SEC's 2025 Examination Priorities: Key Takeaways on AI, Crypto and Cybersecurity
The quick take
The SEC's examination priorities for 2025 largely focus on emerging technologies, including the oversight of AI, cryptocurrency assets, cybersecurity, and vendor risk management. There is also a significant emphasis on compliance with communication regulations, especially given the rise in enforcement actions. To meet these priorities and adjust to evolving regulations, firms should take immediate steps to strengthen their compliance frameworks.
Emerging technologies and AI
The SEC's 2025 examination priorities reveal a thorough approach to AI oversight in financial services. The Division of Examinations is scrutinizing how firms market and deploy AI-driven tools that interact with clients, including automated investment platforms, trading algorithms, and digital engagement practices. Examiners will verify firms' AI marketing claims and ensure digital engagement practices align with clients' investment profiles rather than creating conflicts of interest. This includes reviewing whether controls match investor disclosures and automated advice meets regulatory obligations.
Beyond client interactions, the Division is examining how firms leverage AI to improve internal operations and compliance. Examiners will assess AI implementation in areas like fraud prevention and detection, AML compliance, back-office efficiency, and trading support. Firms using regulatory technology must demonstrate effective systems that meet SEC security and oversight standards.
For firms, these priorities require robust frameworks around their technology. The SEC expects comprehensive controls, accurate disclosures, and strong oversight for both client-facing AI applications and internal operational systems.
Key action items
To help meet these priorities, firms should consider implementing comprehensive AI oversight that includes validation of marketing claims, controls for third-party tools, and documented testing protocols.
Crypto assets
The SEC's 2025 examination priorities maintain their focus on crypto assets amid market volatility and proliferating investment products. The Division will examine registrants offering crypto-related services, focusing on securities compliance and standards of conduct, particularly regarding retail investors and retirement assets.
The Division expects firms to maintain and enhance their compliance practices through crypto asset wallet reviews, custody practices, BSA compliance protocols, and valuation procedures. Firms must document crypto-related activities and communications, maintain risk disclosures, and demonstrate security measures for blockchain and distributed ledger technology.
Key action items
Firms in the crypto space should implement risk management frameworks that address areas like custody solutions, valuation methodologies, and security measures for digital assets. Comprehensive recordkeeping systems should capture all crypto-related communications and transactions while meeting traditional securities compliance obligations.
Cybersecurity and vendor risk management
The SEC's 2025 priorities emphasize compliance departments' role in cybersecurity and vendor oversight. Firms must maintain policies preventing service interruptions and protecting investor information through internal controls, vendor oversight, and customer protection measures. Compliance programs must demonstrate oversight through testing and monitoring, particularly of third-party relationships and "shadow IT," while maintaining consistent cybersecurity standards across operations.
The Division expects firms to maintain and enhance their compliance practices through crypto asset wallet reviews, custody practices, BSA compliance protocols, and valuation procedures. Firms must document crypto-related activities and communications, maintain risk disclosures, and demonstrate security measures for blockchain and distributed ledger technology.
Key action items
Compliance departments should establish documented processes for cybersecurity and vendor oversight, including risk assessments, vendor due diligence, and incident management. Success requires demonstrable active oversight through testing and control updates.
A notable observation: keep your eyes on communications compliance
While off-channel communications are not a standalone priority, they are integrated throughout the 2025 priorities within books and records requirements, information security protocols, and operational controls.
The SEC's focus on communications hasn't wavered – in fact, it has intensified dramatically. With a 215% YoY increase in enforcement actions for communication violations, the SEC's commitment to this area is clear. As former SEC Enforcement Director Gurbir S. Grewal emphasized: "We remain committed to ensuring compliance with the books and records requirements of the federal securities laws, which are essential to investor protection and well-functioning markets."
The enforcement pattern is clear: actions targeting institutions of all sizes have resulted in billions in penalties, with particular focus on senior executives' unauthorized communication channels. This demonstrates the SEC's unwavering stance on communications compliance.
The path forward for 2025 is marked by both opportunity and accountability. By aligning with the SEC’s examination priorities, firms can not only better mitigate risk but also build resilient compliance programs that adapt to changing regulatory landscapes.
How Smarsh can help
Smarsh digital communications and cybersecurity compliance solutions enable financial firms to manage compliance efficiently and effectively. Regulated organizations of all sizes rely upon our portfolio of cloud-native digital communications capture, retention, and oversight solutions to help identify regulatory and reputational risks within their communications data.
Share this post!
- 2024 Regulatory Enforcement: A Year of Transformation - December 19, 2024
- The AI Balancing Act: 2024 FINRA AI Guidance on Juggling Innovation and Compliance - November 1, 2024
- From Penalties to Practices: Decoding the SEC's New Vision for Communication Records - October 29, 2024
Smarsh Blog
Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.
Ready to enable compliant productivity?
Join the 6,500+ customers using Smarsh to drive their business forward.
More Resources
Watch it Work
Contact Us
Chat
Subscribe to the Smarsh Blog Digest
Subscribe to receive a monthly digest of articles exploring regulatory updates, news, trends and best practices in electronic communications capture and archiving.
Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.
FOLLOW US