SEC enforcement activity fell to decade lows in fiscal year 2025. The Commission brought 313 enforcement actions, and total monetary settlements declined by approximately 45%, marking a clear departure from the prior era’s volume-driven approach.
This does not signal a weaker regulator. It signals a different one.
Under Chair Paul Atkins, enforcement has shifted away from technical compliance foot faults and toward cases involving actual investor harm, fiduciary breaches, fraud, and misleading conduct. For RIAs, this means fewer enforcement actions overall but deeper scrutiny where it matters most.
The firms that will thrive under this regime are not those chasing cosmetic fixes, but those that can prove, with evidence, that client protection is operationalized across their business.
2025 SEC Enforcement in Context
The enforcement shift accelerated after Chair Atkins formally took office in April 2025. Several structural changes became clear over the course of the year.
First, enforcement leadership moved decisively toward targeted, harm-based cases. The Division deprioritized minor policy wording issues, technical recordkeeping gaps without client impact, and historical matters that had already been remediated.
Second, the SEC made clear it would not revisit old settlements or reopen closed matters simply to inflate enforcement numbers. That approach reduced overall case volume but increased the seriousness of cases that were brought.
Third, the Commission elevated the role of the Cyber and Emerging Technologies Unit (CETU). Rather than broad crypto sweeps, CETU focused on AI-related misrepresentations, “AI washing,” and misleading technology claims, particularly in retail-facing contexts.
The message to RIAs is subtle but unmistakable: compliance optics matter less than demonstrable client protection.
Lesson 1: Prioritize “Real Harm” Over Technical Fixes
The SEC has clearly deprioritized enforcement actions based solely on technical imperfections such as minor recordkeeping gaps or imprecise policy language-absent evidence of investor harm.
This does not eliminate compliance obligations. But it changes where enforcement risk concentrates.
Firms are now judged more heavily on whether their failures caused, concealed, or enabled harm to clients.
RIA Action
Reallocate compliance resources toward:
- Fiduciary breach detection
- Conflict identification and mitigation
- Suitability failures
- Misuse of discretion or authority
Technical hygiene still matters but it is no longer the primary enforcement trigger.
Smartria’s Role
Smartria helps RIAs operationalize this shift by:
- Automating conflict mapping across roles, accounts, and products
- Structuring client suitability and allocation reviews
- Maintaining fiduciary duty checklists tied to supervisory workflows
This allows firms to demonstrate substance, not just policy presence.
Lesson 2: Scrutinize AI Claims to Avoid “AI Washing”
One of the most visible enforcement themes of 2025 was the SEC’s focus on misleading AI claims. CETU targeted firms that marketed artificial intelligence capabilities that were exaggerated, poorly defined, or unsupported by actual system functionality.
The enforcement risk is not using AI. It is misrepresenting it.
RIA Action
RIAs should:
- Inventory all AI-related claims in marketing, client communications, and vendor materials
- Distinguish clearly between automation, analytics, and true AI functionality
- Document how AI tools are used, governed, and supervised
Smartria’s Role
Smartria supports this through:
- Marketing review workflows that flag unsubstantiated technology claims
- Centralized approval logs tied to disclosures and evidence
- AI policy templates aligned with emerging SEC and NASAA guidance
The goal is not to avoid innovation but to ensure claims are defensible.
Lesson 3: Bulletproof Fiduciary Duty and Private Fund Fees
Despite lower overall enforcement volume, the SEC remained intensely focused on fiduciary duty, particularly around:
- Fee calculations
- Expense allocations
- Illiquid asset valuations
- Revenue sharing and conflicts
These cases consistently involved documentation failures, not just calculation errors.
RIA Action
Firms should:
- Re-audit fee methodologies and disclosures
- Validate valuation assumptions for illiquid assets
- Review withdrawal handling and allocation practices
- Confirm conflicts are disclosed, reviewed, and mitigated not just acknowledged
Smartria’s Role
Smartria enables this by:
- Providing fee tracking dashboards tied to disclosures
- Maintaining valuation logs and approval histories
- Capturing conflict attestations in exam-ready formats
This creates a defensible narrative when examiners ask not just what was done, but how it was supervised.
Lesson 4: Self-Report Early Cooperation Still Pays
The SEC refined its cooperation framework in 2025, including:
- Enhanced Wells process transparency
- Broader material access expectations
- Increased use of simultaneous settlements and waivers
Early self-reporting remains one of the most effective ways to reduce penalties and enforcement exposure.
RIA Action
When issues arise:
- Detect quickly
- Remediate decisively
- Document thoroughly
- Self-report where appropriate
Delays and incomplete narratives increase risk more than the underlying issue itself.
Smartria’s Role
Smartria supports cooperation readiness through:
- Incident logging with timestamps and ownership
- Structured remediation workflows
- Evidence export designed for regulator submission
This allows firms to demonstrate good faith, speed, and control.
Lesson 5: Fortify Retail Protections and Vendor Cybersecurity
The SEC continued to prioritize:
- Retail-facing misconduct
- Complex or opaque products
- Third-party and vendor cybersecurity risks
Vendor failures increasingly translate into firm-level accountability.
RIA Action
RIAs should:
- Reassess suitability for retail clients
- Strengthen vendor due diligence and tiering
- Perform regular cybersecurity risk reviews
- Maintain current SOC, contract, and risk documentation
Smartria’s Role
Smartria provides:
- Vendor oversight dashboards
- Risk classification and review cadence tracking
- Client alert and complaint documentation
- Annual cybersecurity assessment workflows
These controls reduce both enforcement and reputational risk.
Smartria: Your 2026 Enforcement Shield
A leaner enforcement environment does not reward minimal compliance. It rewards provable client protection.
Smartria centralizes fiduciary evidence, automates high-risk reviews, and creates immutable audit trails across:
- AI claim validation
- Fee and valuation oversight
- Conflict management
- Incident response
- Vendor governance
The result is lower exam stress and reduced enforcement exposure without overbuilding compliance infrastructure.
Conclusion
The Atkins-era SEC is not less serious. It is more selective.
For RIAs, surviving is no longer enough. The firms that will thrive are those that can prove they protect clients clearly, consistently, and with evidence.
Smartria operationalizes what the SEC now cares about most.
Book a Smartria demo to see how Atkins-era enforcement priorities translate into exam-ready compliance.
