Executive Summary

• This past month, the SEC withdrew 14 Rules that had been proposed by the Gensler administration, providing welcome relief to many investment advisers, funds, and other industry participants.

• Notwithstanding this move to pause what many perceived to be excessive rulemaking, the SEC still exists and still has a job to do. The question for advisers and funds then becomes what to focus on now that the new Atkins administration has begun to take shape.

• Regardless of administration and status of Rules, the following topics are ones investment advisers and funds should continue to focus on, either because of consistent historic regulatory attention, or because of practical risks associated with them: custody, fraud, cybersecurity, privacy, anti-money laundering, advertising, conflicts of interest, trading practices, fees, suitability, outsourcing, Code of Ethics, and artificial intelligence.

• The essay that follows provides a brief synopsis for why each of the aforementioned areas should continue to be a focus for investment advisers and funds, albeit in ways that can be more measured and tailored to each individual registrant’s profile and needs.

Introduction

For probably most investment advisers and funds (both registered and unregistered), the news this past month of the SEC’s withdrawal of 14 Rules that had been proposed under the Gensler administration was met with relief. While the 14 withdrawn proposals covered a range of areas within the SEC’s jurisdiction, the ones most relevant to advisers and funds were the following:

• Outsourcing by investment advisers;

• Enhanced ESG disclosures by investment advisers and investment companies;

• Cybersecurity for investment advisers, investment companies, and business development companies;

• Safeguarding of client assets; and

• Conflicts of interest associated with the use of data analytics by broker-dealers and investment advisers.

Sighs of relief aside, the simple question I’ve found myself asking (and that’s also been asked of me) is, Now what? After all, the SEC hasn’t been an agency on the chopping block of the Trump administration (at least not as noticeably compared to other federal agencies), and between the various crypto roundtables the SEC has been hosting, the confirmation of Paul Atkins as SEC Chair, and the recent proposed Rule withdrawals, the administration appears to be taking some real shape. In light of that, this month’s edition of Headspace is meant to provide some thoughts on the Now what? question and identify what I believe will continue to be areas of focus for the SEC, regardless of its rulemaking/withdrawing activity. Compared to prior months’ essays, this month’s will be fashioned as more “quick hits” — which seems befitting of the topic, and also should allow folks to quickly resume any travel, poolside fun, or other activities they are hopefully enjoying this summer.

The “Now What”

Regardless of administration and status of Rules, the following topics are ones investment advisers and funds should continue to focus on, either because of consistent historic regulatory attention or because of practical risks associated with them: custody, fraud, cybersecurity, privacy, anti-money laundering, advertising, conflicts of interest, trading practices, fees, suitability, outsourcing, Code of Ethics, and artificial intelligence.

Custody.  Even though the SEC’s proposed amendments to the Custody Rule (Rule 206(4)-2) have been withdrawn, the Custody Rule itself of course is still in place . . . and one of the fundamental risks the Custody Rule is designed to protect against will always be on the minds of any SEC administration — misappropriation of client funds. Follow the money may be perhaps the top North Star the SEC uses when examining registrants, and asking for customer account statements, trade blotters, audited statements, etc. has been a staple in exams for decades. Ensuring adviser custody practices remain sound and in compliance with the existing Custody Rule will always remain important to the SEC.

Fraud.  The Adviser’s Act anti-fraud provisions (Advisers Act Section 206) were put in place by Congress, not the SEC. The anti-fraud provisions are so broad that, regardless of Rules that may be in place, any conduct by an investment adviser that results in investor harm arguably could be cited for violating Section 206. Additionally, the topic of defrauding the public as a general matter is core to the SEC’s mission regardless of political party. Accordingly, advisers should continue to actively think about how their Compliance programs are designed to detect and prevent any fraudulent activity by their supervised persons.

Cybersecurity. Although the SEC’s cybersecurity Rule proposal was withdrawn, cybersecurity risks to firms and clients only continues to increase — particularly with the global geopolitical environment in which we find ourselves. Prior to the Rule proposal, the SEC considered cybersecurity as a component of any adviser’s or fund’s Compliance program that is required by Rule 206(4)-7 of the Advisers Act and Rule 38a-1 of the Investment Company Act, respectively. Certainly there is the potential the SEC may take a different posture with registrants when it comes to how it enforces whatever expectations it may have regarding registrants’ cybersecurity practices absent a specific Rule on the topic. However, until those expectations become clearer, registrants should still remain vigilant as any cybersecurity failure can lead to significant investor harm - and when that type of risk is present, the SEC will likely continue to take an interest.

Privacy. Unlike the the Rule proposals that were withdrawn, under the Gensler administration, amendments to Reg. S-P actually became final. Among more particular requirements, the amendments require registered investment companies and advisers to adopt written policies and procedures creating an incident response program to deal with unauthorized access to customer information, including procedures for notifying persons affected by the incident within 30 days. Although the industry has requested an extension of the current June 2026 compliance date, no extension has been granted as of yet by the Atkins SEC. Additionally, certain SEC staff have indicated that, starting this year, exam staff will begin gathering information from registrants concerning their progress on implementing the Rule’s amendments in time for June 2026. Accordingly, advisers and funds should be devoting attention to these Rule amendments unless the SEC issues further guidance.

