Publication
SEC Division of Examinations Priorities for 2025: Examinations Will Prioritize New Rules for Form PF and Regulation S-P, Fiduciary Duties, Compliance Programs, Cybersecurity, Crypto Assets, and Artificial Intelligence
By Dominic M. Hulse and Mark P. Stern
On October 21, 2024, the Division of Examinations (the “Division”) of the U.S. Securities and Exchange Commission (the “SEC”) issued its annual examination priorities for fiscal year 2025.1 As with its 2024 examination priorities, the Division’s 2025 examination priorities neither identify individual focus areas nor highlight environmental, social, and governance (“ESG”) investing as a focus. Despite this, the Division has cautioned that its priorities are not exhaustive and that when conducting examinations, Division staff will analyze risk factors applicable to individual entities.2
This alert provides a summary of the Division’s priorities for 2025 with particular focus on those items that affect private funds. In 2025, the Division’s focus will include: (i) new rules regarding Form PF and Regulation S-P; (ii) fiduciary duties and compliance programs of registered investment advisers (“RIAs”) and registered investment companies (“RICs”); (iii) cybersecurity; (iv) crypto assets; and (v) emerging financial technologies such as artificial intelligence (“AI”). This year’s examination priorities focus on risk areas that the SEC believes to pose heightened risks to investors or U.S. capital markets.
New Form PF and Regulation S-P Rules
This year’s examination priorities reflect the Division’s focus on investor protection through new SEC rules affecting Form PF and Regulation S-P, each under the Investment Advisers Act of 1940 (the “Advisers Act”). In both areas, the Division will monitor compliance with rule amendments made in 2024 requiring certain market participants to update reporting mechanisms or written policies and procedures.
Beginning March 12, 2025, RIAs to private funds will be required to provide new types of information in Form PF.3 Form PF filers will need to provide, among other items: (i) quarterly event reports for adviser-led secondary transactions, the removal of a fund’s general partner, and an investor election to terminate a fund or an investment period; (ii) for large hedge fund advisers, reports detailing certain adverse events within 72 hours; and (iii) for large private equity fund advisers, a new section of Form PF detailing certain adverse events.
As part of its priorities, the Division will assess whether RIAs have established adequate written policies and procedures for amendments to Form PF, rules governing RIA marketing, and other applicable SEC rules. Furthermore, the Division will look to determine not only the existence of such policies and procedures, but whether RIAs actually conform to those policies and procedures.
Beginning in 2025, amendments to Regulation S-P require certain market participants to adopt written policies and procedures for incident response programs addressing unauthorized access to customer information.4 Covered institutions must: (i) adopt written policies and procedures that establish an incident response program; (ii) notify affected customers of data breaches; and (iii) maintain records related to data breaches. For these amendments to Regulation S-P, the SEC has provided tiered compliance periods with an expected compliance date of December 2025 for larger entities and June 2026 for smaller entities.5
This year’s examination priorities provide that when assessing compliance with Regulation S-P, the Division will conduct a broad review into a registrant’s policies and procedures, internal controls, oversight of third-party vendors, and governance practices. In examinations leading up to the compliance dates of Regulation S-P amendments, the Division will engage registrants regarding their progress in establishing incident response programs.
Fiduciary Duties and Compliance Programs
For both RIAs and RICs, the Division will focus on registrants’ adherence to fiduciary standards of conduct as well as the effectiveness of compliance programs.
This year’s examination priorities emphasize the Division’s focus on a fiduciary’s duty of care and duty of loyalty to its clients. To ensure that registrants place their clients’ best interest first, examinations of RIAs will particularly focus on recommendations regarding: (i) high-cost products; (ii) unconventional instruments; (iii) illiquid and difficult-to-value assets; and (iv) assets sensitive to higher interest rates or changing market conditions such as commercial real estate. As it has done in the past, the Division will prioritize examinations of RIAs that have never been examined, newly registered RIAs, and RIAs that have not been recently examined.
As required by Rule 206(4)-7 of the Advisers Act (the “Compliance Rule”), the Division will also evaluate registrants’ compliance policies and procedures, personnel assigned to ensure compliance with the Advisers Act, and whether policies and procedures are reviewed annually. RIAs should also be prepared to demonstrate their monitoring of and compliance with the Department of Treasury’s Office of Foreign Assets Control sanctions.6 As the Division considers the review of compliance programs to be critical, RIAs should prepare to provide a detailed overview of how compliance programs are reviewed prior to an examination. Examinations of compliance programs will be tailored to individual RIAs’ practices or products, such as investments in asset classes associated with emerging risks. Accordingly, compliance programs cannot be “one size fits all,” but must instead be tailored to a specific RIA.
