On November 17, 2025, the SEC Division of Examinations released its 2026 Examination Priorities, a roadmap of where the Commission is focusing its attention this year. Although there has been much speculation about a different tone, focus, and approach from the current Commission, this year’s priorities do not appear, on their face, to be a significant departure from prior years.
The Leadership Team’s message reiterated that as the Division of Examinations (the Division) embarks on a new fiscal year, it remains grounded in advancing its four pillars to promote compliance, prevent fraud, inform policy, and monitor risk.
However, the release was also accompanied by a carefully crafted statement from Chairman Paul Atkins, commenting, in part: “Examinations are an important component to accomplishing the agency’s mission, but they should not be a ’gotcha’ exercise. Today’s release of examination priorities should enable firms to prepare to have a constructive dialogue with SEC examiners and provide transparency into the priorities of the agency’s most public-facing division.”
Acting Director Keith Cassidy added, “In this increasingly complex and changing financial and regulatory environment, we strive to improve compliance in a way that is both transparent and practical. Fiscal year 2026 marks an important time for the Division to build on our strengths, advance our mission with renewed focus, and ensure that our examination program continues to protect the investing public and support fair and orderly capital markets.”
In this blog, we break down what’s changed, what’s stayed the same, and what it means for your compliance program.
What’s Continued from 2025
Much like 2025, the SEC continues to focus on:
- Fiduciary obligations and conflicts of interest
- Cybersecurity and data protection
- Regulation Best Interest (Reg BI)
- Compliance programs for never-examined and newly registered firms
- Anti-money laundering and sanctions monitoring
- AI usage across the firm
These remain critical risk areas across investment advisers, broker-dealers, and investment companies.
What’s New and Updated for 2026
1. Names Rule Enforcement
Funds must now align their investment portfolios with what their name implies. For example, an ESG-labeled fund must invest primarily in ESG assets.
Why it matters: Examiners will check if your marketing matches your fund holdings, and misleading names will draw scrutiny.
2. AI & Advanced Tech Oversight
The SEC is sharpening its focus on how firms use AI tools, including representations about AI capabilities and how those tools are supervised. While AI was mentioned in prior exam priorities, its presence in the 2026 release suggests an escalation in both scrutiny and enforcement expectations.
Why it matters: AI technology and adoption is accelerating at a pace the market has not seen since the dawn of the internet. With new technology comes risk. The SEC’s mission is to ensure investors are protected. When AI is used in any decision-making processes, compliance professionals should identify and mitigate the inherent risks of its use, ensure that decisions are explainable, aligned with client needs and strategy, as applicable, and that processes and the firm’s reliance on AI is transparent.
In 2026, we expect to see the SEC crack down on “Black Box AI.” Meaning, the innerworkings and decision-making process the AI algorithm is using to make decisions is not transparent or easy to understand. If your firm is using AI technology at any capacity, it is critical that the compliance team has a deep understanding of why the technology came to that conclusion.
Compliance teams need to audit and document AI-usage and technology across the firm. AI risk assessments, policy and procedure reviews, the addition of an AI policy to existing compliance manual or the creation of a stand-alone AI policy, training and education around acceptable and non-acceptable use of AI are all things that CCOs and compliance teams must prioritize in 2026.
3. Cybersecurity Gets More Specific
Expect questions about how you handle AI-related cyber threats, polymorphic malware, and whether you’re using threat intelligence to inform your defenses.
Why it matters: The SEC wants to know if you’re staying ahead of fast-evolving threats, especially those impacting client and investor data. As cyber-attacks and financial crimes become more sophisticated – especially with the evolution of AI, phishing attempts, and deep fakes – firms must ensure they have strong cybersecurity programs in place that protect the firm, the investors, and the financial markets.
4. Regulation S-P: Adopted
With the 2024 Regulation S-P amendments now adopted, the Division will examine firms’ preparedness and, after compliance dates, enforce adherence to incident response, breach notification, and safeguards obligations.
Why it matters: Regulation S-P is no longer a paperwork exercise — it’s a test of operational resilience. The SEC’s updated rule makes data protection and breach responses core compliance functions, not just IT responsibilities. Firms must demonstrate that they can identify, contain, and communicate data incidents quickly and transparently. Examiners will look for evidence that policies are implemented, tested, and enforced across vendors and affiliates.
For CCOs, this means translating privacy safeguards into governance proof: documented risk assessments, vendor oversight, and breach-notification protocols that withstand regulatory scrutiny. Firms that treat customer information as a compliance asset — not a liability — will be best positioned when examiners turn priorities into enforcement.
5. Complex and Alternative Investments
Examiners will focus on alternative and complex investments, especially products with higher costs or those sensitive to market volatility. Recommendations to senior investors will be reviewed carefully to ensure suitability and transparency.
Why it matters: Examiners will continue to scrutinize complex and alternative products — especially those with higher costs, opaque structures, or heightened sensitivity to market volatility. The focus extends beyond product selection to how firms evaluate, disclose, and supervise these investments across diverse client profiles. While not entirely new, the 2026 priorities introduce new granularity to the Division’s emphasis, including private credit, wrappers, lockups, and retail channels.
