SEC Releases 2026 Examination Priorities: What to Expect

If you work in compliance, legal, operations, or somewhere in the glamorous land of “please update that policy by Friday,” the SEC’s 2026 Examination Priorities are not exactly light beach reading. But they are important reading. Very important. The SEC’s Division of Examinations released its fiscal year 2026 priorities in late 2025, and the message is clear: the agency is still focused on fundamentals, but it now expects firms to prove those fundamentals actually work in real life.

In other words, 2026 is not the year for a beautiful compliance manual that looks terrific in a binder and does absolutely nothing when the exam team arrives.

The new priorities span investment advisers, investment companies, broker-dealers, self-regulatory organizations, clearing agencies, municipal advisors, transfer agents, funding portals, and security-based swap participants. Across those groups, the SEC keeps circling back to a handful of themes: fiduciary duty, investor protection, conflicts of interest, complex products, cybersecurity, operational resiliency, identity theft prevention, AI oversight, and whether firms can show that their disclosures, controls, and day-to-day practices all line up.

So what should firms actually expect in 2026? Here is the practical breakdown.

Why the 2026 priorities matter more than a simple annual checklist

The SEC says every year that its examination priorities are not exhaustive, and that warning matters. The list is not a safe harbor. It is a roadmap of pressure points. If your business touches one of these areas, expect deeper questions, more testing, and less patience for vague explanations like “we have a policy for that somewhere.”

This year’s priorities also feel more operational than theoretical. The tone is less about announcing brand-new headline issues and more about testing whether firms can execute on old obligations in a market that keeps getting more complicated. AI did not erase fiduciary duty. Cybersecurity did not replace disclosure obligations. Alternative products did not suspend common sense. The SEC’s 2026 view is basically this: new tools, same duties, higher stakes.

The big themes running through the 2026 exam roadmap

1. Back to basics, but with sharper teeth

One of the clearest signals in the 2026 priorities is a return to foundational conduct standards. For investment advisers, that means the duty of care, the duty of loyalty, best execution, and the ability to explain why a recommendation was in the client’s best interest. For broker-dealers, it means continued focus on Regulation Best Interest, Form CRS, account recommendations, rollovers, and reasonably available alternatives.

The SEC is not acting as though these are fresh ideas. It is acting as though firms have had enough time to get them right. That makes 2026 feel less like a teaching year and more like a prove-it year.

2. Retail investor protection remains the emotional center of the story

The SEC’s priorities repeatedly point toward retail investors, especially older investors and people saving for retirement or college. That focus shows up in adviser reviews, broker-dealer sales practice reviews, and fund oversight. The agency appears especially interested in how firms handle products that are complicated, expensive, less liquid, or heavily marketed as smart solutions for everyday investors.

Translation: if your firm sells or recommends products that sound sophisticated enough to impress someone at a steakhouse, be prepared to explain them in plain English to an examiner.

3. Private fund risk did not disappear; it got woven into broader priorities

A notable shift in the 2026 priorities is the absence of a separate private fund adviser section. That does not mean private fund issues are off the hook. Not even close. Instead, those issues are threaded through adviser priorities involving alternative investments, allocation conflicts, newly launched private funds, advisers new to the private fund space, valuation, liquidity, fees, disclosures, and side letters.

That is actually more interesting than a stand-alone section. It suggests the SEC sees private fund risk as part of a broader ecosystem of conflicts, product design, and disclosure quality rather than as a siloed specialty topic.

4. Cybersecurity is still here, still serious, and still not optional

No one in financial services gets to act surprised by cybersecurity exams anymore. In 2026, the SEC continues to focus on governance practices, data loss prevention, access controls, account management, incident response, ransomware readiness, and operational resiliency. The agency also highlights third-party vendor oversight and how firms use threat intelligence in practice.

That last point matters. Examiners are not just looking for technical buzzwords. They want to know whether the firm can identify risks, respond to them, recover from disruptions, and protect client data without improvising like a middle school theater troupe.

5. AI oversight has officially entered the “show your work” phase

The SEC is paying closer attention to automated investment tools, trading algorithms, AI technologies, and alternative sources of data. That does not just mean whether a firm uses AI. It means whether the firm accurately describes how it uses AI, whether the controls match the marketing, whether automated recommendations are consistent with investors’ profiles, and whether supervision is strong enough to catch bad outcomes.

If a firm claims its technology is smart, personalized, efficient, and risk-aware, examiners may ask the painfully reasonable question: “Great. Can you prove it?”

What investment advisers should expect in 2026

Fiduciary duty will be tested where it hurts most: recommendations, conflicts, and disclosures

For advisers, the SEC remains focused on whether investment advice is consistent with client objectives, risk tolerance, and personal circumstances. The agency specifically flags alternative investments, complex products, and higher-cost products. It also points to recommendations made to older investors, clients saving for retirement, and advisers handling private funds alongside separately managed accounts or registered funds.

