SEC Examinations Division Publishes 2026 Priorities

If your compliance team was hoping for a quiet year, the SEC just politely cleared its throat. The Division of Examinations’ fiscal year 2026 priorities make one thing clear: the agency may be talking in a more practical, less “gotcha” tone, but the substance is still serious. In plain English, firms should expect close attention to old favorites like fiduciary duty, conflicts of interest, Regulation Best Interest, and custody, while also preparing for newer pressure points such as cybersecurity, AI-related representations, vendor oversight, and the 2024 amendments to Regulation S-P.

That combination is what makes the 2026 priorities so interesting. They are not a flashy reinvention of the exam program. They are more like a regulator’s version of a wardrobe refresh: same core outfit, sharper tailoring, and a new emphasis on practical functionality. The SEC is signaling that it still cares about the basics, but it also wants to know whether firms can handle modern risks without tripping over their own technology stack.

For investment advisers, broker-dealers, fund complexes, clearing agencies, transfer agents, funding portals, and other market participants, the message is straightforward: your policies cannot just look pretty in a PDF. They need to work in the real world, with real clients, real vendors, real algorithms, and real stress events. That is the heartbeat of the 2026 exam agenda.

A More Collaborative Tone, but Not a Softer Exam Program

The first big takeaway is about tone. The SEC’s 2026 priorities were published for fiscal year 2026, and the Division framed the document as a transparency tool rather than a surprise attack. The leadership message emphasizes the Division’s four pillars: promoting compliance, preventing fraud, monitoring risk, and informing policy. Chairman Paul Atkins also stressed that exams should not be a “gotcha” exercise. That language matters because it suggests firms are being invited to prepare for a constructive dialogue with exam staff instead of a regulatory ambush.

Still, nobody should mistake that tone for leniency. The priorities are explicit that the document is not exhaustive and creates no new legal obligations by itself. But it absolutely tells the market where examiners are likely to spend time. In other words, the agency is not promising a softer whistle. It is simply showing the rulebook before kickoff.

There is another subtle but important backdrop here: the Division acknowledges it is operating with fewer resources and a reshaped workforce. That helps explain the emphasis on risk-based targeting, consistency across exams, focused outreach, and publishing Risk Alerts that show firms what good compliance can look like. Translation: the SEC wants to do more with less, and it expects registrants to meet it halfway by building better controls before the exam team knocks.

Investment Advisers Remain Front and Center

Investment advisers are once again near the top of the list, and the 2026 priorities read like a reminder that fiduciary duty is still the center of gravity. The Division says it will continue reviewing whether advisers are meeting their duty of care and duty of loyalty, especially when retail investors are involved. That means exam staff will look at the actual advice being given, the disclosures that surround it, and whether conflicts of interest are influencing supposedly impartial recommendations.

The SEC is especially interested in how advisers weigh the factors that should shape advice: cost, liquidity, risk, volatility, likely performance under different market conditions, time horizon, and exit costs. That may sound basic, but basic is exactly the point. When a regulator repeats the fundamentals this clearly, it usually means too many firms are still fumbling them.

The product focus is also revealing. The 2026 priorities call out alternative investments such as private credit and private funds with long lock-up periods, complex investments such as ETF wrappers on less liquid strategies, option-based ETFs, and leveraged or inverse ETFs, plus products carrying higher costs. The SEC also highlights recommendations affecting older investors and people saving for retirement, which is compliance-speak for: “Do not assume sophistication where vulnerability may exist.”

Private fund-related issues have not disappeared, but they have been woven into broader adviser themes instead of being placed in a flashy stand-alone section. The Division specifically points to advisers handling both private funds and separately managed accounts or newly registered funds, where favoritism in allocations and interfund transfers can become a problem. It also flags newly launched private funds and firms entering the private fund space for the first time, with likely attention to liquidity, valuation, fees, disclosures, and side-letter treatment. So yes, private fund advisers are still on the radar. They just are not getting their own neon sign this year.

