The Latest

SEC Releases FY 2026 Examinations Priorities for RIAs and Others

The Division of Examinations[1] (the “Division”) within the U.S. Securities and Exchange Commission (the “SEC”) released its annual examination priorities for FY 2026 on November 17, slightly delayed by the U.S. federal government shutdown. The list provides guidance and transparency about those topics upon which the Division plans to focus throughout the fiscal year. Registered investment advisers (“RIAs”), broker-dealers and investment companies, among other market participants, are subject to examination by the SEC.

The full report is available here: https://www.sec.gov/files/2026-exam-priorities.pdf.

Overview

The release represents the first priorities list from the SEC under its new chair Paul Atkins. The Atkins SEC has signaled a more collaborative and practical approach to SEC examinations and enforcement. In releasing the list, Atkins set a relatively business-friendly tone by emphasizing that “[e]xaminations are an important component to accomplishing the agency’s mission, but they should not be a ‘gotcha’ exercise.” Nonetheless, the priorities are consistent with prior lists, and the Division will continue to focus on many of the same critical areas for RIAs that it has emphasized for years. Advisers should accordingly continue to adhere to high standards for regulatory compliance.

In addition to longstanding priorities like fiduciary duty, standards of conduct, conflicts of interest, the custody rule, anti-money laundering (“AML”) and effectiveness of compliance programs, the 2026 list also highlights new amendments to Regulation S-P (“Reg S-P”) as regards investor privacy. The priorities are not designed to be an exhaustive list of topics, however, and RIAs should expect an examination to cover a broader list of compliance matters, as informed by an adviser’s particular business, products and services, strategy and history.

Notably, in keeping with the new cryptocurrency-friendly stand of the Atkins SEC, the priorities no longer include crypto asset regulation as a focus area for FY 2026.[2]

Priorities for Investment Advisers

While most private fund sponsors are not registered investment companies or registered broker-dealers, many are RIAs regulated by the U.S. Investment Advisers Act of 1940 (as amended from time to time, the “Advisers Act”) and should expect routine examinations every few years by the SEC. Other fund sponsors include exempt reporting advisers (“ERAs”) relying on either the venture capital fund adviser exemption (i.e. those advising solely venture capital funds) or the private fund adviser exemption (i.e. those advising solely private funds with under $150 million in assets under management (“AUM”)). While ERAs are also subject to SEC examinations, ERA exams are rarer and often focus on targeted issues instead of an adviser’s full compliance program.

As of the end of 2024, the SEC reported in May 2025 that there were 21,669 investment advisers, including approximately 15,900 RIAs and 5,760 ERAs, representing nearly double the number of RIAs and ERAs since the 2010 Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank”) that significantly amended the Advisers Act, reformed the registration process for investment advisers and established the ERA category. At the end of 2024, advisers managed a record $146 trillion in AUM,  more than tripling the amount of private capital AUM at the time of Dodd-Frank. Generally, the SEC endeavors to examine around 15% of the total RIA population annually.

The Division highlighted the following three focus areas for RIAs in FY 2026:

1. Adherence to Fiduciary Standards of Conduct. Chief among the Division’s priorities is adherence to the fiduciary duties of care and loyalty required of all advisers (registered and exempt alike) under the Advisers Act.[3]  Conflicts of interest remain a key topic for SEC examinations, especially as to the allocation of fees and expenses (especially those expenses of operating or venture partners or other personnel affiliated with the adviser) and allocation of investment opportunities.  In particular, the Division will review investment advice and related client-facing disclosures consistent with their fiduciary obligations, including:

• The impact of advisers’ financial conflicts of interest on providing impartial advice;
• Advisers’ consideration of the various factors associated with their investment advice, such as generally the cost, investment product/strategy’s investment objectives, characteristics (including special or unusual features), liquidity, risks and potential benefits, volatility, likely performance in a variety of market and economic conditions, time horizon, and cost of exit; and
• Advisers seeking best execution with the goal of maximizing value for clients under the particular circumstances occurring at the time of the transaction.

