There has been a lot of conjecture that the SEC may become friendlier to registrants because of the new administration. Given the SEC’s mandate to protect the investing public, however, we do not expect SEC examiners to become more lenient on private equity and hedge fund managers. Instead, we anticipate SEC staff becoming less focused on “rulemaking through enforcement” and (hopefully) imposing more moderate sanctions than those under Chair Gensler. SEC examiners now, more than ever, feel the pressure to show their value.

Although SEC examination experiences vary widely depending on the examination staff, regional office priorities and findings during the exam process, we see the private funds unit involved more often than not.  We have been observing the following trends in private equity and hedge fund manager examinations.

1. SEC Examination Priorities will not change just because we have a new SEC Commissioner and President.

The SEC’s Division of Enforcement released its 2025 Examination Priorities last year and included a focus on advisers to private funds. EXAMS stated that it will be analyzing (1) the adequacy of conflict of interest disclosures, (2) the fairness in calculating and allocating fees and expenses, and (3) compliance with new SEC rules and amendments.  Private equity and hedge fund managers should expect continued scrutiny of:

1. Fees and expenses
2. Allocation of expenses
3. Valuation and calculation of fees
4. Disclosure of financial conflicts (loans, investments, advisers-led investments)
5. Relationships with Third Parties (conflicts of interest)

As discussed in our blog post, Latest SEC Document Request Lists: What Private Fund Managers Should be Worrying About, SEC examiners will continue to delve deeply into disclosures provided by fund managers and compare them to actual practices.  The SEC expects transparency from fund managers to their investors.  The SEC has brought enforcement actions due to vague fees and expenses and inadequate disclosure of conflicts. The Commission has also brought enforcement actions against advisers who did not put policies and procedures in place to ensure accurate calculation of fees and expenses pursuant to the limited partnership agreements (LPAs) terms, resulting in excess fees charged to investors. Advisers should ensure they provide adequate and explicit disclosures to their investors and be familiar with the specific fees and expense provisions in fund LPAs. For example, have you disclosed to investors whether related parties of the firm investing and paying alongside clients receive any fee waivers not offered to others?  Additionally, for private credit funds, consider whether investors have been given adequate disclosure about the fund’s payment of fees for loan servicing software, marketing, interest and other loan borrowing charges, loan origination or sale / transaction fees, and monitoring fees. Consider whether any affiliated parties are compensated by the adviser for any services provided to the funds and whether those payments are disclosed to investors.

In addition to providing explicit disclosures, fund managers should also implement robust policies and procedures for expense allocation and ongoing reviews.  The examinations staff will be looking at the allocations with a fine tooth comb, so make sure you have reviewed them before they arrive.  

2. Custody Considerations: Don’t be naïve.

Custody is not always black and white. For example, if loan proceeds are deposited into an account where the adviser has control or signing authority, the adviser will be deemed to have custody. Moreover, the SEC will also enforce Custody Rule (Advisers Act Rule 206(4)-2) obligations on advisers that manage investment vehicles that do not pay management fees or carry (e.g., employee funds). Liquidation vehicles may also be subject to the Custody Rule when the fund manager (or an affiliate) continues to manage the vehicle. And fund-of-funds managers should be aware that the SEC is unlikely to let them off the hook because the underlying fund managers failed to provide information to complete the fund-of-funds audit in a timely manner. (Check out this case.)

Following the Custody Rule’s basic requirements is also essential for private fund managers. The SEC routinely brings custody rule enforcement actions, generally involving the failure of a fund manager to undertake an annual or surprise audit of private funds and then further failing to deliver the audited financials to investors within the required time frame.

Custody is a big area of risk for private and hedge fund advisers. Private fund managers should understand their obligations, adopt policies and procedures to comply, and then confirm that their responsibilities have been fulfilled. Examiners will and you should too.    

3. Exam Staff are scrutinizing the effectiveness of testing.

Examiners are taking a greater interest in the efficacy of testing. Recent SEC settlements bear this out. For example, we highlighted a case (December 2024 Regulatory Roundup)  where a large investment adviser/broker-dealer (the “Adviser”) was fined $15 million by the SEC for failing to prevent its financial advisers from using two forms of unauthorized third-party disbursements, Automated Clearing House (ACH) payments and certain patterns of cash wire transfers, to misappropriate funds from advisory client and brokerage customer accounts. Although the Adviser used software to detect unauthorized transfers, the firm failed to conduct “any testing of the software system’s performance” in monitoring this type of activity. Ultimately, the firm had to pay a $15 million civil penalty for its ineffective testing process.

Firms need to regularly test whether the controls they have implemented are effective. As discussed in our blog post, “How Much Testing is Enough?“, the firm should routinely conduct forensic testing to confirm that compliance policies and procedures are working as expected. For example, if a test consistently shows no issues with a specific procedure, the adviser should wonder if the test has been designed properly. After all, no one is perfect.    

