Tips for Updating Your Compliance Program in 2025

In addition to basic blocking and tackling, compliance officers often have the thankless job of performing the annual review of their compliance program required by Advisers Act Rule 206(4)-7.  As discussed in our blog post, Write the Best Annual Compliance Program Review Ever!, that review should consider changes to the Advisers Act and applicable regulations, legal proceedings and guidance from regulators, including risk alerts and interpretations.  To simplify the task of collecting all of this information, I’ve identified the top regulatory hot buttons to help advisory firms update their compliance programs for 2025. This is not an exhaustive list; instead, it is the highlight reel of SEC focus areas.

First, the rules. The most significant rule changes are the amendments to Regulation S-P that require firms to adopt incident response programs for cyber-breaches and amendments to Form PF for large equity fund advisers requiring additional disclosures about clawbacks, investment strategies and fund-level borrowings.

The SEC’s Division of Examinations (EXAMS) also issued six risk alerts in 2024.  Although all risk alerts are generally required reading for compliance officers, there are three that deserve the most attention:

• Registered Investment Companies: Review of Certain Core Areas and Associated Documents Requested,
• Initial Observations Regarding Advisers Act Marketing Rule Compliance, and
• Shortening the Securities Transaction Settlement Cycle.

Although the Risk Alerts are not law, they do provide useful information about EXAMS expectations and observations.  Chief Compliance Officers should also be aware of the latest SEC examination priorities. Although there are no significant changes from 2023, the priorities can help firms decide where to focus their compliance resources.  See our October and November 2024 Regulatory Roundup for more details.

Finally, we have included a few items that firms do not have to do, at least for the time being.  The Corporate Transparency Act, the Department of Labor’s (DOL) Retirement Security Rule and the SEC’s Dealer Rule (Exchange Act Rules 3a5-4 and 3a44-2) have been put on hold by judicial action, easing firms’ compliance burdens, at least temporarily.

Given this regulatory background, my top takeaways for investment advisers are:

Update your policies and procedures to comply with Regulation S-P amendments.

The SEC adopted extensive new requirements under Regulation S-P that will require broker-dealers, investment companies, registered investment advisers, and transfer agents to adopt incident response programs that include notifying customers of data breaches within 30 days. Larger entities (advisers with $1.5 billion or more in assets under management) must comply by December 3, 2025. Smaller entities must comply by June 3, 2026. Other big changes include an expanded definition of “customer information” to include information received from other financial institutions and more extensive recordkeeping requirements.  Check out our Regulatory Roundup for May 2024 for more details.

For private fund advisers, prepare to comply with Form PF’s additional reporting requirements.

The SEC adopted additional reporting requirements on Form PF, which will affect filings made in 2025. According to the SEC’s Fact Sheet, the most recent amendments will:

• • Require enhanced reporting by large hedge fund advisers about their qualifying hedge funds, including investment exposures, counterparty exposures, turnover, and liquidity, among other things;
  • Require enhanced reporting by hedge funds to provide greater details about the funds’ operations, counterparty exposures and investment strategies;
  • Change how advisers report complex fund structures (including master-feeder arrangements); and
  • Remove aggregate reporting for large hedge fund advisers.

Firms that manage private funds should update their policies, procedures and processes for completing Form PF to ensure they can meet these new disclosure obligations.

Beef up your Marketing Rule compliance process with better disclosures, maintaining required records, and preparing balanced presentations.

EXAMS issued a risk alert on its Initial Observations Regarding Advisers Act Marketing Rule Compliance (the “Risk Alert”), sharing examples of deficiencies, ranging from books and records violations to materially misleading advertisements.  (Check out our article: SEC Tells Advisers What Not to Do in Advertisements.) EXAMS noted that many advisers updated their policies and procedures to conform to the Marketing Rule, provided training for their staff, and established a review process for advertisements. The Staff noted, however, that some advisers failed to address some of the rule’s more detailed requirements, such as the requirements for testimonials, endorsements and third-party ratings. Compliance officers should consider using an approval log to track approved marketing material and any specific considerations under the Marketing Rule that are present in the material.

Confirm whether your firm can meet the recordkeeping rules for T+1.

The SEC’s Division of Examinations (EXAMS) issued a risk alert titled Shortening the Securities Transaction Settlement Cycle, highlighting the fact that the amendments under the Securities Exchange Act of 1934 (the “Exchange Act”) shortened the settlement cycle for most broker-dealer transactions from T+2 to T+1 on May 28, 2024. Significantly, EXAMS included a sample list of requests for information EXAMS may use to assess a firm’s readiness. Under Advisers Act Recordkeeping Rule (Rule 204-2), advisers must maintain “each confirmation received, and any allocation and each affirmation sent or received, with a date and time stamp for each allocation and affirmation that indicates when the allocation and affirmation was sent or received” for orders subject to Exchange Act Rule 15c6-2(a). Copies can be retained electronically.  For more details, review the Risk Alert and review our Compliance Roundup for April 5, 2024.

