Each year, the SEC's Division of Examinations — formerly known as OCIE — publishes its examination priorities, a document that outlines the specific areas regulators plan to scrutinize most closely in the year ahead. For registered investment advisers, this annual publication is one of the most important compliance planning tools available. It tells you, directly and in plain language, where examiners will be focusing their attention — and where your firm needs to be ready.
Too many advisory firms treat the exam priorities as interesting reading rather than an actionable compliance checklist. That is a mistake. The priorities reflect real enforcement trends, active areas of regulatory concern, and patterns that EXAMS staff are seeing in the market. Firms that align their annual compliance review and testing calendar with the published priorities are better positioned to identify gaps before an examiner does.
How Exam Priorities Are Used in Practice
The SEC's exam priorities are not a guarantee that every firm will be examined in every area listed. Examinations are still tailored to the specific profile of each registrant — your AUM, client types, services offered, complaint history, and time since last exam all factor into what an examiner will focus on when they arrive. However, the priorities signal systemic concerns that regulators have identified across the industry, and they often foreshadow enforcement actions that follow in subsequent years.
Practically speaking, a well-designed compliance program should map its annual testing and review schedule against the current year's exam priorities. If EXAMS has identified marketing rule compliance, cybersecurity practices, or conflicts of interest disclosure as priority areas, those topics should receive heightened attention in your annual compliance review, training program, and internal testing calendar — regardless of whether an exam is imminent.
Key Focus Areas for Investment Advisers
While specific priorities shift from year to year, certain themes have remained consistent across multiple examination cycles and deserve ongoing attention from every advisory firm.
Adherence to fiduciary standards and conflicts of interest. The SEC continues to prioritize examination of whether investment advisers are meeting their fiduciary obligations — specifically, whether they are acting in the best interest of clients and providing full and fair disclosure of all material conflicts of interest. Examiners will review advisory agreements, Form ADV disclosures, compensation arrangements, and actual investment recommendations to assess alignment between disclosed practices and real conduct. Conflicts that are inadequately disclosed or not properly managed remain one of the most common findings in adviser examinations.
Compliance with the Marketing Rule. The SEC's amended Marketing Rule (Rule 206(4)-1) has continued to generate examination focus since its compliance date. Examiners look at whether firms have updated their policies and procedures to address the new standards for performance presentations, testimonials, endorsements, and third-party ratings. Any firm using client testimonials, past specific investment recommendations, or hypothetical performance in its marketing materials faces heightened scrutiny and must ensure its practices are fully aligned with the rule's requirements.
Cybersecurity practices and data protection. Cybersecurity compliance has been an examination priority for several consecutive years and shows no sign of receding. Examiners review written cybersecurity policies and procedures, governance and oversight structures, incident response plans, vendor due diligence practices, and the technical controls firms have implemented to protect client data. Advisory firms with outdated or poorly implemented cybersecurity programs — especially smaller RIAs that lack dedicated IT security staff — consistently receive deficiency findings in this area.
Environmental, Social, and Governance (ESG) claims. As investor interest in ESG-oriented investment products has grown, so has regulatory scrutiny of whether firms are substantiating the ESG claims they make to clients. Examiners look for consistency between the ESG criteria disclosed in marketing materials and advisory agreements and the criteria actually applied in portfolio construction. Firms that describe themselves or their strategies as ESG-focused must be prepared to demonstrate that their investment process genuinely reflects those claims.
Emerging technologies and digital assets. Advisers that use artificial intelligence, automated decision-making tools, or that manage digital asset portfolios face specific examination attention. Examiners assess whether disclosures accurately describe how these tools function, whether advisers understand the risks inherent in the technologies they deploy, and whether clients are adequately informed. The SEC has been particularly focused on whether AI-powered tools create undisclosed conflicts or generate advice that is not in clients' best interests.
What Examiners Are Looking For
"An SEC examination is not simply a document collection exercise. Examiners are looking for alignment — between what you say in your disclosures and what you actually do, between the policies in your compliance manual and the practices your people follow, and between the interests of your clients and the interests of your firm."
When EXAMS staff conduct an examination, they typically begin by reviewing a firm's Form ADV, compliance manual, and a subset of client files and trading records. They are assessing whether the firm's actual practices are consistent with its disclosures. The most common deficiency findings arise not from firms that are deliberately deceptive, but from firms whose disclosures and procedures have not kept pace with how the business actually operates.
Examiners also look for evidence that the compliance program is functioning — not just documented. A compliance manual that has not been reviewed or updated in several years, a CCO who is not actively engaged in reviewing the firm's practices, or a training program that exists on paper but is not consistently delivered are all red flags that a compliance program is nominal rather than substantive.
Preparing Your Firm for an Examination
The best exam preparation is a consistently well-run compliance program — not a last-minute scramble when an exam request arrives. That said, there are specific steps every RIA should take on an ongoing basis to maintain examination readiness.
- Keep Form ADV current and accurate. Your Form ADV is the first document an examiner will review. Ensure that Part 1 and Part 2A (your brochure) accurately reflect your current business practices, fee structures, conflicts of interest, and disciplinary history. File annual amendments within 90 days of your fiscal year-end, and file promptly upon any material change.
- Conduct a genuine annual compliance review. Rule 206(4)-7 requires investment advisers to review their compliance policies and procedures at least annually for adequacy and effectiveness. This review should be documented, should identify specific gaps or deficiencies, and should result in concrete remediation steps. A perfunctory review that simply concludes "no issues were identified" is unlikely to satisfy an examiner.
- Test your policies — don't just review them. Annual testing of key compliance areas (marketing materials, personal trading, client onboarding, advisory agreements) gives you evidence that your program is operational and helps identify gaps before an examiner does.
- Train your staff regularly. Compliance training is not a one-time event. Ensure that all supervised persons receive training on their obligations under your compliance program, with particular emphasis on any areas identified as exam priorities or where internal testing has surfaced issues.
- Maintain organized records. SEC requirements mandate that advisers maintain specified records for defined periods. Ensure your recordkeeping practices are organized, accessible, and aligned with regulatory requirements. An inability to produce requested records during an examination is itself a significant deficiency finding.
After an Examination: Responding to Deficiency Letters
If an examination results in a deficiency letter, the firm must respond within 30 days with a written plan to address each identified deficiency. Deficiency letters are serious — while not all result in enforcement referrals, a pattern of recurring deficiencies or failure to adequately remediate identified issues can escalate regulatory attention. Treat each deficiency as a genuine opportunity to strengthen your compliance program, not simply as a compliance obligation to discharge.
The SEC's examination priorities are a valuable, freely available resource that every investment adviser should incorporate into their compliance planning process. Reading them carefully, mapping them against your firm's specific practices and risk profile, and using them to guide your annual review and testing calendar is one of the most effective steps you can take to maintain a compliance program that is genuinely ready for regulatory scrutiny.