The Securities and Exchange Commission (SEC) Division of Examinations has released its fiscal year 2026 priorities, reaffirming a risk based program concentrated on investor protection and market integrity. The division highlights four core objectives—promote and improve compliance, prevent fraud, monitor risk, and inform policy—and notes that exam scopes will expand based on each registrant’s business model, risk profile, product mix, and examination history.
Substantively, the 2026 list emphasizes several clusters of risk that the staff expects to test across registrant types:
- Fiduciary duty and standards of conduct. Examiners will test adherence to fiduciary duties, focusing on alignment with client objectives and conflict mitigation. Reviews will extend to account type and rollover recommendations, best execution, fees and expenses, and marketing/substantiation.
- Private markets and retail distribution of alternatives. Private markets and retail alternatives remain a focus, reflecting the continued “democratization” of private strategies. Examiners will review allocation and valuation practices, fees and expenses, side letters, and potential conflicts where advisers manage private funds alongside retail products or separately managed accounts.
- Registered funds and broker dealer sales practices. Registered funds, especially mutual funds and ETFs for retirement investors, remain a key focus, including fees, risk disclosures, and marketing accuracy. Broker-dealer examinations will focus on Regulation Best Interest, Form CRS, and recommendations of complex or illiquid products.
- Information security, data privacy, and emerging technology. Examiners will test ransomware preparedness, identity theft prevention under Regulation S-ID, and readiness for the 2024 amendments to Regulation S-P, including incident-response programs and third party/vendor oversight with phased compliance dates in late 2025 and 2026. The staff will also evaluate the use of artificial intelligence (AI) and other automated tools to ensure practices and outputs match disclosures and investor protection obligations. With AI appearing as a cybersecurity focus for the staff, staff will assess whether sufficient controls are in place for both AI use and protection against AI-enabled attacks.
From a design perspective, the staff will continue to focus on newly registered and never-examined firms to build strong foundational compliance and address gaps early. The priorities are not exhaustive, and exam scopes will expand based on each registrant’s risk profile, business model, products, and history.
In short, the 2026 priorities are designed to steer firms toward measurable improvements in core controls (governance, disclosures, supervision, cybersecurity, and third party oversight), surface and remediate investor harm risks—particularly in retail channels and complex or illiquid products—and inform policy through observations that reflect evolving market practices.
Investment Advisers: Fiduciary Duty, Conflicts, and Alternatives
Examinations will assess whether advisers’ recommendations align with clients’ objectives, risk tolerance, liquidity needs, and time horizons, with special attention to advice provided to older investors and retirement savers. The staff will test how advisers identify, mitigate, and disclose conflicts of interest, including those arising from fees and expenses, allocation decisions across vehicles and accounts, cross fund transactions, vertical integration, and side by side management of private funds and retail products. Expect targeted reviews of valuation controls, best execution, marketing and substantiation, custody practices, and the operational effectiveness of compliance programs under Advisers Act Rule 206(4) 7.
Private Funds and “Retailization” of Alternatives
The staff will scrutinize advisers to newly launched or first time private funds, as well as managers expanding into semi liquid or interval products and ETFs with exposure to illiquid assets such as private credit or private equity. Reviews will examine allocation methodologies, fee and expense calculations (including offsets and waivers), differential investor treatment (including side letters), valuation of complex or thinly traded assets, liquidity risk management, and consistency of disclosures with actual practices.
Registered Funds and Retail Investors
Given the centrality of mutual funds and ETFs to retirement investors, the staff will continue to prioritize registered investment companies. Focus areas include fund fees and expenses (and associated waivers), portfolio-management and risk disclosures, service provider oversight, leverage and liquidity practices, and the accuracy and completeness of marketing materials. Funds undergoing mergers, strategy changes, or offering more complex exposures should anticipate targeted reviews.