Review and update your anti-money laundering policies and procedures to comply with FinCEN’s AML Rule.

The U.S. Treasury Department’s Financial Crimes Enforcement Network (“FinCEN”) has finally imposed an anti-money-laundering rule (“the AML Rule) on SEC-registered and exempt reporting investment advisers (ERAs). The AML Rule becomes effective on January 1, 2026. Firms that already maintain an AML program will need to update their processes to include filing Suspicious Activity Reports (SARs) and Currency Transaction Reports (CTRs), responding to FinCEN requests for information about specific investors or clients, conducting independent testing, and keeping records regarding transmittals of funds. See our September 2024 Regulatory Roundup for more details.

Mutual fund advisers, step up your compliance game.

EXAMS issued a Risk Alert discussing the most often-cited deficiencies and weaknesses it observed during fund examinations over the years. Advisers should review this risk alert and consider whether their compliance programs adequately address the gaps noted.  The alert also included an attachment describing the “types of initial information, including documents, that staff may request and review during a typical fund examination.” Firms should be prepared to produce these records.

In addition to these compliance requirements, advisers can place a few compliance obligations on the back burner.

Retail advisers can put compliance with the Department of Labor’s Retirement Security Rule and the amendments to PTE 2020-02 and PTE 84-24 on hold for now.

The Department of Labor’s (DOL) Retirement Security Rule and the amendments to two prohibited transaction exemptions, PTE 2020-02and PTE 84-24, have been paused by court action. The rule and the amendments were meant to impose fiduciary obligations on financial advisers who give advice to retirement investors and were scheduled to take effect on September 23, 2024. (See our blog post, What Advisers Need to Know Now About Giving Rollover Advice After September 23, 2024, for details.)  Industry groups brought two cases challenging the Retirement Security Rule, one in federal court for the Eastern District of Texas, Federation of Americans for Consumer Choice Inc. v. DOL, and another in the Northern District of Texas,  Council of Life Insurers v. DOL.  Both Courts granted stays blocking the implementation of the rule and amendments based on a determination that the plaintiffs would likely win their cases on their merits. The DOL filed notices of appeal in both cases, but it is anyone’s guess when a definitive outcome will be reached. However, given that advisers have fiduciary obligations under the SEC’s Interpretation Regarding Standard of Conduct for Investment Advisers, it is still prudent for firms to continue following the policies and procedures developed to comply with PTE 2020-02.

Hedge fund managers can continue to rely on the traditional “trader” exemption.

In February 2024, the SEC adopted Exchange Act Rules 3a5-4 and 3a44-2 (the “Dealer Rule”) that expanded the definition of “dealers” and “government securities dealers” required to register as broker-dealers and become FINRA members. The compliance date for the Dealer Rule was scheduled for April 29, 2025.  No exemption was provided for registered investment advisers or private funds.

By way of background, Section 3(a)(5) of the Exchange Act excluded traders from the definition of “dealer” unless trading was “part of a regular business.” The Dealer Rule states that a person will be deemed to be engaged in dealer activity “as part of a regular business” if it “engages in a regular pattern of buying and selling securities that has the effect of providing liquidity to other market participants.”

The Dealer Rule is a problem for hedge fund advisers because it severely narrows the “trader” exemption they rely on to avoid registration as broker-dealers. Under the new rule, market participants with active large-scale trading operations, including hedge funds, would be considered “dealers” and face the regulatory burden of broker-dealer registration and application for FINRA membership.

To avoid this result, several private fund trade groups (National Association of Private Fund Managers, the Alternative Investment Management Association and the Managed Funds Association) challenged the Dealer Rule in the U.S. District Court for the Northern District of Texas and won. The District Court held that the SEC had exceeded its statutory authority in adopting the Dealer Rule and vacated it in full.

Unregistered private fund advisers can hold off compliance with the Corporate Transparency Act (“CTA”), and its Beneficial Ownership Information Reporting Rule (“BOI Rule”) for now.

Although SEC-registered investment advisers are exempt from the beneficial ownership reporting requirements of the CTA, certain unregistered funds and funds managed by state-registered or unregistered advisers may be in scope. On December 3, 2024, the U.S. District Court for the Eastern District of Texas issued a nationwide preliminary injunction preventing the CTA and BOI reporting rule from being enforced.  This means that companies required to submit BOI reports to the Financial Crimes Enforcement Network (FinCEN) can hold off for now. Firms should continue monitoring this injunction’s status on the FinCEN website.

Good luck with your compliance efforts in 2025, and Happy Holidays from SEC3!

Photo by Natalie Kinnear on Unsplash