In the second part of this legal update series, we summarize the key takeaways from the Division of Examinations’ (Division) 2025 priorities report released on October 21, 2024. The Division remains focused on mainstays like fiduciary duties and standards of conduct owed to investors, but there is a clear emphasis on new technologies that have had a material impact on the day-to-day business of securities markets. Examples like the smartphone which provides anyone with ready access to a full suite of brokerage services and the development of generative Artificial Intelligence (AI) applications are game changers when it comes to the who, where, when and how of our securities markets. The Division remains focused on identifying these new and emerging risks in order to further its long-term objectives of investor protection, efficient and orderly capital markets, and strong compliance across the industry.

The priorities report is intended to put registrants on notice of the areas of compliance that may need further evaluation or improvement. An important caveat to keep in mind is that the priorities report does not reflect an exhaustive list of all the areas that could be subject to review. As referenced in the first part of this legal update series, the Division conducts a risk-based review using a multitude of factors – including an entity’s history, mode of operations, as well as the products and services made available to customers – to determine the scope of an examination. With that in mind, firms should anticipate an examination that is tailored to their business and focus on reviewing their compliance programs related to strategic, higher-risk areas.

Without any further ado, please see below our overview of the Division’s major priorities for the upcoming fiscal year.

Investment Advisers

Adherence to Fiduciary Standards of Conduct

The Division maintains a number of key priorities for reviews of Investment Advisers. In particular, the Staff remains focused on whether investment advisers are meeting their fiduciary duties of care and loyalty obligations owed to clients such as with respect to the investment advice regarding certain products, investment strategies, and account types. Recommendations related to high-cost products, unconventional instruments, illiquid and difficult-to-value assets, and assets sensitive to higher interest rates will garner more attention and scrutiny by the Staff.

For dual-registrants and advisers affiliated with broker-dealers specifically, the Staff will focus not only on the suitability of investment advice and recommendations regarding certain products for clients’ advisory accounts, but also the disclosures made to clients regarding the capacity in which recommendations were made and the appropriateness of account selection practices. Finally, the Staff will consider whether advisers are adequately mitigating and fairly disclosing conflicts of interest within the context of delivering impartial advice and best execution.

Firms should expect the Division to prioritize examinations of advisers who are newly registered, never been examined, or who have not been examined in some time.

Effectiveness of Advisers’ Compliance Programs

A fundamental part of the examination process for Registered Investment Advisers (RIAs) is the Division’s assessment of the effectiveness of a firm’s compliance programs within the purview of SEC Rule 206(4)-7 (the Compliance Rule). Typically, the Staff will focus on core areas such as marketing, valuation, trading, portfolio management, disclosure and filings, custody, along with the firm’s own analysis of its annual compliance program effectiveness review. The Staff will review a firm’s policies and procedures with a specific focus on whether they are reasonably designed to prevent the advisers from placing their interests ahead of clients’ interests. Conflict-related areas of focus include outsourcing investment selection and management, alternative sources of revenue or benefits received by advisers, as well as fee calculations and the fee-related conflict disclosures. Other products and activities that may draw further scrutiny are the availability of illiquid or difficult-to-value assets, integration of AI into advisory operations, the reliance on a high number of independent contractors who are deployed across several locations, and advisers who have recently entered the market or substantially altered their business model. Of course, every exam is unique and the review scope of an adviser’s compliance regime will depend on firm-specific business activities and operations.

Advisers to Private Funds

Private Fund Advisers have garnered a lot of the SEC’s attention among RIAs in recent years and should expect several key areas to be within the scope of review. First, the Division will consider whether the adviser’s disclosures are consistent with its actual business practices, especially regarding fee calculations, allocations of fees, expenses, and the firm’s conflicts of interests and related risk mitigation. Similar to other registrants, the Division will focus on an adviser’s conflicts disclosures, risks and related policies and procedures associated with certain products or practices such as debt securities, fund-level lines of credit, investments held by multiple funds, and the use of affiliated service providers. Moreover, the Staff will consider the accuracy of a fund’s calculations and allocations with respect to fees and expenses at both the fund and investment levels.

