The SEC Division of Examinations has released its Fiscal Year 2026 examination priorities. For registered investment advisers and broker-dealers, the priorities highlight recurring themes—fiduciary obligations, conflicts management, cybersecurity and customer data safeguards, custody controls, and marketing/advertising practices. Firms that align their compliance programs to these focus areas reduce exam risk and improve readiness.

If you or your firm needs assistance with these compliance issues, or with responding to an SEC or FINRA enforcement issue, give us a call at 212-509-6544. We have been representing advisors and their firms for decades.

2026 SEC Examination Priorities: The Big Themes

The SEC’s priorities serve as a roadmap for what exam staff are likely to test. While the specifics vary by firm, the core message is consistent: the SEC expects policies and procedures that are tailored, implemented, tested, and documented—rather than “paper programs.”

1. Fiduciary Duty and Standard of Conduct

For investment advisers, the SEC continues to emphasize the adviser’s fiduciary duty. Examiners often focus on whether advisers:

• Act in clients’ best interests
• Identify, mitigate, and disclose conflicts of interest
• Provide accurate, complete fee and expense disclosures
• Document recommendations and ongoing monitoring consistent with client objectives and risk tolerance

For broker-dealers, exams commonly evaluate compliance with Regulation Best Interest (Reg BI), including reasonable-basis and customer-specific determinations, conflict disclosures, and the supervision and review of recommendations.

2. Compliance Program Effectiveness

The SEC will examine whether compliance programs are operational, up to date, and risk-based. Expect attention to:

• Policies and procedures tailored to the firm’s actual business lines
• Periodic testing, surveillance, and remediation processes
• Supervisory controls and escalation protocols
• Senior management oversight and accountability
• Evidence that compliance is implemented in practice (not merely written)

3. Regulation S-P and Data Safeguards

Customer information protection remains a top priority for examination. Firms should expect scrutiny of information security controls and incident readiness, including:

• Written information security policies aligned to business and technology risks
• Incident response planning and documented tabletop testing
• Access controls, authentication, and least-privilege principles
• Vendor oversight for service providers handling nonpublic personal information
• Data retention and secure disposal practices

4. Custody and Safeguarding of Client Assets

The SEC continues to focus on custody and safeguarding risks. Depending on your model, examinations may test:

• Whether the firm has custody (including inadvertent custody) and how it is identified
• Use of qualified custodians and related client disclosures
• Fee deduction controls, approvals, and reconciliation steps
• Authority over client assets (including passwords or standing letters of authorization) and related controls

5. Marketing Rule and Advertising Practices

Marketing and advertising remain active exam topics under the Investment Advisers Act Marketing Rule. Firms should expect reviews of:

• Performance advertising, including substantiation and calculation support
• Policies for hypothetical performance, if used
• Use of testimonials, endorsements, and third-party ratings
• Consistency between marketing materials and Form ADV disclosures
• Books and records supporting marketing claims

Practical Exam-Readiness Steps for 2026

Run a Pre-Exam Risk Assessment

Identify your highest-risk areas and prioritize remediation. Common starting points include conflicts, fee and expense disclosures, cybersecurity controls, custody triggers, and marketing substantiation.

Strengthen Documentation

SEC exams are documentation-driven. Maintain clear evidence of testing, approvals, surveillance, remediation, and periodic reviews. If a control exists, you should be able to show how it operates and who owns it.

Review Vendor Management

Where third parties support trading, portfolio accounting, billing, communications, or client portals, confirm you have appropriate diligence, contract provisions, and monitoring. Document your oversight.

Refresh Training and Supervision

Train supervised persons on conflicts, communications/marketing, cybersecurity hygiene, and escalation procedures. Confirm supervisors understand how to review recommendations and marketing content.

Conclusion

The SEC’s 2026 examination priorities reinforce a familiar expectation: investor protection through effective, tailored compliance programs backed by testing and documentation. Firms that proactively align their controls to the SEC’s focus areas—fiduciary duties, conflicts, cybersecurity and Regulation S-P safeguards, custody controls, and marketing rule compliance—will be best positioned for a smooth exam cycle.

---

Related:

• Why do I need a securities lawyer?
• How long does an SEC investigation take to complete?
• Regulation Best Interest (Reg BI)
• SEC Examinations