4. Dot all of your “I”s and cross your “T”s.

We have also seen EXAMS staff go into the weeds by citing firms for failing to address certain Advisers Act rules, even though they may not apply. For example, in December 2022, EXAMS issued a risk alert on Observations from Broker-Dealer and Investment Adviser Compliance Examinations Related to Prevention of Identity Theft under Regulation S-ID. 

Regulation S-ID, also known as the “Identity Theft Red Flag Rule,” aims to protect investors from theft, loss, and abuse of their personal information. It requires financial institutions to implement and administer a written program designed to detect, prevent, and mitigate identity theft for customers with “covered accounts.” Covered accounts are defined as: 

1. An account that a financial institution or creditor offers or maintains, primarily for personal, family, or household purposes, that involves or is designed to permit multiple payments or transactions; or 
2. Any other account that poses a reasonably foreseeable risk to customers of identity theft.

Although many private equity and hedge fund managers do not offer “covered accounts,” the Regulation still requires them to periodically determine whether they offer such accounts. To make this determination, firms must consider their methods for opening accounts, how accounts are accessed, and their experiences with identity theft. 

We recommend creating a Regulation S-ID policy that requires the firm to review annually whether it offers, or intends to offer, “covered accounts”. The policy could require a governing body to perform this review and provide a written record of its determination to the Chief Compliance Officer as part of the annual review process required under Advisers Act Rule 206(4)-7.

5. Carefully select essential vendors.

We are seeing an increased interest by SEC staff in vendor oversight, consistent with EXAMS 2025 Examination Priorities.  Examiners expect to see due diligence reviews performed for third-party vendors, focusing on cybersecurity controls, Regulation S-P safeguarding protections, risk management and fulfillment of contractual obligations. Therefore, advisers should be able to produce documentation of the oversight process, including the initial due diligence performed.  Additionally, the Staff expects advisers to monitor vendor performance on an ongoing basis. Again, advisers should have documentation of periodic reviews. Finally, advisers are also expected to have policies and procedures covering the due diligence process and ongoing monitoring of vendors. 

We have seen SEC examiners cite deficiencies under Advisers Act Rule 206(4)-7 when advisers fail to comply with their own policies and procedures, even if the processes described are not required by the Advisers Act (see this case as an example). We recommend that advisers take care when drafting their policies and procedures on vendor oversight for this reason. Advisers should distinguish between vendors that perform certain critical functions (e.g., portfolio management, trading, record-keeping), and those that provide more mundane administrative, utility and general office functions in their vendor oversight procedures. The SEC recognized these differences in the proposing release for Advisers Act Rule 206(4)-11 (“Outsourcing by Investment Advisers”). Firms should reserve more rigorous due diligence processes for the more critical vendors.

6. Expect scrutiny of MNPI policies and procedures.

The SEC remains focused, as always, on the potential misuse of material non-public information and understands that private equity and venture capital advisers, in particular, can be vulnerable. Private fund managers may routinely engage expert network firms and are increasingly involved with portfolio companies, including acting as members of their boards. They may also talk to public companies about possible mergers and acquisitions with their portfolio companies.

Private fund managers should review how MNPI can flow into their firms, such as discussions with public company executives, through the use of expert networks, or as part of a transaction, and ensure that appropriate restricted list procedures have been implemented. They should also address how to wall off MNPI upon receipt and monitor the activities of individuals and firms who have access to it to mitigate the risk of misuse.  For example, when using an expert network, the fund manager should properly vet the expert network to determine that it has adequate controls to prevent the experts from sharing MNPI.  Having compliance or legal personnel (or AI-tools) chaperone interactions with an expert is another potential control, although this may be overkill. At a minimum, firms should consider obtaining relevant details about this conversation, such as the topic and purpose of the discussion and any companies discussed, from the employees or the expert network itself.

Similarly, when private fund employees talk to executives or other insiders at public companies, firms should establish controls, such as requiring a log of all such interactions, including the date, participants, and substantive topics discussed. A more conservative approach would include requiring a chaperone from compliance or the legal department.  

In addition to policies and procedures to prevent the misuse of MNPI, firms should also take practical steps such as periodic email reviews to detect improper sharing of MNPI by employees and non-employees.  It’s also good practice to review the robustness of MNPI controls used by deal advisers such as law firms and mergers and acquisition advisers to mitigate the misuse of MNPI their employees might obtain during a transaction. Firms should also consider limiting access to data rooms and periodically reviewing access rights to ensure only those who “need to know” have access.  

Finally, it is critical that compliance personnel maintain an accurate and current restricted list, which identifies the securities that may not be traded in client, employee or proprietary accounts without compliance approval, in the event that a fund manager’s personnel is in possession of MNPI.     

7. Stay vigilant on Marketing Rule compliance.  

EXAMS issued a risk alert on its Initial Observations Regarding Advisers Act Marketing Rule Compliance (the “Risk Alert”), sharing examples of deficiencies, ranging from books and records violations to materially misleading advertisements.  (Check out our article: SEC Tells Advisers What Not to Do in Advertisements.) EXAMS noted that many advisers updated their policies and procedures to conform to the Marketing Rule, provided training for their staff, and established a review process for advertisements.

