SEC Division Of Examinations Announces 2026 Exam Priorities

Under new SEC leadership, the Division's 2026 Examination Priorities reflect a modified approach, following a reevaluation of the Division's risk-based priorities, and a renewed focus on several traditional risk areas (including Regulation Best Interest, adherence to fiduciary standards of conduct, complex products and the broker-dealer financial responsibility rules) as well as continued attention to emerging risks, such as those arising in connection with cybersecurity, artificial intelligence and automated investment tools.

On November 17, 2025, the Division of Examinations ("EXAMS" or the "Division") of the U.S. Securities and Exchange Commission ("SEC") released its examination priorities (the "2026 Priorities") for fiscal year 2026 (which started October 1, 2025).¹

Overall Observations

The 2026 Priorities reflect a refined approach for the Division,² including notably:

• Headline Changes – There is no specific mention of crypto assets or the industry's transition to a T+1 standard settlement cycle in the 2026 Priorities; by contrast, these topics had a dedicated section in the 2025 Priorities. In a change from last year, there is no separate section regarding investment advisers to private funds in the 2026 Priorities. Furthermore, whereas the 2025 Priorities highlighted commercial real estate as an asset class that might trigger heightened focus, there is no such focus on commercial real estate in the 2026 Priorities, with leveraged and private credit assets taking its place.
• New Product - and Service-Specific Focus Areas – The 2026 Priorities expressly reference prime brokerage activities and extended-hours trading, among others, as specific focus areas.
• Emerging Technology and Other Key Areas – The Division continues to highlight certain risks from last year, including use of artificial intelligence ("AI") and related cybersecurity risks, retail sales practices, conflicts of interest, complex products, private credit, private funds, and preparation for compliance with the SEC's 2024 amendments to Regulation S‑P.

Broker-dealers, investment advisers, and other market participants should review the priorities closely and evaluate their compliance efforts and examination preparedness, including by raising awareness within their organizations and identifying and addressing opportunities to strengthen internal controls and compliance procedures.

RISK AREAS IMPACTING VARIOUS MARKET PARTICIPANTS

INFORMATION SECURITY AND OPERATIONAL RESILIENCY

CYBERSECURITY

EXAMS will focus on whether registrants are reasonably managing information security and operational risks to prevent interruptions to mission‑critical services and protect investor information, records, and assets. This focus arises amid elevated disruption risks relating to cyberattacks, firms' dispersed operations, weather-related events, and geopolitical developments. In particular, the Division will scrutinize registrants' policies and procedures relating to governance, data loss prevention, access controls, account management, and incident response and recovery capabilities (with attention to ransomware attacks). The Division will also focus on registrants' training and controls to address risks associated with AI and polymorphic malware attacks,³ including how registrants operationalize threat intelligence.

REGULATIONS S- ID AND S-P

EXAMS will evaluate registrants' compliance with Regulations S‑ID and S-P, with a focus on policies and procedures (including, procedures for covered institutions to provide timely notification to affected individuals whose sensitive customer information was, or is reasonably likely to have been, accessed or used without authorization), controls, oversight of third-party vendors, and governance practices. With respect to Regulation S-ID, the Division will review whether registrants' written Identity Theft Prevention Programs are designed to detect, prevent, and mitigate identity theft—particularly red‑flag detection during attempted account takeovers and fraudulent transfers—and associated personnel training.

In preparation for the approaching compliance dates for the amendments to Regulation S‑P (December 3, 2025 for larger entities and June 3, 2026 for smaller entities; for additional information, see our Legal Update here), the Division will engage with registrants regarding their progress in preparing written incident response programs reasonably designed to detect, respond to, and recover from unauthorized access to or use of customer information. Following the applicable compliance date, the Division will review for compliance with Regulation S-P's new provisions that address administrative, technical, and physical safeguards.

EMERGING FINANCIAL TECHNOLOGY

EXAMS will focus on registrants' use of AI technology, automated investment tools, and trading algorithms and platforms, and the risks associated with such technologies as well as alternative data sources. The Division will prioritize the review of those registrants offering automated advisory services and/or recommendations, and related tools and methods. Among other things, such reviews will assess whether:

• Representations are fair and accurate;
• Operations and controls align with investor disclosures;
• Algorithms lead to advice/recommendations consistent with investors' investment profiles and/or stated strategies; and
• Controls ensure that outputs comply with regulatory obligations (including with respect to retail and older investors).

As to AI technology, EXAMS will scrutinize the accuracy of registrants' AI-related claims and evaluate whether they maintain adequate policies and procedures to monitor and/or supervise AI use across functions (e.g., trading, anti-money laundering ("AML"), fraud detection, back-office operations). The Division will also assess how registrants integrate regulatory technology to automate internal processes and improve efficiency.

REGULATION SYSTEMS COMPLIANCE AND INTEGRITY (SCI)

The Division will review SCI entities' incident response policies and procedures and management of third‑party vendor risk (including proper identification of vendor systems as SCI systems or indirect SCI systems).

ANTI -MONEY LAUNDERING

EXAMS will focus on whether registered broker-dealers and investment companies appropriately tailor and update their AML programs to their business models, including addressing risks tied to omnibus accounts for foreign financial institutions;⁴ conducting adequate independent testing; maintaining an adequate Customer Identification Program (with emphasis regarding the beneficial owners of legal entity customers); and meeting Suspicious Activity Report filing obligations.⁵ In addition, the Division will review whether such registrants, as well as investment advisers, monitor and comply with OFAC sanctions requirements.

