Regulatory Forum

Join experts from Willkie Farr & Gallagher LLP and Standish Compliance for a timely and practical discussion on how investment advisers can prepare for and respond to the evolving landscape of cybersecurity and artificial intelligence risks. Topics include SEC focus areas and updates, emerging risks, practical tips, and tools for managing heightened risk and regulatory focus.

DATE & TIME
Thursday, October 16, 2025
12:30 p.m. - 1:30 p.m. CT

MODERATOR
Andy Green
Senior Adviser
Standish Compliance

SPEAKERS
A. Kristina Littman
Partner
Willkie Farr & Gallagher LLP

Jennifer Porter
Partner
Willkie Farr & Gallagher LLP

Alison Osburn
Chief Regulatory Counsel & Senior Compliance Officer
Standish Compliance

ACCREDITATION
Those who attend this transitional seminar will be eligible to earn 1.0 NY CLE Cybersecurity, Privacy, and Data Protection-General credit, 1.0 CA MCLE Participatory General credit, 1.0 IL MCLE General credit, and 1.0 TX MCLE Accredited General credit. The Willkie CLE Department will assist attendees who are admitted to practice in other jurisdictions.

After registering for this event, you will receive webcast log-in instructions (or dial-in instructions for audio-only participation).

On September 17, 2025, the SEC voted 3/1 to further extend the compliance date for amendments to Form PF to October 1, 2026. Adopted February 28, 2024, these Form PF amendments would expand reporting requirements for all filers with more extensive reporting for large hedge fund advisers. The initial compliance date, March 12, 2025, was previously extended to June 12, 2025, and then again to October 1, 2025. SEC Chairman Paul Atkins noted that during the next 12 months, SEC staff will be reevaluating the scope of the firms to which Form PF applies and the scope of the information requested. The extension is intended to allow SEC staff further time to review Form PF under President Trump's January 2025 Executive Order to review new rules with respect to any questions of fact, law, and policy that the rules may raise and take further action as needed. As expected, Commissioner Crenshaw dissented to the extension. Chairman Atkins and Director of Investment Management (IM) Brian Daly pointed out that Form PF is shared with the Financial Stability Oversight Council (FSOC) and other regulators who are users of the information and with whom SEC staff are actively engaging and coordinating. Director Daly noted that IM staff have prioritized the review of Form PF given the impending compliance date and that the staff have made good progress on their review to date. He additionally noted that SEC staff intend to engage in further communications in an effort to compromise with both users of Form PF data and filers in order to ensure the form is "right sized and fit for its statutory purpose."

The SEC charged Tomislav Vukota and two investment advisers he controls, Vukota Capital Management, LLC (VCM) and VCM Global Asset Management Ltd. (VGAM), for breaching their fiduciary duties and making material misrepresentations to private funds that they managed and fund investors. According to the SEC’s complaint, over a 6-year period, the defendants engaged in three distinct types of what the SEC characterized in its litigation release as “negligent” misconduct involving material conflicts of interest that resulted in more than $6.9 million in ill-gotten proceeds. First, the SEC's complaint alleged that Vukota and VCM caused various real estate private funds they advised to make short-term loans to VCM at below-market rates to, among other things, cover cash shortfalls at other private funds, creating undisclosed conflicts of interest. Second, Vukota and VCM sent misleading letters to the investors in four private funds holding some of the best-performing properties in connection with Vukota’s attempt to buy the investors’ interests. The letters omitted material information or made material misstatements related to the following: (1) Vukota was the buyer, noting instead that the general partner was selling LP interests to a new investor group; (2) pending refinancing transactions; (3) certain financial metrics; and (4) third-party value indicators. Finally, Vukota and VGAM made material misstatements in marketing and offering materials for one fund concerning fund investments, the existence of an auditor, the amount of assets under management, and the adviser's filing status as an exempt reporting adviser. The SEC complaint specifically noted that the private funds did not have Boards of Directors or Trustees to evaluate potential conflicts related to such activities, and because Vukota and VCM were conflicted, they could not give consent on behalf of the private funds. Rather, they were required, but failed, to disclose and obtain consent from the limited partners in the funds. The case is noteworthy because it represents the SEC’s first enforcement action charging a negligence-based Rule 206(4)-8 violation, which prohibits false or misleading statements to investors in a fund. Moreover, it reiterates an important point for private fund managers: when transactions or activities involve a conflict of interest between the adviser or its related persons and the funds or their investors, it is not sufficient for the general partner to simply exercise its discretion or authority. Rather, the adviser must disclose all material facts and seek consent from limited partners or from a limited partner advisory board or other independent board or committee acting on their behalf.