The key areas that should be addressed in an adviser’s marketing policies and procedures include:  

• Controls around production and distribution of marketing materials, including requirements related to presenting performance
• Review and approval process for marketing materials
• Process for distribution and tracking of marketing materials (e.g., via a CRM tool, investor portal, or a marketing log that is updated periodically/in real time)
• Retention of records to substantiate material facts in marketing materials (including those prepared by third parties such as portfolio companies)
• Ongoing training for appropriate staff. Some advisers don’t realize that projected returns are hypothetical and this triggers additional steps and disclosures.

EXAMS staff is especially sensitive about misleading language (e.g., “fluff” language) in marketing materials and on websites, social media accounts, inaccurate disclosure of third-party awards, and use of case studies (including cherry-picking) in contravention of the Marketing Rule’s requirements. 

8.  Up your game on electronic messaging record retention.

 The SEC continues to focus on the widespread usage of and failure to archive text messages and communications on unapproved channels to conduct business at broker-dealers and investment advisers. Although we expect that the SEC’s focus on these cases will subside going forward, it is too early to say whether the Staff will drop these types of cases completely.  On a brighter note, the SEC recently issued a settlement order against a broker-dealer where no penalties were imposed despite its failure to comply with record-keeping rules.  

As discussed in our Regulatory Roundup for January 2025, the broker-dealer in this case conducted an internal investigation and self-reported its findings to the SEC. The firm also installed an application on all employee devices to keep messaging on-channel and increased how often it trained employees on its communications policy and procedures. The firm also “implemented a process for employees to easily onboard and preserve any off-channel communications that had already taken place.”

The broker-dealer understood that its employees were going to use personal devices to communicate with colleagues and clients and made it easier for them to comply with their regulatory record-keeping requirements.  The firm also provided additional training and support and an easy way to preserve off-channel communications that might have inadvertently occurred. 

Based on this and other recent cases, it is clear that simply asking employees to certify that they are not using off-channel communication methods on a quarterly basis is no longer going to satisfy the SEC.  Therefore, advisers should dig deeper to find solutions to make it easier for employees to use their own devices for work while also ensuring that regulatory expectations are being met.

9.  Be Ready for New AML Obligations.

The SEC expects advisers to comply with new regulations as soon as they are effective, as we’ve seen with the Marketing Rule and the rules shortening the securities transaction settlement cycle (T+1).  We anticipate the SEC will be just as aggressive once the new Anti-Money Laundering Rule (the AML Rule) goes into effect on January 1, 2026. 

Under the AML Rule, most private fund advisers AML Rule must establish policies and procedures to prevent money laundering and terrorism financing. They will also be required to report suspicious activity to FinCEN and to provide training of appropriate personnel. See our September 2024 Regulatory Roundup for more details on the requirements.

Advisers to private funds also have some obligation to investigate their underlying investors. As noted in the AML Rule’s Final Release, “FinCEN expects an investment adviser that is the primary adviser to a private fund or other unregistered pooled investment vehicle to make a risk-based assessment of the money laundering, terrorist financing, and illicit finance activity risks presented by the investors in such investment vehicles by considering the same types of relevant factors, as appropriate, as the adviser would consider for customers for whom the adviser manages assets directly.” 

Although firms have until 2026 to prepare, complying with this new rule will require substantial time and money. We recommend that firms review the AML Rule and develop a road map for compliance.

10. Update Your Regulation S-P policies and procedures.

The SEC adopted extensive new requirements under Regulation S-P that will require broker-dealers, investment companies, registered investment advisers, and transfer agents to adopt incident response programs that include notifying customers of data breaches within 30 days. The deadline for compliance for registered investment advisers with $1.5 billion in assets under management is December 3, 2025.  Smaller firms have until June 3, 2026, to comply. Other big changes include an expanded definition of “customer information” to include information received from other financial institutions and more extensive recordkeeping requirements. For details about how to comply with the Regulation S-P Amendments, check out our Regulatory Roundup for May 2024.  

The Final Release affirms that Regulation S-P does not apply to private investment funds. However, the new definition of “customer information” in the amendments captures information about natural person limited partners that a private fund “provides” to its investment adviser, thereby subjecting private fund managers to the safeguards and disposal rules, including the customer notification requirements.

In any event, registered investment advisers should review and update their policies and procedures to meet the new requirements before the applicable deadline.

Advisers that think exams will be easy with the new administration may be naïve.  Yes, we agree new rulemaking will slow down and government staffing may get leaner over the next few years, but the new administration is not stopping exams. The exam staff now just has an ax to grind proving their value and exams may even get tougher.

Photo by Drew Beamer on Unsplash

Need assistance with your compliance program? SEC’s team of experienced compliance professionals can help. For more information, please email us at info@sec3ccompliance.com, call (212) 706-4029 x 229, or visit our website at www.sec3compliance.com.