Securities and Exchange Commission Releases 2026 Exam Priorities

The Securities and Exchange Commission has released its fiscal year 2026 examination priorities, and the message is not exactly subtle: compliance programs should be practical, documented, tested, and ready for a very real conversation with examiners. In other words, this is not the year to keep policies in a dusty binder and hope the office coffee machine distracts everyone.

The SEC Division of Examinations uses its annual priorities to tell investment advisers, broker-dealers, investment companies, clearing agencies, self-regulatory organizations, and other market participants where examiners are likely to focus. The list is not exhaustive, but it is a valuable roadmap. For 2026, the priorities return to the fundamentals: fiduciary duty, standards of conduct, custody, cybersecurity, operational resilience, artificial intelligence, Regulation S-P, Regulation Best Interest, and the effectiveness of compliance programs.

The tone is also important. The 2026 priorities suggest a more transparent, risk-based, and “back-to-basics” examination program. That does not mean lighter expectations. It means firms should expect examiners to ask whether their disclosures match their actual practices, whether conflicts are handled before investors are harmed, and whether new technology is being supervised with something stronger than crossed fingers.

What Are the SEC 2026 Exam Priorities?

The SEC’s 2026 exam priorities are the Division of Examinations’ annual guide to the areas it considers most important for protecting investors, supporting fair and orderly markets, and monitoring emerging risks. These priorities help registered firms prepare for examinations by highlighting where the SEC is likely to spend time, ask questions, request records, and evaluate controls.

For fiscal year 2026, the SEC continues to examine traditional risk areas while sharpening its focus on newer pressure points, including artificial intelligence tools, automated investment advice, data security, customer information safeguards, and third-party vendor oversight. The result is a regulatory checklist that feels part compliance manual, part cyber-risk playbook, and part reminder that “we disclosed it somewhere” is not a magic spell.

Investment Advisers: Fiduciary Duty Is Still the Main Event

Investment advisers remain a major focus of the SEC examination program. The Division will continue reviewing whether advisers meet their fiduciary duties of care and loyalty, especially when serving retail investors, older investors, retirement savers, and clients who may not fully understand complex products.

Conflicts of Interest and Product Recommendations

Examiners are expected to review whether advisers identify, disclose, mitigate, or eliminate conflicts of interest. This includes financial incentives that may influence recommendations, account allocations, product selection, and rollover advice. A beautifully written disclosure will not save a firm if the actual practice looks like “clients first, except when revenue knocks.”

The SEC is paying close attention to recommendations involving alternative investments, private credit, private funds with long lock-up periods, leveraged and inverse ETFs, option-based ETFs, complex strategies, illiquid products, and higher-cost investments. Advisers should be able to explain why a product fits a client’s objectives, liquidity needs, risk tolerance, time horizon, and overall financial background.

Compliance Programs Must Work in Real Life

The Division will also evaluate adviser compliance programs, including policies and procedures covering marketing, valuation, trading, portfolio management, custody, disclosures, filings, and annual reviews. The key question is not whether a firm owns a compliance manual. The question is whether the program is implemented, enforced, updated, and tailored to the firm’s actual business.

Firms that have changed business models, moved into new asset classes, launched private funds, merged with other advisory practices, or added third-party technology should pay close attention. Change creates operational complexity, and operational complexity creates exam questions. That is how the compliance universe keeps itself entertained.

Never-Examined and Recently Registered Advisers

The SEC will continue prioritizing examinations of advisers that have never been examined, with special attention to recently registered advisers. This is a major practical point for newer firms. Early-stage advisers often grow quickly, add clients, hire staff, outsource functions, and adopt technology before their compliance programs fully mature.

For these firms, the 2026 priorities are a warning and an opportunity. A first SEC exam does not have to feel like a surprise pop quiz in a language nobody studied. Firms can prepare by testing fee billing, reviewing Form ADV disclosures, documenting conflicts, checking advertising materials, validating custody practices, and ensuring annual compliance reviews are more than a calendar reminder that got snoozed eleven times.

Investment Companies: Fees, Names, Strategies, and Governance

Registered investment companies, including mutual funds and ETFs, remain central to the SEC’s investor-protection mission because they are widely used by retail investors and retirement savers. In 2026, examinations will generally review fund compliance programs, disclosures, filings, governance practices, fees, expenses, waivers, reimbursements, and portfolio management practices.

One important area is consistency between a fund’s name, stated strategy, marketing materials, and actual portfolio. The amended fund “Names Rule” is especially relevant because fund names can influence investor expectations. If a fund name sounds like it promises a particular investment focus, the SEC will expect the portfolio and disclosures to support that impression. A fund cannot wear a superhero cape in the name and then show up in pajamas in the holdings.

The SEC will also monitor funds involved in mergers, funds with significant holdings of less liquid or illiquid investments, closed-end funds with valuation challenges, novel strategies, and funds with leverage vulnerabilities. These areas matter because small disclosure gaps can become large investor-protection problems when markets get bumpy.