On September 4, 2025,  the SEC’s Office of Information and Regulatory Affairs released the Spring 2025 Unified Agenda of Regulatory and Deregulatory Actions. This is the first regulatory agenda released by the Atkins-led SEC. It signals the known focus of this administration on deregulatory proposals and reducing compliance burdens and disclosure costs, in keeping with the administration’s goal of a renewed focus on supporting capital formation and market efficiency. Key takeaways include:

• Innovation and deregulation. A number of deregulatory provisions would simplify pathways to raising capital and provide for expanded investor access to private businesses. Revisiting numerous existing reporting and disclosure frameworks could reduce compliance burdens.
• Crypto a top priority. The deregulatory and review agenda directives may help clarify the regulatory framework for crypto assets across various areas of the market, including issuance, custody, and trading.
• Clear shift from the prior administration. The SEC also withdrew several items that were on the previous administration’s agenda, which Commissioner Atkins noted were misaligned with the new administration’s approach. Withdrawn items material to private fund managers and investment advisers include, Safeguarding Advisory Client Assets, Conflicts Related to Predictive Data Analytics, ESG Disclosures, Cybersecurity Risk Management, Outsourcing by Investment Advisers, and Regulation D and Form D Improvements, among others.
• Staying in bounds. Atkins also noted the reasoning for withdrawal of many prior administration regulations was due primarily to their misalignment with the current goal of being smart and effective but regulating in a way that is appropriately tailored to the confines of the SEC’s statutory authority.
• Noteworthy rulemaking still in scope. Two items that could materially impact private fund managers and investment advisers that remain on the agenda are Custody Rule Amendments (with potential clarification regarding crypto and other asset classes) and Customer Identification Programs (related to the FinCEN AML Rules that were previously adopted but for which the compliance date was recently pushed from 1/1/26 to 1/1/28).

Following our recent video overview, we’ve created a simple roadmap with six practical steps to help investment advisers prepare for the upcoming Regulation S-P compliance dates.

The SEC announced a settled action against Meridian Financial, LLC (Meridian) for failures under the Investment Advisers Act concerning marketing, record-keeping, and compliance requirements. Meridian disseminated a website advertisement in which it claimed it “refuse[d] all conflicts of interest” without providing any context for this claim. This statement contradicted disclosure in the firm's Form ADV Part 2A related to its conflicts of interest. As such, the SEC found that Meridian violated the requirement under Rule 206(4)-1 (the Marketing Rule) that the adviser have a reasonable basis to believe that it would be able to substantiate such a claim in its advertisement upon demand by SEC staff. The firm was also charged with failing to maintain copies of all advertisements, including those that appeared on its website, in violation of Rule 204-2 (the Books and Records Rule). Finally, the firm was charged with not conducting a comprehensive annual compliance review, in violation of Rule 206(4)-7 (the Compliance Rule). In one year, the annual review was limited to a cursory review of the firm's Form ADV. In the next year, the firm engaged a compliance consultant to conduct the review, but the consultant assessed a stale version of the compliance manual that did not incorporate the requirements of the amended Marketing Rule. Meridian received a significant penalty despite the small size of the firm. This case underscores the importance of being able to substantiate statements in advertisements, appointing a competent CCO, establishing and maintaining a robust compliance program that reflects the dynamic requirements under the Advisers Act, and regularly reviewing and testing for compliance, either internally and/or with the assistance of competent compliance consultants.