SEC Releases Examination Priorities for Fiscal Year 2026

If your compliance team was hoping for a quiet year, the SEC has arrived with the regulatory equivalent of a bright yellow highlighter. The agency’s Fiscal Year 2026 Examination Priorities do not reinvent the rulebook, but they absolutely underline the parts firms can no longer afford to skim. The message is straightforward: the SEC still cares deeply about the basics, but it now expects those basics to hold up in a market shaped by private credit, complex products, artificial intelligence, vendor dependence, cyber risk, and operational stress.

That combination is what makes the 2026 priorities so important. This is not a document full of abstract policy poetry. It is a practical roadmap of where exam staff are likely to look, what kinds of conflicts and controls they are likely to test, and which firms may find themselves explaining why a policy looked beautiful on paper but mysteriously forgot how to function in real life.

For investment advisers, broker-dealers, registered investment companies, and other market participants, the new priorities point to a familiar but sharper exam environment. Fiduciary duties, disclosure quality, Regulation Best Interest, and customer protection remain front and center. At the same time, the SEC is zeroing in on cybersecurity, operational resiliency, amended Regulation S-P requirements, AI governance, anti-money laundering controls, and the risks created when firms grow quickly, merge, outsource key functions, or sell increasingly complex products to retail investors.

In short, the SEC’s Fiscal Year 2026 priorities say: handle the fundamentals, supervise the technology, know your products, document your reasoning, and do not confuse having a manual with having a functioning compliance program.

What the FY 2026 Priorities Really Signal

The biggest takeaway from the 2026 exam priorities is that the SEC appears to be taking a “back to basics, but no excuses” approach. The agency is not abandoning innovation or pretending markets have not changed. Instead, it is applying long-standing investor protection principles to a newer landscape filled with automated tools, alternative investments, illiquid exposures, and more complicated operational chains.

That means the core questions are still classic SEC questions. Did the firm act in the client’s best interest? Were conflicts identified, mitigated, and disclosed? Do the disclosures match the actual business practices? Are controls reasonably designed and actually implemented? Are marketing statements accurate? Is the compliance program living and breathing, or just laminated?

The “evolution” part of the priorities shows up in the SEC’s attention to operational resiliency, data protection, and technology governance. Examiners are looking beyond whether a firm has adopted a shiny platform or mentioned AI in a board meeting. They want to know whether the firm understands how its tools work, whether those tools are monitored, whether vendor oversight is real, and whether automated outputs remain consistent with regulatory obligations.

Investment Advisers: Fiduciary Duty Still Runs the Show

For registered investment advisers, the SEC continues to keep fiduciary duty in the starring role. The Division of Examinations says it will review whether investment advice and related disclosures are consistent with advisers’ duties of care and loyalty, especially for businesses serving retail investors. That means exam teams will be looking closely at how advice is made, how conflicts are managed, and whether recommendations line up with a client’s objectives, risk tolerance, liquidity needs, and financial circumstances.

The 2026 priorities also make clear that product complexity matters. Advisers recommending alternative investments, private credit strategies, private funds with long lock-up periods, option-based ETFs, leveraged or inverse ETFs, and other higher-cost or harder-to-understand products should expect more attention. The SEC is signaling that when a product becomes more complex, expensive, illiquid, or volatile, the burden on the adviser to justify suitability and clarity goes up too.

There is also special attention on recommendations made to older investors and people saving for retirement. That focus is not subtle, and it should not be. When a firm is recommending complex or costly products to clients with income needs, shorter time horizons, or lower tolerance for surprises, the SEC wants to see a disciplined process behind that recommendation, not a sales script with a nice haircut.

Private fund advisers are still very much on the radar, even if the 2026 report does not carve out a flashy standalone crypto-or-private-funds headline the way some past priority cycles did. The SEC highlights advisers to private funds that also advise separately managed accounts or newly registered funds, with exam attention likely to fall on allocation favoritism, interfund transfers, valuation questions, fee practices, side letters, and differences in investor treatment. Newly launched private funds and advisers entering private funds for the first time may also get a closer look.

