In November, the SEC released their 2026 Examination Priorities List,[1] which for investment advisers reflect a notable return to foundational principles, with a strong emphasis on fiduciary duty and standards of conduct, accurate disclosures, and the overall strength of a firm’s compliance program.
While the SEC’s focus on current high-risk areas such as use of artificial intelligence, retention of books and records, and investing in digital assets (i.e., crypto currency) continue to grow, their message is clear. Examiners will be assessing whether advisory firms remain grounded in the fundamentals that protect investors, even as the regulatory landscape evolves.
Cybersecurity and data privacy feature prominently in their priorities, driven in part by the recent amendments to Regulation S-P and the heightened sensitivity around incident response preparedness.
At the same time, the SEC is signaling a more encompassing evaluation of the use by advisory firms of emerging technologies, including AI and automated tools. Examiners will assess conflicts of interest, accuracy of disclosures, and the adequacy of compliance controls associated with these technologies. Firms that adopt advanced tools without aligning their controls, monitoring systems, and policies may face heightened regulatory pressure during an exam.
Private market activities remain a priority as well. The SEC continues to focus on valuation practices, fees and expenses, preferential treatment, and the use of side-letter arrangements.
Below are the major themes emphasized in the 2026 priorities.
Renewed Focus on Fiduciary Duties and Conduct Standards
Examiners plan to intensify reviews of fiduciary obligations for advisers. This includes attention to duty of care and loyalty, rollover recommendations, and whether firms’ actual practices align with their disclosures. The SEC continues to express concern that disclosures are too often incomplete or inconsistent with what firms actually do in their day-to-day.
Preparation Tips: (i) Review Form ADV, Form CRS, and marketing materials in detail to confirm whether they align with how advice, rollover recommendations, and fees are actually handled in practice, and (ii) ensure rollover and account-type recommendations are documented and include considerations such as cost comparisons, other alternatives, and a clear rationale for the recommendation.
Strengthening Foundational Compliance Functions
The SEC is prioritizing the essential building blocks of an effective compliance program. Examinations will focus on, among other things, conflicts of interest, supervisory frameworks, best execution practices, valuation methodologies, custody safeguards, and fee and expense oversight. The goal is to determine whether firms have a compliance program that is both well designed and consistently followed. Importance will be focused on ensuring that a firm’s policies and procedures are appropriately tailored to their business.
Preparation Tips: (i) Review conflicts, supervision, best execution, valuation, custody, and fee policies and practices to confirm whether they operate consistently and are not addressed in silos, (ii) ensure that policies and procedures actually reflect the firm’s business practices, as generic or “off-the-shelf” policies and procedures remain a common deficiency, and (iii) confirm that annual reviews identify root causes of any compliance issues and lead to meaningful program improvements, not just checklist completion or restated policies.
Increased Examinations of New and Unexamined Advisers
Firms that are newly registered or have never undergone an SEC exam should expect increased attention as in years past. Examiners will evaluate governance and controls to establish early expectations and identify risks before they become systemic within an organization.
Advisers that have not been examined should be prepared to demonstrate not only written policies and procedures, but evidence that compliance processes are implemented, monitored, and documented in practice.
Preparation Tips: (i) Consider obtaining a mock audit from a third-party compliance consulting firm or securities versed legal counsel in order to identity and remediate any deficiencies prior to an SEC exam, (ii) confirm that policies, procedures and controls are implemented through routine testing. Examiners will look for evidence that policies are implemented and monitored, not just adopted to meet registration requirements, and (iii) ensure roles, responsibilities, and compliance escalation pathways are well defined and consistently followed across the firm.
Cybersecurity, Data Privacy, and Reg S P Amendment Readiness
Cybersecurity continues to be one of the dominant exam areas. Examiners will review incident response frameworks, access controls, identity theft prevention, vendor oversight, the ability to detect and contain breaches, and protocols for client notification. It is apparent that the SEC’s view is that effective information governance is not only a technical requirement but a core component of investor protection. As the scrutiny intensifies, firms should expect deeper reviews of how they safeguard data, oversee vendors, and maintain business continuity in the face of growing operational and cyber threats.
