SEC Outlines 2025 Examination Priorities

Key risk areas for SEC registrants include standards of conduct, complex products, cybersecurity, digital engagement, and artificial intelligence.

On October 21, 2024, the Securities and Exchange Commission’s (SEC) Division of Examinations (the Division) published its annual examination priorities for 2025 (2025 Priorities), which focus on certain “practices, products, and services that the Division believes present potentially heightened risks to investors or the integrity of the U.S. capital markets.” In addition to conducting exams in core areas such as disclosures and governance practices, the Division will also examine “for compliance with new rules, the use of emerging technologies, and the soundness of controls intended to protect investor information, records, and assets.”

As with the previous year’s priorities, the 2025 Priorities are primarily organized by entity, with investment advisers (including investment advisers to private funds) again listed first. After discussing the other entities (investment companies, broker-dealers, security-based swap dealers, self-regulatory organizations, clearing agencies, and other market participants), the priorities include an additional set of thematic topics broken out separately as applicable to a wide range of market participants:

• Information security and operational resiliency
• Emerging financial technology
• Cryptoassets
• Regulation systems compliance and integrity
• Anti-money laundering

Key Highlights from the Report

• This is the first year that the SEC included a section dedicated to security-based swap execution facilities (alongside security-based swap dealers), potentially signalling increased scrutiny from the Division and enforcement in this area.
• Cryptoassets has been unpaired from Emerging financial technology, which may indicate that the SEC views cryptoassets and the blockchain industry as warranting its own separate category of examination priorities.
• Emerging financial technology now focuses on the growing importance and attendant risks of artificial intelligence (AI) in the financial services industry.
• The 2025 Priorities repeatedly focus on commercial real estate exposure during examinations, specifically highlighting their potential for sensitivity to higher interest rates and changing market conditions as well as the liquidity and valuation considerations that may be associated with such investments.
• Environmental, social, and governance (ESG) issues were not specifically identified as a priority in registrant reviews for the second year in a row.

Investment Advisers

The Division will continue to prioritize investment advisers’ compliance with their fiduciary obligations, including both the duty of care and the duty of loyalty. As noted in the priorities, an adviser has a duty to serve the best interest of its clients and not to place its own interests ahead of the clients’ interests. Specifically, an adviser must eliminate (or make full and fair disclosure) of all conflicts of interest which may lead the adviser — consciously or unconsciously — to render advice that is not disinterested such that a client can provide informed consent to the conflict.

In particular, the Division will focus on:

• investment advice given to clients, especially when involving high cost, unconventional, illiquid, or interest rate-sensitive products or strategies (including with respect to commercial real estate);
• dual registrants and advisers with affiliated broker-dealers. Highlighted risks include:
  1. assessing investment advice and recommendations for suitability;
  2. reviewing disclosures to clients regarding the capacity in which recommendations are made;
  3. reviewing the appropriateness of account selection practices; and
  4. assessing adequacy of conflicts of interest mitigation and disclosure.
• the impact of conflicts of interest on providing impartial advice and best execution, including regarding non-standard fee arrangements;
• core areas of advisers’ compliance programs (to a greater or lesser degree depending on its practices, products, services, assets, clients, etc.), which may include marketing, valuation, trading, portfolio management, disclosure and filings, supervision and oversight, and custody;
• advisers’ annual reviews of the effectiveness of their compliance programs and whether such programs effectively address monitoring of conflicts of interests;
• advisers’ policies and procedures, with attention to whether policies and procedures are reasonably designed and implemented to prevent the advisers from placing their interests ahead of clients’ interests;
• supervision and oversight practices, if an adviser employs a large number of independent contractors working from geographically dispersed locations;
• compliance practices, when advisers change their business models or are new to advising particular types of assets, clients, or services; and
• advisers to registered funds that are newly registered, have never been registered, or have not been recently examined.

Investment Advisers to Private Funds

Advisers to private funds remain a significant focus of the Division’s examinations. The Division will continue to prioritize examinations of advisers to private funds that have never been (or not recently) examined, with a particular focus on newly registered advisers. The Division may also prioritize examination of advisers that may be “experiencing poor performance and significant withdrawals and/or hold more leverage or difficult-to-value assets.”

The Division highlighted specific topics for examination involving investment advisers to private funds, including:

• consistency between the disclosures and actual practices;
• whether an adviser has met its fiduciary obligations in times of market volatility, specifically citing investment strategies that may be sensitive to market volatility and/or interest rate changes such as commercial real estate and private credit;
• accuracy of calculations and allocations of private fund fees and expenses (both fund-level and investment-level);
• disclosure of conflicts of interests and risks and adequacy of policies and procedures, including with respect to the use of debt and lines of credit, investment allocations, adviser-led secondary transactions, transactions between or among funds, and affiliated service providers; and
• compliance with recently adopted SEC rules (including amendments to Form PF and the adviser marketing rule) and whether actual practices conform to the adviser’s policies and procedures.

