Table of Contents
The SEC's Division of Examinations has released its Fiscal Year 2026 Examination Priorities - a comprehensive document spanning investment advisers, broker-dealers, and numerous other market participants.
The priorities address many areas, but for firms managing communications compliance and technology infrastructure, three themes emerge - two clearly stated, and one revealed by a notable absence. The document explicitly addresses AI supervision and compliance program effectiveness across multiple sections.
However, it's what the priorities don't say about recordkeeping that proves most instructive: while requirements appear throughout, the absence of any channel-specific language reinforces that these obligations remain foundational, comprehensive, and channel-agnostic.
AI Supervision and Explainable AI
Section VII.B of the priorities directly addresses AI technologies in financial services. The SEC will examine "whether firms have implemented adequate policies and procedures to monitor and/or supervise their use of AI technologies." This isn't simply about whether firms are using AI. it's about demonstrating governance and oversight.
The Division will also "review for accuracy registrant representations regarding their AI capabilities," meaning firms must be prepared to substantiate any claims they make about their AI-powered compliance tools.
The critical examination question becomes: Can your compliance team explain HOW your AI reached a specific decision? When an AI tool flags a communication or transaction as high-risk, examiners will want to understand the logic behind that determination. "Black box" systems that can't demonstrate their decision-making process create regulatory risk.
Firms need audit trails showing why AI flagged specific items, not just what was flagged. Controls must ensure that AI-driven recommendations remain consistent with fiduciary duties and regulatory obligations, particularly when those recommendations affect retail investors.
Questions firms should consider:
- Can you demonstrate your AI supervision framework during an examination?
- Have you documented which AI technologies you're deploying and how they're governed?
- Can compliance staff explain to examiners why AI flagged specific communications or transactions?
- Are AI-related marketing claims accurate and substantiated?
Channel-Agnostic Recordkeeping Requirements
The 2026 priorities mention recordkeeping requirements throughout the document, but never specify communication channels. There's no mention of email, text messages, WhatsApp, Teams, or any other specific platform. This absence confirms how foundational these requirements are.
SEC Rules 17a-4 (for broker-dealers) and 204-2 (for investment advisers) have required comprehensive recordkeeping for decades without ever specifying channels. They simply require ALL business communications be preserved, regardless of technology. The billions of dollars in off-channel communications fines levied between 2022 and 2024 weren't for violating new regulations - they enforced existing rules that firms failed to apply to modern communication channels.
The 2026 priorities reference recordkeeping obligations across various market participants throughout the document, always requiring that records be made and preserved, never specifying which communication channels.
The absence of channel specifications is intentional - the rules adapt to technological change without requiring constant amendment. Whether staff use email, WhatsApp, Signal, Teams, Slack, or future technologies not yet invented, regulatory obligations remain constant.
Firms must capture business communications regardless of which platforms employees use. Native format capture preserves context and authenticity that screenshots or manual forwarding cannot, and effective supervision requires visibility across all communication channels where business discussions might occur.
Compliance Program Effectiveness Requirements
Section I.B states that "the Division's assessment of the effectiveness of advisers' compliance programs is a fundamental part of the examination process." Section III.C addresses broker-dealer compliance programs similarly.
The key phrase appears throughout both sections: whether "policies and procedures are implemented and enforced." Well-written compliance policies aren't sufficient. Firms must demonstrate active implementation and enforcement. Annual compliance reviews must be substantive exercises that identify genuine issues and drive meaningful improvements, not checkbox exercises that rubber-stamp existing practices.
Marketing materials will face particular scrutiny - especially important given the AI supervision focus discussed above. Firms making claims about AI capabilities in their marketing must be able to substantiate those representations during examinations.
How to Prepare for SEC Examinations: Three Priorities for Financial Services Compliance
Financial services firms should prioritize three areas based on these examination themes:
- Audit your AI governance: Document which AI tools you're deploying and ensure you can explain AI-driven decisions to examiners. Verify that your supervision framework addresses the specific technologies in use.
- Assess recordkeeping comprehensively: Map ALL communication channels your employees use for business purposes. Verify communications are being captured regardless of platform and test your ability to produce complete records quickly.
- Test compliance effectiveness: Demonstrate procedures are actively enforced, not just documented. Ensure reviews identify genuine issues and verify marketing materials accurately represent your capabilities.
The SEC's examination message is clear: explainability matters, recordkeeping remains comprehensive regardless of channel, and compliance programs must prove effectiveness through action. Firms that treat these as foundational principles - not new obligations - will be examination-ready through 2026.
How MirrorWeb Can Help
MirrorWeb's compliance solutions directly address the examination priorities outlined above.
Explainable AI with Sentinel: Unlike "black box" compliance tools, Sentinel provides transparent AI decision-making. Compliance teams can see exactly why communications were flagged and demonstrate the logic to examiners.
Channel-Agnostic Communications Capture: MirrorWeb captures business communications across email, mobile messaging apps (WhatsApp, WeChat, Signal), collaboration tools, and social media - ensuring comprehensive recordkeeping regardless of channel.
Native Format Preservation: Communications are captured in native formats with full metadata and context, providing the complete, authentic records examiners expect.
Ready to strengthen your examination preparedness? Schedule a demo to see how MirrorWeb addresses the SEC's 2026 priorities.
