Each year, the SEC's Division of Examinations gives advisers a limited kind of warning. The fiscal year 2026 exam priorities, published under Chairman Atkins, describe where examiners expect to focus when they review firms1. The document is not a rule and does not create new obligations. Still, it is one of the clearest public signals advisers get about what may matter in an examination.

For SEC-registered investment advisers, the 2026 priorities combine familiar themes with a sharper focus on artificial intelligence and emerging technology. The question is not simply what the SEC listed. It is whether the firm's records, disclosures, and day-to-day practices support what the firm says it does.

Fiduciary Duty Still Comes First

The Division continues to begin with advisers' fiduciary obligations, including the duty of care and the duty of loyalty1. Examiners will review investment advice and related disclosures, especially where retail investors are involved. The priorities mention conflicts of interest that may affect impartial advice, best execution, and whether recommendations account for cost, risk, liquidity, and time horizon.

The document also identifies adviser profiles that may receive closer attention: firms recommending alternative or complex investments, including private credit, option-based ETFs, leveraged and inverse ETFs; firms that have recently merged with or acquired other practices; and advisers newly managing private fund assets1. If the business changed, examiners may ask whether the compliance program kept up.

Marketing Belongs in the Compliance Review

Section I.B of the priorities addresses compliance program effectiveness and names marketing as one of the areas examiners will evaluate1. Examiners will not only ask whether a firm has a marketing policy. They may ask whether the policy governs what the firm actually publishes.

The Division says it will assess whether policies and procedures are "implemented and enforced," including whether disclosures address fee-related conflicts arising from account and product compensation structures1. It will also review annual compliance reviews for effectiveness1. A review that confirms a policy exists is weaker than a review that checks the firm's actual website, articles, newsletters, social posts, testimonials, and disclosures.

The SEC's December 2025 Risk Alert makes the same point more concretely. Exam staff cited advisers whose written policies did not match their actual practices, including firms whose policies prohibited testimonials while their websites featured client reviews2. A policy that says "we review marketing content" is useful only if the firm can show the reviews happened.

Open the Compliance Flag GitHub project to review the Python CLI, sample reports, roadmap, and installation notes.

Never-Examined Advisers Should Prepare Early

The Division will continue to prioritize advisers that have never been examined, with particular attention to recently registered advisers1. That has been a recurring priority, but it matters in 2026 because the Division also says it is working with fewer resources and relying on risk-based targeting.

A first examination can be broad. Examiners may review the compliance program, disclosures, marketing practices, custody arrangements, books and records, and other core areas. A recently registered firm should not wait for an exam letter to find out whether its marketing files, policies, and disclosures tell a coherent story.

AI Claims Need Supervision

The 2026 priorities put more attention on artificial intelligence and other emerging technologies1. The Division says it will examine firms using automated investment tools, AI technologies, and trading algorithms. Examiners may ask whether statements about those tools are accurate, whether operations and controls match investor-facing disclosures, and whether the outputs fit investor profiles and stated strategies.

For RIAs, this matters in at least two ways. If the firm uses AI in a client-facing process, it should be able to explain how that use is supervised. If the firm markets AI capabilities, the claims should match reality1. A website that says "AI-driven investment process" while the actual work is primarily manual may invite questions about accuracy, substantiation, and misleading implication.

The priorities also say the Division will assess whether firms have policies to identify and mitigate new risks associated with AI, including cybersecurity, fraud detection, and back-office operations1. The tool matters, but so does the firm's process for handling the risks the tool introduces.

Cybersecurity Is Still an Operational Issue

Cybersecurity remains a recurring priority. The 2026 document adds language about AI-related security risks, including polymorphic malware attacks, and the need for firms to operationalize threat intelligence1. Examiners will review governance, data loss prevention, access controls, and incident response procedures.

The Division also points to the 2024 amendments to Regulation S-P, which require written incident response programs designed to detect, respond to, and recover from unauthorized access to customer information3. As compliance dates approach, the Division says it will engage firms about their progress and later examine whether required programs are in place. For smaller RIAs, the practical requirement is not a general cybersecurity paragraph in a manual. It is a documented incident response program that someone at the firm can actually use.

What to Review Now

The exam priorities are not enforceable guidance. They are a staff statement about focus areas1. Even so, they point firms toward the places where weak implementation is likely to show. Before an examination, an RIA should consider reviewing:

  • Published marketing content against the SEC Marketing Rule. Blog posts, LinkedIn updates, newsletters, website pages, pitch materials, testimonials, and other advertisements under Rule 206(4)-1 should have evidence of review4.
  • Compliance policies against actual practice. If the policy says the firm reviews marketing before publication, there should be records showing that review. If the website uses testimonials, the policies should not say testimonials are prohibited.
  • AI usage and supervision. If the firm uses AI for content, portfolio analysis, client communications, operations, or surveillance, it should document how those tools are approved, monitored, and limited.
  • Exam readiness for newly registered or never-examined firms. Organizing records before an exam notice is easier than trying to reconstruct the process afterward.

The full text of the SEC's fiscal year 2026 exam priorities is available on the Division of Examinations website1.

Citations

  1. SEC Division of Examinations — Fiscal Year 2026 Examination Priorities (2025).
  2. SEC Division of Examinations — Risk Alert: Additional Observations Regarding Advisers' Compliance with the Marketing Rule (Dec. 16, 2025).
  3. SEC — Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Customer Information (Exchange Act Rel. No. 100155, May 16, 2024).
  4. SEC — Investment Adviser Marketing, Final Rule (Advisers Act Rel. No. 5653, Dec. 22, 2020). Amendments to Rule 206(4)-1 under the Investment Advisers Act of 1940.