The compliance program piece is equally important. The Division says adviser exams will continue to test core areas such as marketing, valuation, trading, portfolio management, disclosure and filings, and custody. It will also analyze annual compliance reviews and whether policies are actually implemented and enforced. That matters because a gorgeous compliance manual that lives in a digital drawer is about as useful as a life jacket painted on the side of a boat.

Advisers that have never been examined, especially recently registered advisers, should pay close attention. The SEC is once again prioritizing them. If your firm is new, the agency seems to be saying, “Welcome aboard. Please keep your records where we can find them.”

Investment Companies Need to Watch Fees, Liquidity, and the Names Rule

Registered investment companies, including mutual funds and ETFs, remain a priority because of their importance to retail investors, especially retirement savers. The Division says exams will generally cover compliance programs, disclosures, filings, and governance practices. That is familiar territory, but the specifics matter.

Fund fees and expenses remain a live issue, including waivers and reimbursements. Portfolio management practices and disclosures will also receive attention, particularly whether they line up with stated strategies in fund filings and marketing materials. The amended fund “Names Rule” is part of that picture after the relevant compliance dates. For funds, this is where branding and portfolio construction can stop being marketing cousins and start becoming litigation neighbors.

The SEC also says it is monitoring developing areas such as funds involved in mergers or similar transactions, funds using complex strategies, funds with significant holdings of less liquid or illiquid investments, and funds with novel strategies or leverage vulnerabilities. That is a pretty clear signal that anything exotic, thinly traded, or operationally messy deserves extra internal testing before the examiners do it for you.

And just like with advisers, the Division will continue prioritizing never-before-examined and recently registered funds. New entrants should not assume youth is a shield. In exam land, youth often just means “freshly interesting.”

Broker-Dealers Are Still Living in a Regulation Best Interest World

For broker-dealers, Regulation Best Interest remains a centerpiece. The Division says it will continue examining sales practices tied to product recommendations, account recommendations, rollover advice, conflicts of interest, review of reasonably available alternatives, and the processes firms use to satisfy the Care Obligation.

The product list is especially detailed. The SEC specifically calls out complex or tax-advantaged products such as variable and registered index-linked annuities, ETFs investing in illiquid assets like private equity or private credit, municipal securities including 529 plans, private placements, structured products, alternative investments, and other products with complex fee structures, exotic benchmarks, or illiquid features. That list is not subtle. It is the regulatory equivalent of placing a bright orange cone around certain recommendations and saying, “Please explain these carefully.”

The Division also notes that exams may focus on recommendations to move investors into substantially similar products, recommendations involving option, margin, and self-directed IRA accounts, and recommendations made to older investors and people saving for retirement or college. Firms with dual registrant structures should also expect scrutiny around compensation-driven conflicts, account allocation, and account selection decisions, including brokerage-versus-advisory choices and rollover practices.

Broker-dealer trading-related practices stay on the menu too. The SEC says it will review best execution, pricing and valuation of illiquid instruments, order routing and order execution disclosures, Regulation SHO issues, and alternative trading systems. Translation: front-office conduct, backend controls, and disclosure discipline are all invited to the same regulatory party.

The Four Cross-Market Risk Themes That Matter Most

Cybersecurity and Operational Resiliency

The 2026 priorities make cybersecurity and operational resiliency a major cross-market theme. The Division says it will review practices meant to prevent interruptions to mission-critical services and to protect investor information, records, and assets. Examiners will look at governance, data loss prevention, access controls, account management, incident response, and recovery from cyber events, including ransomware attacks.

What stands out in 2026 is the SEC’s specific attention to newer threats, including risks linked to artificial intelligence and polymorphic malware. That means firms are not just being asked whether they have a cyber program. They are being asked whether the program makes sense in a world where the threat landscape mutates faster than the average board slide deck.

Regulation S-ID and Regulation S-P

The 2024 amendments to Regulation S-P cast a long shadow over the 2026 priorities. The Division says exams will assess policies and procedures, internal controls, vendor oversight, and governance practices. For Regulation S-ID, the focus includes written identity theft prevention programs, red-flag detection, and training. For Regulation S-P, the emphasis includes firms’ progress toward incident response programs designed to detect, respond to, and recover from unauthorized access to customer information.