FOCUS AREAS BY REGISTRANT TYPE

BROKER-DEALERS

FINANCIAL RESPONSIBILITY RULES

EXAMS will continue to prioritize firms' compliance with the SEC's broker-dealer financial responsibility rules—specifically, the net capital rule (SEC Rule 15c3-1) and customer protection rule (SEC Rule 15c3-3) and related internal processes, procedures, and controls. Reviews will cover timeliness of financial notifications and other required filings as well as firms' operational resiliency programs, including oversight of third‑party/vendors that contribute to the records used to prepare financial reporting information and change management. EXAMS will also review: (1) credit, market, and liquidity risk management controls to ensure firms can withstand stress events; (2) cash sweep programs; and (3) prime brokerage activities, including with respect to concentration, liquidity, and counterparty risks.

TRADING-RELATED PRACTICES AND SERVICES

The Division will scrutinize broker-dealer trading-related practices across equities and fixed income, including with respect to:

• Extended hours trading;
• Municipal securities, including the rates reset process on variable rate demand obligations ("VRDOs"), priority of orders, and mark-up disclosures;
• Order routing and execution practices, concentrating on:
  • Best execution;
  • Pricing and valuation of illiquid instruments (e.g., VRDOs, other municipal securities, and non‑traded REITs); and
  • Required order routing/execution disclosures, such as those pursuant to Rule 605 of Regulation NMS.

EXAMS will assess Regulation SHO compliance, including reliance on the bona fide market‑making exception, and evaluate alternative trading systems' ("ATSs") compliance with written safeguard requirements relating to the protection of subscriber confidential information, alignment with the descriptions in Form ATS‑N filings for each ATS, disclosures, and risk controls.

RETAIL SALES PRACTICES

As to retail sales practices of broker-dealers, EXAMS will review compliance with Regulation Best Interest ("Reg BI"), focusing on:

• Product- and strategy-related recommendations (e.g., account and rollover recommendations);
• Conflict identification and mitigation, especially relating to account and rollover recommendations as well as recommendations involving limited product menus;
• Processes for reviewing reasonably available alternatives; and
• Processes for satisfying the Care Obligation given a customer's investment profile and the characteristics of products and account types.

For a discussion of SEC staff guidance regarding the Care Obligation under Reg BI, including consideration of reasonably available alternatives and special considerations regarding complex or risky products, see our Legal Update here.

Particular attention will be paid to the following investment products:

• Complex or tax‑advantaged products, including variable and registered index‑linked annuities;
• Exchange-traded funds that invest in illiquid assets (e.g., private equity or private credit);
• Municipal securities, including 529 plans;
• Private placements;
• Structured products;
• Alternative investments; and
• Other products in which fee structures or return calculations are complex, applicable benchmarks are exotic, liquidity is limited, or retail adoption is growing.

Additionally, the Division may review specific types of recommendations, including those that:

• Move investments to substantially similar products;
• Relate to the opening of options, margin, or self‑directed individual retirement accounts; or
• Are made to older investors and those saving for retirement or college.

Finally, EXAMS will review the content and accuracy of broker-dealers' Form CRS disclosures regarding relationships and services, fees and costs, conflicts of interest, and disciplinary histories.

With respect to dual registrants (broker-dealer/investment adviser), EXAMS will focus on how firms handle of conflicts tied to compensation or other financial incentives, account selection practices (e.g., brokerage versus advisory, recommendations to open wrap fee accounts), allocation practices (e.g., allocation of investments where an investor has more than one type of account), and branch office supervision.

INVESTMENT ADVISERS

ADHERENCE TO FIDUCIARY STANDARDS OF CONDUCT

As a continuing priority, EXAMS will focus on investment advisers' adherence to fiduciary standards of conduct including the duty of care and duty of loyalty, especially with respect to their engagement with retail investors. The Division will assess investment advice and related disclosures by investment advisers for alignment with their fiduciary obligations, such as:

• The impact of advisers' financial conflicts of interest on the provision of unbiased advice;
• Advisers' evaluation of the range of factors informing their investment recommendations, including the cost, investment product's or strategy's investment objectives, characteristics (including any special or atypical features), liquidity, risks, and potential benefits, volatility, expected performance in varying market and economic conditions, time horizon, and the exit costs; and
• Advisers' pursuit of best execution with the aim of maximizing client value under the specific circumstances prevailing at the time of the transaction.

For the latter, in addition to reviewing their best execution compliance procedures, which often involve periodic reviews of best execution committee meetings and reports as well as evaluations of execution quality and cost over stretches of time (e.g., quarterly and annual reviews), investment advisers should consider whether conducting random sample testing of the execution of past trades would be appropriate.

To view the full article, click here.

Footnotes

1. SEC Division of Examinations, Fiscal Year 2026 Examination Priorities, available here.

2. SEC Division of Examinations, Fiscal Year 2025 Examination Priorities (Oct. 21, 2024) (the "2025 Priorities"), available here. Our Legal Update regarding the 2025 Priorities is available here.

3. Polymorphic malware is a type of malicious software that changes its code each time it replicates, making it difficult to detect. See National Institution of Standards and Technology: Malware Rises and Mitigation Report (June 2011), available here.

4. See also FINRA Targeted Exam Letter: Small-Capitalization Offerings (Oct. 2025), available here. For additional perspectives, see our Blog Post, FINRA Initiates Targeted Review of Practices Relating to Small-Capitalization Offerings (Nov. 14, 2025), available here.

5. Note that due to the compliance date being postponed until January 1, 2028, EXAMS did not mention the new rule that brings many investment advisers under the Bank Secrecy Act's definition of "financial institution" and thereby subjects them to new AML requirements. See FinCEN: Anti-Money Laundering/Countering the Financing of Terrorism Program, 89 Fed. Reg. 72,156, 72,207 (Sept. 4, 2024), available here. For additional perspectives, see our coverage, New FinCEN Rule Expands AML/CFT Responsibilities for Investment Advisers: What Investment Advisers Need to Know (Apr. 7, 2025), available here.