SEC Highlights 2025 Exam Priorities

In an annual report, the SEC Division of Examinations highlighted key risks for investors and registrants and emphasized priority areas for examination in fiscal year 2025.

The Division focused on the following priorities:

• Investment Advisers and Private Funds. The Division said that examinations of investment advisers will focus on adherence to fiduciary duties and compliance programs, with special attention to private fund advisers and disclosures regarding interest rate and market volatility risks.

• Registered Investment Companies. The Division said it will continue to examine registered investment companies, including mutual funds and ETFs, with a focus on fees, governance and the oversight of service providers, particularly in light of market volatility.

• Broker-Dealers. The Division said that examination priorities will include broker-dealer compliance with Regulation Best Interest, Form CRS, financial responsibility rules and trading-related practices, particularly for high-risk or complex products.

• Self-Regulatory Organizations. The Division said it will focus on governance, enforcement and surveillance practices at national securities exchanges, while conducting risk-based oversight of FINRA and the MSRB.

• Clearing Agencies. The Division said its examinations will emphasize risk management practices, including liquidity, margin systems, model validation and oversight of third-party service providers.

The Division said it will conduct additional examinations on other market participants, including municipal advisors, security-based swap dealers and transfer agents. The Division said it will focus these examinations on:

• Information Security and Operational Resiliency. The Division said it will continue to scrutinize registrants' practices to safeguard critical services, investor data and records, including on firms' data loss prevention, governance practices and incident response strategies. The Division said it will pay special attention to third-party IT vendors and unsupported technology infrastructures that heighten risks.

• Cybersecurity Regulations. The Division said it will assess compliance with Regulation S-ID (identity theft red flags) and Regulation S-P (safeguarding customer information), focusing on how firms protect customer records, prevent identity theft and secure sensitive data in electronic investment services.

• Shortening of the Settlement Cycle. The Division said it will examine broker-dealers' and advisers' operational adjustments to the shortened T+1 settlement cycle with a focus on technology upgrades, compliance with new books and records requirements and the timely settlement of securities transactions.

• Emerging Financial Technologies. The Division said it will continue to focus on the use of advanced technologies, such as AI, digital engagement tools and automated investment platforms. This includes assessing whether firms using AI and algorithms are making fair and accurate representations to clients and whether such tools generate advice aligned with investors' profiles. In addition, the Division said it will evaluate a firms' controls over third-party AI models and tools to ensure protection against loss or misuse of client data.

• Crypto Assets. The Division said it will examine the offering, sale, recommendation and trading of crypto assets that are classified as securities. The Division said its focus will be on firms' standards of conduct, custody practices, compliance with Bank Secrecy Act requirements and disclosures regarding risks to retail investors, particularly older individuals and retirement assets.

• Regulation Systems Compliance and Integrity ("Regulation SCI"). The Division said that it will review entities classified as SCI entities (such as exchanges and clearing agencies) to ensure they have systems in place to maintain operational integrity, resiliency and availability. The Division said it will focus on cybersecurity defenses, business continuity plans and the decision-making process for reconnecting to third parties during cyber events.

• Anti-Money Laundering. The Division said it will focus on whether broker-dealers and certain registered investment companies have tailored their AML programs to the specific risks associated with their business models. This includes a review of customer identification processes, independent testing and firms' adherence to their Suspicious Activity Report filing obligations. The Division said it will also monitor firms' compliance with US Treasury sanctions.