Key Question
Will the Securities and Exchange Commission’s (“SEC”) 2026 rulemaking agenda force broker-dealers, RIAs, and dual registrants into a widespread rewrite of supervisory procedures and compliance frameworks?
Our View
Yes. The SEC’s 2026 rulemaking agenda is likely to trigger the most significant rewrite cycle of written supervisory procedures (“WSPs”) and compliance programs since Regulation Best Interest (“Reg BI”), particularly for compliance officers and senior management responsible for governance, documentation, and supervisory oversight for broker-dealers, RIAs, and dual registrants.
Executive Summary
The SEC’s emerging 2026 regulatory agenda signals another potentially significant operational and supervisory shift for financial services firms. Although the SEC under current leadership has withdrawn several prior rule proposals viewed as overly expansive, the Commission’s new agenda suggests firms may still face substantial implementation obligations across areas, including custody modernization, crypto asset supervision, customer identification procedures for investment advisers, books and records modernization, and market structure reform.
For many firms, the practical impact may extend beyond technical rule amendments. Similar to the industry-wide operational overhaul that followed the implementation of Reg BI, firms may once again need to reevaluate how supervisory obligations are implemented, documented, escalated, tested, and evidenced during examinations. Industry observers increasingly expect firms to revisit core supervisory architectures, testing frameworks, policies, and enterprise documentation standards in anticipation of these developments.
Regulatory Background
The SEC’s rulemaking priorities have shifted significantly over the past several years. Under prior leadership, the Commission pursued expansive proposals covering cybersecurity governance, conflicts in predictive data analytics, outsourcing oversight, ESG disclosure frameworks, and safeguarding advisory clients’ assets. However, the withdrawal of prior proposals should not be interpreted as a reduction in compliance expectations. Instead, the SEC appears to be refocusing on targeted modernization initiatives to reshape operational supervision, digital asset governance, and core compliance infrastructure.
The SEC’s Spring 2025 Unified Agenda specifically identified multiple rulemaking initiatives with projected action dates during 2026, including amendments involving custody rules, customer identification obligations for RIAs, crypto market structure reforms, and broker-dealer recordkeeping modernization.
Practical Impact and Key Developments
For broker-dealers, RIAs, and dual registrants, the most significant challenge may not be interpreting new rules but rather operationalizing them across supervisory systems that have evolved over years of layered amendments and fragmented updates.
- Custody Rule Modernization Could Reshape Supervisory Documentation
Firms may need substantial revisions to custody oversight procedures, vendor supervision, asset movement controls, escalation protocols, and annual compliance testing procedures. - Digital Asset Oversight May Expand Supervisory Complexity
Even firms with limited crypto exposure may face indirect supervisory implications involving electronic communications monitoring, advertising review, risk disclosures, and alternative investment supervision. - Cybersecurity Governance and Operational Resiliency Expectations Are Expanding
Although portions of the SEC’s prior cybersecurity proposals were withdrawn or delayed, regulators continue emphasizing operational resiliency, vendor oversight, incident escalation, and cyber governance obligations. Firms need to revisit cybersecurity WSPs, vendor due diligence procedures, incident response escalation frameworks, and board-level reporting protocols to ensure supervisory systems remain defensible during examinations. - Outsourcing and Third-Party Vendor Oversight Requires Stronger Supervisory Controls
The SEC and FINRA continue to signal heightened concern about firms’ reliance on third-party technology providers, compliance vendors, cloud-based systems, and outsourced operational functions. Firms may need to strengthen due diligence reviews, vendor-monitoring controls, contractual oversight provisions, business-continuity testing, and documentation standards for outsourced compliance and operational activities. - Books and Records Expectations Continue to Expand
Regulators increasingly expect firms to maintain defensible supervisory evidence, exception-management logs, branch-review documentation, and governance reporting. - Testing and Documentation Expectations Are Increasing
Examiners increasingly focus on demonstrable compliance effectiveness rather than static policy language alone.
Recommended Actions
Conduct a Comprehensive WSP Gap Assessment. Firms should evaluate whether current supervisory procedures accurately reflect operational practices and supervisory responsibilities.
Review Documentation Defensibility. Compliance officers should assess whether supervisory reviews and testing results are consistently documented and retained.
Enhance Compliance Testing Programs. Testing frameworks should evaluate operational effectiveness rather than merely confirming the existence of policy.
Update Training Programs. Training should align with evolving supervisory expectations involving escalation obligations, digital assets, and electronic communications.
Prepare Senior Management Reporting Protocols. Executive management increasingly expects structured reporting regarding compliance risks and remediation initiatives.
Key Takeaways
- WSP Rewrite Risk Is Increasing – The SEC’s developing 2026 agenda may require firms to revisit supervisory systems more comprehensively than many anticipated.
- Documentation Defensibility Matters More Than Ever – Regulators increasingly focus on whether firms can demonstrate operational compliance effectiveness through documented evidence.
- Dual Registrants Face Heightened Complexity – Firms operating both brokerage and advisory platforms may confront integration challenges involving AML, custody, supervision, and books and records obligations.
- Early Preparation Creates Strategic Advantage – Firms that begin gap assessments during the proposal phase are generally better positioned for implementation readiness.
Conclusion
The SEC’s 2026 rulemaking agenda may ultimately prove to be one of the most operationally significant compliance developments since the implementation of Reg BI. For broker-dealers, RIAs, and dual registrants, the central challenge will likely be translating evolving regulatory expectations into defensible supervisory frameworks that can withstand scrutiny during examinations.