Another noteworthy area is adviser consolidation. Advisers that have merged, been acquired, or changed business models may attract scrutiny because those changes often create operational complexity and fresh conflicts of interest. Translation: if your firm bought another practice and stitched the compliance program together with optimism and a shared Dropbox folder, this is probably the year to revisit that decision.

Compliance Programs: The SEC Wants Proof, Not Promises

The SEC’s 2026 priorities continue to stress that an adviser’s compliance program must be tailored, implemented, enforced, and reviewed. Examinations are expected to evaluate core areas such as marketing, valuation, trading, portfolio management, custody, disclosures, and regulatory filings. Annual reviews also matter, and not as a ceremonial year-end exercise where everyone nods at a memo and then heads for lunch.

Fee-related conflicts remain a major concern, especially where compensation structures may steer personnel toward certain products, account types, or strategies. Firms should expect examiners to compare written policies with actual compensation incentives, account recommendations, and disclosure language. That comparison can be painfully revealing when the policy says “client first” and the incentive grid whispers something else entirely.

The SEC also continues to prioritize never-examined advisers and recently registered advisers. New registrants should take that as a very direct hint: the agency expects strong compliance architecture early, not eventually, not after growth slows down, and definitely not after the first awkward deficiency letter.

Investment Companies: Fees, Strategy Claims, and the Names Rule

Registered investment companies, including mutual funds and ETFs, remain high on the SEC’s list because of their importance to retail and retirement investors. For these firms, the Division of Examinations plans to focus on compliance programs, governance, filings, disclosures, fees and expenses, and whether portfolio management practices are consistent with what fund documents and marketing materials actually say.

That last point deserves a drumroll. The SEC continues to emphasize consistency between strategy claims and real portfolio behavior. If a fund presents itself as focused, defensive, income-oriented, low-volatility, or aligned with a particular investment theme, examiners will be interested in whether the holdings and operations back that up. The amended Names Rule is part of that picture, especially as extended compliance dates come into view.

The agency also flagged certain funds for heightened interest: funds involved in mergers or similar transactions, funds using complex strategies, funds holding less liquid or illiquid investments, and funds with novel or leverage-related vulnerabilities. In plain English, the more complicated the fund, the more likely the SEC is to ask how its governance, valuation, disclosures, and risk oversight are keeping up.

Broker-Dealers: Financial Responsibility, Trading Practices, and Retail Sales Conduct

Broker-dealers will face examinations focused on three major buckets: financial responsibility rules, trading-related practices, and retail sales practices. On the financial side, the SEC is keeping attention on net capital, customer protection, required filings, operational resiliency, vendor-supported reporting systems, change management, liquidity risk, cash sweep programs, and prime brokerage activities.

That is a strong sign that the SEC sees operational resilience as more than a technology issue. It is also a books-and-records issue, a financial controls issue, and a governance issue. If core reporting depends on third-party systems, examiners will want to know how those systems are supervised, tested, and backed up when things go sideways.

In trading-related reviews, best execution remains a major focus, along with order routing, extended-hours trading, pricing and valuation of illiquid instruments, municipal securities practices, and certain disclosure obligations under market structure rules. None of this is new, but the SEC’s inclusion of these topics in 2026 shows they are not going away. Firms hoping best execution would quietly become less fashionable should not get their hopes up.

Retail sales practices remain another major exam lane, especially compliance with Regulation Best Interest. The SEC is expected to look at product recommendations, conflict mitigation, reasonably available alternatives, and whether firms can demonstrate that the Care Obligation was actually satisfied. Products likely to draw attention include variable and registered index-linked annuities, private placements, alternative investments, structured products, municipal securities, certain ETFs, and other offerings with complex fee structures, illiquidity, or unusual return mechanics.