With the adoption of the Reg S-P amendments, firms must demonstrate that they have updated incident response policies, enhanced disposal and breach notification procedures, and implemented vendor due diligence specific to privacy safeguards and firm notification process, along with the necessary operational processes and safeguards.
As a reminder, Firms with less than $1.5B in AUM have until June 3, 2026 to implement the necessary requirements.
Preparation Tips: (i) confirm incident response plans are current, tested, and clearly define detection, escalation, containment, and notification responsibilities, (ii) ensure training on the plans is performed at least annually, (iii) assess whether vendors with access to client Information are subject to appropriate diligence, contractual safeguards, and breach notification expectations, (iv) proactively reach out to these vendors to ensure they are aware of notification requirements under the amended Reg S-P, and (v) ensure policies reflect updated definitions, disposal standards, and breach notification timelines per the requirements in the amended Reg S-P, and that operational practices support those requirements in practice.
Oversight of AI, Automated Systems, and Algorithmic Tools
The SEC recognizes both the opportunities and risks associated with advanced technology. Examiners will assess whether firms have disclosures about how these tools are used and whether testing, validation, and ongoing monitoring are sufficient. Just as important, examiners will be confirming that these tools and systems are being used consistent with the disclosures and claims made by firms.
Regulators are also focused on whether AI and technology create or amplifies conflicts, such as incentives embedded in models, revenue sharing related to digital tools, or biases in automated investment systems. Examiners will evaluate how firms identify these conflicts and how they implement appropriate compliance oversight.
Preparation Tips: (i) Confirm disclosures clearly describe how AI, algorithms, and digital tools are used, and verify that actual practices are consistent with those statements, (ii) evaluate whether automated tools introduce new risks, including errors, bias, or unintended outcomes, and maintain evidence of testing, validation, and ongoing monitoring, and (iii) review whether incentives embedded in revenue-sharing arrangements, or vendor relationships create conflicts that require disclosure or mitigation.
Ongoing Scrutiny of Private Market Activities
Private fund advisers continue to remain a significant focus. Examiners will review valuation practices, fee calculations, expense allocations, preferential treatment arrangements, and side letter compliance.
Preparation Tips: (i) Review side letters and any “most favored nation” provisions to ensure terms are tracked, disclosed where required, and implemented as promised, (ii) verify that private fund offering documents and Form ADV disclosures accurately reflect how the private fund operates in practice, particularly around fees, expenses, and conflicts, and (iii) ensure maintenance of clear records of valuation process and decisions, expense approvals, and conflict reviews to demonstrate ongoing supervisory oversight.
Operational Resiliency and Vendor Dependence
The SEC is expanding its efforts in operational resiliency. Reviews will include business continuity planning, disaster recovery protocols, vendor relationships, and overall preparedness for disruptive events. Firms are expected to show that they have policies and procedures in place to withstand cyber incidents, technology failures, and other operational disruptions without exposing clients to unnecessary risk.
Preparation Tips: (i) Ensure business continuity plan and recovery processes are current, tailored to the firm’s operations, and periodically tested with documented results and remediation, and (ii) confirm that critical service providers and technology dependencies have been identified, and contingency plans exist should those vendors or systems fail
Core Compliance partners with advisers to translate the SEC’s exam priorities into practical, defensible compliance programs. We assist firms with targeted gap assessments, policy and disclosure alignment, testing and documentation support, and exam preparedness tailored to each firm’s business model. Whether you are addressing core fiduciary obligations, cybersecurity and Reg S-P requirements, private fund oversight, or operational resiliency, Core helps ensure your compliance program is not only well designed, but consistently implemented and exam ready. For more information, please contact us at info@corecls.com, at (619) 278- 0020 or visit us at www.corecls.com.
Author: Josh Jones, Sr. Compliance Consultant; Editor: Tina Mitchell, Managing Director, Consultation Services; Core Compliance & Legal Services (“Core Compliance”). Core Compliance works extensively with investment advisers, broker-dealers, investment companies, and private fund managers on regulatory compliance issues.
This article is for information purposes and does not contain or convey legal or tax advice. The information herein should not be relied upon regarding any particular facts or circumstances without first consulting with a lawyer and/or tax professional.