Moreover, the Division will focus on investment products with the following strategies or characteristics:

• Alternative investments (e.g. private credit and private funds with investment lock-up for extended periods);
• Complex investments (including certain kinds of exchange-traded funds (“ETFs”); and
• Products that have higher costs associated with investing (e.g. high commissions and higher investment expenses than similar products/investments).

The Division will also scrutinize investment recommendations for consistency with product disclosures and the clients’ investment objectives, risk tolerance and financial/personal backgrounds, with emphasis on:

• Recommendations to older investors and those saving for retirement;
• Advisers to private funds that are also advising separately managed accounts (“SMAs”) and/or newly registered funds (e.g., reviewing for favoritism in investment allocations and interfund transfers);
• Advisers to newly launched private funds;
• Recommendations of certain products that may be particularly sensitive to market volatility; and
• Advisers that have not previously advised private funds (e.g. reviewing for regulatory awareness, liquidity, valuation, fees, disclosures, and differential treatment of investors, including use of side letters).

Private fund sponsors – especially emerging managers – should note the relevance of the preceding five categories. In particular, the first category is especially timely in light of the Trump administration’s August 7, 2025, executive order on “Democratizing Access to Alternative Assets for 401(k) Investors,” which could deploy new sources of retirement plan capital into private funds as early as 2026 or 2027.[4]

Finally, the Division highlighted three types of advisers that may be subject to additional risks or conflicts of interest:

• Advisers that are dually registered as broker-dealers (particularly where such advisers or personnel may receive compensation for making account recommendations or allocations);
• Advisers utilizing third parties to access clients’ accounts, where controls may be insufficient to protect client assets and data; [5] and
• Advisers that have merged or consolidated with, or been acquired by, existing advisory practices, which may result in accompanying operational and/or compliance complexities or new conflicts of interest.

2. Effectiveness of Advisers’ Compliance Programs.

As in past years, the Division reiterated that the effectiveness of an RIA’s compliance program remains a fundamental part of the examination process, including the applicability and appropriateness of policies and procedures involving marketing, valuation, trading, portfolio management, disclosures and custody.

The Division will also analyze advisers’ annual reviews of the effectiveness of their compliance programs.

Finally, the Division will continue to focus on whether an adviser’s policies and procedures are reasonably designed to address conflicts of interest, in light of a firm’s particular operations, and to prevent advisers from placing their interests ahead of clients’ interests. Of special interest are (i) whether the policies and procedures are implemented and enforced and (ii) whether disclosures address fee-related conflicts.

While this year’s priority list did not specifically identify the Marketing Rule, compliance with the rule has been a key priority in the years since it initially took effect in November 2022, and RIAs should expect heightened scrutiny regarding their marketing practices.[6] Fund sponsors should detail fee-related conflicts in marketing materials provided to investors well in advance of closing while also enumerating in specific detail in fund governing documents those costs and expenses that will be charged to investors over the life of the fund.

RIAs should take care to adapt their annual reviews as needed, and many RIAs find it useful to engage an outside compliance consultant from time to time to introduce external scrutiny to the annual review process. Newly registered advisers should take special care to enact policies and procedures that are tailored to the firm’s actual advisory business (rather than adopting a “one-size-fits-all” compliance program); it is equally important that new RIAs adopt clear and concise policies that they can workably implement rather than incomplete or cumbersome procedures.

3. Never-Examined Advisers and Recent Advisers. Also, as in prior years, the Division will continue to prioritize examinations of advisers that have never been examined, especially newly registered advisers.

Priorities for All Market Participants

In addition to specific priorities for RIAs, investment companies and broker-dealers, the Division also called attention to broad risks that impact various market participants. Among those most relevant to fund sponsors include (i) cybersecurity, (ii) Reg S-P and privacy matters, (iii) emerging financial technology, and (iv) AML programs.

