Investment Funds / White Collar, Government & Internal Investigations Advisory | SEC’s 2025 Examination Priorities: Continued Focus on Private Funds and Cybersecurity

On October 21, 2024, the Securities and Exchange Commission (SEC) Division of Examinations released its examination priorities for fiscal year 2025. The annual publication is intended to inform investors and registrants of potential risks in the U.S. capital markets and to make them aware of the examination topics that the division plans to focus on in the next fiscal year. In a press release, Division of Examinations Acting Director Keith Cassidy said, “Our 2025 examination priorities identify the key areas of potentially increased risks and related harm for investors.”

Registered Investment Advisers

The division discussed four focus areas for registered investment advisers (RIAs): fiduciary standards of conduct, effectiveness of adviser compliance programs, advisers to private funds, and advisers that have never been examined (as well as advisers that have not recently been examined and recently registered advisers).

1. Fiduciary Standards of Conduct

To confirm adviser adherence to their duty-of-care and duty-of-loyalty obligations, the division will focus on:

• Investment advice provided to clients regarding products, investment strategies, and account types, and whether that advice satisfies advisers’ fiduciary obligations.
  • Particular focus will be given to recommendations related to high-cost products, unconventional instruments, illiquid and difficult-to-value assets, and assets sensitive to higher interest rates or changing market conditions.
• Dual registrants and advisers with affiliated broker-dealers.
• The impact of advisers’ financial conflicts of interest on providing impartial advice and best execution, with consideration given for nonstandard fee arrangements.

2. Effectiveness of Advisers’ Compliance Programs 

To confirm RIAs’ compliance with Rule 206(4)-7, the division will focus on:

• Marketing, valuation (particularly of difficult-to-value or illiquid assets), trading, portfolio management, disclosure and filings, and custody.
• Advisers’ annual reviews of the effectiveness of their compliance programs.
• Fiduciary obligations of advisers that outsource investment selection and management.
• Alternative sources of revenue or benefits that advisers receive.
• Appropriateness and accuracy of fee calculations and the disclosure of fee-related conflicts.

3. Advisers to Private Funds

The division will continue to focus on advisers to private funds and will prioritize certain topics, including:

• Disclosures being consistent with actual practices.
• Advisers meeting fiduciary obligations in times of market volatility.
• Private funds exposed to interest rate fluctuations.
  • Examples given include commercial real estate, illiquid assets, and private credit.
• Accuracy of calculations and allocations of private-fund fees and expenses.
• Disclosure of conflicts of interests and risks and adequacy of policies and procedures.
• Compliance with recently adopted SEC rules (including amendments to Form PF and the updated rules that govern investment adviser marketing).

4. Never-Examined Advisers, Recently Registered Advisers, and Advisers Not Recently Examined

The division will continue to prioritize examinations of advisers that have never been examined, advisers that have not recently been examined, and newly registered advisers.

Notably, the 2024 examination priorities specifically cited “[c]ompliance with Advisers Act requirements regarding custody, including accurate Form ADV reporting, timely completion of private fund audits by a qualified auditor and the distribution of private fund audited financial statements.” In the 2025 priorities, however, that priority is absent. Presumably, this is due to the March 2023 proposed rule on safeguarding advisory client assets, which would revamp the longstanding custody rule (Rule 206(4)-1).

This does not suggest that custody rule compliance is not a priority. However, its absence in the priorities list, and particularly the inaction regarding the proposed rule, suggests that custodian practices may be of lesser focus until the SEC proposes a new rule superseding the custody rule (Rule 206(4)-1).

Nevertheless, clients are advised that custody rule compliance, while not listed as an explicit priority in 2025, will continue to be a focus of examinations and citations of deficiencies.

Registered Investment Companies

The division will continue to prioritize examinations of registered investment companies (RICs), including mutual funds and exchange-traded funds, due to their importance to retail investors, particularly those saving for retirement.

Examinations will generally review compliance programs, disclosures, and governance practices, with the division prioritizing the examinations of funds that have never been examined, funds that have not recently been examined, and newly registered funds. Specific examination focus areas may include a review of topics or characteristics involving:

• Fund fees and expenses and any associated waivers and reimbursements.
• Oversight of service providers.
• Portfolio management practices and disclosures.
• Issues associated with market volatility.

The SEC’s 2024 priorities included “[d]erivatives risk management assessments to review whether registered investment companies as well as business development companies have adopted and implemented written policies and procedures reasonably designed to prevent violations of the Commission’s fund derivatives rule [Rule 18f-4].” However, in the 2025 priority list, the use of derivatives pursuant to Rule 18f-4 is not listed at all.

Issuers should be cautioned that while Rule 18f-4 compliance is not a named priority, this has consistently been an area of focus within examinations, even if it’s not listed as a top priority.