This is one of the clearest action items in the entire release. Firms subject to the amended rules should not wait until an exam request list arrives before mapping service providers, documenting incident workflows, and testing escalation procedures. The SEC is telegraphing this one from several zip codes away.

Emerging Financial Technology and AI

AI is officially no longer the weird new intern in the compliance office. It is part of the main cast. The Division says it remains focused on automated investment tools, AI technologies, trading algorithms or platforms, and the use of alternative data. It will examine whether firms’ representations are fair and accurate, whether operations and controls match disclosures, whether algorithms generate advice consistent with investor profiles or stated strategies, and whether controls exist to confirm automated outputs meet regulatory obligations.

That focus goes beyond flashy chatbot marketing. The SEC also says it will review recent advancements in AI and whether firms have adequate policies and procedures to monitor or supervise AI use in areas like fraud prevention, back-office operations, AML, and trading. The core question is simple: if a firm is using AI to move faster, has it also built controls to keep that speed from sending it into a ditch?

SCI, AML, and Sanctions

The Division also highlights Regulation Systems Compliance and Integrity, with reviews focused on incident response policies and procedures, how SCI entities assess their effectiveness, third-party vendor risk management, and whether firms properly identify systems that qualify as SCI or indirect SCI systems.

On AML, the priorities say broker-dealers and certain registered investment companies should expect continued scrutiny of whether AML programs are appropriately tailored and updated, independently tested, supported by adequate customer identification procedures, and compliant with Suspicious Activity Report obligations. The SEC also says it will review whether broker-dealers, advisers, and certain funds are monitoring Treasury’s OFAC sanctions and complying with them. So yes, the exam story in 2026 is still very much about operational plumbing, not just glossy disclosures.

What Changed from Prior Years?

The biggest changes are as notable for what they do not spotlight as for what they do. Several legal and compliance analyses have pointed out that the 2026 priorities do not contain a stand-alone crypto section and do not carve out a separate section for private fund advisers the way earlier priorities did. That does not mean those issues vanished. It means the SEC appears to be folding them into broader categories like fiduciary duty, custody, conflicts, alternative products, technology oversight, and disclosure accuracy.

That shift matters. It suggests the Division may be trying to make the exam program look more principles-based and less headline-driven. Instead of announcing a special fascination with whatever was trending on regulatory social media last year, the agency is emphasizing how newer risks fit into familiar compliance frameworks. Crypto did not exactly get written out of the script; it just lost its solo scene.

Another shift is stylistic. The leadership message and related commentary suggest a more transparent and practical posture under the current SEC leadership. But the underlying exam agenda still points firms back to core controls, especially where retail investors, illiquid products, emerging technologies, and third-party dependencies intersect.

Why the 2026 Priorities Matter for Firms Right Now

The smartest way to read the 2026 priorities is not as a list of topics to memorize. It is as a map of how the SEC currently thinks risk travels through a financial firm. Risk starts with products and recommendations. It gets amplified by conflicts of interest, weak disclosures, and poor oversight. It multiplies when technology is adopted faster than it is supervised. And it becomes a full-blown exam headache when incident response, vendor management, and recordkeeping are treated like background tasks instead of front-line controls.

That means firms should be aligning governance, disclosures, product reviews, surveillance, vendor oversight, cybersecurity, and marketing claims into one coherent story. If the SEC asks what your AI tool does, your marketing team, compliance team, and operations team should not provide three answers and a nervous laugh. If the SEC asks why a fund has the name it has, the portfolio should not look like it wandered into the wrong room. If the SEC asks about retirement rollovers, the file should show thoughtful analysis, not templated optimism.

In short, the 2026 priorities reward firms that can connect their words to their workflows. The exam program is not only testing whether firms know the rules. It is testing whether firms can operationalize them under pressure.

