SEC 2026 Exam Priorities: What Examiners Check First (NEED VIDEO)

The SEC 2026 exam priorities signal exactly where the Division of Examinations plans to direct its resources this fiscal year. If you run or lead a financial firm, the list reads like a checklist you should already be working through.

Released on November 17, 2025, the 2026 examination priorities are the first published under SEC Chairman Paul Atkins. Senior Division leadership remains largely the same.

The U.S. Securities and Exchange Commission's Division of Examinations covers investment advisers, broker-dealers, investment companies, clearing agencies, and self-regulatory organizations.

Chairman Atkins framed the release as a tool for transparency, stating that examinations "should not be a 'gotcha' exercise." That language matters.

It tells you the agency expects firms to use these priorities as a preparation guide, not react to them after an examiner walks through the door.

For compliance leaders, CCOs, CTOs, and firm principals at RIAs and broker-dealers, the Priorities are a roadmap to the specific evidence, policies, and controls examiners will ask about.

This article breaks down what gets checked first, what each registrant type should expect, and the documentation you need to have ready before an exam begins.

Key Takeaways

• Examiners will prioritize fiduciary duty, cybersecurity controls, and core compliance program effectiveness across all registrant types.

• RIAs and broker-dealers face targeted scrutiny on topics like Regulation S-P readiness, AI governance, vendor oversight, and incident response documentation.

• Firms that build evidence-ready files now, including policies, logs, training records, and backup testing results, will be best positioned when an exam letter arrives.

What Examiners Will Look At First In 2026

The Division of Examinations consistently leads with a small set of priorities that cut across every registrant type.

For 2026, those are fiduciary duty enforcement, cybersecurity and data protection, and the effectiveness of your compliance program.

These areas appear at the top of nearly every exam workflow because they directly affect investor protection.

Fiduciary Duty, Conflicts, And Retail Investor Harm

Fiduciary duty remains the first thing examiners evaluate when they open an investment adviser file.

They will look at whether your advice is consistent with your fiduciary obligations and whether you have identified and disclosed all material conflicts of interest.

In practical terms, this means examiners want to see:

• Written conflict-of-interest inventories that match your current business activities

• Disclosure documents (Form ADV Part 2A) that are accurate and up to date

• Evidence that you recommend products and services aligned with each retail investor's best interest, not your compensation incentives

If you earn revenue from proprietary products, revenue sharing, or affiliated services, expect examiners to compare your recommendations against those arrangements.

Cybersecurity, Data Protection, And Incident Readiness

Cybersecurity is no longer a secondary exam topic.

As noted in a Troutman Pepper analysis, the Division now treats information security and operational resiliency as a standalone priority area that applies to every registrant.

Examiners will ask for your written information security policies, evidence of incident response plan testing, data protection controls, and proof that you responded to any past cybersecurity incidents according to your documented procedures.

If your incident response program exists only on paper and has never been tested, that gap will be noted.

Core Compliance Program Effectiveness And Documentation

The Division evaluates whether your compliance program actually works, not just whether it exists.

This includes reviewing your annual compliance review, your written supervisory procedures, and evidence that your Chief Compliance Officer has adequate authority and resources.

Examiners look for documented proof: meeting notes, policy acknowledgment records, and a trail showing that compliance findings led to corrective actions.

A policy binder that sits on a shelf without evidence of implementation is a deficiency waiting to be flagged.

Why The 2026 Priorities Matter For RIAs

For registered investment advisers, the 2026 priorities reinforce that the Division of Examinations test whether firms can prove their compliance, not just describe it.

The focus is on operational evidence, risk management documentation, and the quality of advice delivered to retail investors.

How Investment Advisers Will Be Evaluated

Examiners will evaluate advisers by matching stated policies to actual practices.

As highlighted in IQ-EQ's breakdown, they will review investment advice and disclosures for consistency with fiduciary obligations, especially around conflicts of interest, fee calculations, and best execution.

You should expect examiners to pull trade records and compare them to client investment policy statements.

