On April 7, 2026, the SEC released its enforcement results for fiscal year 2025. Most RIAs will read the top-line numbers (456 actions filed, $17.9 billion in monetary relief) and move on. That’s a mistake this year.
The report isn’t a scorecard. It’s the Commission explicitly telling you what it thinks enforcement should look like going forward, and what the prior Commission got wrong. For CCOs of small and mid-size RIAs, three takeaways matter more than the headline numbers.
1. The target changed. “Fewer cases” is not the same as “less risk.”
The instinct when case counts drop is to read it as regulatory breathing room. Don’t.
Chairman Atkins used the FY2025 release to explicitly repudiate the prior Commission’s approach. Since FY2022, the prior Commission had brought 95 off-channel communications cases, seven crypto registration actions, and six “definition of a dealer” cases. All of which, in his words, “identified no direct investor harm.” The current Commission called that “regulation by enforcement” and walked away from it.
What replaces it is a fraud-first framework: offering frauds, market manipulation, insider trading, issuer disclosure violations, and the one that matters most to RIAs — breaches of fiduciary duty by investment advisers.
The shift isn’t less enforcement. It’s a different kind of enforcement, aimed at a different kind of firm. The prior regime’s highest-risk firm had sloppy documentation and late attestations. The current regime’s highest-risk firm has a clean paper trail and a conflict it didn’t adequately disclose.
That second problem is harder to fix than the first.
2. The Vanguard and Cutter cases tell you exactly where the bar is now.
Two of the cases highlighted in the FY2025 report should be required reading for any RIA CCO.
Vanguard Advisers, Inc. was charged for failing to adequately disclose conflicts of interest when recommending that prospective and existing clients enroll in a fee-based advisory service. No fabricated returns. No misappropriated funds. A financial incentive existed, the disclosure wasn’t specific enough for clients to understand its significance, and that was the violation.
Cutter Financial Group lost at trial in April 2025 on Section 206(2) of the Advisers Act. Jeffrey Cutter and his firm were found liable for recommending insurance products that paid substantial up-front commissions without adequately disclosing the financial incentive to sell them. Same structure as Vanguard. The conflict existed, the disclosure didn’t surface it clearly enough. Notably, the jury found for the defendants on the scienter-based 206(1) and 206(4) claims. The SEC didn’t need to prove intent. Negligent disclosure inadequacy was enough.
Both cases turn on the same distinction: present disclosure versus adequate disclosure. If your Form ADV Part 2A describes compensation arrangements in language designed to satisfy a checklist, but doesn’t give a reasonable client enough context to understand what’s actually at stake in the recommendation, that’s the exposure the current Commission is looking for.
This is a different standard than the one most compliance programs were built to meet. “Did we disclose it?” is the wrong question. “Would a client reading this disclosure understand the incentive and its significance?” is the question.
3. Individual accountability isn’t rhetoric. It’s structural.
Buried in the supporting detail of the FY2025 release: approximately two-thirds of standalone actions filed during the fiscal year involved charges against one or more individuals. That’s a 27 percent year-over-year increase. Under Acting Chairman Uyeda and Chairman Atkins specifically, nearly nine out of every ten standalone actions included individual charges. The Commission also obtained orders barring 119 individuals from serving as officers and directors.
The Commission was explicit about why: specific and general deterrence. A firm-level penalty is a cost of doing business. An individual bar follows the person to their next firm.
For RIAs, this shifts the personal risk calculus for every compliance decision in a specific way. The close call on whether a disclosure is specific enough. The judgment call on whether a conflict is material enough to flag. The decision to sign off on marketing language that technically complies but aggressively stretches the Marketing Rule’s capacity.
Under the prior regime, the downside of getting those calls wrong was almost always institutional. Under the current one, the person who made the call is increasingly the person the Division is interested in.
What to actually do with this
None of this calls for a compliance program overhaul. It calls for a different quality of attention to things that were already supposed to be getting attention.
Read your Form ADV Part 2A the way a client would, not the way a compliance officer would. Every place where a compensation arrangement, referral fee, proprietary product, or fee-based advisory enrollment is described, ask whether it actually explains to the client what the incentive is and why it matters, or whether it just acknowledges that an incentive exists.
Audit your conflict disclosures against the Vanguard standard. For each conflict your firm has identified, walk through what you disclosed, where, and in language specific enough that a client could act on it. Gaps between “technically disclosed” and “substantively disclosed” are the exposure.
Document the reasoning on close calls, not just the conclusion. If a material conflict question came up and you decided no additional disclosure was required, the memo that shows the analysis is worth more than the decision itself. Under an individual-accountability framework, the documented thinking is the defense.
Revisit marketing reviews with a fiduciary lens. The Marketing Rule (206(4)-1) isn’t going away, but the enforcement emphasis is shifting. A marketing piece that technically complies but implies a value proposition the firm can’t substantively deliver is a fiduciary problem, not just a marketing problem.
The enforcement pipeline that will produce the FY2026 and FY2027 results is being built right now, from decisions the Division made in 2024 and 2025. Firms whose compliance programs were optimized for the prior regime’s documentation focus are exposed in a way that isn’t visible on the attestation log.
The firms that have been running compliance as substance, not just as process, have a real head start.
Compliance Approved is built and run by a working Chief Compliance Officer managing a $2B AUM program. Our platform is designed around the documentation that holds up under the current SEC enforcement framework: marketing reviews with full audit trails, policy versioning tied to the decisions that generated it, and conflict disclosures you can actually defend.