SEC Will Prioritize AI, Cybersecurity, and Crypto in its 2025 Examination Priorities

Alert
|
3 min read
Tami Stark |
Claudette Druehl

On October 21, 2024, the US Securities and Exchange Commission ("SEC") Division of Examinations ("Examination Division") announced its 2025 Examination Priorities ("Report").1 Investment advisers and broker-dealers should ensure that policies, procedures and surveillance efforts related to these priorities address concerns outlined in the Report.

The Examination Division conducts inspections of entities registered with the SEC, including investment advisers and broker-dealers. While the Report is not exhaustive of the Examination Division's focus areas, it does highlight particular risk areas. Additionally, the Examination Division's priorities often lead to enforcement actions focused on those same priorities, so the list serves as a guide for potential areas for enforcement.

As in previous years, the Examination Division released its priorities to coincide with the start of the SEC's fiscal year in order to:

"provide more transparency and as early as reasonably possible to allow registered firms more opportunities to evaluate their compliance efforts."2

The Report covers perennial priorities of the Examination Division alongside new risk areas. Three noteworthy risk areas that are relevant to most capital markets participants include: (1) emerging financial technologies based on artificial intelligence ("AI"); (2) information security and operational resiliency; and (3) crypto assets.

Emerging Financial Technologies:

The Examination Division seeks to examine registrants' use of services like automated investment tools, AI and trading algorithms. Specifically, the Report outlines that with respect to AI, the Examination Division will assess registrants' policies and procedures for monitoring controls, fraud prevention, anti-money laundering and protections against the loss or misuse of client information. This priority comes after a year during which the SEC has continued to reiterate its concerns about AI-related risks. Both firms and individual actors have an obligation to ensure accurate AI-related disclosures, as described in our earlier alert.

Information Security and Operational Resiliency:

In 2025, the Examination Division will continue to prioritize its review of cybersecurity practices, paying particular attention to protecting investor information, customer records and assets. The Examination Division will scrutinize policies in place for data loss prevention, access controls and responses to cyber-related incidents. The SEC suggests registrants should account for third-party services and products when assessing cybersecurity risks and planning for cyber-resiliency for essential business operations. See our alert for additional suggestions.

Crypto Assets:

Building on its 2024 priorities, the Examination Division will remain committed to closely monitoring and—when appropriate—conducting examinations of registrants offering investments involving crypto assets. The Examination Division noted that it will review whether the registrant is following appropriate standards when recommending crypto assets and reviewing and strengthening its compliance practices and risk disclosures relating to these products. We expect crypto to remain a priority for the SEC given the recent high-profile crypto enforcement actions this year.

The Examination Division identified several other priorities, including assessing registrant compliance with Regulations S-ID and S-P and staying current with all required policies and procedures pertaining to protecting customer records and information. Additionally, the Examination Division will continue to prioritize anti-money laundering ("AML") programs and assess whether broker-dealers and registered investment companies are complying with rules surrounding tailoring their business model, conducting independent testing and meeting SAR filing obligations. The Examination Division also noted that it may begin conducting examinations of registered security-based swap execution facilities in late fiscal year 2025 after it adopted new regulations in late 2023.

Olivia Hussey (White & Case, Law Clerk, New York) contributed to the development of this publication.

1 2025 Examination Priorities, US Sec. & Exch. Comm'n Div. of Examinations (Oct. 21, 2024), https://www.sec.gov/files/2025-exam-priorities.pdf.
2 2025 Examination Priorities, supra note 1.

White & Case means the international legal practice comprising White & Case LLP, a New York State registered limited liability partnership, White & Case LLP, a limited liability partnership incorporated under English law and all other affiliated partnerships, companies and entities.

This article is prepared for the general information of interested persons. It is not, and does not attempt to be, comprehensive in nature. Due to the general nature of its content, it should not be regarded as legal advice.

© 2024 White & Case LLP


Contacts

Tami Stark
Tami Stark
Partner|New York
Services
Commercial Litigation, White Collar/Investigations, Economic Sanctions & Export Controls, Sustainability & Responsible Business
Claudette Druehl
Claudette Druehl
Counsel|New York
Services
Capital Markets, Fintech, Financial Services Regulatory, Investment Funds

Service areas

Top