Recap of SEC Focus Areas & Client Action items

Due to the government shutdown, this year has been an anomaly in the regulatory environment and the finance and securities sector in general.

Artificial intelligence (AI) remains top of mind as more firms integrate these technology tools into their day-to-day operations. However, regulators have not provided clear guidelines as to their expectations.

Taking into account key considerations from the 2025 Exam Priorities list and this year’s enforcement actions, here are JLG’s priorities for our client firms to consider going into year-end.

Core Current SEC Trends

• 2025 examination and enforcement trends indicate that the SEC is refocusing on major violations rather than technical lapses. Focus areas include fraud, insider trading, accounting, and disclosure issues.[1]
• The SEC has stated that accountability will continue to be placed primarily on individuals instead of the firms. We foresee more cases targeting executives, officers and advisers instead of firms.[2]
• There is greater focus on cases that harm investors, especially vulnerable investors such as seniors.

Key Themes Shaping 2026

We believe that the SEC’s focus in 2026 will continue to be primarily on the following:

• Cybersecurity, especially in the extensive integration of emerging technologies such as AI, and alternative currencies such as Crypto assets[3]
• Operational Resiliency including vendor oversight, data protection and incidence response.
• Fiduciary duty, especially conflicts of interest, must be identified, removed, or disclosed properly
• Client disclosures matching the firm’s actual practices
• Firm’s compliance programs identifying and addressing high risk practice areas

Action Steps for Areas Requiring the Greatest Attention: AI, Cybersecurity and Privacy Safeguards

The guidance provided by the SEC for AI is similar to those for cybersecurity and Regulation SP (Reg S-P). This means that firms should apply the same level of oversight, and documentation to AI governance as they do to protecting client data and maintaining strong cyber defenses, especially since AI use creates new and sophisticated tech vulnerabilities to cyber-attacks.

The following action steps outline practical measures firms can take to strengthen controls, ensure compliance, and mitigate risks across AI, cybersecurity, and privacy safeguards.

• Use a disciplined framework to identify how AI is being used in your firm
• Determine permissible applications and personnel responsible for (and permitted to) carrying out the work.
• Conduct vendor due diligence on the AI tool, prioritizing cyber controls and privacy especially areas of vulnerability that can expose clients’ Personal Identifiable Information (PII)
• Disclose how you are using AI but don’t overstate it. The SEC has acted against RIAs for the practice of AI Washing – the exaggeration or misrepresentation of a business’ use of AI in its operations or service offerings.
• Provide regular training on AI use and internal controls for firm members.
• Clearly demonstrate the controls put in place to manage AI tools, including establishing clear and actionable Policies and Procedures on how AI will be supervised and governed.
• Review regulatory requirements for maintaining business books and records, making sure that protocols are in place to meet retention obligations.

Jacko Law Group is working with clients to ensure they are compliant ready for 2026, including development of AI governance policies. If you need assistance with developing or strengthening your compliance program, please contact us at 619.298.2880 or email [email protected].

[1] SEC.gov | SEC Announces Record Enforcement Actions Brought in First Quarter of Fiscal Year 2025

[2] https://www.reuters.com/world/us/sec-focus-traditional-cases-under-new-leadership-acting-director-says-2025-03-24.

[3] OCIE Cybersecurity and Resiliency Observations.pdf.