Broker-Dealers: Financial Responsibility and Retail Sales Practices

Broker-dealers should expect continued scrutiny of financial responsibility rules, including the net capital rule, customer protection rule, liquidity controls, financial notifications, required filings, and the systems used to prepare financial reporting information. The SEC will also review operational resilience and third-party vendor services that support financial records and reporting.

Trading, Routing, and Best Execution

Broker-dealer trading practices remain a priority. Examiners may review extended-hours trading, municipal securities activity, order routing, best execution, pricing and valuation of illiquid instruments, disclosures related to order execution, Regulation SHO compliance, and alternative trading systems.

Alternative trading systems should pay close attention to written safeguards protecting subscriber confidential information, Form ATS-N disclosures, operational risk controls, and whether actual practices match public descriptions. In a market where execution quality can be measured in milliseconds, vague supervision is not exactly a winning strategy.

Regulation Best Interest and Retail Recommendations

Regulation Best Interest remains a key part of the SEC’s broker-dealer examination agenda. The Division will review recommendations involving account types, rollovers, limited product menus, reasonably available alternatives, and complex or tax-advantaged products.

Products likely to receive attention include variable annuities, registered index-linked annuities, ETFs that invest in illiquid assets such as private equity or private credit, municipal securities, 529 Plans, private placements, structured products, alternative investments, and products with complex fee structures or unusual return calculations.

Examiners may also focus on recommendations involving options accounts, margin accounts, self-directed IRAs, retirement savers, college savers, and older investors. Dual registrants should be especially careful when financial professionals receive compensation or other incentives that could influence whether a customer is directed to a brokerage account, advisory account, wrap fee account, rollover, or similar product.

Cybersecurity, Regulation S-P, and Operational Resilience

Cybersecurity is not new, but the SEC’s 2026 priorities make clear that it remains essential. The Division will review how firms protect investor information, records, assets, and mission-critical services. Areas of focus include governance, data loss prevention, access controls, account management, incident response, ransomware preparedness, and recovery planning.

Regulation S-P is particularly important in 2026 because amendments adopted in 2024 require covered institutions to develop, implement, and maintain written incident response programs for unauthorized access to or use of customer information. The SEC will examine preparation for compliance dates and, after those dates, whether firms have policies and procedures addressing administrative, technical, and physical safeguards.

The practical lesson is simple: cybersecurity cannot live only in the IT department. Legal, compliance, operations, vendor management, investor relations, and senior leadership all need a role. When an incident happens, nobody wants to discover that the response plan is stored on the one system currently offline. That is not resilience; that is irony with a password reset.

Artificial Intelligence and Emerging Financial Technology

Artificial intelligence receives prominent attention in the 2026 SEC exam priorities. The Division will review registrants’ use of automated investment tools, AI technologies, trading algorithms, alternative data, and related platforms. Examiners are likely to ask whether representations about AI capabilities are fair and accurate, whether controls match disclosures, and whether algorithms produce advice or recommendations consistent with investor profiles and stated strategies.

This is especially important for firms using AI in fraud detection, back-office operations, anti-money laundering, trading, portfolio tools, customer communications, or compliance automation. The SEC is not saying firms cannot innovate. It is saying innovation still needs governance, supervision, testing, documentation, and accountability.

A firm that markets an “AI-powered” investment platform should be ready to explain what the system does, what data it uses, who supervises it, how errors are detected, how conflicts are managed, and whether investors understand the limits. “The algorithm made me do it” is unlikely to become a respected legal defense anytime soon.

Other Market Participants Under the 2026 Microscope

The priorities also address self-regulatory organizations, clearing agencies, municipal advisors, transfer agents, funding portals, security-based swap dealers, and security-based swap execution facilities.

For municipal advisors, examiners will review fiduciary duties, conflicts, documentation, and recommendations involving pricing and methods of sale. Transfer agents should expect attention to transfer processing, recordkeeping, safeguarding funds and securities, filing obligations, and Regulation S-P amendments. Funding portals will face scrutiny of investor fund arrangements with qualified third parties and required records.

Security-based swap dealers should expect reviews of Regulation SBSR reporting, capital, margin, segregation, risk management, and remediation of prior exam findings. Security-based swap execution facilities are also entering the examination picture, with expected reviews of rules, internal policies, trade monitoring, trade processing, participation standards, and operational risk programs.

What Is Different in the 2026 SEC Exam Priorities?

One of the biggest industry observations is what appears less prominent. The 2026 priorities do not include the same dedicated standalone emphasis on crypto assets that appeared in prior years, and some commentators have also noted the absence of a separate private fund adviser section. That does not mean crypto, private funds, or digital assets are invisible to regulators. It means those topics may be addressed through broader categories such as fiduciary duty, disclosures, custody, conflicts, cybersecurity, fraud prevention, AI, and operational risk.