Form CRS also remains in the mix. Broker-dealers should expect scrutiny of whether relationship summaries accurately describe services, fees, conflicts, and disciplinary history. That may sound basic, but in exam land, “basic” is often just another word for “easy to get wrong in a surprisingly public way.”

Market Infrastructure and Other Participants Stay on the Radar

The 2026 priorities are not just about advisers and broker-dealers. The SEC also highlights oversight of national securities exchanges, FINRA, the Municipal Securities Rulemaking Board, clearing agencies, municipal advisors, transfer agents, funding portals, security-based swap dealers, and security-based swap execution facilities.

For clearing agencies, the SEC emphasizes financial and operational risk, default management, collateral management, remediation of past issues, and compliance with standards for covered clearing agencies. For municipal advisors, the focus includes fiduciary duty, conflict disclosures, MSRB Rule G-42 compliance, and registration, qualification, and recordkeeping requirements.

Transfer agents and funding portals should pay special attention to amended Regulation S-P obligations after the relevant compliance dates. Security-based swap dealers remain a target for accurate reporting and risk management reviews, while the Division also expects to begin examinations of registered security-based swap execution facilities. That last point is especially notable because it shows the SEC’s exam program continuing to expand its practical reach across newer or more specialized market infrastructure.

Cybersecurity, Regulation S-P, AI, and AML: The Cross-Cutting Priorities That Touch Nearly Everyone

If there is one section of the 2026 priorities that nearly every regulated firm should read twice, it is the cross-cutting risk area section. Cybersecurity remains a perennial priority, and the SEC is explicit about the kinds of issues it cares about: governance practices, data loss prevention, access controls, account management, incident response, ransomware preparedness, and the broader ability to protect investor information, records, and assets while maintaining mission-critical services.

The agency also ties cybersecurity to operational resiliency. This matters because firms are now expected to think beyond the breach itself and plan for the business consequences of disrupted systems, dispersed workforces, extreme weather events, geopolitical stress, and third-party failures. In other words, resilience is not just about keeping the lights on. It is about proving you know which lights matter most.

Regulation S-ID and amended Regulation S-P get meaningful attention as well. The SEC says it will assess policies, internal controls, governance, and vendor oversight tied to identity theft prevention and customer information safeguards. This is especially important because the amended Regulation S-P framework adds incident response obligations and customer-notification expectations, with tiered compliance dates already on the calendar. Firms that delayed preparation may find examiners unusually interested in whether “we’re working on it” has matured into “it is implemented and tested.”

Emerging financial technology is another major exam theme, particularly automated advisory services, AI technologies, trading algorithms, and alternative data. The SEC plans to review whether representations about these tools are fair and accurate, whether the controls match the disclosures, whether algorithms lead to recommendations consistent with investor profiles or stated strategies, and whether firms are adequately supervising AI-related functions. That includes AI use in fraud detection, back-office operations, AML work, and trading functions.

This is a critical point for 2026. The SEC is not treating AI as a futuristic side topic. It is treating AI as a present-day supervision issue. If a firm uses AI in client-facing recommendations, compliance workflows, surveillance, or operational processes, it should expect examiners to ask ordinary but powerful questions: Who approved it? Who tests it? Who monitors drift? What disclosures were made? How are outputs reviewed? When the tool makes a mistake, who catches it before a customer does?

AML remains part of the priorities too, with attention to risk-tailored programs, independent testing, customer identification, beneficial ownership controls, suspicious activity reporting, oversight of intermediaries where relevant, and monitoring of OFAC sanctions compliance. That is a reminder that traditional financial crime controls still matter even when the industry conversation is being stolen by shinier acronyms.

What Firms Should Do Next

The smartest response to the SEC’s FY 2026 priorities is not panic. It is specificity. Firms should map the priorities against their products, client base, technologies, compensation structures, vendor ecosystem, and recent business changes. Then they should test whether policies match reality, whether disclosures match operations, and whether supervisors can actually explain how risk is controlled.

