CLS Blue Sky Blog

White & Case Discusses SEC 2025 Priorities: AI, Cybersecurity, and Crypto

On October 21, 2024, the US Securities and Exchange Commission (“SEC”) Division of Examinations (“Examination Division”) announced its 2025 Examination Priorities (“Report”). Investment advisers and broker-dealers should ensure that policies, procedures and surveillance efforts related to these priorities address concerns outlined in the Report.

The Examination Division conducts inspections of entities registered with the SEC, including investment advisers and broker-dealers. While the Report is not exhaustive of the Examination Division’s focus areas, it does highlight particular risk areas. Additionally, the Examination Division’s priorities often lead to enforcement actions focused on those same priorities, so the list serves as a guide for potential areas for enforcement.

As in previous years, the Examination Division released its priorities to coincide with the start of the SEC’s fiscal year in order to:

“provide more transparency and as early as reasonably possible to allow registered firms more opportunities to evaluate their compliance efforts.”

The Report covers perennial priorities of the Examination Division alongside new risk areas. Three noteworthy risk areas that are relevant to most capital markets participants include: (1) emerging financial technologies based on artificial intelligence (“AI”); (2) information security and operational resiliency; and (3) crypto assets.

Emerging Financial Technologies

The Examination Division seeks to examine registrants’ use of services like automated investment tools, AI and trading algorithms. Specifically, the Report outlines that with respect to AI, the Examination Division will assess registrants’ policies and procedures for monitoring controls, fraud prevention, anti-money laundering and protections against the loss or misuse of client information. This priority comes after a year during which the SEC has continued to reiterate its concerns about AI-related risks. Both firms and individual actors have an obligation to ensure accurate AI-related disclosures, as described in our earlier alert.

Information Security and Operational Resiliency

In 2025, the Examination Division will continue to prioritize its review of cybersecurity practices, paying particular attention to protecting investor information, customer records and assets. The Examination Division will scrutinize policies in place for data loss prevention, access controls and responses to cyber-related incidents. The SEC suggests registrants should account for third-party services and products when assessing cybersecurity risks and planning for cyber-resiliency for essential business operations. See our alert for additional suggestions.

Crypto Assets

Building on its 2024 priorities, the Examination Division will remain committed to closely monitoring and—when appropriate—conducting examinations of registrants offering investments involving crypto assets. The Examination Division noted that it will review whether the registrant is following appropriate standards when recommending crypto assets and reviewing and strengthening its compliance practices and risk disclosures relating to these products. We expect crypto to remain a priority for the SEC given the recent high-profile crypto enforcement actions this year.

The Examination Division identified several other priorities, including assessing registrant compliance with Regulations S-ID and S-P and staying current with all required policies and procedures pertaining to protecting customer records and information. Additionally, the Examination Division will continue to prioritize anti-money laundering (“AML”) programs and assess whether broker-dealers and registered investment companies are complying with rules surrounding tailoring their business model, conducting independent testing and meeting SAR filing obligations. The Examination Division also noted that it may begin conducting examinations of registered security-based swap execution facilities in late fiscal year 2025 after it adopted new regulations in late 2023.

ENDNOTES

  1. 2025 Examination Priorities, US Sec. & Exch. Comm’n Div. of Examinations (Oct. 21, 2024),https://www.sec.gov/files/2025-exam-priorities.pdf.
  2. 2025 Examination Priorities, supra note 1.

This post comes to us from White & Case LLP. It is based on the firm’s memorandum, “SEC Will Prioritize AI, Cybersecurity, and Crypto in its 2025 Examination Priorities,” dated November 13, 2024, and available here.

Exit mobile version