Anti-Money Laundering. Similar to the amendments to Reg. S-P, FinCen also adopted amendments extending to investment advisers the requirements that broker-dealers and banks already have regarding needing an anti-money laundering program. Although the industry has requested an extension of the current January 2026 compliance date, no extension has been granted as of yet by FinCen. Similar to the Privacy Rule amendments, advisers should be devoting attention to these Rule amendments unless FinCen issues further guidance

Advertising. While there is the potential the SEC may take a different enforcement and fining posture with respect to the Marketing Rule compared to the Gensler administration, marketing practices themselves have been a staple of SEC exams for decades. Prior to undertaking an exam of a registrant, the SEC often tries to review all publicly available information regarding a registrant (including their websites and other forms of advertising). The SEC also routinely requests copies of advertising materials during an exam itself. Making sure these materials satisfy existing Rule requirements would be prudent as advisers should expect this topic to be an evergreen area of focus of the SEC.

Conflicts of Interest. Whether it’s an adviser recommending a proprietary product, a fund trading with an affiliate, or a compensation structure that creates certain incentives for personnel that may not be in a client’s best interest, the topic of conflicts interests is commented on year-over-year by all SEC administrations. Additionally, the notion of how all conflicts can be addressed by disclosure is a bit of a growing misnomer, and advisers and funds alike should be mindful of how the SEC also expects certain conflicts to be mitigated or eliminated entirely as circumstances warrant. Advisers and funds should continue remaining vigilant about inventorying potential conflicts of interests with respect to their business and personnel, as well as evaluating whether the measures being taken to address such conflicts remain sufficient and appropriate.

Trading Practices.  With the Consolidated Audit Trail System (“CATS”), the SEC will continue having access to trade data for advisers and funds and will be evaluating such data for a host of detective purposes (e.g. cherry picking trading allocations, trading on material non-public information, etc.). Additionally, routine parts of any adviser’s or fund’s Compliance program — best execution, trade errors, affiliated transactions, etc. — are identified to varying degrees in the adopting releases to the Compliance Program Rules for both the Advisers Act and Investment Company Act. Ensuring that trading policies and procedures remain consistent with investor representations and disclosures, and also are periodically tested, should continue to be top of mind for advisers and funds.

Fees. Again, Follow the money . . . Whether it’s ensuring fees are calculated correctly, are fully and clearly disclosed, or are simply justified relative to the services being provided, the topic of fees has been a perennial one for the SEC. Making sure fee billing, disclosure, and other related practices are working in an accurate and transparent fashion should also be a regular part of an adviser’s or fund’s Compliance program.

Suitability. As I’ve discussed before, the current SEC administration has the general philosophy that increasing ordinary investor access to private and alternative markets is a worthwhile endeavor. However, various members of the current administration have also been consistent that such access still needs to be accompanied by appropriate guardrails. If an adviser wants to begin opening additional doors for its clients, it should also be mindful of its always-present duty of care. Yes, the current administration is unlikely to presume that an ordinary investor’s holding an alts product is automatically problematic; however, it doesn’t mean an adviser wouldn’t be asked to substantiate the due diligence it conducted on the product or strategy and client alike before making the recommendation. Regardless of asset class and product/strategy type, being able to support an investment recommendation and show a thorough product and client due diligence process is something the SEC always expects.

Outsourcing. With the withdrawal of the proposed Outsourcing Rule, it certainly appears that an adviser’s regulatory liability resulting from a failure of some kind on the party of a service provider may be reduced to a degree. And yet, it almost seems impossible for the SEC to not take at least some interest in how advisers use and oversee third-party service providers. Whether it’s understanding how an adviser can justify fees for services it is providing clients, or how an adviser ensures the protection of client data (among other topics), the types of investor protection topics outsourcing raises appear to fall squarely within the SEC’s jurisdictional mission of investor protection. How this plays out in an enforcement context remains to be seen, but at least as a point of dialogue between the SEC and advisers during exams, it seems unavoidable.

Code of Ethics. Year-in, year-out, through risk alerts or regulatory examination priorities, the SEC always notes a focus on examining registrants’ Code of Ethics administration. The topic of personal account monitoring and reporting always appears to be the ultimate “low hanging fruit” for the SEC and can often be an indicator of an adviser’s or fund's overall Compliance hygiene. Remaining disciplined about how an adviser’s or fund’s Code of Ethics is administered and monitored should also be a regular focus of any registrant.

Artificial Intelligence. The Trump administration on the whole certainly appears to be heavily against regulating the space of AI, having rescinded various Biden administration Executive Orders and other statements concerning the responsible development and use of the technology. While I think it’s probably unlikely for the Atkins administration to bring an AI enforcement action against an adviser or fund absent demonstrable harm, it also should not surprise registrants if the SEC inquires about the use of AI during exams or other informal outreach. Given the prominent place AI will undoubtedly have in our industry in the future, it would not be surprising for the SEC to at least assess whether it’s an area that may require some form of regulation in the future as learnings are gathered. Being prepared to have an intelligent discussion with the SEC on the topic of AI would afford registrants the opportunity to both maintain a good rapport with the SEC, as well as meaningfully contribute to the direction the SEC heads regarding its regulation.

Parting Thoughts

I suppose if one were to sum up the foregoing into a very simple phrase, it would be, Don’t get complacent. That’s not to say that an adviser or fund needs to focus on each and every one of the topics discussed above at the same time. Rather, an adviser or fund can simply take stock of the topics discussed above, assess their level of confidence in each, and prioritize accordingly. Having even a simple level of awareness and intentionality can go a long way in mitigating future risks. In many respects, now is a perfect time to tackle all of those “home projects” an adviser or fund simply may not have had the opportunity to over the past several years . . . and in a timeframe and model that makes the most sense for them and their clients.

Thanks for reading . . .

Paul Felsch, JD

About the Author