The US SEC has set out its 2026 Examination Priorities, and the message for regulated firms is clear: supervisors expect stronger, better documented controls across technology, data security, operational resilience and risk management.
According to Red Oak, against a backdrop of fast-moving markets and rapid digital adoption, the priorities document signals that firms can expect examiners to probe how they are upgrading systems, processes and governance to keep pace.
A particular focus for 2026 is the growing use of AI and automation across advisory, trading and back-office functions. SEC acting director of the division of examinations Keith Cassidy said, firms are operating in today’s “increasingly complex and changing financial and regulatory environment.” That complexity is amplified by advanced analytics, automated decisioning and third-party tools, and regulators now want evidence that firms can explain, supervise and, where needed, challenge the outputs of these systems.
Technology, cybersecurity and operational resilience sit at the heart of the priority list. Examiners are likely to ask firms to demonstrate how they would respond to cyber incidents, system outages or vendor failures, and how quickly they can restore critical services. Policies on their own will not be enough; regulators will expect to see ongoing monitoring, governance around incident response and clear documentation supporting key decisions.
Data protection and information security remain a core concern. Firms will need to show they are safeguarding customer information through robust access controls, encryption, monitoring and clear data governance frameworks. Examiners are also expected to test whether staff access to sensitive data is genuinely limited and whether privacy commitments align with what is happening in practice.
Conflicts of interest, fee practices and fiduciary obligations are again in the spotlight. The SEC is expected to continue reviewing how firms identify and manage conflicts across all business lines, how fee structures are disclosed, and whether recommendations are genuinely aligned to clients’ best interests. In parallel, marketing and communications oversight remains a significant theme, particularly where performance claims, ESG positioning or complex strategies feature in client-facing materials.
For firms rolling out emerging technologies, automation and AI tools, the bar is rising. Examiners will want to see robust pre-deployment testing, effective model governance and clear supervision frameworks, including how recommendations generated by AI are checked for consistency with regulatory obligations. Transparency will also be key, with regulators looking at how clearly firms explain the role of technology in their services and decision-making.
Trading practices and best execution will continue to be reviewed closely, especially where retail investors are involved or where complex or higher-risk products are distributed. Questions are likely around order routing decisions, execution quality, and how firms monitor and mitigate potential conflicts linked to trading venues or counterparties. For investment companies, governance and risk management will be scrutinised, with particular attention on complex strategies, liquidity management, board oversight and the clarity of risk and fee disclosures.
Anti-money laundering (AML) and wider financial crime controls also remain central to the SEC’s agenda. Examiners will be assessing whether firms’ AML programmes are genuinely risk-based and tailored, whether transaction monitoring captures relevant typologies, and whether reporting, documentation and ongoing review processes stand up to detailed inspection.
Keeping pace with these evolving expectations is becoming increasingly difficult for firms relying on manual tracking, email trails or scattered spreadsheets. Red Oak aims to address this challenge by helping firms streamline the creation and approval of marketing content, maintain audit-ready records and apply AI-driven review to marketing and disclosure materials. By centralising workflows around regulatory filings, policies, approvals and books and records, Red Oak enables compliance teams to standardise oversight, reduce operational risk and improve transparency across the organisation. For firms preparing for the 2026 exam cycle, investing in this kind of RegTech infrastructure can be a practical step towards demonstrating control, strengthening governance and operating with greater confidence in a demanding regulatory landscape.
Find more on RegTech Analyst.
Copyright © 2025 FinTech Global
