April reflects a more defined and evolving regulatory environment.
The SEC is signaling a shift in enforcement priorities toward fraud and investor protection, while areas such as vendor due diligence and qualified client thresholds continue to formalize into clearer expectations for advisers.
At the same time, artificial intelligence is becoming increasingly embedded in firm operations. From global frameworks like the EU AI Act to practical considerations around governance, recordkeeping, and disclosure, expectations are developing rapidly.
We are also seeing increased coordination across regulators, particularly in crypto markets, where the SEC, CFTC, and Congress are beginning to align on market structure and classification.
In this month’s Salus GRC Brief, we highlight key developments, regulatory signals, and emerging risks relevant to compliance teams.
SEC Enforcement Results: Key Takeaways from Fiscal Year 2025
The SEC’s 2025 enforcement results reflect a shift toward prioritizing fraud, investor protection, and substantive outcomes over volume-driven enforcement. For investment advisers, this signals a more focused and disciplined approach, with less reliance on enforcement as a policymaking tool and greater emphasis on high-impact misconduct.
Building a Modern Vendor Due Diligence Program: April 7 Webinar Recap
Investment advisers are facing increased regulatory expectations around vendor oversight, requiring a shift from informal diligence to structured, risk-based third-party risk management programs. A modern approach emphasizes multi-dimensional evaluation, ongoing monitoring, and operational integration to ensure regulatory defensibility and resilience.
SEC Proposed Changes to Qualified Client Thresholds
The SEC has proposed increases to the qualified client thresholds for performance fees, raising both the assets-under-management and net worth requirements to reflect inflation. Advisers may need to update offering documents and investment agreements, though the new thresholds are not expected to apply retroactively to existing client relationships.
Artificial Intelligence: A Hot Topic at the Investment Adviser Compliance Conference
AI is rapidly becoming embedded in investment adviser operations, raising new compliance considerations around recordkeeping, disclosure, and data usage. Firms are expected to take a practical, governance-driven approach to AI adoption, balancing innovation with regulatory obligations and risk management.
Smart TV Login Features Being Exploited to Bypass MFA
Device code phishing exploits smart TV-style login flows to bypass MFA by tricking users into unknowingly authorizing attacker access. Organizations should address this emerging risk through stronger access controls, monitoring, and user awareness.
Understanding the EU Artificial Intelligence Act and Its Global Impact
The EU Artificial Intelligence Act introduces a comprehensive, risk-based regulatory framework governing AI systems, with strict requirements for high-risk applications and transparency obligations for generative AI. Its global reach and influence are expected to shape how organizations approach AI governance, compliance, and risk management across jurisdictions.
U.S. Crypto Regulation Enters a Coordinated Phase: SEC, CFTC, and Congress Move Toward Market Structure Clarity
U.S. crypto regulation is moving toward a more coordinated and structured framework, with the SEC, CFTC, and Congress aligning on classification, jurisdiction, and market structure. For advisers, these signals increase expectations around consistent asset classification, documentation, and compliance practices as regulatory approaches converge.
Regulatory Deadlines
- FOCUS Part II Quarterly Filing (FINRA) – April 23, 2026
- Form Custody (FINRA) – April 23, 2026
- SSOI Quarterly Filing (FINRA) – April 28, 2026
- Distribute Pool Participant Statements (NFA/CFTC) – April 30, 2026
- Form PF (Annual) – April 30, 2026
- Distribute Fund Audited Financial Statements – April 30, 2026
- Distributed Form ADV Part 2A – April 30, 2026
A Note from Bill Mulligan, CEO
As we move further into 2026, the regulatory environment continues to evolve in ways that call for thoughtful judgment, discipline, and a steady focus on outcomes. The SEC’s renewed emphasis on fraud, market integrity, and meaningful investor protection reflects a broader shift toward substance over volume in enforcement. At the same time, developments such as the anticipated increase in qualified client thresholds serve as a reminder that even well-established rules require ongoing attention. For many firms, this is not simply a compliance exercise. It also represents an opportunity to reassess frameworks, strengthen documentation, and ensure alignment with both regulatory expectations and long-term business objectives.
Alongside these developments, we are seeing continued momentum in how technology is shaping our industry. Artificial intelligence is increasingly embedded in workflows across compliance and operations, and regulators have been clear in maintaining a technology-neutral posture, which focuses on governance, transparency, and investor outcomes rather than the tools themselves. In parallel, the cybersecurity landscape continues to shift. Emerging threats, including techniques that exploit legitimate authentication processes, reinforce the need for firms to look beyond traditional controls and adopt a more holistic, risk-based approach to protecting systems and data.
Our focus remains consistent. We are committed to helping our clients navigate this environment with clarity and confidence by bringing together regulatory insight, cybersecurity expertise, and practical technology solutions. This commitment includes supporting firms as they evaluate emerging areas such as prediction markets, enhance policies around employee conduct and information handling, and strengthen operational due diligence across their infrastructure. As always, we appreciate the trust you place in us and look forward to continuing the work together in the months ahead.
Warm regards,
Bill Mulligan, CEO