The report noted the regulator was "disappointed" in particular with its findings in relation to AFAs and QFEs.
AFAs are authorised financial advisers while Qualifying Financial Entities cover both the banks and insurance companies with advisers which have been under significant pressure by the regulator to improve their conduct and culture in recent years in the wake of reviews by the FMA and RBNZ.
"Given the maturity of the regulatory regime for these entities and the expansion of that regime to a broader range of advisers next year, we shouldn't be encountering non-compliance and complacency in relation to key obligations and customer outcomes," the report stated.
Everett said the message to the industry was good progress but more needs to be done.
"There are still areas ... when we go visit a firm or talk to a firm we don't always feel comfortable that enough notice is being taken and although we might not find anything that has led to a breach of the law or even identifiable harm to their customers, we can see things that if left unfixed are likely to increase that risk."
Everett said it was about trying to fix the issues now instead of waiting for things to go wrong.
"So it may feel like us being nit-picky with some of the issues that we pick up around documentation, around processes, compliance assurance programmes - and we have a long track record with advisers for arguing about the importance of documenting their advice and the basis of that advice, it is actually critical."
And he warned that it would not be patient if the documentation was not in place.
Everett said it was seeing regulatory fatigue from some parts of the industry like financial advisers and complacency at the bigger end of town.
"They think: we mean well and don't do anything that deliberately harms customers - so anything that goes wrong is just an honest mistake and we should be forgiven.
"A lot of what we have talked about since the conduct and culture reviews of the banks and life insurers ... may seem like lots of small fry issues but actually to us are both indicators of the culture and governance that is being applied to looking after their customer. In many cases where we see [these] things that need to be corrected - if they are not corrected we believe it could lead to a real problem."
Everett said his biggest area of concern was around lack of responsibility from some board directors.
"Although relatively isolated, at the top of some of these entities are board directors who just don't seem to be aware of the regulatory obligations or to have paid enough attention to them on the basis they just felt they were box-ticking exercises - they were jobs for the compliance person.
"A lot of entities are quite small so I do have some sympathy for their bandwidth but if you are a director of a licensed financial services company you need to take very seriously that there are regulatory obligations on your firm. Expressing surprise about those obligations when the FMA pitches up and saying I didn't realise, isn't acceptable."
Everett said even though the issue was not widespread the FMA had had to "read the riot act" to a few directors.
"We should not have to come to your building and explain to you what your obligations are as a organisation.
"If you are a director, from our perspective we have given you a license on the basis your board will ensure that the things that are meant to be done are done. To be expressing surprise at some of the more burdensome obligations - that is not good enough."
He said the FMA had the ability to remove directors if they don't meet their obligations.
"Typically what we would do is explain where see deficiencies and require from them an action plan which we would approve and which we will ask for external assurance it has been implemented.
"Normally that gets people back in shape. It clarifies what needs to be done and pushes them to get external help which [they] should have done in the first place and nine times out of 10 that is as much as needs to be done.
"Or if a breach is serious or doesn't do the trick then we can look at public warnings, stopping them taking on new business, requirements to bring in additional directors, or third parties to do reviews."
For conduct and culture the FMA found some entities that were not involved in its bank and life insurance conduct and culture reviews had taken very few, if any, steps to evaluate their internal practices and culture against those reviews.
"Many of our findings for these entities were similar to what we observed in banks and life insurers."
That included weakness in the governance of conduct, lack of mechanisms to identify and manage conduct risks, lack of focus on customers' needs, failure to address needs of vulnerable customers and inadequate complaint-handling processes.
As a result of its monitoring the FMA had opened 10 formal investigations during the 18 months from January 2019.
It had also referred entities to other bodies to investigate, suspended authorisation of two advisers and cancelled authorisation of another.
It was also filing court proceedings against one entity, which was not named in the report.
Everett said it would increase its focus on AFAs and QFEs and expected improvements, especially given the new financial advice regime that comes in next year.
He said the FMA regarded confidence in financial advice as a critical component in the health of New Zealand's financial sector and it would be working hard with the advice sector to ensure considerable efforts applied by most AFAs and QFEs were matched by all advisers and firms.