Broker-Dealers

The division discussed four focus areas involving broker-dealer practices: Regulation Best Interest, Form CRS, financial responsibility rules, and trading-related practices and services.

1. Regulation Best Interest

Examinations will focus on recommended products that are complex, illiquid, or present higher risk to investors. The division may also focus its examinations on particular areas, including:

• Recommendations that use automated tools or other digital engagement practices, relate to the opening of different account types, or are made to certain types of investors (e.g., investors saving for retirement or college).
• Dual registrants (with reviews encompassing firms’ processes for identifying, mitigating, and eliminating conflicts of interest, account allocation practices, and account selection practices).
• Broker-dealer supervision of sales practices at branch office locations.

The division will also continue to examine other broker-dealer practices that relate to Regulation Best Interest, including:

• Recommendations regarding products, investment strategies, and account types, and whether the broker has a reasonable basis to believe the recommendation is in the customer’s best interest.
• Disclosures made to investors regarding conflicts of interest.
• Conflict identification and mitigation and elimination practices.
• Processes for reviewing reasonably available alternatives.
• Factors considered in light of the investor’s investment profile.

2. Form CRS

The division will review the content of a broker-dealer’s relationship summary, including the relationships and services that it offers to retail customers, fees and costs, conflicts of interests, and disclosure of disciplinary history.

3. Broker-Dealer Financial Responsibility Rules

Examinations will continue to focus on compliance with the net capital rule and the customer protection rule as well as related internal processes, procedures, and controls.

4. Broker-Dealer Trading-Related Practices and Services

Examinations will continue to focus on broker-dealer equity and fixed income trading practices.

Self-Regulatory Organizations, Clearing Agencies, and Other Market Participants

The division will continue to review the practices of self-regulatory organizations, clearing agencies, and other market participants.

Risk Areas Impacting Various Market Participants

The division will continue to monitor crypto assets that are offered and sold as securities or related products and the anti-money laundering programs of certain financial institutions (including broker-dealers and certain RICs).

The division also discussed its focus areas for information security and operational resiliency, emerging financial technologies, and entities’ policies and procedures for systems compliance and integrity.

Information security and operational resiliency

The division noted that the cybersecurity practices of registrants are “a perennial examination priority” and will continue to review registrant practices to prevent interruptions to mission-critical services and protect investor information, records, and assets. The division will also continue to examine for compliance with both Regulation S-ID and Regulation S-P and also the shortened settlement cycle under Rule 15c6-1.

As part of the division’s examinations of registrant cybersecurity practices, particular attention will be paid to a firm’s:

• Policies and procedures.
• Governance practices.
• Data loss prevention.
• Access controls.
• Account management.
• Responses to cyber-related incidents (including those related to ransomware attacks).
• Risks from subcontractors and third-party products.

Emerging financial technologies

The division remains focused on examining registrants’ use of automated investment tools, artificial intelligence (AI), and trading algorithms or platforms, and their risks. In particular, the division will examine firms that employ digital investment advisory services, recommendations, and related tools and methods to ensure their use is consistent with the registrants’ regulatory obligations to investors. According to the division, firms should ensure their representations regarding the use of AI are accurate and that the use of AI is supervised.

Regulation systems compliance and integrity

Entities subject to Regulation Systems Compliance and Integrity (SCI) must establish, maintain, and enforce written policies and procedures reasonably designed to ensure that their systems’ capacity, integrity, resiliency, availability, and security are adequate to maintain their operational capability and promote the maintenance of fair and orderly markets. As such, the division will examine SCI entities’ business continuity planning and testing practices, effectiveness of incident response plans (including ability to disconnect or reconnect to registrants or third parties), and cybersecurity policies and procedures generally.

Conclusion

The 2025 examination priorities reflect the division’s stated focus on “the protection of investors and market integrity” in changing regulatory and technological circumstances. 
We also note that the division warned of a focus on private funds experiencing poor performance and significant withdrawals as well as those that hold difficult-to-value or highly leveraged assets. In its press release, the SEC highlighted that “in addition to conducting examinations in core areas such as disclosures and governance practices, the Division will also examine for compliance with new rules, the use of emerging technologies, and the soundness of controls intended to protect investor information, records, and assets.” While the 2025 examination priorities cover a wide range of potential risks to investors, it should not be taken as an exhaustive list.

More than ever, we note that advisers should examine their valuation practices for compliance with all available guidance (including the SEC marketing rule) and cybersecurity risk mitigation.

You can subscribe to future advisories and other Alston & Bird publications by completing our publications subscription form.

If you have any questions, or would like additional information, please contact one of the attorneys on our Investment Funds Team or one of the attorneys on our White Collar, Government & Internal Investigations Team.