Registered Investment Companies

The Division will continue to prioritize examinations of registered investment companies (including mutual funds and exchange-traded funds).

The Division will generally evaluate compliance programs and governance practices. Specific areas of focus may include:

• fund fees and expenses (and any associated waivers and reimbursements);
• oversight of service providers (both affiliated and third party);
• portfolio management practices and disclosures; and
• issues associated with market volatility.

The Division will also focus on advisers to registered funds that have never (or not recently) been examined, with a particular focus on newly registered funds.

Broker-Dealers

As in previous years, the Division plans to focus on broker-dealer compliance with standing regulatory obligations, and highlights the following topics for particular attention in its examinations of broker-dealers (and dual registrants):

Regulation Best Interest

The Division identified certain areas of particular focus in its examination for compliance with Regulation Best Interest, including:

• broker-dealer recommendations with regard to products, investment strategies, and account types;
• disclosures made to investors regarding conflicts of interest;
• conflict identification and mitigation practices;
• processes for reviewing reasonably available alternatives;
• factors considered in light of the investor’s investment profile (e.g., investment goals, account characteristics, etc.);
• account selection and allocation practices; and
• supervision of sales practices at branch office locations.

Form CRS

To assess the content of a broker-dealer’s relationship summary, the Division will review:

• descriptions a broker-dealer uses to describe the relationships and services it offers to retail customers, fees and costs, and conflicts of interest; and
• filing of Form CRS with the SEC and delivery to retail customers.

Broker-Dealer Financial Responsibility Rules

Examinations will focus on compliance with the Net Capital Rule, the Customer Protection Rule, and related internal processes, procedures, and controls.

The Division identified key focus areas, including:

• broker-dealer accounting practices;
• timeliness of financial notifications and other required filings;
• operational resiliency programs;
• supervision of third parties or vendors; and
• credit, market, and liquidity risk management controls.

Broker-Dealer Trading Practices

The Division will review equity and fixed income trading practices, and may focus on the following topics:

• structure, marketing, fees, and potential conflicts associated with broker-dealer offerings to retail customers;
• trading in pre-IPO companies;
• the sale of private company shares in secondary markets;
• execution of retail orders; and
• Regulation SHO (including whether broker-dealers are appropriately relying on the bona fide market making exception).

Self-Regulatory Organizations

The Division highlighted the following topics for the specified self-regulatory organizations (SROs):

National Securities Exchanges

• Enforcement of compliance with SRO rules and the federal securities laws
• Exchange governance, regulatory programs, and participation in National Market System Plans

Financial Industry Regulatory Authority (FINRA)

• Risk-based oversight examinations of FINRA’s major regulatory programs
• Oversight examinations of FINRA’s examinations of certain broker-dealers and municipal advisors that are FINRA members

Municipal Securities Rulemaking Board (MSRB)

• Risk-based oversight examinations of MSRB’s major regulatory programs and compliance exams

Clearing Agencies

For systemically important clearing agencies that the SEC supervises, the Division will annually review:

• core risks, processes, and controls;
• the nature of clearing agencies’ operations; and
• financial and operational risk.

For clearing agencies not designated systemically important, the Division will conduct risk-based examinations.

Municipal Advisors

• Fiduciary duty obligations to clients, particularly regarding pricing and method of sale of municipal securities
• Compliance with MSRB Rule G-42, which establishes the core standards of conduct and duties applicable to non-solicitor municipal advisors, including disclosure of conflicts of interest and obligations to document municipal advisory relationships
• Requirements related to registration, professional qualification, recordkeeping, and supervision

Transfer Agents

• Processing of items and transfers
• Recordkeeping and record retention
• Safeguarding of funds and securities
• Filings with the SEC

Security-Based Swap (SBS) Dealers

• Implementation of policies and procedures related to compliance with SBS rules generally
• Obligations under Regulation SBSR to accurately report SBS transactions to security-based swap data repositories
• Compliance with applicable capital, margin, segregation, and substituted compliance requirements

Security-Based Swap Execution Facilities (SBSEFs)

• Compliance with recently adopted Regulation SE, which implements a set of rules and forms for the registration and regulation of SBSEFs.

Funding Portals

• Recordkeeping (e.g., purchaser and issuer records)
• Implementation of policies and procedures related to compliance with applicable federal securities laws and rules

Risk Areas Impacting Various Market Participants

The Division highlighted four risk areas that can affect a broad range of institutions and investors.

Information Security and Operational Resiliency

The SEC notes that cybersecurity is a “perennial” concern for all registrants, although it called out alternative trading systems’ controls over confidential trading information in particular. The Division has stated that it will review:

• registrants’ cybersecurity and operational resilience practices;
• policies and procedures, governance practices, data loss prevention, access controls, account management, and responses to cyber-related incidents (including those related to ransomware attacks);
• registrants’ identification and mitigation of risks associated with third-party products and services;
• in what may be a callout to unauthorized use of AI tools, any information technology (IT) resources that the business uses without the IT department’s approval, knowledge, or oversight, or non-supported infrastructure; and
• compliance with Regulations S-ID and S-P, as applicable, including policies and procedures, internal controls, and oversight of third-party vendors’ governance practices.