They will also check whether recommended products were suitable for each client's risk profile and look at how you supervise employee trading, personal securities transactions, and outside business activities.

Why Newly Registered And Never-Examined Firms Face Added Scrutiny

The Division has stated, as it has for several years, that newly registered advisers and firms that have never been examined will be prioritized for review.

The goal is to encourage robust compliance programs early.

If your firm registered within the last two to three years and has not yet received an exam, treat this as a signal that your window is narrowing.

Getting your documentation, policies, and evidence files in order now is far less disruptive than assembling them under the pressure of a live exam.

What RIA Leaders Should Have Ready Before An Exam Begins

Before an exam letter arrives, you should have the following items organized and accessible:

• Annual compliance review (written, dated, with findings and remediation steps)

• Updated Form ADV Parts 1, 2A, and 2B

• Conflict-of-interest inventory with corresponding disclosures

• Written information security policy and incident response plan

• Training records showing staff completion of cybersecurity and compliance training

• Vendor due diligence files for critical third-party service providers

• Business continuity plan with evidence of testing

According to a Vigilant Compliance analysis, many firms fall short not because they lack policies but because they cannot produce evidence of implementation.

The exam-ready firm can hand over documentation within hours, not weeks.

Investment Adviser Focus Areas

Beyond the core compliance review, the Division has outlined specific areas of investment adviser activity that will receive focused attention in 2026.

These include advice quality and disclosures, alternative and illiquid investments, and the complexities that come with dual registration and separately managed accounts.

Advice, Disclosures, And Best Execution

Examiners will evaluate whether your investment advice aligns with each client's objectives and whether you are meeting your best execution obligations.

As Fox Rothschild noted, the Division plans to link recommendations to client profiles and assess whether advisers evaluated reasonably available alternatives.

You should be prepared to show:

• How do you evaluate and select broker-dealers for trade execution

• Documentation of your best execution review process (at least annually)

• Records that recommendations matched stated client suitability profiles

Fee disclosures also get scrutiny.

Examiners will compare your fee schedule to what clients were actually charged, looking for billing errors, undisclosed fees, or inconsistencies between your ADV disclosures and your billing practices.

Alternative Investments, Private Funds, And Liquidity Concerns

The 2026 priorities continue the Division's heightened focus on private credit, private funds, and illiquid assets. If you advise clients on alternative investments, examiners will look at your valuation methodologies, liquidity risk disclosures, and how you manage conflicts when allocating investment opportunities across clients.

Expect questions about:

• How you value illiquid holdings and how often valuations are updated

• Whether clients received clear disclosure about liquidity risks before investing

• How allocation decisions are made and documented when multiple client accounts are eligible for the same opportunity

For firms managing private funds, the Division will also look at fund expense allocations, side letter terms, and whether preferential treatment was properly disclosed.

Dual Registrants, Separately Managed Accounts, And Side-By-Side Management

If your firm is dually registered as both an investment adviser and a broker-dealer, examiners will focus on how you manage the fiduciary obligations that apply to each capacity. Side-by-side management of advisory and brokerage accounts creates conflicts that must be disclosed and managed.

Separately managed accounts also draw attention. Examiners will check whether your model portfolio allocations, fee structures, and trading practices are consistent with what was disclosed to clients.

If you use sub-advisers or model providers, documentation of your due diligence on those relationships is expected.

Broker-Dealer Focus Areas

Broker-dealer examinations in 2026 will cover Regulation Best Interest compliance, financial responsibility rules, and trading practices. Examiners are moving beyond checking whether policies exist and are now testing whether those policies produce the right outcomes for customers.

Regulation Best Interest And The Care Obligation

The care obligation under Regulation Best Interest continues to be a top exam priority. Examiners will evaluate whether your registered representatives considered the costs, risks, and rewards of each recommendation and whether those recommendations reflect the customer's investment profile.

|According to a White & Case analysis, the Division will pay close attention to:

• Rollover recommendations from employer-sponsored retirement plans to IRAs

• Recommendations involving complex or high-cost products, such as variable annuities

• Whether Form CRS was delivered and is accurate

You should also expect questions about your firm's process for identifying and mitigating conflicts, including compensation structures that could incentivize certain product recommendations over others.