For CCOs, this priority underscores the need for documented suitability processes, enhanced product due diligence, and clear communication of risks and fees. As investor access to alternatives expands, firms must prove that product complexity never outpaces the firm’s supervisory framework or the client’s understanding.
6. Prime Brokerage & Alternative Trading Systems
The SEC is looking more closely at cash sweep programs, routing practices, and ATS compliance.
Why it matters: For firms active in these areas — including dual registrants and private funds with prime brokerage relationships — this priority signals heightened scrutiny of transparency and controls. Expect examiners to test whether disclosures align with actual practices, whether best-execution policies are applied consistently, and whether operational or technology controls are sufficient to prevent misuse of client assets or information. Firms that can demonstrate traceability between policies, supervision, and execution data will be best positioned when this priority turns into exam testing.
7. Fiduciary Standards and Conflicts of Interest
The SEC will continue to assess adherence to fiduciary standards of conduct – particularly with respect to retail investors. Expect close attention to conflicts of interest, best execution practices, and the factors advisers consider when providing investment advice.
Why it matters: This priority cuts to the heart of an adviser’s regulatory DNA. Fiduciary obligations aren’t just about intent — they’re about evidence. The SEC is increasingly looking for proof that conflict reviews, disclosure updates, and investment rationales are embedded in the firm’s compliance culture, not handled retroactively. Firms that maintain a clear, documented link between clients’ best interest, product selection, and supervisory oversight will be positioned to demonstrate true fiduciary discipline when examiners come calling.
8. Dual Registrants and Third-Party Access
The SEC will evaluate dual registrants and investment adviser representatives (IARs) who are also broker-dealer representatives. Advisers using third parties to access client accounts will face scrutiny over vendor oversight and data integrity.
Why it matters: Dual registrants and tech-enabled advisers sit at the intersection of heightened regulatory expectations. The SEC wants evidence that firms aren’t outsourcing their fiduciary duty — that vendor access, supervision, and data governance are documented, tested, and defensible. Effective controls over third-party integrations and role-based permissions now function as a proxy for overall compliance maturity.
9. Merged or Newly Registered Firms
Advisers that have merged, been acquired, or are newly registered should expect exams to assess whether compliance programs have scaled appropriately. Core areas like marketing, valuation, trading, portfolio management, disclosures, filings, and custody remain central to this review.
Why it matters: Post-merger or post-registration periods often expose the gaps between policy and practice. The SEC will test whether firms have integrated disparate systems, harmonized supervision, and recalibrated their compliance programs to fit the new risk profile. For CCOs, this is a reminder that growth is not an excuse for inconsistency — it’s a trigger for enhanced governance. Firms that can evidence how their compliance infrastructure evolves with scale will stand out as exam-ready and regulator-aligned.
How These Priorities Apply by Firm Type
Investment Advisers
The SEC will assess whether investment advisers are adhering to their fiduciary duties, particularly in how they recommend and disclose complex, high-fee, or illiquid products like private credit or leveraged ETFs. Advisers using artificial intelligence or third-party platforms will be examined to ensure proper supervision, accurate disclosures, and that outputs align with client investment profiles. Newly registered firms or those undergoing M&A will face exams assessing whether compliance controls are scaled appropriately.
Investment Companies
Examiners will be evaluating mutual funds and ETFs on their compliance with the updated Names Rule, especially for funds claiming ESG, tech, or thematic exposure. Reviews will include how fund names align with portfolio holdings, and whether disclosures match marketing language. Funds using complex strategies or with significant exposure to illiquid assets will receive additional scrutiny, especially closed-end funds and those with leverage vulnerabilities.
Broker-Dealers
Broker-dealers will be reviewed for compliance with Reg BI, with a specific focus on rollover recommendations, account type suitability, and product selection, particularly for older investors or those saving for retirement. Complex or high-risk products like variable annuities, private placements, and non-traded REITs are exam targets. Examiners will also look at order routing practices, Form CRS accuracy, and the integrity of cash sweep and mobile trading platform disclosures.
Transfer Agents & Funding Portals
With Regulation S-P amendments now in effect, transfer agents and funding portals must have operational incident response programs that meet SEC requirements. Exams will focus on whether these entities maintain proper records, avoid prohibited activities like soliciting transactions, and can demonstrate safeguards over customer data. Funding portals will also be examined for compliance with restrictions on offering advice and handling investor fund
Action Steps for Compliance Teams
- Review AI use cases and make sure all representations match what your firm actually does
- Update your cybersecurity protocols to reflect AI-related threats and response planning
- Audit fund names and holdings for alignment with the SEC’s updated Names Rule
- Test your data breach response plans in line with the new Regulation S-P
- Tighten rollover and account recommendation procedures, especially for retail clients
The Bottom Line
While the 2026 priorities echo familiar themes, the tone from leadership makes one thing clear: this is not about enforcement through surprise, but engagement through transparency. For compliance officers, it’s a chance to recalibrate, modernize, and demonstrate proactive oversight.
Need help aligning your program with these priorities?
Comply enables modern compliance programs with tools and expertise built for how the industry really works.
Let’s talk.
All information sourced from the SEC. For the full 2026 Exam Priorities, visit the SEC website.