The practical takeaway is not “crypto is off the hook” or “private funds can relax.” A better reading is that the SEC is organizing its 2026 exam focus around core obligations and investor-protection principles. If a product is complex, volatile, illiquid, expensive, poorly disclosed, or sold through conflicted recommendations, it may still attract attention regardless of what label appears on the box.

How Firms Should Prepare for a 2026 SEC Examination

Preparation should begin with a gap analysis against the 2026 priorities. Firms should compare written policies with actual practices, update disclosures, test controls, review client recommendations, evaluate fee calculations, examine custody practices, assess vendor oversight, and document decisions involving conflicts of interest.

Investment advisers should review fiduciary obligations, private credit exposure, complex products, side-by-side management, fee billing, marketing materials, valuation methods, and annual compliance reviews. Broker-dealers should review Regulation Best Interest processes, rollover documentation, branch supervision, Form CRS accuracy, order routing, best execution, and financial responsibility controls.

All registrants should revisit cybersecurity, Regulation S-P readiness, identity theft prevention programs, AI governance, incident response, vendor risk, AML controls, OFAC sanctions monitoring, and operational resilience. A firm does not need a perfect program, but it does need a reasonable, documented, risk-based program that people actually follow.

Practical Experiences and Lessons from SEC Exam Preparation

In practical compliance work, the firms that handle examinations best are rarely the ones with the thickest policy manuals. They are the ones that can tell a clear story. They know what they do, why they do it, where the risks sit, who owns each control, and how the firm tests whether those controls work. When examiners ask for records, these firms do not begin a dramatic treasure hunt through abandoned shared drives, inbox archaeology, and that one spreadsheet named “final_FINAL_reallyfinal.xlsx.”

A common experience in SEC exam preparation is discovering that many issues are not caused by bad intent. They are caused by growth. A small adviser adds new clients, then new products, then a second custodian, then a marketing vendor, then an outsourced technology provider. Each change makes business sense at the time, but the compliance program may not keep pace. By the time the firm prepares for an exam, the written policies describe last year’s business while the actual business has already moved into a new neighborhood and changed the locks.

Another lesson is that conflicts of interest need plain-English handling. Firms sometimes believe that a conflict is solved once it is disclosed. Disclosure matters, but examiners may still ask whether the firm mitigated the conflict, whether clients understood it, and whether the firm’s practices put the investor’s interest first. For example, if a dual registrant recommends a rollover into an advisory account, the file should show why that recommendation was appropriate, what alternatives were considered, what costs changed, and what services the client received in exchange.

Cybersecurity preparation creates similar real-world surprises. Many firms have incident response plans, but fewer have tested them under realistic conditions. A tabletop exercise often reveals simple but serious gaps: outdated contact lists, unclear escalation steps, vendor contracts with weak notification language, employees unsure how to report suspicious access, or backup procedures that nobody has validated recently. The good news is that these problems are fixable before an exam or breach. The bad news is that they are much less charming when discovered during one.

AI governance is becoming another practical pressure point. Firms may adopt AI tools for meeting notes, client communications, surveillance, research, trading support, or fraud detection without fully mapping where data goes, how outputs are reviewed, or whether disclosures accurately describe the tool. A strong preparation process includes inventorying AI use cases, assigning owners, reviewing vendor terms, testing outputs, restricting sensitive data, training employees, and documenting supervision. The goal is not to fear technology. The goal is to avoid letting a shiny tool quietly become an unsupervised business process.

The best preparation experience usually ends with a shorter, sharper list of priorities. Fix the highest-risk gaps first. Make disclosures accurate. Make records easy to retrieve. Train employees on what they actually do. Test the controls that protect clients. Document the judgment calls. When a firm treats the SEC 2026 exam priorities as a working roadmap instead of a regulatory weather report, the exam process becomes less mysterious and much more manageable.

Conclusion

The Securities and Exchange Commission’s 2026 exam priorities show a clear focus on investor protection, practical compliance, and risk-based oversight. Fiduciary duty, Regulation Best Interest, cybersecurity, Regulation S-P, AI, operational resilience, AML, conflicts of interest, complex products, and newly registered firms all sit near the center of the examination landscape.

The strongest firms will not wait for an exam letter to begin preparing. They will use the priorities as a checklist, compare policies against practice, strengthen documentation, test controls, and make sure investor-facing promises match reality. The SEC’s message for 2026 is straightforward: know your risks, supervise your business, protect customer information, and do not let innovation outrun compliance. Fair enough. Compliance may not be glamorous, but neither is explaining preventable gaps to an examiner on a Tuesday morning.

Note: This article is for general informational purposes only and should not be treated as legal, compliance, investment, or regulatory advice. Firms should consult qualified counsel or compliance professionals regarding their specific obligations.