Practical Experiences Related to the 2026 Priorities

What does all of this feel like in practice? For many compliance teams, 2026 is shaping up to be the year of uncomfortable but useful housekeeping. Not glamorous housekeeping, unfortunately. Nobody is throwing a parade for better vendor inventories. But that is exactly the kind of work these priorities make unavoidable.

At midsize advisory firms, one common experience is discovering that the firm’s marketing language has outrun its controls. A website says the platform is “AI-enhanced,” a pitch deck says the firm uses “advanced automation,” and a sales rep casually mentions “predictive insights.” Then compliance starts asking questions: What does that actually mean? Which models are used? Who validates the output? Is the tool making recommendations, ranking products, or just sorting data? The 2026 priorities make those questions feel less theoretical and more urgent. Many firms are likely to spend significant time tightening language so it matches reality, which is not nearly as exciting as launching a new tool, but is far less expensive than explaining exaggeration to an examiner.

Broker-dealers are having a different kind of reality check. In many firms, the hard part is not writing a Regulation Best Interest policy. It is proving the recommendation process actually reflects that policy, especially for rollovers, annuities, private placements, and other complex products. Teams often find that the file tells an incomplete story: the recommendation may have been thoughtful, but the documentation is thin, the alternative analysis is scattered, and the supervisor’s signoff looks more ceremonial than analytical. The 2026 priorities push firms to close that gap. In everyday terms, they are being forced to replace “trust us, we thought about it” with “here is the evidence that we did.”

Fund compliance teams are also feeling the squeeze in a very hands-on way. A fund name, a portfolio strategy, a factsheet, a shareholder report, and website copy may all have been built at different times by different teams with different levels of enthusiasm for precision. That works fine until the Names Rule, disclosure testing, and portfolio reviews all start pointing at the same inconsistencies. Suddenly, the experience becomes one of cross-department cleanup: portfolio managers, legal, compliance, and marketing all sitting in a virtual room trying to decide whether a product description is accurate, too broad, too cute, or all three.

Then there is cybersecurity and vendor oversight, where the practical experience is often equal parts spreadsheet and stress test. Firms are mapping vendors, figuring out who has access to what, identifying where customer information lives, and discovering that “our vendor handles that” is not an exam-ready control. Many are running tabletop incident exercises and learning the uncomfortable truth that response plans look beautifully organized until someone asks who calls whom at 7:12 a.m. on a Monday after a ransomware alert.

Newly registered firms are perhaps having the most relatable experience of all: the dawning realization that being small does not make you invisible. For those firms, the 2026 priorities feel like a reminder that an exam can arrive before the business feels fully settled. That tends to push founders and chief compliance officers into a more disciplined posture faster than they expected. It is not always fun, but it is often healthy.

The common thread across these experiences is simple. The SEC’s 2026 priorities are not asking firms to invent a brand-new compliance universe. They are asking them to make the one they already claim to have actually function. And in regulation, that is usually where the real work begins.

Conclusion

The SEC’s 2026 examination priorities are a practical roadmap for where regulatory attention is headed, not a vague mood board. The Division is still focused on the fundamentals: fiduciary conduct, conflict management, retail investor protection, fund disclosures, and broker-dealer sales practices. But it is also clearly adapting those long-standing priorities to modern pressure points, especially cybersecurity, operational resiliency, AI, vendor oversight, and the amended privacy framework under Regulation S-P.

The firms that will look strongest in 2026 are not necessarily the ones with the thickest manuals. They are the ones that can show clear connections between product governance, disclosures, controls, incident response, supervisory systems, and day-to-day behavior. In other words, the winners are not the firms with the fanciest compliance theater. They are the firms with fewer surprises backstage.

Source basis: This article was synthesized from official SEC materials and a broad range of U.S. legal, audit, and compliance analyses published after the FY 2026 priorities were released, including commentary from KPMG, White & Case, Grant Thornton, Sidley, Goodwin, Foley & Lardner, Greenberg Traurig, Simpson Thacher, WilmerHale, Mayer Brown, ACA Global, Freshfields, Harvard Law School Forum, and Corporate Compliance Insights.

SEO Tags