SEC Division of Examinations Releases 2026 Examination Priorities for RIAs & Broker-Dealers

The SEC’s Division of Examinations has published its 2026 Examination Priorities, outlining the agency’s key focus areas for RIAs and Broker-Dealers. This year’s priorities reinforce the SEC’s emphasis on investor protection, risk management, technology oversight, and compliance with recently adopted rules.

Key Focus Areas for 2026

Retail Investor Protection & Standards of Conduct

• RIAs: Continued scrutiny of the Fiduciary Duty—duty of care, duty of loyalty, and whether advice is in the client’s best interest.
• Broker-Dealers: Heightened review of Reg BI and Form CRS, including processes for product recommendations, account types, rollovers, and conflict-mitigation controls.

Technology, Cybersecurity & Operational Resilience

• Examiners will evaluate governance, vendor oversight, access controls, and incident-response frameworks—especially where new technologies create additional risks.
• Regulation S-P: Firms must demonstrate compliance with recent amendments and maintain written administrative, technical, and physical safeguards.
• Artificial Intelligence: Use of AI/automated tools will be reviewed for supervision, accuracy of disclosures, and whether algorithmic recommendations align with regulatory obligations.

Core Compliance & Financial Responsibility

• RIAs: Focus on compliance programs, marketing, valuation, trading, portfolio management, and custody. New and never-before-examined advisers remain a priority.
• Broker-Dealers: Emphasis on financial responsibility rules (Net Capital, Customer Protection), liquidity risk management, and trading practices—including best execution and pricing of less-liquid instruments.

What Firms Should Do Now

• Strengthen Reg BI/Fiduciary Documentation: Ensure rationale for recommendations—especially complex or higher-cost products—is well documented.
• Enhance Tech Governance: Update policies for AI, automated tools, testing, and supervisory controls.
• Reinforce Data Security: Validate compliance with Regulations S-P and S-ID and ensure incident-response and data-protection procedures are robust.