On November 17, 2025, the U.S. Securities and Exchange Commission’s Division of Examination published its annual examination priorities for 2026, which include areas of potentially heightened risk where firms should be directing their compliance efforts. In fiscal year 2026, the Division announced plans to prioritize examinations into core areas such as fiduciary duty, standards of conduct, and the custody rule and to focus on never-examined and recently registered advisers and investment companies in an effort to encourage the creation of robust compliance programs. The Division also plans to concentrate on compliance with new rules, such as the 2024 amendments to Regulation S-P that require firms to establish incident response programs and provide timely notification to customers affected by data breaches.
The SEC also plans to prioritize risk areas that impact various market participants, including “Information Security and Operational Resiliency” to determine a company’s ability to recover from operational disruptions that might occur as the result of a cybersecurity attack, firms’ dispersed operations, weather-related events and geopolitical factors. With regards to cybersecurity risks, the Division plans to pay particular attention to “firms’ policies and procedures pertaining to governance practices, data loss prevention, access controls, account management, and responses and recovery to cyber-related incidents.” The Division will also focus on methods that companies use to assess and mitigate emerging risks associated with artificial intelligence (AI) and polymorphic malware attacks.
The SEC will also prioritize examinations of anti-money laundering programs to ensure that existing programs are reasonably designed to prevent companies from laundering funds or financing terrorist activities in compliance with Bank Secrecy Act requirements. The Division will specifically focus on whether broker-dealers and certain registered investment companies (“RICs”) are: “(1) appropriately tailoring and updating their AML program to their business model and associated AML risks…; (2) adequately conducting independent testing; (3) establishing an adequate customer identification program, including for beneficial owners of legal entity customers; and (4) meeting their Suspicious Activity Report filing obligations.” The Division also plans to review whether broker-dealers, advisers, and RICs are monitoring sanctions imposed by the Department of Treasury’s Office of Foreign Assets Control and are in compliance with U.S. sanctions laws.
SEC Press Release | 2026 Examination Priorities