That means examiners may spend real time looking at allocation methodologies, interfund transfers, fee structures, compensation incentives, and whether disclosures truly describe how conflicts are managed. Firms that rely on disclosure alone without meaningful operational controls could have a rough year.

Compliance programs will be judged on implementation, not decoration

The SEC says adviser exams will continue to review the core elements of compliance programs, including marketing, valuation, trading, portfolio management, filings, disclosures, and custody. It also points to annual reviews and asks the obvious question: were the policies actually implemented and enforced?

This is where a lot of firms get uncomfortable. A policy can be technically correct and still fail an exam if no one follows it consistently, no one tests it, and no one updates it when the business changes. Advisers that have merged, consolidated, expanded into new products, or moved into new client segments should expect additional scrutiny.

Never-examined and recently registered advisers remain prime targets

The SEC again emphasizes advisers that have never been examined, particularly recently registered advisers. For newer firms, that means the grace period many people imagine probably exists does not really exist. The agency wants to see whether compliance has been built with intention from the start, not stitched together after the welcome email from exam staff lands in the inbox.

Activist practices and reporting accuracy matter

The 2026 priorities also mention advisers with activist engagement practices, including scrutiny around filings such as Schedules 13D and 13G, Form 13F, Forms 3, 4, and 5, and Form N-PX. That is a reminder that examination risk is not limited to flashy product issues. Filing accuracy, timeliness, and record support can still become the thing that ruins everyone’s week.

What investment companies should expect

Registered investment companies remain a priority, especially because of their role in serving retail investors. The SEC says exams will generally cover compliance programs, disclosures, filings, and governance practices. It also singles out fund fees and expenses, waivers and reimbursements, and whether portfolio management practices line up with fund disclosures and marketing.

The amended fund Names Rule also looms in the background. Funds whose names imply a certain investment focus should expect attention to whether portfolios, disclosures, and controls support that implication. Add in mergers, novel strategies, less liquid investments, valuation challenges, and leverage vulnerabilities, and you get a picture of a fund exam environment that is less forgiving of sloppy product governance.

What broker-dealers should expect

Financial responsibility rules remain a core exam area

The SEC continues to focus on broker-dealer compliance with the net capital rule, the customer protection rule, and related internal controls. That includes timely financial notifications, liquidity risk management, operational resiliency, and the supervision of third-party services that support financial reporting. Cash sweep programs and prime brokerage activities also receive attention.

This is a reminder that a broker-dealer exam is never just about sales practice. Plumbing matters too.

Trading practices, routing, valuation, and market structure questions are still on the table

In 2026, the SEC says it will continue to review equity and fixed-income trading practices, including extended-hours trading, municipal securities issues, best execution, pricing and valuation of illiquid instruments, disclosures about order routing and execution, Regulation SHO, and alternative trading system controls.

For firms with more complex trading activity, that means exam readiness needs to include not just policy language, but trade surveillance, exception handling, escalation paths, and documentation that someone with authority actually reviews.

Reg BI is not going away, and complex products remain a hot zone

Broker-dealer sales practices remain a major priority, especially recommendations involving accounts, rollovers, limited menus, and complex or tax-advantaged products. The SEC specifically points to variable annuities, registered index-linked annuities, certain ETFs, 529 plans, private placements, structured products, alternative investments, and products with complicated fee structures or exotic benchmarks.

Examiners may also zero in on recommendations to move investors into substantially similar products, open option or margin accounts, shift into self-directed IRAs, or move assets between brokerage and advisory accounts. In plain English, the SEC wants to know whether the recommendation was genuinely good for the customer or merely convenient for the revenue model.

Other market participants should not tune out

The 2026 priorities also cover self-regulatory organizations, clearing agencies, municipal advisors, transfer agents, funding portals, security-based swap dealers, and security-based swap execution facilities. Municipal advisors can expect continued focus on fiduciary duty and MSRB Rule G-42. Transfer agents will face attention around recordkeeping, safeguarding of funds and securities, emerging technology, and Regulation S-P readiness. Funding portals are on notice for third-party arrangements involving investor funds and required records. Security-based swap participants should expect continued scrutiny around reporting accuracy, operational risk, and market integrity.

Meanwhile, AML remains a cross-cutting issue for certain firms, with the SEC emphasizing risk-tailored AML programs, independent testing, customer identification, beneficial ownership procedures, suspicious activity reporting, and sanctions compliance.

What the SEC did not spotlight, and why that still matters

Several legal and compliance commentators quickly noticed that the 2026 priorities do not include a stand-alone crypto section. They also do not include a stand-alone private fund section, and they say less about some topics that were more visibly highlighted in prior years. But firms should resist the temptation to celebrate too early.

