Here’s the problem most RIAs haven’t solved yet: you built your compliance manual for one regulator.

The SEC. Your regulator. The one that shows up for exams, the one you’ve spent years learning to satisfy. Your ADV, your marketing disclosures, your trade monitoring all of it is calibrated to a single enforcement lens.

Now your clients hold Bitcoin. Ethereum. Maybe a few tokenized commodities. And on March 11, 2026, the compliance stack you built around a single regulator got structurally more complicated.

The SEC and CFTC signed a formal Memorandum of Understanding, one that allows for coordinated exams, shared data, and more aligned enforcement, backed by a Joint Harmonization Initiative co-led by staff from both agencies. Whatever your compliance program looked like last quarter, it was written on the assumption that two regulators operated in separate lanes. That assumption no longer holds.

What the MOU Actually Says (And Why It’s Not Just Theater)

The MOU isn’t a regulatory rule. It doesn’t create new obligations on its own. That’s exactly why it’s easy to dismiss and exactly why dismissing it is the wrong move.

What it creates is a coordination infrastructure between agencies that previously operated with notable friction. The key operational commitments:

Joint Examinations. Both agencies will conduct coordinated exam planning and, where appropriate, joint or aligned examinations. Historically, an SEC-registered RIA with commodity exposure might only hear from the SEC. That insulation is now explicitly narrowed.

Shared Data. Upon request, both agencies agree to share data on matters of common regulatory interest. If CFTC flags something in your crypto activity, that conversation can now flow to your SEC examiner with a formal framework enabling it.

Ongoing Notifications. Both agencies will endeavor to inform each other in advance of issues that may impact each other’s regulatory interests, including entities under “common jurisdiction.”

Enforcement Alignment. To promote “consistency, efficiency, and proportionality,” both agencies will consult on enforcement investigations to avoid duplicative relief and conflicting remedial obligations.

That last one cuts both ways. It means you won’t get hit twice for the same violation. It also means enforcement coordination is now systematic, not incidental.

The Problem That Just Got Sharper for RIAs

Most RIAs that moved into crypto did so at the category boundary advising on Bitcoin (a commodity under CFTC jurisdiction) alongside equities and ETFs (squarely SEC). A reasonable call at the time: “We’re SEC-registered, the SEC is our examiner, we’ll build to that standard.”

The MOU puts pressure on that logic. Compliance manuals built in that environment rarely reflect CFTC-adjacent language or disclosure expectations. Trade surveillance often doesn’t tag crypto positions by regulatory classification. Exam prep is calibrated to a single agency’s priorities.

Under the old regime, a case could be made for that approach. Under joint coordinated examinations with shared findings, it’s a gap.

Three Places Your Compliance Program Needs to Adapt

1. Update Your Compliance Manual to Reflect Dual Regulatory Reality

Your manual should not assume a single-regulator world. Practically, this means:

Add a Crypto Asset Classification Section. Your manual needs to distinguish between crypto assets that function as securities (primarily SEC jurisdiction), commodities (primarily CFTC jurisdiction), and those that remain genuinely contested. This isn’t asking you to become a securities lawyer. It’s asking you to document that you’ve considered the question because examiners will ask.

Reference Both Regulatory Frameworks Where Relevant. For any section touching digital assets whether that’s investment strategy, trade monitoring, or client disclosures note the applicability of both SEC and CFTC oversight where it exists. This creates an audit trail showing your program was forward-looking.

Include the MOU. Add a brief acknowledgment of the SEC-CFTC Joint Harmonization Initiative and your firm’s process for monitoring developments from it. When the exam question is “are you tracking regulatory changes,” your manual should answer it before it’s asked.

2. Revisit Conflict Disclosures— Specifically Around Crypto

The Marketing Rule already requires rigorous disclosure of material conflicts. The MOU adds pressure on a narrower version of that problem: conflicts that arise from operating in both the securities and commodity markets simultaneously.

If you’re advising a client on a portfolio that includes both a commodity-classified token and a security, do your disclosures accurately reflect the different fiduciary and suitability standards that may apply to each? If you’re receiving compensation from a platform that services both asset classes, is that clearly disclosed?