When examining RICs, the Division will particularly focus on: (i) fund fees and expenses; (ii) oversight of service providers; (iii) the consistency of portfolio management practices and disclosures; and (iv) issues associated with market volatility. Examinations will also include a detailed review of RICs’ anti-money laundering programs under the Bank Secrecy Act.
The Division has identified RICs exposed to commercial real estate as part of the Division’s developing areas of interest, and as with RIAs, examinations will focus on a RIC’s commercial real estate exposure. Also consistent with its treatment of RIAs, the Division will prioritize examinations for RICs that have never been examined, newly registered RICs, and RICs that have not been recently examined.
Cybersecurity
The Division has identified cybersecurity as an elevated risk area due to current geopolitical and economic conditions. Examinations will assess how registrants manage information security and operational risks with a particular focus on: (i) policies and procedures; (ii) governance; (iii) data loss prevention; (iv) access controls and account management; and (v) responses to cyber related incidents.
Examinations into cybersecurity risks will include assessments of compliance with Regulation S-P discussed above and will also evaluate how alternative trading systems protect confidential trading information. Examinations will further focus particularly on third-party products and services, with an emphasis on information technology (“IT”) resources used without an IT department’s knowledge, approval, or oversight.
Crypto Assets
This year’s examination priorities reflect the Division’s concern over volatility in crypto asset markets. Examinations will review activities related to crypto assets being offered and sold as securities or related products, with a particular focus on client understanding of crypto assets. Examinations will also focus on whether registrants conduct routine reviews and enhancements of compliance programs. Examinations will further evaluate the technological risks associated with the security of crypto assets.
AI
Lastly, the 2025 examination priorities focus on registrants’ use of AI alongside other emerging financial technologies such as automated investment tools and trading algorithms. With respect to AI and other emerging technologies, the Division will assess the adequacy of disclosures, evaluating whether representations about AI capabilities are fair and accurate. The Division will also prioritize ensuring that registrants using AI provide services to clients consistent with clients’ investment profiles or strategies.
Registrants using AI should ensure that written policies and procedures are in place to prevent the illegal use of AI resulting, for example, in fraud or money laundering. Furthermore, as the above discussion of Regulation S-P illustrates the Division’s concern over client data, written policies and procedures should address controls to prevent the loss or misuse of client records and information.
Footnotes
2025 SEC Division of Enforcement Examination Priorities. Available here.
SEC Division of Examinations Announces 2025 Priorities. Available here.
SEC, Form PF; Reporting Requirements for All Filers and Large Hedge Fund Advisers, Advisers Act Rel. No. 6546 (Feb. 8, 2024). Available here.
SEC, Regulation S-P; Privacy of Consumer Financial Information and Safeguarding Customer Information, Advisers Act Rel. No. 6604 (May 16, 2024). Available here. Affected market participants, or “covered institutions,” include RIAs, RICs, broker-dealers, funding portals, and transfer agents registered with the SEC or other regulatory agency.
The following entities are considered to be “larger” and subject to the expected compliance date of December 2025: (i) RICs with net assets of $1 billion or more as of the end of the most recent fiscal year; (ii) RIAs with $1.5 billion or more in assets under management; and (iii) broker-dealers and transfer agents that are not small entities under the Securities Exchange Act for purposes of the Regulatory Flexibility Act.
Current high-profile sanctions involve Russia, Iran, North Korea, Cuba, and Venezuela. A full list of current sanctions is available here.
About Snell & Wilmer
Founded in 1938, Snell & Wilmer is a full-service business law firm with more than 500 attorneys practicing in 16 locations throughout the United States and in Mexico, including Los Angeles, Orange County and San Diego, California; Phoenix and Tucson, Arizona; Denver, Colorado; Washington, D.C.; Boise, Idaho; Las Vegas and Reno, Nevada; Albuquerque, New Mexico; Portland, Oregon; Dallas, Texas; Salt Lake City, Utah; Seattle, Washington; and Los Cabos, Mexico. The firm represents clients ranging from large, publicly traded corporations to small businesses, individuals and entrepreneurs. For more information, visit swlaw.com.
