Practical SEC Exam Guidance for a Shifting US Regulatory Environment

Change and uncertainty are constants in the US regulatory environment these days. But while some rules may be rolling back, compliance is far from optional. According to Dave Fultz, Director at Optima Partners and former U.S. Securities and Exchange Commission (SEC) Examiner, firms that relax their guard could face serious regulatory and business risks.

Dave joined MCO for an insightful session on where compliance teams should focus in this shifting landscape, providing practical and actionable guidance on how to navigate SEC examinations during a period of staff turnover, regulatory change and growing use of AI.

Are SEC Exams Still Happening?

According to Dave, the short answer is yes. Roughly 600 staff, or 12% of the SEC workforce, took early retirement or voluntary buyout packages this year. But despite the recent attrition, examinations continue across both regional offices and specialized teams.

Examiners are still conducting exams day-to-day. That said, the exodus involved many senior examiners. The composition and experience level of exam teams have shifted to be more junior, which changes how exams are approached. Dave notes that examiners tend to rely on areas with which they are comfortable, and these days, he’s seeing a heavier focus on compliance manuals and codes of ethics.

Where Exam Focus Can Differ: SEC Regional Offices vs. Specialized Units

Dave explained that examination focus can vary by the team and office conducting the firm’s exam:

• Regional offices will likely emphasize compliance manuals and codes of ethics—are you doing what your policies say you will do? Expect reviews of personal trading, conflicts and basic compliance hygiene.
• Specialized units and national teams like the Private Funds Unit (PFU) could focus more on portfolio management: fees & expenses, allocation of investment opportunities, undisclosed affiliations and conflicts that could harm investor capital.
• Events & Emerging Risks Team (EERT) will target new and evolving risks, including AI, new regulatory rules and market events.

Along with focus, Dave has observed that the duration of an SEC examination will also differ depending on who is administering it. A regional office exam can close in 2–3 months, whereas a PFU exam can take 8–12 months, so plan accordingly.

SEC Exam Priorities and Practical Implications

The SEC’s FY25 exam priorities were published in October 2024, under different agency leadership. Dave thinks that they remain a useful reference, but cautions that real-world priorities are shaped by both exam team composition and the risk profile of the firm.

• Everything in the compliance realm is on the table, but many exams will default to policy and compliance checks.
• Experience matters. Examiners tend to pursue the topics they understand well so that the scope can be the luck of the draw.
• Firms that are flagged as higher risk through Form ADV analytics or other data are more likely to attract PFU or specialized attention.

What are the Potential Effects of Deregulation on the SEC Enforcement Landscape?

In June of 2025, the SEC formally withdrew 14 proposed rules issued between 2022 and 2023, including those related to predictive data analytics, cybersecurity mandates, and ESG disclosures.

Dave notes that enforcement activity under the current SEC administration has changed in pace and type:

• Delegation changes: formal subpoena authority was removed from some regional directors, routing enforcement openings through SEC leadership in Washington. This change creates a bottleneck that contributes to the frequency of new enforcement actions.
• Recent enforcement matters have tended toward traditional fraud cases including misappropriation of assets, rather than novel compliance-topic sweeps.

That said, enforcement continues, and patterns can shift. Firms should not assume lower enforcement risk equals less scrutiny. Practical tip from Dave: document incidents (attempts) as well as breaches in your compliance program. Examiners still expect to see evidence of detection, mitigation and documentation.

Artificial Intelligence: Operational vs. Investment Use

AI is a rapidly growing area of interest for examiners. The SEC has offered limited guidance and has not fully codified rules for AI use; therefore, Dave recommends taking a conservative, risk-aware approach at this time.

What are the categories for AI use in an investment firm?

• AI for investment purposes: systems that influence trading, portfolio selection, or performance attribution. These uses generally require disclosure to investors and careful marketing accuracy. Dave notes that firms should be both specific and accurate: don’t call a basic algorithm “AI” if it isn’t.
• AI for operational purposes: note-taking, expense review, meeting transcription and other efficiencies. The output of these tools can create books and records to be stored by the adviser.

Practical guidance for AI use in an investment firm

Dave offered guidance on best practices for firms using AI:

• Disclose AI appropriately in Form ADV, client brochures, and marketing materials—be transparent about whether performance or processes were driven by AI.
• Maintain books and records. If AI-generated outputs are delivered to the adviser (such as email transcripts and reports), treat them as adviser records and retain them in accordance with Rule 204-2 retention periods.
• Document controls and a “person in the loop” for material investment decisions that use AI.
• Be conservative: retain records now rather than trying to recreate them if the SEC issues a risk alert or begins a sweep.

According to Dave, firms that use AI for investment purposes need to disclose it. For operational AI, be conservative and document—if the third party delivers notes to you, they become your books and records.

Read the blog AI & The Compliance Officer: Secret Weapon or Liability?

How Will SEC Exams Play Out? Guidance on Timing, Communications and Post-Exam Steps

Below are common exam questions that Dave is hearing across his practice:

• Why don’t I hear from my examiner for weeks? Examiners manage workloads and prioritize. If you don’t hear frequently, it likely means you aren’t a current high-priority matter. Be patient and responsive when contacted.
• Day one presentation—should you offer one? Especially for complex firms: a day one presentation lets you frame your business, explain complicated products or structures, and disclose known issues proactively. PFU routinely requests them; regional offices may appreciate the context.
• End of exam: What happens after you send your response? Expect a deficiency letter in most exams. No Findings results are rare. You have 30 days to respond. The examiner then has 60 days to follow up; if you don’t hear back after 60 days, the risk of further action is low. If your response is inadequate, enforcement referral or an unresolved classification are possible—so craft thorough, corrective responses.

Practical Checklist: Preparing for and Surviving an SEC Exam

The SEC examination environment remains active and evolving. Dave’s practical advice to advisers and compliance teams is straightforward:

• Don't assume recent deregulation means less risk—exams continue.

•  

  Focus on core compliance fundamentals: policies, documentation, fee fairness and clear disclosures.
• Review and update your compliance manual and code of ethics—examiners are focused on “are you doing what you say you do?”
• Prepare a clear day one presentation and offer it proactively for complex structures.
• Document fee calculations, expense allocations, and LPA/contractual compliance for private funds.
• Implement and document core items such as Reg S-P compliance: ongoing vendor due diligence, breach notification workflows and a written incident response plan.
• For any AI use: disclose, retain outputs as required, document a person-in-the-loop for investment decisioning, and ensure marketing claims are accurate.
• When responding to deficiency letters, be substantive and provide evidence of remediation—help the examiner “write the report” by making your responses clear and copy-paste friendly.

If you manage compliance at a registered adviser in the U.S., focus your planning on these practical steps and ensure your documentation is audit-ready. Dave reinforces that even as regulatory landscapes change, solid controls, clear disclosures and good recordkeeping remain the best defense.

MyComplianceOffice provides the compliance framework that firms need to be ready for SEC exams and compliance requirements from regulators around the globe.

Ready to see how we can help your firm be SEC-exam ready? Set up some time for a demo right here

To hear more from Dave, watch the on-demand webinar SEC Mid-Year Outlook: Practical Guidance for a Shifting Regulatory Environment.

And if you’d like to learn how Dave Fultz and Optima Partners can help your firm implement an effective program for regulatory compliance, reach out to learn more.