The absence of a dedicated heading does not mean the underlying risks vanished. Crypto-related firms still face custody, disclosure, cybersecurity, governance, and fraud issues. Private fund advisers still face allocation, valuation, side letter, liquidity, and fee issues. The SEC’s priorities are better read as a shift in framing, not a hall pass.

How firms should prepare now

Start with a gap analysis that follows the business, not just the rulebook

Review where your business actually creates risk: product design, compensation, investor communications, vendor dependence, data access, model governance, account recommendations, valuation, and recordkeeping.

Test controls where the SEC is likely to test them

Run mock reviews on rollover files, complex product recommendations, AI disclosures, incident response procedures, access controls, Form CRS language, and allocation decisions. A policy that has never been tested is basically a wish.

Clean up disclosures before examiners do it for you

Marketing statements, client disclosures, compliance manuals, and operational reality should say the same thing. If they do not, fix that mismatch now.

Reassess vendor oversight

Third-party providers increasingly sit inside critical workflows. If a vendor touches customer data, trading, surveillance, archiving, reporting, or authentication, the SEC will likely care how you oversee that relationship.

Document the rationale behind recommendations

That is especially true for older investors, retirement assets, college savings, alternatives, illiquid products, higher-cost products, and account-type changes. If your file only shows the outcome and not the reasoning, it may not help much in an exam.

Final takeaway: 2026 is the year of operational credibility

The SEC’s 2026 Examination Priorities do not read like a dramatic reinvention. They read like a sharper, more practical version of themes the agency has been building for years. The difference is that examiners seem increasingly focused on whether firms can demonstrate operational credibility: real controls, real governance, real documentation, real supervision, and real alignment between what the firm says and what the firm does.

That is the heart of what to expect in 2026. Not just more questions, but better questions. Not just “Do you have a policy?” but “Did it work?” Not just “Did you disclose the conflict?” but “How did you stop the conflict from harming investors?” Not just “Do you use AI?” but “Who supervises it, how do you validate it, and are your claims about it actually true?”

For firms that prepare early, the priorities offer a clear checklist for strengthening exam readiness. For firms that ignore them, the SEC has kindly provided an annual preview of what the trouble will probably look like.

What firms are experiencing on the ground in 2026

Across the industry, the practical experience of preparing for 2026 exams looks a lot less like theoretical legal analysis and a lot more like controlled panic with spreadsheets. Compliance teams are finding that the hardest part is not understanding the SEC’s themes. The hardest part is proving that each theme is reflected in daily behavior across departments that do not always speak the same language. Legal says one thing, operations says another, marketing says something shinier, and technology says the rollout is “almost done.” Examiners tend to notice when those answers do not match.

Many firms are also experiencing a new kind of pressure around disclosure accuracy. In earlier years, some registrants treated disclosures as a drafting exercise. In 2026, that approach feels much riskier. Teams are spending more time comparing Form ADV language, Form CRS wording, slide decks, website copy, investor letters, and internal procedures to make sure they tell the same story. That work is tedious, but it is also where a surprising number of exam problems begin. The sentence that looked harmless during drafting can become painful when an examiner asks the business to demonstrate how it actually works.

Another real-world experience is that cybersecurity and vendor oversight no longer sit neatly inside the IT department. Firms are discovering that incident response, third-party diligence, access governance, and customer notification planning all require legal, compliance, operations, security, and senior management to coordinate in a way that many organizations never fully practiced before. It turns out “cross-functional readiness” sounds elegant in a board memo and much messier in a live tabletop exercise.

AI is producing a similar experience. Plenty of firms are already using AI-assisted tools in surveillance, operations, research workflows, communications review, or client service. What they are learning now is that adoption alone is not the challenge. The challenge is inventorying where AI is used, identifying who owns it, documenting what it does, testing whether outputs are reliable, and making sure public descriptions do not oversell the technology. A compliance officer can survive a modest tool. Surviving a marketing team that calls the tool “revolutionary” is often harder.

Private markets are creating their own form of exam stress. Advisers dealing with private credit, longer lockups, or side-by-side management are spending more time documenting valuation decisions, allocation judgments, fee practices, and investor-specific arrangements. Even when firms believe they are doing the right thing, they increasingly want a record that shows the sequence of decisions and the reasoning behind them. “Trust us” is not a durable exam strategy.

Newly registered firms are experiencing something else entirely: the realization that being new does not buy much sympathy. Many are building compliance programs and exam files at the same time they are building the business itself. That means founders, CCOs, outside counsel, consultants, and operations leaders are all trying to create something that is both practical and defensible. It is exhausting work, but it often produces the healthiest habits. Firms that build documentation and testing discipline early usually suffer less later.

In that sense, the experience of 2026 is not just regulatory pressure. It is organizational clarity. The firms handling this year best are the ones using the priorities as a mirror, not just a warning.

SEO Tags