Another year in compliance is officially in the books — and yes, that’s worth celebrating.
While 2025 did not introduce sweeping new rules, it reinforced a familiar reality for advisory firms: ongoing obligations still require ongoing effort. Custody audits, annual compliance reviews, account reconciliations, and the day-to-day operational demands of running an advisory business continued to compete for time and attention across firms of all sizes.
At the same time, advisers were expected to further operationalize regulatory developments that had already been finalized, with regulators increasingly focused not only on whether policies existed, but on how they were implemented in practice. For some firms, broader regulatory slowdowns have added an extra layer of uncertainty around timelines, particularly for filings and registrations.
With 2025 now behind us, the focus has quickly shifted from execution to strategy. A common question is resurfacing across firms of all sizes: What should we be preparing for next?
2026: A Year Defined by Execution
The regulatory environment is less about implementing new regulatory mandates and more about how existing requirements are executed, documented, and sustained.
While the SEC has long emphasized the importance of having effective compliance controls, recent examinations continue to reflect heightened scrutiny on whether those controls are operating as designed in practice. Put simply, policies on paper are not enough. Firms are expected to demonstrate that compliance programs are operating as designed, that controls are functioning, risks are routinely identified and managed, and compliance processes are meaningfully embedded into day-to-day operations.
This continued emphasis builds directly on themes highlighted in the 2025 examination priorities[1] and helps firms’ understand how investment adviser compliance programs are being evaluated in 2026.
How Firms Will Be Evaluated in 2026
Against that backdrop, the regulatory expectations reinforced in 2025 now serve as the baseline for 2026 examinations[2].
Core areas of continued priority include:
- Fiduciary obligations, particularly consistency between investment advice, fee practices, and related disclosures
- Compliance program effectiveness, including whether policies are implemented, enforced, and tested in practice (with continued attention to off-channel communications and T+1 settlement controls)
- Never-examined and recently registered advisers, where examiners continue to assess foundational compliance readiness
In addition to these core obligations, regulators are placing increased emphasis on areas where firms adopt new technologies, offer complex products, or rely on evolving operational models.
Key areas of heightened SEC focus in 2026 include:
- Cybersecurity and operational resiliency, including governance, access controls, and incident preparedness
- Regulation S-P and Regulation S-ID, with expanded expectations around data protection, identity theft prevention, incident response, and vendor oversight
- Emerging financial technologies, including automated and data-driven tools
Within these areas, examiners are paying closer attention to specific risk drivers, including but not limited to:
- Use of artificial intelligence and automated tools in investment decision-making, portfolio management, communications, and marketing
- Digital asset exposure, whether through recommendations, fund strategies, custody arrangements, or client-directed trading
- Complex or alternative products, including private funds and strategies with unique liquidity, valuation, or fee considerations
Across these activities, regulatory scrutiny is increasingly focused on whether:
- Policies accurately describe how technologies or products are used
- Disclosures clearly explain associated risks, conflicts of interest, and limitations
- Compliance testing is tailored to the firm’s specific risk profile
- Supervisory review and escalation processes are documented
- Vendor reliance and third-party oversight are appropriately addressed
In practice, this often requires firms to revisit whether existing policies and testing frameworks, originally designed for more traditional advisory models, remain fit for purpose as business practices evolve.
Compliance Obligations That Span the Entire Year
While certain compliance activities naturally receive heightened attention at different points throughout the year, regulators continue to expect many core obligations to be monitored and addressed on an ongoing basis.
Throughout 2026, SEC examinations are expected to assess whether these requirements are treated as continuous responsibilities and addressed accordingly, rather than non-customized, check-the-box exercises. Examples include:
- Section 13 filing obligations, which should be evaluated continuously as holdings, ownership levels, and trading activity change.
- Code of Ethics reporting and oversight, including ongoing personal securities transaction reporting, certifications, and supervisory follow-up.
- Investment adviser and IAR registration maintenance, including monitoring notice filings, state registrations, and associated disclosures as business activities evolve
- Ongoing compliance testing, particularly in higher-risk areas such as AML preparedness, off-channel communications oversight, cybersecurity controls, and vendor management
- Risk and conflict assessments, which should be refreshed as business models, products, or operational practices change, even where formal assessments are conducted annually
- Fiduciary obligations related to retirement and rollover recommendations, with continued regulatory attention on how firms document best-interest determinations, disclosures and conflicts management under applicable DOL guidance and state-level best-interest standards.
