News & Insights

2025 Compliance Program Checklist

The upcoming year will be a year of change. A new presidential administration will bring new SEC leadership. SEC Chair Gary Gensler will step down on January 20th, and Paul Atkins, who formerly served from 2002-2008, has been nominated to take his place. Recent history has been marked by many 3-2 votes at the commission. With a conservative SEC Chair, Commissioner Hester Pierce and Commissioner Mark Uyeda will be part of a majority that could take new approaches on regulatory issues and possibly push for re-proposals of existing proposed rules like Cybersecurity, Outsourced Service Providers, ESG, Custody, and Artificial Intelligence, all of which have been proposed but not finalized.

Despite these changes and the uncertainty of what may come, there are a number of compliance deadlines that are already set for 2025. Similarly, the 2025 Exam Priorities published by the Division of Examinations and published observations from the commission will continue to be a guide for effective compliance programs. Start your year off on the right foot with our 2025 Compliance Program Checklist.

  1. Review your compliance program for immediate needs. Were there any tasks for 2024 that you have not yet completed? A few areas to consider as you start 2025:
  • Risk Assessments and Annual Reviews: Ensure these are completed for prior years and on track for 2024.
  • Action Items: If prior reviews or risk assessments led to any 2024 action items for the compliance program, make sure you have completed them and documented completion.
  • Resources: If your firm has grown quickly, determine if the compliance team has adequate resources to support this group. Also, consider additional time and/or resources that may be needed for any new requirements you will face in 2025.
  • Changes: If your firm has any new products, services, and/or strategies, ensure that the policies and procedures and any needed disclosures have been brought up to date with these changes.
  1. Conduct employee compliance training, if needed. Firms should conduct compliance training on an annual basis. If this was not completed in 2024, make it a goal for the first quarter of 2025.
  2. Conduct a test of your Business Continuity Plan (“BCP”) and perform Vendor Due Diligence on key service providers. Need Assistance? Contact Fairview Cyber.
  3. Filings, Reports and Disclosures. As you start 2025, review current Form ADV disclosures, along with U4s for your registered personnel and other public disclosures such as those present in marketing material. Ask yourself:
    • Have these become materially inaccurate?
    • Can your registered personnel confirm that their U4s and Form ADV 2B disclosures are still correct? Are they caught up on any Continuing Education Credits needed for registration in certain jurisdictions?
    • Are your filings, reports, and disclosures in line with the most current instructions and any published guidance from the SEC? Do any recent enforcement actions suggest revisions or additional disclosures?
  1. Ensure your Compliance Manual is up to date and includes risk-based best practices to set your firm and compliance program up for success. If your policies and procedures have not been updated in close to—or over a year—you should review for necessary changes. As you review your policies and procedures, consider the following:
  • Ensure that policies and procedures:
    • Fit your firm and its operations
    • Reflect on compliance risks that you have identified for the firm
    • Are current with new rules and best practices
    • Mitigate recidivism for past deficiencies
  • Address any priority items:
    • Correct material compliance issues (i.e., code of ethics reporting, fee calculations, custody issues, or regulatory deficiencies)
    • Confirm the ability to produce required books and records
    • Conduct a compliance risk assessment that addresses the firm, Advisers Act rules, and best practices
  1. Ensure you have a plan to stay up to date on rules, regulations, and best practices. Make sure to check relevant SEC websites regularly and sign up for timely updates, such as subscribing to Fairview Flash Reports, which provide SEC- and compliance-related news and insights. See our Compliance Year in Review for 2024.
  1. Make sure you are prepared to comply with new requirements and emerging SEC priorities. This includes not only developing a plan but also ensuring that you have the resources and support needed to meet requirements. Consider the following:
  • Form SHO – Advisers whose short positions cross certain thresholds will need to file their first Form SHO filing by February 14, 2025. For more information on monitoring for these thresholds and filing requirements, read our full flash report on the topic, Here Comes Form SHO.
  • Off-Channel Communication – Failure to retain business communication is still a priority for the SEC. Meeting best practices and SEC expectations with respect to these kinds of communications can be particularly challenging for compliance professionals. Make sure your firm has software and policies and procedures in place to properly archive written business communications via email, text, apps or other means. For more information and guidance, check out our Adviser Guide to Off-Channel Communications.
  • Reg S-P – Compliance with Amended Regulation S-P is required by December 3, 2025, for larger entities and by June 3, 2026, for smaller entities. For more details on Amended Regulation S-P and its requirements, click here.
  • Artificial Intelligence (AI) – Although the SEC has not finalized the proposed AI Rule, the SEC has focused on investor harm due to misstatements around purported uses of AI, also known as AI-washing, and the security of client data should be considered if AI is in use at your firm. It can be helpful to establish an acceptable use policy and provide thorough employee training to understand what is approved and what is not. See our AI Do’s and Don’ts Guide.
  1. Document, document, document. In every SEC Exam, one of the first things examiners will ask for is documentation. Creating and maintaining documentation is not only a requirement under the Books and Records Rule, but it also serves as proof that your policies and procedures have been fully implemented and are being followed. Consider these tips:
    • Testing and Reviews – Document your testing and reviews to demonstrate that procedures were followed (e.g., the Annual Review, investment committee minutes, best execution review, share class review, code of ethics reporting, compliance testing, etc.)
    • Recordkeeping – Confirm that all references to documentation in your policies and procedures can be matched to current recordkeeping practices and can be matched to existing documents you can produce.
    • Training – Emphasize documentation processes in your compliance training and desktop procedures.
    • Cover your bases – Ensure that there is documentation showing that procedures were followed (e.g., logs are maintained, prior versions of the Compliance Manual are on file, data necessary for substantiating performance marketing is saved down, evidence of deadlines being met is retained, etc.)
    • Give yourself credit – If your compliance program overcomes a challenge, write a memo to file memorializing the facts of the issue, how it was discovered, how it was resolved (and resolved in favor of a client or investor if applicable), and any changes it caused for your compliance program. Using a memo to describe changes to monitoring, communication, testing, etc., prompted by the issue also serves as evidence that your compliance program is getting stronger with each challenge it faces.

Questions? 

We can help. Our team of regulatory experts partners with investment advisers to help CCOs maintain the day-to-day administration of your compliance program. If you have questions, or need guidance, let us know.