Financial Responsibility Rules And Customer Safeguards

Examiners will review compliance with the net capital rule and the customer protection rule. These financial responsibility rules ensure that broker-dealers maintain enough liquid assets and properly segregate customer funds.

Cash sweep programs and prime brokerage activities are specifically called out in the 2026 priorities. As SEC3 Compliance noted, the Division will focus on liquidity risk management and how firms handle customer cash and securities.

If your firm operates cash sweep programs, ensure you can document:

• How sweep arrangements are disclosed to customers

• Whether customers are receiving competitive rates or if your firm benefits disproportionately

• Segregation calculations and compliance with the reserve formula

Trading Practices, Order Routing, And Alternative Trading Systems

Trading practices remain on the exam radar. The Division will review order routing decisions, best execution obligations, and compliance with Regulation SHO.

If your firm operates or participates in an alternative trading system, compliance with Regulation ATS requirements will be examined, including fair access, order display, and reporting obligations.

Examiners will also look at how retail order flow is handled, especially if your firm receives payment for order flow.

Registered Funds And Investment Company Priorities

Registered investment companies, including mutual funds and ETFs, will face exam scrutiny on fees, governance, valuation, and compliance with updated rules. The Division is specifically interested in how fund boards oversee these areas and whether fund operations match what investors were told in disclosure documents.

Fund Fees, Expenses, And Governance

Examiners will review whether fund fees and expenses are reasonable and whether fund boards are fulfilling their oversight responsibilities. As Faegre Drinker observed, conflicts of interest in fee arrangements between advisers and affiliated funds will receive particular attention.

You should be prepared to demonstrate:

• How the fund board evaluated advisory fees during the most recent contract renewal

• Whether expense ratios are consistent with fund disclosures

• That fee waivers or breakpoints were applied as promised

Names Rule, Valuation, And Less-Liquid Holdings

The SEC's updated names rule requires funds to invest at least 80% of assets in investments consistent with the fund's name. Examiners will test whether your fund complies with this requirement and whether your compliance monitoring catches drift.

Valuation practices for less-liquid and illiquid investments will also be examined. The Division wants to see documented valuation methodologies, board oversight of fair value determinations, and evidence that your liquidity risk management program functions as designed.

ETFs, Mutual Funds, And Complex Strategies

Funds that use complex strategies, including derivatives, leverage, or alternative investment techniques, can expect examiners to focus on whether risk disclosures are adequate and whether portfolio management practices align with the fund's stated strategy.

ETFs may face questions about authorized participant relationships, creation and redemption processes, and whether custom baskets comply with applicable regulations. For mutual funds, examiners will check swing pricing readiness and any hard close requirements that may apply under recently adopted rules.

Cybersecurity, Regulation S-P, And Regulation S-ID

Cybersecurity, data protection, and identity theft prevention are no longer just a section in the exam letter. They are now treated as standalone risk areas that apply to every registrant the Division examines.

The 2024 amendments to Regulation S-P, compliance with Regulation S-ID, and the growing threat of AI-driven cyberattacks are driving exam activity in this area.

What The 2024 Regulation S-P Amendments Mean In 2026

The 2024 amendments to Regulation S-P require firms to adopt written incident response programs, notify affected individuals of data breaches, and maintain safeguards that are appropriate to the size and complexity of the firm. As KPMG detailed, the compliance deadline for larger firms has already passed, and smaller entities should be preparing now.

Examiners will ask for:

• Your written incident response plan

• Evidence of testing or tabletop exercises

• Breach notification procedures and any past notifications

• Documentation of how you safeguard customer records and information

If you have not updated your Regulation S-P policies since the amendments were adopted, that gap is likely to be identified early in an exam.

Identity Theft Prevention, Access Controls, And Safeguards

Regulation S-ID requires covered entities to implement identity theft prevention programs, often called "red flags" programs. Examiners will check whether your program is active, reviewed periodically, and tailored to your firm's specific risk profile.