Separately, the Staff will look at whether the adviser met its fiduciary obligations during periods of market volatility and interest rate fluctuations, particularly in the context of certain investment strategies such as commercial real estate and private credit. Firms should further review their policies, procedures, and practices to confirm their compliance with the recent amendment to the Form PI filings as well as the updated marketing rules. As a general matter, fund performance below expectations, high rates of customer withdrawals, and the retention of difficult-to-value assets will invite greater scrutiny by the Division.

Investment Companies

One of the SEC’s major objectives over the last few years that will continue to draw attention under another Trump administration is the protection of retail investors. The Division is expected to focus on Registered Investment Companies (RICs) such as mutual funds and exchange traded funds (ETFs) given how important of a role these entities play for retail investors such as older individuals who are nearing the age of retirement.

Many of the issues along with the attendant scope of review (e.g., compliance program, disclosures, and overall business practices) relevant for investment advisers are also applicable to RICs. For example, the Division will focus on the calculation, waiver, and reimbursement of any fund fees and expenses; oversight of service providers (either affiliated or third party); investment strategies, approaches, fund filings, marketing materials, and whether they align with portfolio management practices and investor disclosures; business practices employed during periods of market volatility (e.g., were fiduciary obligations satisfied in execution of commercial real estate investment strategy); and compliance with the SEC’s new and amended rules. Similar to investment advisers, RICs can expect the Division to prioritize examinations of firms who are newly registered, never been examined, or who have not been examined in some time.

We encourage investment company registrants to review the Division’s risk alert published on November 4, 2024, which offers further insights into these particular types of reviews, including sample documents and information that the Division would likely request during an examination.

Broker-Dealers

Regulation Best Interest and Form Client Relationship Summary (CRS)

The Staff remains heavily focused on the protection of retail investors, and in turn, broker-dealers’ practices related to Regulation Best Interest (Reg BI). Firms should expect the Division to assess whether care and loyalty obligations were met in connection with recommendations of certain investment products, particularly products that are complex, illiquid, or inherently high-risk (e.g., highly leveraged or inverse products, crypto assets, structured products, alternative investments, products that are not registered with the SEC, products with complex fee structures or return calculations, and products based on exotic benchmarks). Moreover, the Division will also prioritize review of investment recommendations that rely on automated tools or other digital engagement practices, involve the opening of different account types (e.g., option, margin, and self-directed IRA accounts) or are directed at retail investors, especially older investors with longer-term investment objectives.

The Division will investigate a firm’s reasonable basis for believing its recommendations of products, investment strategies, and account types were in a customer’s best interest, particularly in light of the investor’s investment profile such as their investment objectives, risk tolerances, and other account characteristics. The Division will also review the adequacy of a firm’s conflict of interest identification and elimination practices and processes with respect to reasonable available investment alternatives. Finally, the Division will scrutinize a firm’s disclosures in Form CRS, including the relationships and services it offers to retail customers, the associated fees and costs, and its conflicts of interest and disciplinary history.

Dual-registrants processes are also expected to be within scope of the Division’s review. Areas unique to these entities include the supervision of sales practices at branch office locations, account allocation practices (e.g., allocation of investments where an investor has multiple accounts), and account selection practices (e.g., brokerage versus advisory, such as advice to open wrap fee accounts).

Broker-Dealer Financial Responsibility Rules

The Division will continue to focus on a firm’s compliance and related internal processes, procedures, and controls in connection with the Net Capital and Customer Protection Rules. Notably, updates to the Public Company Accounting Oversight Board’s auditing standards as approved by the SEC earlier this year will likely bring a firm’s accounting practices within the scope of review. Other areas of review include whether the firm has submitted its required filings, its operational resiliency programs (e.g., supervision of third-party or vendor provided services relied upon to prepare its financial reporting), and the controls associated with helping to ensure a firm maintains adequate capital during periods of illiquidity.

Broker-Dealer Trading-Related Practices and Services

The Division also noted that it will examine broker-dealer equity and fixed income trading practices. Key areas include the structure, marketing, fees, conflicts associated with stock offerings to retail customers, fully-paid lending programs, trade activity in pre-IPO companies, private company sale transactions in secondary markets, and online trading platforms.

Execution of retail orders is another important area of review. The Division will focus on how individual retail orders were marked (i.e., held or not held) as well as the consistency of the order marking. The Division will also place an emphasis on the reasonability of pricing and valuation for illiquid and retail-focused instruments (e.g., VRDOs, municipal securities, and non-traded REITs).

