The SEC’s Division of Examinations has released its 2026 Examination Priorities, outlining where firms can expect heightened regulatory scrutiny in the year ahead. The priorities reflect a continued focus on investor protection, operational resilience, fiduciary accountability, and emerging risks tied to technology and cyber threats. Below is a breakdown of the key areas firms should be preparing for now.

  1. Investment Adviser Fiduciary Oversight

The SEC will continue to closely examine how investment advisers fulfill their fiduciary duties of care and loyalty, particularly for advisers serving retail investors. Examiners will focus on how advisers manage conflicts of interest, disclose fees, and demonstrate that recommendations align with client objectives, risk tolerance, and financial profiles.

Special attention will be given to:

  • Alternative and private investments
  • Complex ETFs and leveraged products
  • High-cost products and commission-based compensation structures
  • Recommendations made to older investors
  • Dual registrants and firms undergoing mergers or business model changes

To reinforce fiduciary expectations and conflict management across your firm, explore Quest CE’s Firm Element training catalog designed to support today’s regulatory priorities.

  1. Reg BI and Retail Recommendations

Retail investor protection continues to drive broker-dealer examinations in 2026. The SEC will assess how firms satisfy their obligations under Regulation Best Interest, with focus areas including:

  • Account and rollover recommendations
  • Identification and mitigation of conflicts
  • Recommendations involving complex and tax-advantaged products
  • Sales made to older investors and retirement savers

Examiners will also review the accuracy of Form CRS disclosures, including how firms describe services, fees, conflicts, and disciplinary history.

  1. Cybersecurity, Reg S-P, and Data Protection

Cybersecurity remains one of the SEC’s highest-risk focus areas, with growing concern around ransomware, AI-driven attacks, and vendor-related breaches. Exams will evaluate:

  • Information security governance
  • Access controls and data loss prevention
  • Incident response and recovery planning
  • Vendor oversight and operational resiliency

In parallel, firms must prepare for enhanced enforcement of Regulation S-ID and the newly amended Regulation S-P, which require firms to implement formal incident response programs, customer notification procedures, and identity theft prevention controls.

To help jump-start or strengthen your firm’s cybersecurity and privacy program, explore Quest CE’s cybersecurity training and compliance tools designed for Reg S-P and identity protection readiness.

  1. Artificial Intelligence and Emerging Technology

The SEC will intensify its focus on firms using automated investment tools, trading algorithms, and artificial intelligence. Exams will assess whether:

  • AI-related representations to clients are accurate
  • Automated recommendations align with investor profiles
  • Firms have supervisory controls over AI-driven systems
  • AI is properly governed in fraud detection, AML, and back-office operations

The SEC is also evaluating how firms use alternative data sources and automated decision-making technologies.

To help your team understand the compliance risks tied to AI and automation, explore Quest CE’s technology-focused Firm Element training built for evolving supervisory expectations.

  1. AML and Sanctions Enforcement

The SEC will continue evaluating broker-dealers and certain investment companies for compliance with Bank Secrecy Act (BSA) and AML requirements, including:

  • Proper risk-based program design
  • Independent testing
  • Timely and accurate Suspicious Activity Reports (SARs)
  • OFAC sanctions monitoring

To support your firm’s AML and sanctions compliance efforts, explore Quest CE’s AML training and tracking solutions designed to support both frontline education and exam documentation.

What This Means for Firms

The 2026 exam priorities reinforce a clear message from regulators: firms must demonstrate that compliance programs are active, adaptive, and embedded into daily operations. Technology oversight, cybersecurity defense, fiduciary integrity, and retail investor protection are no longer siloed responsibilities.

Firms that proactively align their training, policies, supervision, and documentation to these priorities will be best positioned to navigate regulatory expectations and exam cycles with confidence.