The SEC Division of Examinations has released its fiscal year 2026 priorities, offering compliance professionals a roadmap of where regulators will focus their attention in the coming year. For investment advisers, broker-dealers, and investment companies, this annual release is essential reading—and this year's document comes with a notable shift in tone from agency leadership.

A Shift in Tone from SEC Leadership

Perhaps the most significant takeaway from this year's release isn't a specific examination area—it's the messaging from the top. SEC Chairman Paul Atkins emphasized that examinations should be a "constructive dialogue" rather than a "gotcha" exercise. This language signals a potential departure from the more adversarial approach that characterized recent years.

Acting Director Keith Cassidy reinforced this message, noting that the Division strives to "improve compliance in a way that is both transparent and practical." For compliance teams, this suggests that examiners may be more receptive to good-faith efforts and open communication about compliance challenges.

That said, the substance of the priorities remains rigorous. Firms should not interpret this softer tone as a relaxation of standards—rather, it appears to be an invitation to engage more openly with regulators while maintaining robust compliance programs.

Key Focus Areas for 2026

Fiduciary Duty and Standards of Conduct

The Division will continue its emphasis on advisers' fiduciary obligations, with particular attention to retail investors. Examiners will review investment advice and disclosures for consistency with fiduciary duties, focusing on:

•  Adequate disclosure of conflicts of interest

•  Provision of impartial investment advice

•  Consideration of investment costs and objectives

•  Best execution practices

•  Recommendations involving alternative and complex investments

What to do: Review your conflict disclosures, particularly around compensation arrangements, proprietary products, and revenue-sharing agreements. Ensure your Form ADV Part 2A accurately reflects your current practices.

Cybersecurity and Operational Resilience

Cybersecurity remains a perennial priority, but the 2026 release elevates it as a core compliance function rather than merely an IT concern. The Division will examine:

•  Governance practices and policies

•  Data loss prevention measures

•  Access controls and account management

•  Incident response and recovery procedures, including ransomware preparedness

•  Training and security controls for AI-related threats and polymorphic malware

What to do: Conduct a comprehensive review of your cybersecurity policies. Ensure your incident response plan is current and has been tested. Document your vendor oversight procedures and third-party risk assessments.

Regulation S-P Compliance

The 2024 amendments to Regulation S-P introduced new requirements for incident response programs. The Division will assess firms' progress in establishing programs designed to detect, respond to, and recover from unauthorized access to customer information. This includes reviewing policies for notifying customers of data breaches within mandated timeframes.

The compliance deadline is December 3, 2025 for larger advisers (those with $1.5 billion or more in AUM) and June 3, 2026 for smaller advisers.

What to do: If you haven't already, prioritize developing or updating your written incident response program. Ensure it addresses detection, response, recovery, and customer notification procedures.

AI and Emerging Technology Oversight

While AI appeared in prior examination priorities, the 2026 release signals an escalation in scrutiny. The Division will focus on how firms use automated investment tools, artificial intelligence, and trading algorithms—with particular attention to governance frameworks and supervisory practices.

Regulators want to ensure that AI-driven decisions are explainable, aligned with client needs, and transparent. Expect increased attention to "black box" AI where decision-making processes are not easily understood or documented.

What to do: Conduct an AI risk assessment. Develop or update your AI policy to address acceptable use, supervision requirements, and documentation standards. Train staff on both the capabilities and limitations of AI tools used in your operations.

Newly Registered Firms

The Division continues to prioritize examinations of never-before-examined advisers and investment companies, with emphasis on recently registered entities. The stated goal is to help newer firms build robust compliance programs early in their lifecycle.

What to do: If your firm is newly registered or has never been examined, treat this as an opportunity rather than a threat. Conduct a mock examination, review your written policies, and ensure your compliance infrastructure is examination-ready.

What's Notably Absent: Crypto and Digital Assets

In a conspicuous departure from recent years, the 2026 priorities contain no standalone section on crypto assets or digital assets. The word "cryptocurrency" does not appear in the 15-page document. This omission aligns with the current administration's broader agenda to promote digital asset development through different regulatory channels, but it does not mean firms offering crypto-related services should relax their compliance efforts.

What Firms Should Do Now

The release of examination priorities is your cue to take action. Consider the following steps:

•  Conduct a gap assessment: Benchmark your existing controls against the areas highlighted in the 2026 priorities.

•  Update written supervisory procedures: Ensure your WSPs reflect current practices and regulatory expectations.

•  Enhance vendor oversight: Review third-party relationships, particularly those involving customer data or critical operations.

•  Reinforce training: Provide updated training for personnel involved in retail communications, trading activity, cybersecurity, and compliance operations.

•  Document everything: In an examination, documentation is your best defense. Ensure your compliance efforts are well-documented and easily retrievable.

Looking Ahead

The 2026 examination priorities reflect both continuity and change. Core focus areas like fiduciary duty, cybersecurity, and operational resilience remain constant, while the tone from leadership suggests a more collaborative approach to regulation. Firms that proactively address these priorities will be better positioned for constructive examinations—and stronger compliance programs overall.

Need help preparing for SEC examinations? Providence Compliance can assist with gap assessments, policy development, mock examinations, and ongoing compliance support. Contact us to learn more.

Read the full SEC release: SEC Division of Examinations Announces 2026 Priorities