The SEC’s Division of Examinations has released its Fiscal Year 2026 Examination Priorities, a comprehensive document addressing investment advisors, broker/dealers and numerous other market participants across the financial services industry.
The priorities address many areas, but for firms managing communications compliance and technology infrastructure, three themes emerge—two clearly stated, and one revealed by a notable absence.
The document explicitly addresses AI supervision and compliance program effectiveness across multiple sections. However, it’s what the priorities don’t say about recordkeeping that proves most instructive. While requirements appear throughout, the absence of any channel-specific language reinforces that these obligations remain foundational, comprehensive and channel-agnostic.
AI Supervision and Explainable AI
Section VII.B of the priorities directly addresses AI technologies in the financial services sector. The SEC will examine “whether firms have implemented adequate policies and procedures to monitor and/or supervise their use of AI technologies.” This isn’t simply about whether firms are using AI—it’s about demonstrating governance and oversight.
The division will also “review for accuracy registrant representations regarding their AI capabilities,” meaning firms must be prepared to substantiate any claims they make about their AI-powered compliance tools.
The critical examination question becomes: Can your compliance team explain how your AI reached a specific decision? When an AI tool flags a communication as high-risk, examiners will want to understand the logic behind that determination. Systems that can’t demonstrate their decision-making process create regulatory risk.
Controls must ensure that AI-driven recommendations align with fiduciary duties and regulatory obligations, particularly when those recommendations impact retail investors.
Questions firms should consider:
-
Can you demonstrate your AI supervision framework during an examination?
-
Have you documented which AI technologies you’re deploying and how they’re governed?
-
Can compliance staff explain to examiners why AI flagged specific communications or transactions?
-
Are AI-related marketing claims accurate and substantiated?
Channel-Agnostic Recordkeeping Requirements
The 2026 priorities mention recordkeeping requirements throughout the document, but never specify communication channels. There’s no mention of email, text messages, WhatsApp, Teams or any other specific platform. This absence highlights the fundamental importance of these requirements.
SEC Rules 17a-4 (for broker/dealers) and 204-2 (for investment advisors) have required comprehensive recordkeeping for decades without ever specifying channels. They simply require all business communications be preserved, regardless of technology. The billions of dollars in fines for off-channel communications levied between 2022 and 2024 weren’t for violating new regulations, but rather for enforcing existing rules that firms had failed to apply to modern communication channels.
The 2026 priorities reference record-keeping obligations across various market participants throughout the document, always requiring that records be created and preserved, without specifying which communication channels are applicable.
The absence of channel specifications is intentional. The rules adapt to technological change without requiring constant amendment. Whether staff use email, WhatsApp, Signal, Teams, Slack or future technologies yet to be invented, regulatory obligations remain constant.
Firms must capture business communications regardless of which platforms employees use. The method matters: native format capture preserves context and authenticity that screenshots or manual forwarding lose, which is why effective supervision requires the same visibility across all communication channels where business discussions occur.
Compliance Program Effectiveness Requirements
Section I.B states that “the Division’s assessment of the effectiveness of advisors’ compliance programs is a fundamental part of the examination process.” Section III.C addresses broker/dealer compliance programs in a similar manner.
The key phrase appears throughout both sections: whether “policies and procedures are implemented and enforced.” Well-written compliance policies aren’t sufficient. Firms must demonstrate active implementation and enforcement. Annual compliance reviews must be substantive exercises that identify genuine issues and drive meaningful improvements, rather than merely rubber-stamping existing practices.
Marketing materials will face particular scrutiny—critical, given the AI supervision focus discussed above. Firms making claims about AI capabilities in their marketing must be able to substantiate those representations during examinations.
Three Priorities for Examination Readiness
Financial services firms should prioritize three areas based on these examination themes:
Audit your AI governance. Document which AI tools you’re deploying and ensure you can explain AI-driven decisions to examiners. Verify that your supervision framework addresses the specific technologies in use. If you’re using AI for compliance surveillance, make sure you understand how it reaches its conclusions and can demonstrate that logic to regulators.
Assess recordkeeping comprehensively. Map all communication channels your employees use for business purposes. Verify communications are being captured regardless of platform and test your ability to produce complete records quickly. Remember that the regulations don’t care which technology you use—they require that all business communications be preserved.
Test compliance effectiveness. Demonstrate procedures are actively enforced, not just documented. Ensure reviews identify genuine issues and verify marketing materials accurately represent your capabilities. The SEC will look for evidence that your compliance program operates in practice, not just on paper.
How to Prepare for 2026 SEC Examinations
The SEC’s examination message is clear: explainability matters, record-keeping remains comprehensive regardless of the channel and compliance programs must prove their effectiveness through action. Firms that treat these as foundational principles—not new obligations—will be examination-ready through 2026 and beyond.