In the near term, examiners running coordinated reviews may look specifically for disclosure gaps at the intersection of securities and commodities. That’s exactly where most RIA disclosures are currently thinnest because most compliance programs were written when the question didn’t come up.

Review your Form ADV Part 2A disclosures. Look specifically at Item 8 (Methods of Analysis, Investment Strategies, and Risk of Loss) and Item 10 (Other Financial Industry Activities and Affiliations). If crypto appears in your practice, those sections need to explicitly address the dual-regulatory dimension.

3. Rebuild Your Exam Readiness for Two Sets of Priorities

The most immediate operational risk is walking into an exam or a coordinated examination with a document readiness framework that only accounts for SEC exam priorities.

OCIE’s (now EXAMS’) published priorities are well-known to most CCOs. CFTC exam priorities are not, because historically they weren’t your problem. They are now.

Practically, this means:

Review your recordkeeping standards against CFTC Part 1.31 requirements for any crypto asset activity that may fall under commodity jurisdiction. The CFTC has specific retention and accessibility requirements that differ from SEC Rule 17a-4.

Audit your trade surveillance configuration. Does your current system distinguish between securities and commodity-classified crypto assets? Does it apply different surveillance logic where relevant? If the answer is no, that gap is documentable and defensible but only if you’ve documented that you evaluated it.

Prepare a dual-regulatory narrative for your next exam. When examiners ask how your compliance program addresses crypto, you want a clear, confident answer: “Here is how we’ve classified our crypto holdings by regulatory jurisdiction. Here is how that classification informs our disclosure, surveillance, and recordkeeping practices. Here is how we’re monitoring the Joint Harmonization Initiative for further guidance.” That answer is the difference between an exam that closes cleanly and one that opens a second round of questions.

The Opportunity Underneath the Obligation

The regulatory friction that made crypto compliance confusing for RIAs was, in part, a problem of jurisdictional ambiguity. Two agencies with overlapping claims, different enforcement philosophies, and no shared framework.

That ambiguity created compliance risk. But it also created interpretation risk, the risk that your reasonable, good-faith compliance choices would be evaluated against a standard that hadn’t been clearly stated yet.

The MOU doesn’t eliminate that ambiguity overnight. But it does create a formal process for resolving it: joint interpretations, coordinated rulemaking, aligned definitions. The firms that engage with that process early by monitoring the Joint Harmonization Initiative’s output, submitting public comment when the agencies invite it, and building compliance programs that track both regulators’ evolving frameworks will have a structural advantage when the rules solidify.

The firms that wait for the rules to be final before updating their programs will be rebuilding under exam pressure.

What to Do This Quarter

This isn’t a “monitor and revisit” situation. The joint examination framework is operational now. Three concrete actions before Q2 closes:

Conduct a crypto-asset classification review. For every digital asset in client portfolios or firm investment strategies, document a good-faith regulatory classification: security, commodity, or contested/unclear. This document becomes your baseline for everything else.

Schedule a compliance manual review cycle specifically for the MOU. Don’t wait for your annual review. Add a targeted review of your crypto-related policies, disclosures, and recordkeeping against the specific operational commitments in the MOU; coordinated exams, shared data, and enforcement alignment.

Brief your CCO or operations lead on CFTC exam priorities. CFTC examination guidance doesn’t map cleanly to SEC EXAMS priorities; the gaps between them are exactly where coordinated exam questions will concentrate. If your firm hasn’t tracked it before, start now.

The Underlying Shift

The SEC-CFTC MOU doesn’t resolve every jurisdictional question about crypto. What it does is create a formal process for resolving them; joint interpretations, coordinated rulemaking, aligned definitions. Firms that track that process and build compliance programs to match will have cleaner exams when the rules solidify. Firms that wait for finality before updating will be rebuilding under exam pressure.

The compliance programs that hold up aren’t the ones written for yesterday’s regulatory structure. They’re the ones designed to adapt as that structure changes.

Smartria’s policy management, compliance calendar, and exam readiness tools are built for exactly that not catching up to regulatory change, but staying ahead of it. If you’re working through what the MOU means for your compliance program.