CE Credit Course: Navigating Common Deficiencies & SEC Priorities

As we move into the second month of 2026, the regulatory pressure on Registered Investment Advisers (RIAs) has reached a fever pitch. AdvisorLaw’s Michelle Atlas-Quinn, J.D., was featured on Financial Experts Network's high-impact CE credit course: "Staying Compliant: Navigating Common Deficiencies & SEC Priorities." The webinar received a 91% "Excellent" rating from attendees, and for good reason—the "emerging risks" discussed then are the exact "deficiencies" the SEC is citing in deficiency letters today. If you missed the live session, here is a breakdown of the critical themes every IAR needs to master to survive an audit in 2026.

1. The SEC’s "Fiduciary First" Mentality

The SEC’s Division of Examinations has shifted toward a principles-based approach. While rules like the Marketing Rule are explicit, the SEC increasingly uses the Fiduciary Duty of Care and Loyalty as an umbrella for enforcement.

• Key Lesson: Even if a specific rule doesn't forbid an action, if it isn't in the client’s best interest, it’s a violation.
• 2026 Update: "AI Washing"—the act of overstating your firm's AI capabilities—is now a primary target under the duty of care.

2. Marketing Rule: The "Performance" Trap

The SEC Marketing Rule (Rule 206(4)-1) is no longer new, but it remains the top source of deficiencies.

• Hypothetical Performance: You must disclose every assumption and methodology. There is no "casual" way to show hypothetical returns.
• The "Single Recipient" Rule: Did you know that showing performance info to even one person can trigger the Marketing Rule?
• Third-Party Ratings: You must disclose who was surveyed and whether the rating was "pay-to-play."

3. The Form CRS & Custody Crisis

Form CRS remains the "low-hanging fruit" for examiners. In 2026, the SEC expects your Form CRS to be more than just a document—it’s a digital requirement.

• Digital Presence: It must be prominently linked on your homepage.
• Custody Blindspots: Many advisors have "constructive custody" without realizing it. If you have the login credentials for a client's account or a Standing Letter of Authorization (SLOA) that allows you to move money to third parties, you have custody.

4. Cybersecurity & The AI Frontier

In 2026, cybersecurity is no longer just "IT’s problem." The SEC's focus has expanded into how firms use Emerging Tech:

• AI Note-Takers: Are you using AI to record Zoom calls? If a client mentions their SSN or private data, that recording is now a high-risk digital asset that must be protected under Reg S-P.
• The 72-Hour Rule: Under updated regulations, firms are under tighter timelines to report significant breaches.

5. Operational Best Practices: "Say What You Do"

The mantra for 2026 is simple: "Say what you do, and do what you say."

• Tailored Manuals: Throw away the "off-the-shelf" compliance templates. If your manual lists services you don't actually provide, the SEC views it as misleading.
• The Log Library: You should maintain active logs for trade errors, client complaints, gifts, and—critically—AI usage and testing.