The United States Securities and Exchange Commission (SEC) has released its examination priorities for fiscal year 2025. The SEC Division of Examinations publishes its priorities annually to inform market participants of potential risks and guide the financial sector on areas of regulatory focus. For the coming year, the SEC 2025 examination program will focus on both old and emerging risks, including cybersecurityartificial intelligence (AI), fiduciary duty and standards of conduct.
An important axis of SECOND The priorities for 2025 are cybersecurity, reflecting the growing threat of cyberattacks against the financial sector. The division will closely examine how registered entities, including investment advisers, broker-dealers and clearing agencies, manage cybersecurity risks, particularly those that could compromise critical services, investor data or financial stability.
SEC 2025 exam schedule: cybersecurity, a top priority
Cybersecurity has become a central concern for the SEC 2025 exam schedule as cyberattacks become more and more frequent. In 2025, the SEC will review how companies protect investor information, records and assets from cyber threats. Emphasis will be placed on the policies and procedures that govern data loss prevention, access controls, account management and incident response.
The SEC 2025 priorities will also assess how companies respond to ransomware attacks and other cybersecurity incidents. This includes assessing their ability to detect, mitigate and recover from cyber intrusions. Companies must ensure that their cybersecurity the programs are not only comprehensive, but also flexible enough to address the evolving threat landscape.
What is particularly worrying is risk posed by third-party products and services, which can introduce vulnerabilities into a company’s network. The division will examine the cybersecurity risks associated with these external dependencies, especially when businesses use third-party technology or infrastructure without proper oversight from their IT department. This lack of oversight can lead to security breaches and increase the likelihood of a breach.
As part of the review process, the division will also evaluate alternative trading systems and their ability to protect confidential trading information. These platforms are essential to the functioning of capital markets, and any breach of trading data could have significant repercussions.
Backup of critical infrastructure
The SEC’s emphasis on cybersecurity extends to its review of entities subject to Regulatory Systems Compliance and Integrity (ICS). SCI entities, such as exchanges, clearinghouses and other critical market infrastructures, must maintain robust systems to ensure the integrity, resilience and availability of their operations. These entities play a key role in ensuring the stability of the US capital marketsand any disruption could have far-reaching consequences.
For 2025, the SEC will review the policies and procedures these entities have in place to manage operational risks, including their business continuity plan and their incident response abilities. This includes examining how ICS entities manage inbound and outbound connectivity during cybersecurity. events. The division will evaluate whether these entities have the tools and procedures necessary to disconnect or reconnect third parties during a cyber incident without compromising the market as a whole.
Additionally, the SEC will evaluate the effectiveness of security management tools used by SCI entities. These tools are essential for detecting and mitigating cyber threats, and the SEC will ensure that they are capable of achieving the organization’s security objectives.
Emerging Technologies: AI and Crypto Assets
In addition to cybersecurity, the SEC’s examination priorities for 2025 emphasize the use of artificial intelligence (AI) in the financial sector. As AI technologies become more prevalent, the SEC is concerned about how these tools are integrated into trading, investing and advisory services. The division will examine how companies are using AI to make decisions and whether these technologies comply with regulatory standards.
In addition, the division will continue its careful review of crypto asset market, which has experienced increased volatility and increased regulatory attention. The examinations will focus on companies offering services related to crypto assets, including whether they are meeting their obligations under federal securities laws. This includes examining the offering, sale, recommendation and trading of crypto assets, with a particular focus on retail investors and retirement accounts.
The SEC will also evaluate how companies manage technological risks associated with crypto assets, particularly those involving blockchain and distributed ledger technologies. The security of these assets remains a major concern, and the division will ensure that companies have adequate controls to protect investor funds.
Strengthen compliance programs
The SEC’s examination priorities for 2025 are not limited to cybersecurity and emerging technologies. The division will also continue to focus on fiduciary duty, standards of conduct and governance practices. Companies are encouraged to review their compliance programs to ensure they meet the expectations set forth by the SEC.
The division will assess whether firms follow appropriate standards when providing investment advice or making recommendations, particularly when dealing with retail investors or retirement assets. This includes ensuring that companies understand the products they offer and that they disclose all relevant risks to their customers.