Lastly, the Division will examine whether broker-dealers appropriately rely on the Bona Fide Market Making Exception (BFMME) to Regulation SHO’s locate requirement. In particular, the Division will review whether a market maker is engaging in potentially manipulative behavior in contravention of the BFMME by posting quotes that are significantly distanced from the current best bid and offer prices in the market.

Risk Areas Impacting Various Market Participants

Information Security and Operational Resiliency

Cybersecurity

The proliferation of sophisticated cybersecurity threats remains a major driver behind the Division’s focus on firms’ practices to prevent interruptions to “mission-critical services” and protection of investor information, records, and assets. As part of its review, the Division will look at firms’ policies and procedures, particularly with respect to information security and operational risks, along with governance practices, data loss prevention, access controls, account management, and the response playbook to cyber-related incidents. The Division will also review the safeguards incorporated into alternative trading systems in order to protect confidential trading information. Finally, the Division will continue to monitor how registrants identify and address the risks to essential business operations presented by cybersecurity threats associated with third-party products and services as well as information technology applications used by the business without firm approval and/or adequate oversight.

Regulation S-ID and Regulation S-P

The Division will assess compliance with Regulations S-ID and S-P by reviewing firms’ policies and procedures, internal controls, oversight of third-party vendors, and governance practices. For firms that provide electronic investment services, the assessment of policies and procedures will focus on how they address the safeguarding of customer records and information. Areas of interest include the identification and detection of identity theft in connection with customer account takeovers and fraudulent transfers; prevention of intrusions into customer accounts, records and information (especially for firms with multiple branch offices); training related to identity theft prevention; and general efforts to address systemic technology risks that may impact the entity’s ability to safeguard customer records and information. Firms should expect the Division to inquire about progress in complying with the recent amendments to Regulation S-P, requiring the establishment of a cybersecurity incident response program that is reasonably designed to detect, respond to, and recover unauthorized access to customer information.

Shortening of the Settlement Cycle

The Division will continue its focus on broker-dealer compliance with T+1, which is the reduction in the standard settlement cycle for most securities transactions to the day after trade date following recent amendments to SEC Rule 15c6-1. The Division will also review broker-dealers’ compliance with newly adopted SEC Rule 15c6-2, which is designed to promote the completion of allocations, confirmations, and affirmations (ACA) by the end of the trade date for transactions with a broker-dealer’s institutional customers. Broker-dealers should ensure they have in place and enforce either written agreements with relevant parties or written procedures that are reasonably designed to ensure completion of the ACA process as soon as practicable, but no later than the end of day on the trade date (T+0).

The Division will consider the impact of these recent changes in the advisers context. As an example, the SEC recently promulgated new rules applicable to advisers pertaining to books and records requirements associated with the shortened settlement cycle.

Finally, the Division will consider technological changes introduced by registrants in response to these rule changes and identify any products or counterparties who are not “routinely” settling within T+1. For additional information about the scope and content of an examination related to the shortening of the settlement cycle, registrants should refer to the Division’s risk alert issued on March 27, 2024.

Emerging Financial Technologies

Emerging Fin-Tech is front and center for the Division in the upcoming review cycle. In particular, the Division will review risks associated with leveraging AI, automated investment tools, and trading algorithms or platforms. For example, firms that employ digital investment advisory services will be assessed as to whether their representations were fair and accurate, operations and controls in place were consistent with disclosures made to retail investors, algorithms produce advice or recommendations consistent with investors’ investment profile, and controls are in effect to confirm that advice or recommendations are consistent with regulatory obligations owed to investors (e.g., Reg BI).

Regarding AI, the Division will focus on registrants’ representations pertaining to their AI capabilities and accuracy, as well as whether they have implemented adequate procedures to monitor their use of AI. As firms continue to experiment and use various third-party AI-models and tools, the Division remains concerned about whether client information is being adequately protected.