Access controls are a central piece of this review. According to Grant Thornton's analysis, the Division will look at how you manage user access to systems containing customer data.

This includes multi-factor authentication, role-based access restrictions, and processes for promptly revoking access when employees leave.

Polymorphic Malware, AI-Driven Threats, And Recovery Readiness

The 2026 priorities specifically reference polymorphic malware and AI-driven cybersecurity threats as emerging risks. These are threats that change their code signatures to evade traditional antivirus tools, making them harder to detect with legacy security systems.

Examiners will want to see that your cybersecurity posture includes:

• Endpoint detection and response tools capable of identifying behavioral anomalies

• Regular vulnerability scanning and patch management

• Encrypted, immutable backups with tested recovery procedures

• Documentation showing that your disaster recovery plan has been exercised

Firms that partner with specialists like Secure Wealth IT for cybersecurity and compliance support often have an easier time producing this documentation because monitoring, patching, backup testing, and incident response planning are handled continuously rather than assembled on demand.

Artificial Intelligence, Emerging Tech, And Supervisory Controls

The Division has elevated emerging financial technologies, particularly artificial intelligence, to a distinct focus area for 2026. This reflects the increasing use of algorithms, automated advice tools, and AI-driven marketing across the industry.

How Examiners May Review AI Use And AI Claims

If your firm uses AI or references AI in marketing materials or client communications, examiners may test whether those claims are accurate.

According to a Goodwin analysis, the Division is watching for "AI washing," where firms overstate their use of AI technology to attract clients or investors.

Expect examiners to ask:

• What specific AI or algorithmic tools does your firm use?

• Are client-facing descriptions of those tools accurate?

• What governance framework surrounds the use of these tools?

Algorithms, Governance, And Human Oversight

The Division will look at how your firm governs algorithmic decision-making.

This includes automated portfolio rebalancing, algorithmic trading, and tools that generate investment recommendations.

As Sheppard Mullin noted, the priorities reflect concern that firms are deploying automated systems without adequate supervisory frameworks.

Examiners want to see documented policies that define who is responsible for overseeing algorithmic outputs, how errors are detected and corrected, and whether human review occurs before client-impacting decisions are executed.

Where Emerging Financial Technologies Increase Exam Risk

The broader category of emerging financial technologies includes digital engagement practices, predictive analytics, gamification features, and any technology that may influence investor behavior.

According to a RegTech Analyst, the SEC expects firms to apply the same supervisory standards to new technologies that they apply to traditional advice channels.

If your firm has adopted any new technology tools in the past 12 months, make sure your compliance team has documented the risk assessment, vendor evaluation, and supervisory controls associated with each tool.

AML, Vendor Risk, And Operational Resiliency

Anti-money laundering controls, third-party vendor management, and operational resiliency are cross-cutting priorities that apply to investment advisers, broker-dealers, and other market participants.

The Division views these areas as foundational to market integrity and investor protection.

Anti-Money Laundering Controls And Suspicious Activity Reporting

Broker-dealers and other firms with AML obligations should expect examiners to review the design and operation of their AML programs.

According to the ACA Group's analysis, examiners will look at whether firms are meeting their suspicious activity report filing obligations and whether AML policies adequately cover oversight of financial intermediaries.

Key areas examiners will review include:

• Customer identification program procedures

• Suspicious activity monitoring and escalation processes

• SAR filing timeliness and documentation

• Independent AML testing results

Third-Party Vendor Risk And Outsourced Functions

As firms outsource more functions, from cloud hosting to compliance software to cybersecurity monitoring, the Division is paying closer attention to vendor oversight and third-party risk management.

You are responsible for the compliance of the functions you outsource, even if a vendor performs them.

Examiners will ask for:

• A current vendor inventory identifying critical service providers

• Due diligence documentation for each critical vendor

• Service level agreements with security and compliance requirements

• Evidence of ongoing monitoring, such as annual vendor reviews or SOC 2 report reviews

Business Continuity, Incident Response, And Documentation

Operational resiliency ties together cybersecurity, business continuity, and incident response into a single exam theme.