These obligations form the backbone of a firm’s compliance program. The quarterly discussion below highlights areas where firms can focus their compliance oversight efforts at different points during the year, not just when these responsibilities begin or end. Ongoing monitoring, testing, and oversight should be performed throughout the year and designed based on the risks and conflicts associated with the business practices of your firm.
What This Looks Like in Practice: A Quarterly View
Q1 2026: Documentation, Governance, and Early-Year Obligations
For firms with a December 31st fiscal year-end, the first quarter of 2026 will most likely begin with initiating the process of gathering data for and reviewing Form ADV for the required annual amendment.
The beginning of Q1 is also a critical period for evaluating Section 13 filing obligations, including whether a Form 13F filing is required in February and whether prior-year activity triggered Form 13H Large Trader, Schedule 13D, or Schedule13G filing requirements.
For compliance testing, firms should perform a review of their current testing protocols to determine whether updates are needed due to any regulatory and/or business changes. Focus on the higher-risk areas first, particularly those impacted by recent regulatory developments, such as:
- Obtaining off-channel communications attestations and reviewing supervisory oversight of electronic communications
- Assessing Regulation S-P and cybersecurity readiness, including a review of incident-response plans, vendor inventories and performing due diligence, and ensuring the adoption of policies and procedures addressing the amendments to Regulation S-P.
Importantly, the early part of Q1 is often the last opportunity to identify and address gaps before disclosures in Form ADV are finalized, making early testing and documentation especially valuable.
Q2 2026: Regulatory Follow-Through and Program Execution
The second quarter shifts the focus from review and preparation to execution.
During Q2, confirm that delivery of required documents to clients has taken place, including, as applicable, Form ADV Part 2A, Part 2Bs, Form CRS, and the firm’s Privacy Notices.
Q2 is also a practical window for:
- Targeted books and records testing, particularly around electronic communications, advertising, and T+1 compliance.
- Assessing training effectiveness, including whether employees have been trained on any new and/or updated regulatory requirements, along with any compliance considerations pertaining to any business changes.
- Beginning the annual compliance review, allowing time to identify and remediate issues before year-end.
Q3 2026: Testing, Continuity, and Exam Readiness
During Q3, firms should:
- Begin testing their business continuity and disaster recovery plans and confirm that a written succession plan is in place.
- Confirm that compliance protocols have been implemented to address any new business offerings and/or regulatory changes.
- Review SEC Risk Alerts and any other guidance issued during the year to determine if any enhancements to the firm’s compliance program is needed.
From an exam-readiness perspective, Q3 is often when firms benefit from stress-testing document-production processes, remediation tracking, and internal escalation protocols. Consider having a mock regulatory audit performed by a compliance consulting firm or your legal counsel.
Bringing It All Together
While none of these priorities are new in isolation, placing increased emphasis on execution, documentation, and follow-through in the first 3 quarters allows firms time in Q4 to focus on assessing whether those efforts were effective and if there are any remaining compliance tasks that need to be completed.
For smaller and leaner advisory firms in particular, this environment reinforces the importance of thoughtful prioritization, strong documentation, and risk-based compliance planning.
Core Compliance supports firms through this process by helping translate regulatory expectations into compliance programs that are practical, scalable, and defensible, focusing on gap identification, policy and disclosure alignment, testing and documentation, and exam readiness, tailored to each firm’s business model. Firms seeking additional support or guidance may contact Core Compliance at info@corecls.com, call (619) 278-0020, or visit www.corecls.com.
Author: Alexandria Hutchinson, Sr. Compliance Associate, Editor: Tina Mitchell, Managing Director, Consultation Services, Core Compliance & Legal Services (“Core Compliance”). Core Compliance works extensively with investment advisers, broker-dealers, investment companies, and private fund managers on regulatory compliance issues.
This article is for information purposes and does not contain or convey legal or tax advice. The information herein should not be relied upon regarding any particular facts or circumstances without first consulting with a lawyer and/or tax professional.