Crypto Assets

Due to the volatility of the crypto asset market, the Division indicated that it will monitor and examine registrants who offer crypto asset-related services (e.g., offer, sale, recommendation, and advice of spot Bitcoin or Ether ETFs). The Division’s examinations will consider whether registrants have (i) met their regulatory obligations owed to customers, especially retail customers who are older or who have longer-term investment horizons and (ii) updated and enhanced their compliance practices (including crypto asset wallet reviews, Bank Secrecy Act (BSA) reviews, and valuation procedures), risk disclosures, and operational resiliency practices (i.e., data integrity) surrounding crypto assets. The Division will pay attention to whether registrants follow its standards of conduct when recommending crypto assets with a focus on initial and ongoing understanding of the products. Finally, the Division takes seriously the technological risks (i.e., the security of assets) associated with use of blockchain and distributed ledger technology.

Registrants should understand that the Division’s priorities with crypto assets continue to evolve and are especially subject to the current political landscape. Recent federal elections may have opened the door for Congress or the SEC to take action regarding the regulation of crypto.

Regulation Systems Compliance and Integrity (SCI)

The Division will review SCI entities across a number of different areas in furtherance of its goal of maintaining fair and orderly markets. Specifically, the Division intends to review (i) the policies and procedures regarding the operational, business continuity planning and entity’s testing practices; (ii) the effectiveness of cyber incident response plans, including how SCI entities handle inbound and outbound connectivity in the event of such a scenario; and (iii) policies and procedures pertaining to security operations management tools used by SCI entities.

Anti-Money Laundering (AML)

The Bank Secrecy Act requires that certain registrants establish Anti-Money Laundering programs which address the risks associated with the firm’s location, size, customers served, types of products and services provided, and how they are offered. The scope of the Division’s review is expected to cover the core requirements of these programs which include (i) policies, procedures, and internal controls reasonably designed to achieve compliance with the BSA and its implementing rules; (ii) independent testing procedures; and (iii) risk-based procedures to perform critical customer due diligence (e.g., customer identity verification program, including for beneficial owners of legal entity customers and suspicious transactions surveillance and reporting process, including meeting SAR filing obligations). Ultimately, the Division’s review of a registrant’s AML program will assess whether the AML program is appropriately tailored to that registrant’s business model.

Other Market Participants

Municipal Advisers

The Division’s primary focus on municipal advisers is whether they have met their fiduciary duty to clients in connection with municipal advisory activities, including advice regarding the pricing or method of sale of municipal securities. The Division also intends to examine whether municipal advisers have complied with MSRB Rule G-42, which applies to non-solicitor municipal advisers and addresses requirements related to the disclosure of conflicts of interest and the documentation of municipal advisory relationships. The Division will consider whether the adviser has filed the required forms with the SEC, and if recent enforcement activity is any indication, continue its focus on recordkeeping and registration status, along with other areas such as professional qualification and supervision obligations.

Transfer Agents

The Division will review transfer agent processing of items and transfers, recordkeeping and record retention, safeguarding of funds and securities, and filings with the SEC. The Division specifically noted that examinations will also focus on transfer agents which use “emerging technology” to perform their functions.

Security-Based Swap Dealers (SBSDs)

If a SBSD has not been examined, the Division will focus on whether these firms have implemented policies and procedures related to compliance with security-based swap rules. For example, the Division highlighted SBSD’s obligations under Regulation SBSR to accurately report security-based swap transactions to security-based swap data repositories. The Division is expected to focus on firms’ compliance with capital, margin, segregation requirements, and risk management.

Security-Based Swap Execution Facilities (SBSEFs)

The Division is targeting review of registered SBSEFs by the third quarter of 2025 based on the SEC’s adoption of Regulation SE approximately one year ago. Regulation SE called for a new set of rules and forms for the registration and regulation of SBSEFs, and notably eliminated the temporary registration exemptions that were previously available. The Division is allowing SBSEFs time to apply for registration and receive an official Commission response before undertaking examinations.

Funding Portals

Lastly, the Division will examine whether funding portals are generating and preserving required records related to portal trade activity (e.g., who purchased securities, which issuers offered and sold securities, and the control persons of such issuers). The scope of review will also focus on whether portals have maintained, established, and enforced written policies and procedures reasonably designed to achieve compliance with applicable securities laws such as restrictions prohibiting against offering investment advice or recommendations; soliciting transactions in the securities displayed on the funding portal’s platform; compensating persons for such solicitation; and holding investor funds or securities.