Table of Contents >> Show >> Hide
- Why the 2026 priorities matter
- Investment advisers: fiduciary duty is still the headline act
- Investment companies: labels, liquidity, and leverage are under the microscope
- Broker-dealers: Regulation Best Interest is still very much alive
- Cybersecurity, operational resiliency, and customer data protection are now everyday exam topics
- AI and emerging financial technology: cool demo, now show the controls
- AML, sanctions, and other market participants still have work to do
- What changed from 2025 to 2026?
- How firms should respond in 2026
- Experience in the trenches: what the 2026 priorities look like in real life
- Final takeaway
Every year, the SEC’s Division of Examinations drops a document that compliance teams treat the way beachgoers treat a dark cloud over the water: not a reason to panic, but definitely a reason to stop pretending the weather app is wrong. The 2026 examination priorities are exactly that kind of signal. They do not create new law, and they are not an exhaustive checklist. But they do reveal where exam staff are most likely to look, what kinds of risks they believe deserve more attention, and which firms may find themselves explaining their controls in greater detail.
This year’s message is pretty clear. The SEC wants firms to get the basics right, especially when retail investors are involved. Fiduciary duty, Regulation Best Interest, fees, disclosures, conflicts, custody, and sound compliance programs are still front-page issues. At the same time, the 2026 priorities make it obvious that technology is no longer a side story. Cybersecurity, operational resiliency, AI governance, automated advice tools, third-party vendor oversight, identity theft prevention, and customer information safeguards now sit squarely inside exam reality, not on some futuristic “watch this space” shelf.
In other words, the SEC is not asking whether a firm owns a shiny policy manual. It is asking whether the firm’s actual behavior matches its disclosures, whether controls work under stress, and whether firms can prove they are protecting investors in a market that is faster, more automated, and more complex than ever.
Why the 2026 priorities matter
The smartest way to read the 2026 priorities is not as a scare tactic, but as a map. Exams are where theory meets operations. A firm may believe its disclosures are adequate, its conflicts are under control, and its cyber posture is “fine, probably.” An SEC examination is where “fine, probably” turns into “please provide documentation by Friday.”
The document also reflects a more practical tone. The emphasis is on transparency and constructive dialogue, which suggests a regulatory style that still expects strong compliance but prefers clarity over surprise attacks. That does not mean firms get a free pass. It means firms are being told, in plain English, where the exam spotlight will land. Ignoring that signal would be like receiving the study guide and still acting shocked by the quiz.
Investment advisers: fiduciary duty is still the headline act
For investment advisers, the 2026 priorities read like a reminder that fiduciary duty is not a slogan for the website footer. It is the core standard against which advice, disclosures, conflicts management, and execution practices will be measured. The SEC remains especially focused on services involving retail investors, which makes sense because retail harm tends to attract regulatory attention quickly and often.
What exam staff are likely to test
Advisers should expect scrutiny of whether recommendations truly fit a client’s objectives, risk tolerance, liquidity needs, time horizon, and financial circumstances. Cost remains a major issue too. It is not enough to recommend a product with a compelling pitch deck and a confident advisor voice. Firms need to show that they considered fees, special features, volatility, exit costs, and whether the product’s risks line up with the client in front of them.
The SEC also highlighted higher-risk product categories such as alternative investments, private credit, lock-up structures, leveraged or inverse ETFs, and other complex products with elevated costs or unusual features. That matters because these products often combine sophisticated marketing with liquidity, valuation, or suitability challenges. Regulators tend to grow suspicious when something is sold as “innovative” but behaves like a puzzle box with a management fee attached.
Private fund issues did not disappear; they got folded into the broader story
One of the more interesting shifts in 2026 is structural. Instead of isolating private fund advisers in a standalone section, the SEC weaves private fund concerns into broader adviser themes. That does not mean private funds are off the hook. Quite the opposite. The SEC still points to private credit, new private funds, side-by-side management, allocation fairness, valuation discipline, differential treatment of investors, and side letters as meaningful risk areas.
Translation: the label on the section changed, but the compliance homework is still due. Advisers handling both private funds and separately managed accounts, or those moving into new asset classes or merger situations, should expect close review of conflicts, allocations, disclosure quality, and integration controls.
Compliance program effectiveness is not optional window dressing
The 2026 priorities also keep pressure on core adviser compliance programs. Marketing, valuation, trading, portfolio management, disclosure and filings, and custody remain central exam topics. The SEC wants policies that are actually implemented, enforced, and periodically reviewed, not just printed in a binder that has not been opened since someone still thought “remote work” meant answering email on an airplane.
Recently registered advisers and never-examined advisers remain priority candidates for review. That should be a wake-up call for newer firms. First impressions matter in life, job interviews, and SEC examinations.