According to Compliance Risk Concepts, the Division expects firms to demonstrate not just that plans exist but that they are tested, updated, and documented.

You should have on file:

• A business continuity plan that addresses remote operations, key personnel loss, and system outages

• An incident response plan with defined roles, communication procedures, and escalation paths

• Records showing when each plan was last tested and what improvements resulted from testing

• Backup and recovery testing logs proving that data can be restored within your stated recovery time objectives

Other Market Participants On The SEC Radar

The Division's 2026 priorities extend well beyond investment advisers and broker-dealers.

Clearing agencies, self-regulatory organizations, municipal advisors, transfer agents, and participants in the security-based swap markets all face targeted exam areas.

Clearing Agencies, Self-Regulatory Organizations, And SCI Entities

Clearing agencies will be examined on governance, risk management, and compliance with applicable SEC rules.

Self-regulatory organizations, including FINRA, will face reviews of their regulatory programs and operations.

SCI entities, those subject to Regulation Systems Compliance and Integrity, will be reviewed on their systems capacity, security, and resilience.

This includes ensuring that critical systems can handle peak loads and recover from disruptions.

Municipal Advisors, MSRB, And MSRB Rule G-42

Municipal advisors will be examined for compliance with their fiduciary duty to municipal entity clients and for adherence to MSRB Rule G-42, which governs the duties of municipal advisors.

Examiners will look at documentation of advice, conflicts of interest, and whether appropriate disclosures were made.

The Division will also review MSRB registration and professional qualification requirements.

Transfer Agents, Funding Portals, And Security-Based Swap Markets

Transfer agents will face exams focused on recordkeeping, processing times, and the safeguarding of funds and securities.

Funding portals will be reviewed for compliance with Regulation Crowdfunding requirements.

Security-based swap dealers and security-based swap execution facilities are relatively newer registrant categories, and the Division will continue building its exam program in this space.

Swap data repositories and compliance with national market system plans round out the broader market infrastructure priorities.

How Firms Can Prepare For An SEC Exam Now

The 2026 priorities are not a surprise.

Most of the focus areas have been on the Division's radar for multiple years.

What has changed is the specificity of what examiners expect to see and the evidence they want you to produce.

Build An Evidence-Ready Compliance And Security File

Start by assembling a centralized compliance file that contains every document an examiner is likely to request.

This includes your annual compliance review, policies and procedures, risk assessments, and all supporting evidence.

For cybersecurity, your file should include your Regulation S-P safeguards policy, incident response plan, access control documentation, and records of any data breaches and your response.

As COMPLY noted, the shift in exams is toward verifiable evidence, not just written policies.

Test Policies, Training, And Recovery Plans Before Examiners Ask

A policy that has never been tested is a policy that will not hold up under examination.

Run a tabletop exercise for your incident response plan at least once a year.

Test your backup recovery process and document the results.

Conduct phishing simulations and cybersecurity training for all staff, then keep records of completion and scores.

According to Silver Regulatory Associates, examiners in recent cycles have specifically requested training completion records and simulation results.

Review your business continuity plan against current operations.

If your firm has grown, added remote workers, or changed technology providers since the plan was last updated, it needs to be revised.

Align Technology, Compliance, And Vendor Oversight Year-Round

The firms that perform best in exams are those that treat compliance and cybersecurity as continuous operations, not annual projects.

Align your technology controls with your compliance obligations by maintaining:

• Patch management logs showing timely system updates

• Vendor review records with dates, findings, and follow-up actions

• Access control audits confirming that only authorized users have access to sensitive systems

• Quarterly technology and compliance reviews that document risks, recommendations, and actions taken

According to the QuestCE preparation guide, firms that integrate technology management with compliance reporting create a natural audit trail.

Working with a financial-services-focused IT and compliance partner like Secure Wealth IT can help you maintain this alignment year-round.

For more information about this topic, visit us at https://www.securewealthit.com/