The SEC’s Division of Examinations (the “Division”) has published its Examination Priorities for fiscal year 2026 for investment advisers, investment companies, broker-dealers and other market participants. This article summarizes those examination priorities that pertain to investment advisers (“advisers”).

Fiduciary Duty. Under federal law, an Adviser is a fiduciary. Examining advisers’ adherence to their duty of care and duty of loyalty obligations remains a priority, particularly with regard to retail investors.

The Division will review investment advice and related disclosures provided to clients for consistency with their fiduciary obligations, such as: (1) the impact of advisers’ financial conflicts of interest on providing impartial advice; (2) advisers’ consideration of the various factors associated with their investment advice, such as the cost, product’s or strategy’s investment objectives, characteristics (including any unusual features), liquidity, risks and potential benefits, volatility, likely performance in a variety of market conditions, time horizon, and cost of exit; and (3) advisers seeking best execution with the goal of maximizing value for their clients. Moreover, the Division will focus on:

Investment products with the following strategies or characteristics: (1) alternative investments (e.g., private credit and private funds with investment lock-up for extended periods); (2) complex investments (e.g., exchange traded funds (ETF) wrappers on less liquid underlying strategies, option-based ETFs, and leveraged and/or inverse ETFs); and (3) products that have higher costs associated with investing (e.g., high commissions and investment expenses).

Investment recommendations for consistency with product disclosures and the clients’ investment objectives, risk tolerance, and financial/personal backgrounds, with emphasis on:

(1) recommendations to older investors and those saving for retirement; (2) advisers to private funds that are also advising separately managed accounts and/or newly registered funds (e.g., reviewing for favoritism in investment allocations and interfund transfers); (3) advisers to newly launched private funds; (4) recommendations of certain products that may be particularly sensitive to market volatility; and (5) advisers that have not previously advised private funds (e.g., reviewing for regulatory awareness, liquidity, valuation, fees, disclosures, and differential treatment of investors, including use of side letters).

In addition, the Division will focus on particular types of advisers and advisory services or business practices that may create additional risks and potential or actual conflicts of interest. Examples include: (1) advisers that are dually registered as broker-dealers, particularly where such advisers have advisory representatives who are also dually licensed as registered representatives and receive compensation or other financial incentives that may create conflicts of interest that must be addressed (e.g., account recommendations and allocations); (2) advisers utilizing third-parties to access clients’ accounts, where controls may be insufficient to protect client assets and data; and (3) advisers that have consolidated with, or been acquired by, existing advisory practices, which may result in accompanying operational and/or compliance complexities or new conflicts of interest.

Effectiveness of Advisers’ Compliance Programs. The Division will assess the effectiveness of advisers’ compliance programs: Examinations will typically include an evaluation of the core areas of compliance programs which include marketing, valuation, trading, portfolio management, disclosure and filings, and custody. In addition, examinations typically include an analysis of advisers’ annual reviews of the effectiveness of their compliance programs.

The Division continues to broadly focus on whether policies and procedures address compliance with the Investment Advisers Act of 1940 and the rules thereunder and are reasonably designed to address conflicts of interest, in light of a firm’s particular operations, and to prevent advisers from placing their interests ahead of clients’ interests. Examinations may focus on: (1) whether the policies and procedures are implemented and enforced; and (2) whether disclosures address fee-related conflicts, with a focus on conflicts that arise from account and product compensations structures.

The Division’s focus may also shift depending on an adviser’s practices or products, such as for advisers with activist engagement practices (e.g., whether they are making late or inaccurate filings on Schedules 13D and 13G; and Form 13F; Forms 3, 4, and 5; and Form N-PX). Examinations may also focus on compliance practices when advisers change their business models or are new to advising particular types of assets, clients, or services.

Never Examined and Recently Registered Advisers. The Division will prioritize examinations of advisers that have never been examined, with particular emphasis on recently registered advisers.

Cybersecurity. The Division will continue to review registrant practices to prevent interruptions to mission-critical services and to protect investor information, records, and assets. Operational disruption risks remain elevated due to the proliferation of cybersecurity attacks, firms’ dispersed operations, weather-related events, and geopolitics. The Division will also examine procedures and practices to assess whether advisers are reasonably managing information security and operational risks.

The Division’s focus on cybersecurity practices remains vital to ensure the safeguarding of customer records and information. Particular attention will be on firms’ policies and procedures pertaining to governance practices, data loss prevention, access controls, account management, and responses and recovery to cyber-related incidents. In addition, focus will be on training and security controls that firms are employing to identify and mitigate new risks associated with artificial intelligence (AI) and polymorphic malware attacks, including how they are operationalizing information from threat intelligence sources.

Lastly, the Division will review firms’ operational resiliency.

The Division will assess compliance with Regulations S-ID and S-P, as applicable. Examinations will focus on firms’ policies and procedures, internal controls, oversight of third-party vendors, and governance practices. Regarding Regulation S-ID, the Division will focus on firms’ development and implementation of a written Identity Theft Prevention Program (Program) that is designed to detect, prevent, and mitigate identity theft in connection with covered accounts. Specifically, the Division will assess the reasonableness of firms’ policies and procedures included within their Programs, including whether they:

• Are reasonably designed to identify and detect red flags, particularly during customer account takeovers and fraudulent transfers; and

• Include firm training on identity theft prevention.

Regarding Regulation S-P amendments, the Division will engage firms about their progress in preparing incident response programs reasonably designed to detect, respond to, and recover from unauthorized access to or use of customer information. After the applicable compliance dates, the Division will examine whether firms have developed, implemented, and maintained policies and procedures in accordance with the rule’s new provisions that address administrative, technical, and physical safeguards for the protection of customer information.

Emerging Financial Technology. The Division remains focused on registrants’ use of certain products and services, such as automated investment tools, AI technologies, and trading algorithms or platforms, and the risks associated with the use of emerging technologies and alternative sources of data. As such, the Division will examine firms that engage in activities such as automated investment advisory services, recommendations, and related tools and methods.

Assessments generally will include whether: (1) representations are fair and accurate; (2) operations and controls in place are consistent with disclosures made to investors; (3) algorithms lead to advice or recommendations consistent with investors’ investment profiles or stated strategies; and (4) controls to confirm that advice or recommendations resulting from automated tools are consistent with regulatory obligations to investors, including retail and older investors.

With respect to AI, the Division will focus on recent advancements in AI and will review for accuracy any representations regarding their AI capabilities or AI. The Division will assess whether firms have implemented adequate policies and procedures to monitor and/or supervise their use of AI technologies, including for tasks related to fraud prevention and detection, back-office operations, anti-money laundering (AML), and trading functions, as applicable. Reviews will also consider firm integration of regulatory technology to automate internal processes and optimize efficiencies.