The U.S. Securities and Exchange Commission (SEC) has unveiled its examination priorities for fiscal year 2025. This annual release from the SEC’s Division of Examinations aims to inform market participants about potential risks and to offer guidance on regulatory focus areas for the financial industry. The SEC’s 2025 examination agenda spans several key areas, including cybersecurity, artificial intelligence (AI), fiduciary duty, and standards of conduct.
Cybersecurity has emerged as a top priority on the SEC’s 2025 examination agenda, reflecting the escalating threat of cyberattacks on the financial sector. The division will delve into how registered entities, such as investment advisers, broker-dealers, and clearing agencies, are handling cybersecurity risks that could potentially jeopardize critical services, investor data, or financial stability.
In the upcoming year, the SEC will closely scrutinize how firms are protecting investor information, records, and assets against cyber threats. The focus will center on evaluating policies and procedures related to data loss prevention, access controls, account management, and incident response measures.
Additionally, the SEC’s 2025 priorities will evaluate how firms respond to ransomware attacks and other cyber incidents. This assessment will include an examination of firms’ capabilities to detect, mitigate, and recover from cyber intrusions. It is imperative for firms to ensure that their cybersecurity programs are not only comprehensive but also adaptable to address the evolving threat landscape.
Of particular concern is the risk posed by third-party products and services, which could introduce vulnerabilities into a firm’s network. The division will pay close attention to the cybersecurity risks associated with external dependencies, especially when firms utilize third-party technology or infrastructure without proper oversight from their IT departments. Such oversight gaps could lead to security breaches and heighten the risk of cyber incidents.
As part of the examination process, the division will also assess alternative trading systems and their ability to safeguard confidential trading information. These platforms are crucial to the functioning of capital markets, and any breach of trading data could have significant consequences.
The SEC’s focus on cybersecurity extends to the examination of entities subject to Regulation Systems Compliance and Integrity (SCI), such as exchanges, clearinghouses, and other critical market infrastructure. These entities play a vital role in ensuring the stability of the U.S. capital markets, and disruptions could have far-reaching implications. In 2025, the SEC will review the policies and procedures in place for managing operational risks, including business continuity planning and incident response capabilities.
Moreover, the SEC will assess the effectiveness of security management tools utilized by SCI entities to detect and mitigate cyber threats. The division will ensure that these tools align with the security objectives of the organization.
In addition to cybersecurity, the SEC’s examination priorities for 2025 include a focus on the use of artificial intelligence (AI) in the financial industry. The SEC will review how firms integrate AI technologies into trading, investment, and advisory services to ensure compliance with regulatory standards.
Furthermore, examinations will continue to scrutinize the crypto asset market, with a focus on firms offering crypto asset-related services and their compliance with federal securities laws. The SEC will also evaluate how firms manage technological risks associated with crypto assets, particularly those involving blockchain and distributed ledger technologies.
The SEC’s examination priorities for 2025 are not limited to cybersecurity and emerging technologies. The division will also emphasize fiduciary duty, standards of conduct, and governance practices, encouraging firms to review their compliance programs to meet SEC expectations. Compliance assessments will focus on whether firms are providing investment advice and making recommendations in accordance with proper standards, particularly when dealing with retail investors or retirement assets. Firms must ensure they understand the products they offer and disclose all relevant risks to their clients to strengthen compliance programs in line with the SEC’s priorities for 2025.