For advisers, that likely means revisiting conflicts, complex product reviews, private fund allocation practices, and post-merger integration controls. For broker-dealers, it means sharpening best execution review, Reg BI documentation, product governance, liquidity oversight, and Form CRS accuracy. For funds, it means rechecking strategy disclosures, fees, names rule readiness, valuation governance, and controls around less liquid or more complex holdings. For nearly everybody, it means elevating cybersecurity, incident response, vendor oversight, AI governance, and Regulation S-P preparation from “important project” to “board-level exam readiness issue.”

Real-World Experience: What These Priorities Feel Like When an Exam Actually Starts

In practice, SEC priorities become real long before an examiner walks through the door or opens a virtual document request. Firms usually feel them first in the uncomfortable gap between what they thought was working and what they can actually prove. That experience is especially common in 2026 priority areas because many of them sit at the intersection of compliance, operations, technology, and client communication.

Take investment advisers that expanded into private credit or other alternative strategies during the last few years. On paper, the transition often looks logical: client demand increased, margins improved, and the strategy fit the firm’s growth plan. But when firms step back and test their controls, they often discover that disclosures were updated faster than supervision, valuation procedures were copied from older strategies, and fee-conflict reviews never quite caught up. The firm may have a policy, but the policy was written for the business the firm used to be, not the business it became.

Broker-dealers often run into a similar problem with product complexity. Teams may genuinely believe their recommendation process is thoughtful and client-centered, yet documentation can tell a thinner story. A file may show that a representative recommended a structured product, annuity, or illiquid ETF to a retirement-focused client, but the record does not fully explain why reasonably available alternatives were rejected. In an exam, that silence can become the loudest part of the file.

Cybersecurity and Regulation S-P preparation create another familiar experience: firms realize that responsibility is spread across too many people and truly owned by no one. Legal thinks IT has it. IT thinks compliance has it. Compliance assumes the vendor contract solved it. Then someone asks who would notify affected customers after an incident, who would make the materiality call, who tracks third-party breach reporting, and whether the response plan has ever been tested under pressure. Suddenly the room gets very interested in scheduling a tabletop exercise.

AI governance has its own flavor of surprise. Firms often start by using AI for harmless-sounding tasks like drafting notes, reviewing communications, summarizing research, or flagging anomalies. That feels efficient, and sometimes it is. But exam readiness becomes tricky once no one can clearly explain the review process, escalation path, or control framework around those outputs. The hard lesson is that a tool does not stop being regulated just because it sounds modern.

One of the most consistent experiences across all registrant types is that the SEC tends to reward preparation that is practical, not theatrical. Examiners do not need a speech. They need records, rationales, testing results, escalation logs, committee minutes, and evidence that the firm can connect policy to action. The firms that manage exams best are usually not the firms with the fanciest presentations. They are the firms that can answer plain questions plainly, produce support quickly, and show that risk management is part of daily operations rather than a seasonal decorating theme.

That is why the 2026 priorities matter so much. They are not merely a regulator’s annual to-do list. They are a preview of where ordinary operational shortcuts may become exam findings. Firms that treat the priorities as a checklist will improve. Firms that treat them as a diagnostic tool will improve faster.

Conclusion

The SEC’s Fiscal Year 2026 Examination Priorities deliver a clear message to the financial industry: investor protection still begins with fundamentals, but those fundamentals now have to work inside more complex products, more automated systems, and more fragile operating environments. Advisers, funds, broker-dealers, and other market participants should expect continued scrutiny of fiduciary conduct, conflicts, disclosures, and sales practices, along with deeper attention to cybersecurity, Regulation S-P readiness, AI oversight, operational resiliency, and AML controls.

For firms willing to read the priorities closely, the document is more than a warning. It is also a practical guide to where compliance resources should go next. In 2026, the winners will not be the firms that merely say they take risk seriously. They will be the firms that can show exactly how they do it.