1. Cybersecurity. Since 2014, the SEC has routinely listed cybersecurity among its top concerns for issuers, investment companies and advisers alike. In FY 2026, the Division noted that operational disruption risks remain elevated due to the proliferation of cybersecurity attacks, firms’ dispersed operations, weather-related events and geopolitical concerns, and examinations will focus on training and security controls, identification and mitigation of new risks associated with artificial intelligence (“AI”) and malware attacks, as well as firms’ operational resiliency.
2. Reg S-P. Just as the Division focused on compliance with the new Marketing Rule in 2023 and 2024, compliance with recently adopted amendments to Reg S-P are a new entrant in the FY 2026 priorities. [7] The Division expects to engage firms about their progress in preparing incident response programs to detect, respond to, and recover from unauthorized access to or use of customer information, as required by the amendments.[8]
3. Emerging Financial Technology. The Division will remain focused on the use of certain products and services, including automated investment tools, AI technologies and trading algorithms or platforms, and the risks associated with each of these emerging technologies. In reviewing the use of such technology, the Division will assess whether:

• representations are fair and accurate;
• operations and controls in place are consistent with disclosures made to investors;
• algorithms lead to advice or recommendations consistent with investors’ investment profiles or stated strategies; and
• controls to confirm that advice or recommendations resulting from automated tools are consistent with regulatory obligations to investors.

In reviewing AI applications, the Division will review whether firms have implemented adequate policies and procedures to monitor and supervise the use of AI technologies, including for tasks related to fraud prevention and detection, back-office operations, AML and trading functions. [9]

4. AML. Finally, the Division will focus on compliance with the Bank Secrecy Act (the “BSA”) and its requirements for certain financial institutions, including broker-dealers and certain investment companies, to establish AML programs reasonably designed to prevent assets from being used for money laundering or the financing of terrorist activities, including through the obligatory filing of certain Suspicious Activity Reports (“SARs”). While RIAs are not currently required to maintain AML programs under the BSA, they are likely to be subject to such AML regulations under the BSA as soon as January 2028, and all advisers should have at least a basic AML compliance program in place.

The Division will also review whether RIAs and others are monitoring the Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) sanctions. To ensure compliance with such sanctions, fund sponsors should check each prospective investor’s name against OFAC’s Specially Designated Nationals list (the “SDN List”); advisers are generally prohibited from doing business with individuals, entities or groups on the SDN List.

Conclusion

Shulman Rogers regularly represents both ERAs and RIAs subject to SEC examinations across a broad range of investment products and strategies. As many RIAs complete their annual review process at year-end, it is an especially opportune time for advisers to consider and incorporate the Division’s FY 2026 priorities. Despite a new administration and a new SEC chair with a more collaborative view toward the private capital industry, advisers should continue to maintain best practices for regulatory compliance. We are happy to discuss any aspects of the Division’s examination priorities or other regulatory developments applicable to private fund sponsors under the Advisers Act or more generally under U.S. securities regulation.

[1] Until December 2020, the Division was formerly called the Office of Compliance Inspections and Examinations (OCIE), and it is not uncommon today to hear the Division referred to as OCIE. At the time, the Division stated that the removal of the word “compliance” from its name was not intended to deemphasize its long-standing focus on – and commitment to – promoting compliance.

[2] The SEC under chair Paul Atkins has shifted from a “regulation-by-enforcement” approach to digital assets toward a more rules-based, engagement-driven framework. In January 2025, shortly before Atkins took office, the SEC created a Crypto Task Force led by commissioner Hester Peirce to develop a comprehensive regulatory regime for crypto assets through public roundtables and industry engagement. Throughout 2025, Atkins has signaled the SEC’s intent to create a clearer taxonomy for digital assets – including through coordination with the Commodity Futures Trading Commission – to distinguish when tokens are and are not securities, most recently in a November “Project Crypto” address. This approach contrasts sharply with the SEC’s broader interpretation, under former chair Gary Gensler, that tended to view tokens as securities under the Howey test, as established in a landmark 1946 Supreme Court case (SEC v. Howey Co., 328 U.S. 293 (1946)) that sets forth a four-part test for defining investment contracts and, practically, what constitutes a security. Recent court decisions have increasingly held that many crypto assets do not necessarily constitute securities under certain facts and circumstances because they lack the characteristics of traditional investment contracts under the Howey test.

