Regulatory Forum

The SEC staff published a new Marketing Rule Risk Alert specifically focused on deficient practices related to the use of testimonials, endorsements, and third-party ratings by investment advisers. The risk alert noted that advisers frequently include reviews, recommendations, referrals, or language from current or former clients or investors, social media influencers, industry participants, or others promoting or endorsing the adviser on websites, lead generation and other referral platforms, and sometimes fail to recognize that such practices constitute testimonials or endorsements under the Marketing Rule. Moreover, the alert identified advisers' references to third-party ratings, rankings, and awards on websites, social media, and other marketing materials and forums. The SEC staff highlighted a number of deficiencies related to adviser disclosure and oversight practices with respect to such activities and failure to implement appropriate compliance policies and procedures to prevent violations. In light of this risk alert, we recommend that advisers review their practices regarding any testimonials, endorsements, or other referral or recommendation arrangements with any parties (including those through placement agents or solicitors), as well any ratings, rankings, awards, or other commendations highlighted online or in marketing materials, to ensure that they comply with all relevant provisions of the Marketing Rule. CCOs may want to take this opportunity to discuss these activities with relevant fundraising, investor relations, and other business personnel to ensure that they are aware of any current or contemplated activities that may be covered under the Marketing Rule and reeducate their team on the applicable regulatory requirements.

On December 3, 2025, the SEC formally granted a temporary exemption for investment advisers subject to Form SHO filing until January 2, 2028. The SEC adopted Rule 13f-2 and Form SHO under the Securities Exchange Act of 1934 (“Exchange Act”) in October 2023 to require institutional investment managers exercising investment discretion over short positions meeting specified thresholds to report on Form SHO information relating to end-of-the-month short positions and certain daily activity affecting such short positions. The SEC would then publish aggregated information regarding short sale activity reported on Form SHO.

Form SHO was adopted together with Rule 10c-1a under the Exchange Act, which would require daily reporting by broker dealers to FINRA and subsequent public dissemination of information on covered securities loans. As previously reported, both rules were subject to a lawsuit by the National Association of Private Fund Managers, the Managed Funds Association, and the Alternative Investment Management Association filed in the U.S. Court of Appeals for the Fifth Circuit (“Court”) challenging the rules on multiple grounds, arguing that the rules violated the Administrative Procedure Act, which requires agencies to justify their rules and consider feedback, and that such rules exceeded the SEC's authority. As previously reported in August 2025, the Court remanded, without vacatur, the rules to the SEC, agreeing with the petitioners’ contention that the SEC should have considered the rules’ collective impact in its economic analysis.

Accordingly, this exemption, which defers reporting on Form SHO until January 2028 and reporting under Rule 10c-1a until September 2028, allows the SEC time to consider and quantify their cumulative economic impact, respond to the Court’s opinion and take any further appropriate actions, which may include proposing amendments to the rules. We will continue to monitor the status of this rulemaking and provide additional guidance and resources to clients as needed.

See https://www.sec.gov/files/rules/exorders/2025/34-104303.pdf

Observations From 2025 & What to Look For in 2026

We hope you were able to join Morgan Lewis and Standish Compliance on December 2, 2025, for a timely webinar discussing the SEC Examination and Enforcement Updates. The panel included Kelly L. Gibson, Christine Ayako Schleppegrell,  Maryellen Maurer, Nicole De La Roca, and Annie Hancock. This spectacular panel discussed the SEC’s latest examination and enforcement priorities, trends observed throughout 2025, and key areas expected to shape the 2026 regulatory landscape.

Topics included:

• Compliance with Regulation S-P
• Oversight of service providers
• Supervision and marketing of AI-driven strategies
• Exam trends and data analytics
• Enforcement themes emerging from recent SEC activity

If you missed it, you can access the recording and handout below. If you have questions, please contact Presley Valenzuela.

The SEC brought a settled action against M Holdings Securities, Inc., a dually registered investment adviser/broker-dealer, for failing to maintain reasonably designed policies and procedures concerning cybersecurity, the protection of customer information, and identity theft prevention. The SEC noted that the firm, which operated nationwide out of 120 branch offices, failed to adopt written information security policies and procedures until September 2020, and that such procedures were not properly designed to address known security weaknesses that had resulted in multiple email account takeovers across such offices that exposed personal information of approximately 8,500 individuals. The SEC highlighted the firm's failure to require multifactor authentication (MFA) by its representatives, conduct annual security awareness training, or establish a written incident response plan until March 2024. Moreover, the SEC alleged that the firm failed to implement an adequate identity theft prevention program because it did not periodically determine whether the firm offered or maintained covered accounts, as identified under Regulation S-ID, and did not periodically update policies and procedures to reflect changes in risks related to ongoing cybersecurity incidents. The SEC charged the firm with failures under Regulation S-P and Regulation S-ID, and the firm agreed to pay a $325,000 penalty to settle the charges. As investment advisers and brokers focus their efforts on complying with recent amendments to Regulation S-P, it is important that they reevaluate and confirm that their information security policies are informed by security incidents that they have experienced, effectively identify and address risks based on their business models, and incorporate industry best practices such as MFA and robust training programs. While we do not expect the SEC to quickly begin bringing enforcement sweeps based on its examinations for compliance with amended Reg S-P, this case demonstrates that firms will nevertheless be held responsible for flagrant deficiencies in their cybersecurity programs and failure to promptly and effectively respond to security breaches.

With the holidays approaching, it’s a great time for investment advisers to revisit regulatory expectations regarding gifts and entertainment. Check out this quick video for key reminders on thresholds, documentation, and staying compliant through year-end.

On November 17, 2025, the SEC Division of Examinations published its 2026 Examination Priorities. The leadership highlights that the U.S. capital markets are undergoing significant evolution, driven by product innovation, economic and geopolitical developments, as well as changes within the SEC itself. These forces require the Division to refine its approach to examinations while staying grounded in its core mission: promoting compliance, preventing fraud, informing policy, and monitoring risk. The SEC is reevaluating their risk-based priorities and how they approach various trends in the markets, new and emerging products and services, and their processes to ensure examinations continue to be efficient and effective.

Standish comment: Notably, the 2026 priorities did not have nearly the same emphasis on private fund regulation, which is a stark departure from prior years. The limited references to private funds, with only four direct mentions in the whole document, only pertain to newly launched private funds, private fund advisers who also manage separately managed accounts, and advisers that have not previously advised private funds.

The following are highlights of priorities that will mostly directly impact Standish Compliance clients.

• Adherence to Fiduciary Standards of Conduct
• Effectiveness of Investment Advisers’ Compliance Programs
• Never-Examined Advisers and Recently Registered Advisers
• Risk Areas
  • Information Security and Operational Resiliency
    • Cybersecurity
    • Regulation S-ID and Regulation S-P
  • Emerging Technology