The SEC’s 2026 examination priorities emphasize existing regulatory expectations extended to technologies that didn’t exist when compliance frameworks were established. Jamie Hoyle of MirrorWeb explores how examiners will review AI-related marketing claims for accuracy, assess whether preservation systems capture communications in formats that maintain context and authenticity, and determine if compliance programs translate policies to actual practice through substantive implementation rather than relying on well-drafted documentation that provides no protection if it exists primarily on paper.
The SEC’s Division of Examinations has released its fiscal year 2026 examination priorities, outlining focus areas for investment advisers, broker-dealers and other market participants. While the document addresses numerous examination areas, three themes warrant particular attention from compliance professionals — two explicitly stated, one revealed through notable absence.
AI supervision and algorithmic transparency
Section VII.B directly addresses AI technologies in financial services. The division will examine “whether firms have implemented adequate policies and procedures to monitor and/or supervise their use of AI technologies.” The focus extends beyond mere adoption to governance, oversight and substantiation.
Examiners will “review for accuracy registrant representations regarding their AI capabilities,” requiring firms to validate any claims about AI-powered systems. This creates a dual challenge: Firms must both govern AI use internally and ensure external representations align with actual capabilities.
The transparency question becomes central. When AI systems generate recommendations or flag potential issues, can firms explain the underlying logic? The SEC expects firms to understand how AI-driven decisions align with regulatory obligations, particularly regarding investor protection and fiduciary duties.
This emphasis on explainability reflects broader regulatory trends. The SEC’s recent focus on AI-driven investment recommendations and robo-advisers demonstrates growing concern about automated decision-making without adequate human oversight or understanding. Compliance programs must address not just whether AI is used but whether its use remains comprehensible and defensible under examination.
Key considerations for compliance programs:
- Documentation of AI technologies in use across the organization
- Governance frameworks demonstrating supervision of algorithmic systems
- Ability to explain AI-driven decisions to staff without technical expertise
- Validation that AI-related marketing claims reflect actual capabilities
- Assessment of whether AI recommendations remain consistent with regulatory obligations
Channel-agnostic recordkeeping
The 2026 priorities reference recordkeeping throughout but never specify communication channels. No mention appears of email, messaging applications, collaboration platforms or any particular technology. This absence reinforces fundamental regulatory architecture.
SEC Rules 17a-4 (for broker-dealers) and 204-2 (for investment advisers) have required comprehensive recordkeeping for decades without technological specifications. They mandate preservation of business communications regardless of medium. The multibillion-dollar enforcement actions between 2022 and 2024 for off-channel communications didn’t punish violations of new rules; they enforced existing obligations that firms failed to apply to evolving technologies.
The regulatory approach deliberately avoids channel-specific language. This allows rules to adapt as technology changes without requiring constant amendment. Whether employees use established platforms or adopt emerging technologies, recordkeeping obligations remain constant.
This creates ongoing compliance challenges. Firms must identify which communication channels employees actually use for business purposes, not simply which channels the firm officially sanctions.
The examination focus will likely center on completeness and accessibility. Can firms produce comprehensive records when requested? Do preservation systems capture communications in formats that maintain context and authenticity? These questions apply regardless of which technologies employees prefer.
Compliance program effectiveness over documentation
Sections I.B and III.C emphasize assessment of compliance program effectiveness as “a fundamental part of the examination process” for both investment advisers and broker-dealers. The critical phrase appears repeatedly: whether “policies and procedures are implemented and enforced.”
This distinction matters. Well-drafted policies provide no protection if they exist primarily on paper. Examiners will look for evidence of active implementation: testing, monitoring, enforcement and adaptation based on findings.
Annual compliance reviews face particular scrutiny. Are these substantive exercises that identify genuine vulnerabilities and drive improvements, or box-ticking exercises conducted solely to satisfy documentation requirements? The latter approach — reviews performed because regulations mandate them, not because firms expect to discover anything meaningful — meets the letter of regulatory obligation while failing the effectiveness standard examiners now emphasize.
Marketing materials will receive attention, especially given AI supervision concerns. Firms must substantiate claims about compliance capabilities, risk management or technological sophistication. The intersection of marketing oversight and AI governance creates heightened examination risk for firms promoting AI solutions.
The effectiveness standard extends beyond individual policies to overall program assessment. Do firms allocate adequate resources to compliance functions? Do compliance staff have sufficient authority and access? Are compliance findings addressed through meaningful remediation rather than acknowledgment without action?
Preparing for examination expectations
These three themes suggest priorities for compliance program assessment:
- Evaluate AI governance comprehensively. Map where algorithmic decision-making occurs across the organization. Assess whether supervision frameworks address these systems adequately and whether decision-making logic remains explainable to non-technical staff and regulators.
- Test recordkeeping completeness. Identify all business communication channels in actual use, not just those officially sanctioned. Verify preservation systems capture communications adequately and assess ability to produce records efficiently during examinations.
- Demonstrate program effectiveness. Review whether policies translate to actual practice through testing, monitoring and enforcement. Ensure annual compliance reviews identify genuine issues and drive substantive improvements. Validate that marketing materials accurately represent compliance capabilities.
Foundational principles, not new obligations
The 2026 examination priorities emphasize existing regulatory expectations extended to technologies that didn’t exist when compliance frameworks were established. AI supervision may address novel capabilities, but it reflects the same fundamental obligation firms have always faced: supervising the tools and systems that drive business decisions and client recommendations. Comprehensive recordkeeping and compliance program effectiveness operate from the same logic, established principles applied to evolving contexts.
As technologies mature and business practices adapt, compliance programs must maintain effectiveness without requiring regulatory restatement of fundamental obligations. Firms that treat these themes as ongoing compliance imperatives rather than cyclical focuses will maintain examination readiness regardless of specific priorities.
Jamie Hoyle is vice president of product for MirrorWeb, a provider of communications archiving and surveillance software. 