[3] In June 2019, the SEC adopted an interpretive release detailing the fiduciary duties of care and loyalty rooted in Section 206 of the Advisers Act and outlining its view on what that duty constitutes. The duty of care requires advisers to provide advice that is in the best interest of the client and to provide ongoing monitoring over the course of the advisory relationship. The duty of loyalty requires advisers not to subordinate clients’ interests to their own – that is, an adviser must not place its own interest ahead of its clients’ interests. To fulfill the duty of loyalty, advisers must make full and fair disclosure to the client of all material facts relating to the advisory relationship.

[4] The executive order directs the Department of Labor to reexamine, within 180 days, past and present guidance under the Employee Retirement Income Security Act of 1974 (“ERISA”) that currently limits access to alternative assets, including private funds, in participant-directed defined-contribution 401(k) plans. The order also directs the SEC to consider how to facilitate access to these investments, presumably by revising existing regulations, guidance and no-action letters under both the U.S. Securities Act of 1933 and the U.S. Investment Company Act of 1940, which currently severely restrict such participation.

[5] The SEC under former chair Gary Gensler proposed a new “outsourcing rule” in October 2022 under Section 206 of the Advisers Act. The proposed rule would have required RIAs to conduct due diligence and ongoing monitoring prior to outsourcing certain services and functions to third-party service providers. While the Gensler SEC never finalized the rule, and the Atkins SEC withdrew the proposed rule in June 2025, advisers should take prudent steps to ensure that third-party service providers operate consistently with the advisers’ obligations to clients, including fiduciary duties.

[6] The SEC adopted the Marketing Rule (Rule 206(4)-1 under the Advisers Act) in December 2020, which became effective for all RIAs in November 2022. The rule replaces, modernizes and combines the previous Advertising Rule and Cash Solicitation Rule. The Marketing Rule sets forth a set of seven prohibitions emphasizing “fair and balanced” disclosure and adopts a broader definition of “advertisement” that encompasses more communications than under the old Advertising Rule. While the rule provides greater flexibility (especially as regards the use of endorsements and testimonials), it reduces bright-line certainty by applying principles-based standards. The Marketing Rule also incorporated a new substantiation requirement. The Marketing Rule, which generally requires RIAs to provide net performance alongside gross performance with equal prominence, details specific guidelines for the use of related performance, extracted performance, hypothetical performance and predecessor performance.

[7] The SEC adopted Reg S-P amendments in May 2024, modernizing rules first adopted in 2000. Reg S-P governs the treatment of nonpublic personal information about consumers by financial institutions, including RIAs, investment companies, broker-dealers and transfer agents. The amendments require covered institutions to develop, implement, and maintain written policies and procedures for an incident response program that is reasonably designed to detect, respond to, and recover from unauthorized access to or use of customer information. The amendments also require that the response program include procedures for covered institutions to provide timely notification to affected individuals whose sensitive customer information was, or is reasonably likely to have been, accessed or used without authorization. The amendments also expanded the scope of information and entities covered by Reg S-P’s safeguarding requirements. The amendments became effective on August 2, 2024, with staggered compliance deadlines: “larger entities,” including RIAs with $1.5 billion or more in AUM, must comply by February 2, 2026 (18 months); “smaller entities” must comply by August 2, 2026 (24 months).

[8] The Division also emphasized compliance with Regulation S-ID, which requires a small subset of advisers that are “financial institutions” or “creditors” to develop and implement a written Identity Theft Prevention Program.

[9] In August 2024, the Department of the Treasury’s Financial Crimes Enforcement Network (“FinCEN”) issued a final rule adding both RIAs and ERAs to the definition of “financial institution” under the BSA. The rule requires these advisers to establish AML programs meeting minimum standards, file SARs to report suspicious activity to FinCEN and comply with additional recordkeeping requirements. The rule delegates regulatory oversight to the SEC. While the final rule was supposed to take effect on January 1, 2026, FinCEN has proposed extending the effective date to January 1, 2028, pending further review and potential amendments to the rule.

More Information

The contents of this Alert are for informational purposes only and do not constitute legal advice. If you have any questions about this Alert, please contact Scott Museles, Kimberly Mann, Kevin Lees or the Shulman Rogers attorney with whom you regularly work.

To receive Legal Alerts and other timely news and information from Shulman Rogers, please click HERE to subscribe.