Broker Dealers: Regulation Best Interest, Form CRS, and Complex Products
For broker dealers, the 2026 program highlights sales practices affecting retail customers, including compliance with Regulation Best Interest and the accuracy and delivery of Form CRS. Examiners will review recommendations involving rollovers to IRAs, account type recommendations, and complex or tax advantaged products such as variable and registered index linked annuities, private placements, structured products, municipal securities (including 529 plans), and ETFs investing in illiquid assets. Trading practices, order handling, and supervision (including at branches) will remain important, alongside financial-responsibility rules and operational resiliency.
Information Security, Data Privacy, and Emerging Technology
As in prior years, information security remains a top priority. Examinations will evaluate ransomware preparedness, identity theft prevention under Regulation S-ID, and compliance with the 2024 amendments to Regulation S-P, including policies and procedures, incident-response programs, governance, and third party/vendor oversight. Importantly, Regulation S-P includes new incident-reporting requirements that firms should expect to show forthcoming compliance with before December 3, 2025, and full compliance after that date.
In a shift from the 2025 examination priorities, the staff will also assess AI and automated tools used in advisory and brokerage contexts to confirm that outputs and recommendations are consistent with disclosures, suitability/best interest obligations, and controls designed to prevent fraud, errors, or misuse of material nonpublic information. Specifically, the staff will focus on the training and security firms have in place to mitigate risks associated with AI and AI-enabled attacks (such as polymorphic malware). The staff further notes an expectation that firms operationalize threat intelligence they receive, as appropriate.
Program Focus and Scope
Consistent with prior years, the staff will prioritize newly registered and never examined advisers and funds to promote robust baseline compliance. The priorities document is not exhaustive; exam scopes may expand based on each registrant’s risk profile, history, business model, and products and services. While the 2026 list does not feature a stand-alone crypto section, the staff retains authority to examine crypto related activities under applicable rules and risk areas.
Practical Implications
The 2026 priorities call for demonstrable, documented, and tested compliance. Advisers should refresh fiduciary duty analyses for older and retirement investors; revisit allocation, valuation, and fee/expense practices—especially in alternative strategies; and ensure marketing claims are substantiated.
Broker dealers should review Regulation Best Interest policies, rollover and account type recommendation controls, and Form CRS content and delivery.
All registrants should complete (and evidence) readiness for the amended Regulation S-P requirements, including incident-response programs and vendor oversight, and validate identity theft prevention under Regulation S-ID.
Firms deploying AI or automated tools should inventory use cases, map associated risks and conflicts, align disclosures with practices, and test supervisory and model governance controls. Newly registered firms should expect foundational exams; mature programs should anticipate deeper risk targeted reviews.
Across the board, the most effective preparation remains a candid, risk based self assessment followed by targeted remediation and reporting that exam staff can readily test and verify.
Key Takeaways
- Adviser obligations remain a central focus, particularly when recommendations affect older investors, retirement-oriented strategies, or complex or higher-cost products.
- Preparation for the amended Regulation S-P is expected to be demonstrable, including incident-response capabilities and oversight of third-party service providers ahead of phased compliance dates.
- Private market and alternative strategy practices continue to draw significant attention, with emphasis on valuation discipline, fee and expense practices, side-letter terms, and conflicts across product structures.
- Regulation Best Interest and Form CRS remain core areas for broker-dealer reviews, including the basis for rollover and account-type recommendations and the sale of complex, illiquid, or tax-advantaged products.
- Information security and technology governance expectations are rising, with attention to ransomware preparedness, identity-theft protections under Regulation S-ID, and oversight of AI-enabled tools and processes.
- Newly registered and never-examined advisers and funds should anticipate baseline assessments of compliance-program design, implementation, and supervisory architecture.
- Crypto-related activities remain subject to examination when relevant, even though crypto is not identified as a stand-alone priority this year.
If you have any questions, or would like additional information, please contact one of the attorneys on our Investment Funds team or one of the attorneys on our Privacy, Cyber & Data Strategy team.
You can subscribe to future advisories and other Alston & Bird publications by completing our publications subscription form.