In an unsurprising development, the SEC will also examine various firms for compliance related to the shortening of the standard settlement cycle to the day after trade (T+1). The SEC will examine broker-dealers for compliance with Exchange Act Rule 15c6-1 (which reduced the settlement cycle) and Rule 15c6-2 (which requires broker-dealers engaging in the allocation, confirmation, or affirmation process to have written agreements or written procedures reasonably designed to ensure completion of the process as soon as practicable and no later than the end of day on trade date (T+0)). Advisers will also be examined for compliance related to the shortened settlement cycle, including related to enhanced books and records requirements and facilitation of institutional allocations.

Emerging Financial Technologies

The Division will review institutions’ use of emerging financial technologies, new products and services, and new technological or online solutions. This includes a number of AI-related areas, such as automated investment tools and trading algorithms and the use of alternative data. Interestingly, the SEC refers to the use of AI for tasks related to fraud prevention and detection, back-office operations, anti-money laundering (AML), and trading functions but does not call out generative AI tools (such as ChatGPT) in spite of the many headlines these model types have received.

The SEC also remains focused on digital engagement practices. In particular the Commission will focus on:

• artificial intelligence (AI): accuracy of representations regarding AI capabilities or use; implementation of adequate policies and procedures to monitor and/or supervise use of AI; the use of regulatory technology to automate internal processes; and protection against loss or misuse of client records and information from the use of third-party AI models and tools; and
• digital engagement practices, such as digital investment advisory services, recommendations, and related tools and methods: whether representations are fair and accurate; operations and controls in place are consistent with disclosures made to investors; algorithms produce advice or recommendations consistent with investors’ investment profiles or stated strategies; and controls are consistent with regulatory obligations to investors.

Cryptoassets

With regard to cryptoassets, the Division will examine institutions’:

• offer, sale, recommendation, advice, trading, and other activities involving cryptoassets, especially those offered and sold as securities;
• compliance with standards of conduct when recommending or advising customers and clients regarding cryptoassets;
• compliance practices, including Bank Secrecy Act (BSA) compliance reviews, and valuation procedures, risk disclosures, and operational resiliency practices (i.e., data integrity and business continuity plans); and
• activities specific to cryptoassets, such as cryptoasset wallets and custody practices.

Regulation Systems Compliance and Integrity (Reg SCI)

While the SEC has not finalized its 2023 package of proposed rules that included an update to Reg SCI, this area remains a focus, including with respect to:

• policies and procedures regarding operational, business continuity planning, testing practices, and security operations management tools;
• policies and procedures regarding connectivity when the registrant itself, or when third parties to which the registrant is connected, experience cyber events; and
• effectiveness of incident response plans.

Anti-Money Laundering

Reflecting a government-wide focus on illicit finance, the SEC will focus on:

• policies, procedures, and internal controls reasonably designed and tailored to achieve compliance with the BSA and its implementing rules;
• independent testing;
• customer due diligence and identification program implementation (including for beneficial owners of legal entity customers);
• suspicious activity report (SAR) filing obligations;
• Office of Foreign Assets Control (OFAC) sanctions monitoring and compliance; and
• oversight of financial intermediaries, if applicable.

Key Takeaways

The 2025 Priorities show several indications that the Division is potentially more focused on exposure to commercial real estate, along with statements regarding private credit, adviser-led secondaries, and difficult-to-value assets. The 2025 Priorities are otherwise mostly an iteration rather than an evolution of the 2024 Priorities. In sum, the Division continues to focus on core risk areas such as compliance program effectiveness, fiduciary duties, appropriate disclosures, and consistency with actual practices. It will also focus on the use of emerging technologies and the soundness of controls intended to protect investor information and records.

While ESG was not mentioned in the 2025 Priorities, the omission should not be taken to mean that ESG is not an ongoing SEC concern. On the same day as the 2025 Priorities were published, the SEC announced a consent order with a prominent investment adviser for misstatements and compliance failures relating to the execution of an investment strategy marketed as incorporating ESG factors.

Given the aggressive enforcement posture of the SEC in recent years, registrants should understand how the 2025 Priorities signal heightened areas of concern for the Division in certain areas (fiduciary duty and standards of conduct, complex products, commercial real estate and private credit, AI, etc.). Registrants should review and enhance compliance programs as needed, and ensure their policies and procedures for newly enacted rules reflect their current and actual practices.

According to SEC Chairman Gary Gensler, the 2025 Priorities demonstrate the Division’s commitment to “protecting investors and facilitating capital formation” while “enhanc[ing] trust in our ever-evolving markets.” Keith Cassidy, acting director of the Division of Examinations, noted that the 2025 Priorities “identify the key areas of potentially increased risks and related harm for investors,” and expressed hope that “registrants will evaluate their compliance programs” in the key priority areas. The priorities are not, however, intended to be an exhaustive list of potential issues that the Division may examine.