Investment companies: labels, liquidity, and leverage are under the microscope
Registered investment companies, including mutual funds and ETFs, remain a core focus because of their importance to ordinary investors and retirement savers. For 2026, the SEC continues to emphasize fund fees and expenses, including waivers and reimbursements, plus portfolio management practices and disclosures.
The practical question for funds is simple: does the portfolio behave the way the marketing and filings imply? That is where the amended fund Names Rule becomes relevant. If a fund’s name suggests a particular focus, strategy, or asset type, the SEC expects portfolio reality to support the branding. Cute fund names are fine. Misleading fund names are less charming.
The SEC also flagged funds involved in mergers, funds using complex or illiquid strategies, and funds with leverage vulnerabilities. Those areas tend to create real-world operational stress, from valuation disputes to disclosure mismatches to conflicts between what investors think they bought and what the fund can actually deliver when markets get messy.
Broker-dealers: Regulation Best Interest is still very much alive
If advisers are hearing “fiduciary duty,” broker-dealers are hearing “Reg BI, again, and yes, we mean it.” The 2026 priorities make clear that retail sales practices remain a major examination area. The SEC continues to focus on whether firms identify and mitigate conflicts, assess reasonably available alternatives, and satisfy the Care Obligation with real evidence rather than optimistic assumptions.
Where broker-dealers should expect pressure
Recommendations involving rollovers, account type changes, margin or options accounts, self-directed IRAs, wrap accounts, and substantially similar product switches are all obvious places for exam attention. The same goes for complex or tax-advantaged products such as variable annuities, index-linked annuities, private placements, structured products, alternative investments, and products with complicated fee structures or exotic benchmarks.
These are exactly the kinds of recommendations that can sound reasonable in conversation but fall apart when reconstructed through documents, compensation incentives, and client profiles. That is why the SEC also cares about older investors, retirement savers, and college savers. When the stakes are high and the investor is not a professional trader with a Bloomberg terminal in the garage, the regulator’s patience for sloppy process gets very thin.
Form CRS also remains in play. Firms should expect reviews of whether relationship summaries accurately describe services, costs, conflicts, and disciplinary history. If the plain-English summary is doing interpretive dance instead of clear disclosure, that is a problem.
Financial responsibility and market structure still matter
Beyond retail sales, the SEC continues to focus on net capital, the customer protection rule, liquidity management, financial reporting controls, vendor oversight, cash sweep programs, prime brokerage, best execution, order routing disclosures, extended-hours trading, municipal securities practices, and alternative trading systems. This part of the priorities reminds firms that “market plumbing” may be less glamorous than AI, but it is still where serious operational failures can start.
Cybersecurity, operational resiliency, and customer data protection are now everyday exam topics
The 2026 priorities leave no doubt that cybersecurity remains a perennial concern. The SEC is looking at governance, data loss prevention, access controls, account management, ransomware response, recovery planning, and broader operational resiliency. This is not just a technology issue. It is a governance issue, a disclosure issue, a vendor-management issue, and sometimes an investor-protection issue all at once.
The focus on Regulations S-ID and S-P raises the bar further. Firms need identity theft prevention programs that are reasonably designed to detect red flags, especially account takeovers and fraudulent transfers. They also need training, internal controls, and vendor oversight that make these protections real in daily operations.
The amended Regulation S-P requirements are especially important in 2026 because the SEC is looking at whether firms are preparing for, and then complying with, incident response obligations and updated customer-information safeguards. This is the sort of rule-change area where firms often say, “We’re working on it,” and exam staff respond with a polite version of, “That was not the question.”
AI and emerging financial technology: cool demo, now show the controls
Artificial intelligence is one of the clearest cross-cutting themes in the 2026 priorities. The SEC is not treating AI as a magical category that exempts firms from old obligations. Quite the opposite. It is asking traditional regulatory questions in a new technological setting.
If a firm uses AI, automated advice tools, algorithmic models, or alternative data, examiners will want to know whether public statements about those tools are fair and accurate, whether operations and controls match investor-facing disclosures, and whether outputs are consistent with investor profiles, stated strategies, and regulatory duties. That means compliance, legal, technology, and business teams need to speak the same language before the SEC asks them to speak it together.
The practical risk is not just “AI gone rogue.” It is also ordinary overstatement. A firm says it uses advanced AI for better client outcomes, but internally the tool is poorly supervised, inconsistently documented, or mostly automates low-risk back-office work. That mismatch between representation and reality is the kind of thing regulators notice quickly. AI marketing is fun right up until someone requests the testing records.
AML, sanctions, and other market participants still have work to do
Anti-money laundering remains a major area for broker-dealers and certain investment companies. The SEC continues to focus on whether AML programs are tailored to the business model, independently tested, supported by adequate customer identification procedures, and capable of meeting suspicious activity reporting obligations. Omnibus accounts, foreign financial institutions, and intermediary oversight remain important details, not side notes.
