SEC Outlines 2025 Examination Priorities: Focus on Fiduciary Duty, Cybersecurity, & AI Compliance

The Securities and Exchange Commission's (SEC) Division of Examinations has released its examination priorities for the 2025 fiscal year. This annual publication aims to inform investors and registrants of potential risk areas that will be a focal point for the Division's oversight and compliance efforts in the coming year.

"The Division of Examinations 2025 priorities enhance trust in our ever-evolving markets," said SEC Chair Gary Gensler. "In examining for compliance with our time-tested rules, the Division plays a critical role in protecting investors and facilitating capital formation. Working with registrants to understand the rules helps ensure that markets work for investors and issuers alike."

The Division's 2025 priorities span a wide range of risk areas, both perennial and emerging, including fiduciary duty, standards of conduct, cybersecurity, and the use of artificial intelligence (AI) technologies. SEC-registered entities such as investment advisers, investment companies, broker-dealers, clearing agencies, and self-regulatory organizations can expect heightened scrutiny in these key focus areas.

"Our 2025 examination priorities identify the key areas of potentially increased risks and related harm for investors," said Keith Cassidy, Acting Director of the Division of Examinations. "We hope that registrants will evaluate their compliance programs in the areas we identified and make the changes necessary to protect investors and maintain fair and orderly capital markets."

One of the Division's top priorities for 2025 will be assessing firms' compliance with their fiduciary duties and applicable standards of conduct. This includes evaluating whether investment advisers are acting in the best interests of their clients, as well as examining broker-dealers' adherence to the SEC's Regulation Best Interest requirements.

The Division will scrutinize how firms are defining and documenting their fiduciary obligations, as well as the processes they have in place to identify, disclose, and mitigate conflicts of interest. Particular attention will be paid to firms' recommendations and advice to retail investors, to ensure they are receiving suitable and cost-effective solutions tailored to their individual needs and risk profiles.

Cybersecurity & Data Protection

Recognizing the growing threat of cyber incidents, the Division will also focus on registrants' cybersecurity measures and controls designed to protect investor information, records, and assets. Examinations will assess firms' policies, procedures, and practices for identifying and addressing cybersecurity risks, as well as their incident response and recovery plans.

The Division will also evaluate the effectiveness of registrants' data protection and privacy controls, including how they are managing and securing sensitive client data. Particular emphasis will be placed on firms' compliance with evolving data privacy regulations, such as the SEC's recent amendments to Regulation S-P.

Artificial Intelligence & Emerging Technologies

As the use of AI and other innovative technologies continues to transform the financial services industry, the Division will prioritize examining firms' deployment and oversight of these tools. Registrants can expect the Division to scrutinize their AI governance frameworks, model risk management practices, and controls around the ethical and responsible use of AI-driven products and services.

The Division will also assess firms' compliance with applicable regulations, such as the SEC's proposed rules on the use of AI and machine learning in investment advisory services. Examiners will evaluate whether registrants have appropriate safeguards in place to mitigate the risks associated with the increasing reliance on AI and other emerging technologies.

In addition to these key focus areas, the Division's 2025 priorities include continued oversight of core compliance areas, such as disclosures, conflicts of interest, and operational and business continuity controls. The Division will also closely monitor for any new and evolving risks that may emerge over the course of the year.

By publishing its examination priorities, the Division of Examinations aims to foster greater compliance and risk management across the financial services industry, ultimately promoting investor protection and the integrity of U.S. capital markets.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.