Privacy 💬

Privacy obligations require firms to protect customer nonpublic personal information.

06/11/2026

SpaceX prices its IPO this week, with OpenAI's S-1 filed days behind it. For broker-dealers and RIAs, the most consequential IPO cycle in years is also the most scrutinized allocation environment in years.

The obligations have not softened. FINRA Rules 5130 and 5131, quiet period restrictions, Regulation M, and fiduciary duties around allocation all carry more weight, not less, as deal volume returns at scale.

Our latest piece covers what compliance programs should be doing now: refreshing restricted person certifications, updating WSPs, documenting allocation policies before the deal, and scaling supervision to match the pipeline.

What the current surge in high-profile public offerings means for FINRA member firms and SEC-registered investment advisers, and why compliance has FINRA Rules 5130/5131, quiet period obligations, and fiduciary duties in the 2026 IPO market. What broker-dealers and RIAs must do now before the SpaceX...

06/09/2026

There is something deceptively tidy about the word "recordkeeping." In practice, the obligations facing registered investment advisers, broker-dealers, and financial institutions are among the most operationally complex requirements in the regulatory landscape, spanning years of retention, dozens of record categories, and electronic systems of every description.

If your firm is overdue for a recordkeeping review, or uncertain whether your current program reflects the full scope of your obligations, we can help you take stock and build something that holds up.

Read the full article below! ⬇️

Spring Cleaning  There is something deceptively tidy about the word "recordkeeping." It conjures images of organized binders, labeled folders, and

06/08/2026

CRC assists organizations in successfully becoming regulated entities, provides guidance and industry expertise throughout the life of the licensing process, and is available to provide continued support, all while keeping abreast of significant regulatory updates and industry best practices.

We believe it is vital to take a proactive and risk-based approach toward compliance with regulatory guidance and oversight from FinCEN, state regulators, the SEC, and FINRA.

Visit our website to learn more about our Service Model & Verticals:

https://compliance-risk.com/service/money-services-businesses/

06/05/2026

CRC partners with clients’ Compliance and Research teams during reporting season, early in the morning, late at night, or whenever your Compliance team is short-staffed to get research out quickly and efficiently.

Whether your firm produces equity or fixed income research, CRC offers support to clients to review and clear research to avoid securities law violations, gun jumping, and delays in publications.

Visit our website to learn more:
https://compliance-risk.com/service/research-compliance/

06/04/2026

Compliance Word of the Week: Custodian. 💬

A custodian is a qualified financial institution that holds client funds or securities.

Under the SEC's Custody Rule, registered investment advisers that have custody of client assets must maintain those assets with a qualified custodian, typically a bank or a registered broker-dealer.

06/03/2026

Most incident response plans have a fatal flaw: they live in a PDF on a server that's probably offline when you need it most. We have built something better.

Our Cyber Incident Response Planning service, powered by NetDiligence®'s Breach Plan Connect® platform is a living, cloud-hosted system designed for the way financial services firms actually operate today: distributed, remote, and under constant threat.

What this means for our clients:

→ Plans that are accessible when systems go down
→ Playbooks built for ransomware, BEC, and data exposure
→ Tabletop exercises grounded in current threat scenarios
→ Built-in cyber insurance readiness

Readiness isn't a document. It's a practice. Learn more at https://www.businesswire.com/news/home/20260602656512/en/CRC-Oyster-Launches-Cyber-Incident-Response-Planning-Offering-with-NetDiligences-Breach-Plan-Connect