The 2026 priorities also highlight transfer agents, funding portals, municipal advisors, clearing agencies, security-based swap dealers, and security-based swap execution facilities. That breadth matters because it shows the SEC is not only looking at front-end advice and sales. It is also examining the broader ecosystem that supports securities markets, including recordkeeping, processing, operational risk, transparency, and market integrity.
What changed from 2025 to 2026?
The biggest story is not a dramatic regulatory reinvention. It is a rebalancing. Much of the 2026 agenda keeps familiar themes from 2025: investor protection, cybersecurity, AI, compliance with new rules, and strong controls. But the packaging changed in meaningful ways.
First, 2026 places a sharper “back to basics” emphasis on fiduciary duty, standards of conduct, and compliance infrastructure. Second, private fund issues remain important but are embedded within broader adviser topics instead of receiving their own marquee section. Third, the 2026 priorities do not include the standalone crypto-assets section that appeared in the 2025 document. That does not mean digital-asset risk is gone. It means firms should be careful about assuming that a missing headline equals a missing exam question. Regulators have a long history of showing up where firms most confidently think they will not.
How firms should respond in 2026
The best response to the 2026 priorities is not frantic memo-writing. It is disciplined execution. Firms should:
- Re-test disclosures against actual business practices, especially around fees, conflicts, product recommendations, AI capabilities, and vendor-dependent functions.
- Review whether policies are implemented in practice, with evidence of supervision, escalation, testing, and remediation.
- Pressure-test Reg BI, fiduciary-duty, and account recommendation workflows using real client files, not just policy language.
- Update cyber, identity theft, and incident response programs to reflect the amended Regulation S-P environment.
- Map where AI or automation affects advice, marketing, fraud detection, trading, or operations, then verify governance and disclosure alignment.
- Prepare new registrants and recently transformed firms, especially after mergers, acquisitions, or business-model changes, for first-round exam scrutiny.
In short, 2026 is the year to eliminate the gap between what the firm says, what the firm does, and what the firm can prove. Those three things should really know each other by now.
Experience in the trenches: what the 2026 priorities look like in real life
In practice, these priorities usually do not arrive as one giant dramatic moment. They show up as a series of ordinary-looking requests that reveal whether a firm truly understands its own operations. A compliance officer gets a request for account recommendation files. An operations manager is asked to explain how a vendor supports financial reporting inputs. A technology lead is asked how access controls work for a system that touches customer data. A marketing team suddenly discovers that the phrase “AI-powered insights” is a lot easier to publish than to defend. That is what makes the 2026 priorities so important: they are deeply operational.
For advisers, one of the most common pain points is documentation quality. A recommendation may have been reasonable, but the file does not show why cost, liquidity, volatility, or product complexity were considered. When that happens, the firm ends up trying to recreate judgment after the fact, which is a little like trying to write the meeting notes after the meeting, the coffee, and everyone’s memory have all left the building.
For broker-dealers, the real challenge often comes from incentives and process drift. A firm may have a strong Reg BI policy on paper, but branch-level practices evolve, compensation pressures creep in, and account recommendations start to look more formulaic than individualized. Then examiners ask for samples involving rollovers, annuities, structured products, or older investors, and the firm learns whether its supervisory system was living in the real world or just visiting on weekends.
Cyber and data protection issues can be even more revealing. Many firms have decent headline policies, yet struggle to show how those policies connect to vendor oversight, incident escalation, red-flag detection, employee training, or business continuity. The 2026 priorities suggest that the SEC wants evidence of operational maturity, not just awareness. Firms that say cyber is a priority but cannot explain who owns decisions, how incidents are triaged, or how third parties are monitored may find examinations uncomfortable very quickly.
The same pattern appears with AI. A lot of firms are experimenting with automated tools, recommendation engines, surveillance enhancements, and workflow automation. The firms that tend to fare better are the ones that ask boring questions early: What does this tool actually do? Who validates outputs? What disclosures mention it? What data does it touch? What happens if it fails? Those are not glamorous questions, but glamour has never been a recognized SEC safe harbor.
The strongest firms heading into 2026 will not necessarily be the biggest or most technologically advanced. They will be the firms that can connect governance, disclosures, supervision, testing, and remediation into a coherent story. When an examiner asks, “How does this work?” the best answer is not a speech. It is a process, a record, a control, and a trail of evidence that all point in the same direction.
Final takeaway
The SEC’s 2026 examination priorities are not revolutionary, but they are revealing. The agency is telling firms to focus on investor-facing fundamentals, tighten control environments, get serious about cyber and AI governance, and make sure disclosures match day-to-day reality. Firms that treat the document as a practical roadmap will be in a far better position than firms that skim the headlines and assume the same old playbook still works.
The 2026 exam environment looks less like surprise theater and more like a documented test of whether firms can demonstrate disciplined, risk-aware execution. That may sound less dramatic, but for compliance teams, it is the regulatory equivalent of hearing, “This counts toward your grade.”
