On October 21, the SEC released their 2025 Examination Priorities, which highlighted their proactive approach to mitigating evolving risks in the market:
“As technology continues to transform investing, we must work to identify new and emerging risks. The Division must constantly scan the horizon for these risks and stand ready to examine registered firms for compliance with SEC rules tied to these risks, and not merely react to these threats. To ensure investors remain protected, we continue to invest in training and work hard to keep our staff abreast of changes in the industry. We also continue to assess how these changes might impact registered firms’ operations and regulatory compliance, and at the same time, remain nimble to retool our approaches in conducting examinations.”
However, as new risks become new requirements for financial services firms, many compliance teams find themselves under the microscope. To help you evolve your program and practices, we’ve compiled our top resources covering topics from the Marketing Rule to AI and more.
Check out excerpts from some of our most popular guides and grab your copy for all the insights and best practices.
5 Benefits of Automating Marketing Review
Marketers know the power of client testimonials, concrete results, and urgency in their advertisements because they work — but it’s a delicate dance to ensure what they’re creating isn’t misleading, false, or unsubstantiated. Even one verb can change the meaning of a statement, which is enough to catch the eye of the SEC.
The SEC has made it clear: “The Marketing Rule’s provisions regarding truthfulness, substantiation, and disclosure are critical to protecting investors. The advertisements at issue in each of these actions violated the Marketing Rule and posed a serious risk of misleading investors,” said Corey Schuster, Co-Chief of the SEC Division of Enforcement’s Asset Management Unit. “Investment advisers must comply with all aspects of the Marketing Rule, and we will continue to hold them accountable when they fail to do so.”
Benefit #1: Processes are established to ensure no material goes out before review and approval by the Compliance Team, meaning no surprises will end up on your LinkedIn or in your email campaigns.
Taking On the Challenges of Cryptocurrency
As cryptocurrency continues to gain in popularity, more employees will begin to consider this investment option within their portfolios. Those firms implementing proactive compliance practices will be better equipped to manage this likelihood.
The question then becomes: what is the right compliance strategy to implement for your firm?
As you assess how to structure your firm’s cryptocurrency compliance program and, more specifically, your digital asset trade monitoring policies, it is important to understand employee sentiment and your firm’s strategic future.
Ask yourself questions like:
- How interested are your employees in digital asset trading?
- What digital assets are employees interested in trading?
- How highly do your employees value the ability to invest in digital assets personally?
- Does the firm trade in digital assets now? (Chances are, if the firm advises on digital assets, employees will want the ability to invest themselves.)
- Does the firm otherwise advise clients on digital asset investments?
- How will we answer these questions in one year? Three?
AI and Data Privacy: Balancing Compliance and Innovation
From automating document generation to analyzing compliance policies for potential risks, AI can be used to help firms of any size function more efficiently. At the same time, it’s important for financial professionals to remember the potential risks and pitfalls associated with AI — and keep in mind that human review and support is still necessary.
Not only does introducing more technology (and more specifically, technology that may require an advanced skillset or knowledge to understand) open your firm up to potential cybersecurity and data privacy challenges, but it can also throw a wrench in your current compliance Policies and Procedures.
Best Practice: Implement Ongoing Training Requirements
With how quickly technology is evolving, it can feel like your policies become outdated almost as soon as they’re implemented. Help your team stay informed about ongoing changes and educate them about the risks involved with AI, so they can better work to protect sensitive client data in their day-to-day operations.
Don’t assume that one walkthrough of your policies will be enough to bring everyone up to speed. AI algorithms, machine learning, and data security are complex topics — especially for team members who may have trouble adapting to new technology.
Beyond annual compliance reviews, it’s a good idea to offer regular employee training sessions on AI and other tech innovations, plus provide additional resources personnel can refer to in between training.
Conducting Effective Risk Assessments
The SEC, FINRA, and even state regulators have the authority to implement fines and other penalties when discovering compliance errors. Even a small reprimand can impact your firm’s revenue and reputation.
One effective way to mitigate compliance risks? Regularly conduct risk assessments.
A risk assessment is used to identify potential firm risks, assess current controls and protocols, and make procedure modifications as necessary to address newly identified risks.
Its critical purpose is to help your firm’s Chief Compliance Officer (CCO) assess the effectiveness of the firm’s Policies and Procedures (which are required by the Investment Advisers Act of 1940) by identifying potential compliance breaches. The SEC considers risk assessments to be a vital part of any compliance program, although the specifics of each RIA’s assessment will vary.
The Chief Compliance Officer’s 2024-2025 Cybersecurity Checklist
Let’s face it, cyber risk isn’t going away. In fact, it’s aggressively increasing. And, with the kind of sensitive information financial institutions house, they are one of the most targeted types of organizations for cyber-attacks.
Implementing best practices is essential to fortify your cybersecurity program and protect your firm from cyber threats. The tactics and best practices outlined below take into consideration many of the recommendations outlined in the NIST (National Institute of Standards and Technology) Framework, along with the extensive experience and knowledge of our consultant team.
- Educate and train your staff on cybersecurity best practices, including how to identify suspicious emails and social engineering attacks. Consider training modules and simulations to test employee responsiveness.
- Stay updated with threat intelligence feeds to proactively detect and mitigate emerging threats and update training as appropriate.
- Incorporate cybersecurity training into onboarding practices to ensure all employees are knowledgeable of cybersecurity protocols from day one.
Navigating the regulatory curve takes insight, strategic action, and support from trusted compliance providers. Ready to see why 7,000 of your colleagues work with COMPLY to achieve compliance with confidence? Let’s talk.