SEC3 Year End Take-Aways
SEC³ Compliance
December 22, 2025
As we close out 2025, we extend our warmest wishes to you and your families for a joyful holiday season filled with peace and happiness.
This year has brought significant regulatory changes, operational hurdles, and valuable lessons to the adviser community. To our clients, we are grateful for the trust you’ve placed in us to support your efforts and bolster the processes that safeguard both your firms and your clients. Thank you for letting us be part of your journey in 2025—we look forward to continuing our partnership in 2026, equipping you with clear, confident, and practical guidance to navigate the evolving regulatory landscape.
Here’s a quick snapshot of some key takeaways from the year:
- Marketing– All public statements—including informal posts—should be treated as advertising. Consistent review prior to use remains essential.
- Endorsements, testimonials and third-party ratings: It was looking like the Commission was not going to issue a Risk Alert in 2025, but on December 16th, an important marketing rule Risk Alert was issued, which highlights frequent deficiencies in advisers’ use of testimonials, endorsements, and third-party ratings, particularly failures to provide clear and prominent disclosures, adequately disclose compensation and conflicts, conduct required due diligence, and maintain effective oversight and compliance procedures.
- Marketing risk remains elevated: LinkedIn activity, podcasts, and media appearances continue to create exposure when advisers misunderstand what the Marketing Rule permits.
- Hypothetical and model performance: Back-tested or illustrative results quickly become advertisements when shared externally; regulators expect clear, documented internal policies governing their use.
- Strategic compliance budgeting: Firms that invested early in the right controls, disclosures, and external support avoided significantly more costly remediation later.
- E&O insurance optimization: We assisted several clients to reduce premiums and improve coverage through structured policy reviews and tighter alignment with actual risk profiles.
- Fee billing accuracy: Quarterly testing continues to uncover discrepancies; regulators increasingly expect documented verification procedures.
- Custody surprises: Fee deductions, SLOAs, and operational shortcuts still trigger inadvertent custody; clearer internal authority and controls help prevent violations.
- Vendor oversight: Heavy reliance on third-party systems requires documented due diligence and periodic review.
- Cybersecurity preparedness: Phishing attempts increased materially; regulators expect written incident-response documentation even when no client harm occurs.
- ESG and mission-aligned claims: Disclosures must match actual practices; substantiation remains a core examination focus.
- Personal trading oversight: Most issues stem from late reporting or undisclosed outside accounts; centralized monitoring materially reduces risk.
- Best execution: Firms often perform the analysis but fail to document it; quarterly written reviews are expected.
- Business continuity planning: Real-world outages exposed gaps; updating and testing BCPs is increasingly critical.
- Recordkeeping weaknesses: You need to be able to document your testing and prove it during an exam. This continues to create problems for some managers.
- ADV consistency: Advisers continue to change operations without updating Form ADV; alignment among disclosures, actual practices, and websites remains a fundamental regulatory expectation.
- AUM calculation accuracy: Firms benefited from reviewing treatment of UMAs, non-fee assets, and complex holdings in AUM reporting.
- Regulation S-P amendments: Many RIAs underestimate the operational impact—the most significant privacy changes in 15+ years—particularly 30-day incident notification timelines and enhanced vendor oversight obligations.
- AI-related compliance: SEC staff increasingly reference forthcoming guidance on AI hygiene, including disclosure, back-testing, auditability, and avoiding “AI-washing” in marketing. Firms should assess whether supervised persons are using AI and how this is addressed in policies and procedures.
- Off-channel communications: Following more than $1B in enforcement fines, the SEC is now scrutinizing metadata, shared devices, and password-protected messaging platforms. Policies must clearly define what constitutes required business records—not merely prohibit off-channel communications.
-
As we enter 2026, we remain focused on helping you reduce operational friction so you can concentrate on strategic growth.
Happy Holidays. Thank you for your partnership.
The SEC3 TeamNeed assistance with your compliance program? SEC’s team of experienced compliance professionals can help. For more information, please email us at info@sec3compliance.com, call (212) 706-4029 x 214, or visit our website at www.sec3compliance.com.
SEC3 provides links to other publicly available legal and compliance websites for your convenience. These links have been selected because we believe they provide valuable information and guidance. The information in this e-newsletter is for general guidance only. It does not constitute the provision of legal advice, tax advice, accounting services, or professional consulting of any kind
Photo by tommao wang on Unsplash
For over two decades, we have been providing compliance consulting services and servicing as outsourced Chief Compliance Officers. Our professionals have served as SEC regulators and in senior leadership, guiding the industry’s principal compliance association. Our consultants also have hands-on industry experience as chief compliance officers, experienced securities attorneys and senior management of investment advisers, broker-dealers and fund administrators.
What can SEC3 do for you?
SEC3 offers an extensive suite of customizable compliance services for investment advisers, private fund advisers, CPOs, CTAs, investment companies, institutional investors and broker-dealers which can complement your internal compliance program on a one-time or recurring basis depending on your needs.
Call us today at (212) 706-4029 x 229, or shoot us an email at info@SEC3compliance.com so we can set up a time for one of our consultants to discuss your needs and how we can help.