Compliance in 2026: How Advisors Should Be Thinking About Documentation, AI, and the New Marketing Rule
The biggest shift I have seen for independent advisors in 2026 is that compliance is no longer about checking boxes at filing time. Regulators expect proactive systems, clean documentation, and an audit trail you can produce on demand. The three areas drawing the most regulatory attention right now are the SEC Marketing Rule (especially testimonials and third-party content), cybersecurity, and the use of AI tools. The advisors who treat compliance as a business strategy rather than a tax on growth are the ones positioned to grow faster and more confidently.
In Episode 15 of IFA Insights, Sarah Pais and I sat down to walk through what compliance actually looks like for independent financial advisors in 2026, and what I am seeing in the firms that handle it well. Watch Episode 15: Compliance in 2026 on YouTube.
This piece is the longer version of that conversation. If you only take one thing away, take this: the advisors who understand compliance today are the ones who are in position to grow tomorrow.
How has the role of compliance changed for independent advisors in 2026?
The biggest shift is that advisors are expected to be proactive. It used to be about checking boxes, filings, disclosures, getting ready for the audit. Now regulators expect very clear systems in place, strong documentation, and intentional processes behind everything you do. That goes especially for marketing and communications, technology, and disclosures around conflicts of interest, real or perceived.
The margin of error has gotten smaller. The question regulators are asking is no longer just “are you compliant,” it is “can you prove it right now, this minute.”
Documentation is everything. If it is not written down, archived, and retrievable, it might as well not have happened.
What are the biggest regulatory focus areas in 2026?
Three big areas:
1. Ongoing enforcement of the SEC Marketing Rule
The SEC continues to focus on testimonials, endorsements, and third-party content under SEC Rule 206(4)-1. The 2022 amendments are still being actively enforced, and recent actions show the SEC is paying close attention to how advisors document, disclose, and review marketing materials.
2. Cybersecurity
Cybersecurity remains a top priority for the SEC. The 2024 amendments to Regulation S-P expanded incident response and notification expectations, and examiners are checking that firms have documented policies, monitoring, and ongoing risk assessments. This is a major focus area.
3. AI usage
AI moved from “an emerging tech category” to its own focus area in record time. Formal guidance is still developing because the technology is moving faster than the regulators can keep up. That does not mean firms get a pass. It means the burden of demonstrating responsible use sits squarely with the advisor.
Just because something is common, and other firms are doing it, does not mean it is okay. I think back to my parents asking, if everyone jumped off a cliff would you jump too? It is not a defense in 2026 either.
How can compliance be a growth enabler instead of a bottleneck?
Most advisors I talk to have been trained to see compliance as the “anti-business” department. The bottleneck. The “no” desk.
That is not how it has to work, and it is not how it works at firms that are growing.
My philosophy is not to say no, but to say how. When an advisor brings me a real-world business situation, my first question is never “can we reject this.” It is “how can we make this work, what does the framework look like, and what documentation do we need to make sure we are protected?”
That partnership only works when there is an ongoing, transparent conversation between the advisor and the compliance team. Especially right now, with advisors moving faster and growing faster, the worst outcome is for compliance to be discovered at the end of a project. We want compliance present at the beginning, in the middle, and in everything in between.
What do advisors need to get right with social media, testimonials, and digital marketing?
Three core things, and I see firms succeed or stumble depending on how they handle each.
Archive everything. Every social media post, every iteration, every revision. The SEC will want to see all of it. If you posted it, edited it, or pulled it down, the audit trail should show that. Books and records expectations under SEC Rule 204-2 apply to digital marketing the same way they apply to traditional materials.
Clear and accurate disclosures. Especially when testimonials or endorsements are involved. The Marketing Rule lays out specific disclosure requirements, and the SEC has been consistent in actions where firms missed them.
Structured approval processes. When a regulator asks how a piece of marketing got from draft to published, the answer should be a clear audit trail. Submitted on this date, here are the changes requested, here are the changes made, here is the final approved version, here is when it went live. Advisors who succeed in this area are the ones who build repeatable processes and treat them as part of how everything ships.
What are the compliance risks of AI, and what guardrails should advisors put in place?
The biggest risk I see is over-reliance on AI outputs. Advisors who copy-paste AI-generated content into client communications without careful human review are taking on risk that ultimately sits with them, not with the AI tool.
The advisor is responsible for the information that goes out under their name. AI can be wrong. That is not a quirk, that is how the technology works. The human-in-the-loop review is critical and is actually the only way these tools function safely in regulated work.
The guardrails I encourage every advisor to have:
- Documented use. Where AI is used in your workflow, how outputs are reviewed, and who reviews them.
- Approved tools and approved use cases. Internal guidelines that spell out which AI platforms are vetted and what they can be used for.
- Human review on everything. Especially anything that reaches a client or a prospect.
Regulators are paying very close attention to AI usage right now. Documentation here is not optional.
What about AI note takers in client meetings?
I get this question a lot, and my view is that AI note takers can be a great tool when used right. They give you a strong recorded history of the last meeting, you can reference back to confirm the client’s objectives match what is in their portfolio, and they reduce the time you spend on administrative work.
The conditions:
- Client consent. This is starting to come up more in regulatory conversations as expected, not assumed. Get clear permission from the client to record. Document that consent.
- Platform approval. The tool has to be on your firm’s approved list, with the data privacy and security practices you can stand behind.
- Output review. AI note takers can hone in on the wrong topic or miss a critical exchange. Review the output before you treat it as the record of the meeting.
When those three conditions are in place, this is one of the more valuable AI applications I see in advisor workflows.
What compliance red flags should an advisor watch for when evaluating a new firm?
If you are weighing a move and the new firm’s compliance department is part of what you are evaluating, here is what I would be looking for, and what would put me on alert:
- Lack of clarity and documentation. If the compliance team cannot point you to written policies and procedures, that is a problem.
- Slow response times. When you submit something for review, how long does it sit? In a high-functioning firm, the cycle is days, not weeks.
- A “no” culture. If every conversation with compliance starts with the answer “no,” and never gets to “how,” that culture will limit your growth.
- Police, not partner. This is the simplest test. Does the compliance team feel like a partner who wants you to succeed within the framework, or does it feel like enforcement that exists to slow you down?
The right compliance support is one of the things I would put on the short list of factors when evaluating any firm.
What does a best-in-class compliance program look like in 2026?
Three things, in my view:
- Accessibility. Advisors need timely answers so they can keep their business moving.
- Collaboration. A team working toward solutions inside the framework, not toward restriction for its own sake.
- Proactivity. Identifying risks before they become problems.
When all three are in place, advisors can focus on growth instead of second-guessing whether they are protected.
What practices should advisors build into their daily and weekly workflows?
A few non-negotiables:
- Structured compliance workflows for marketing, communications, and client documentation
- Document everything. I keep saying this because it is the single most important habit.
- Pre-approval marketing frameworks so nothing ships without going through review
- Consistent team training so the people around you know the rules too
Advisors who build these in as part of how they operate, rather than treating them as occasional tasks, are the ones who stay protected.
What will the SEC focus on if they walk into an advisor’s office tomorrow?
In my experience, three places tend to come up first:
1. Marketing materials and the policies and procedures behind them
2. Books and records under SEC Rule 204-2, with an emphasis on whether everything is on file and readily accessible
3. Cybersecurity policies, incident response plans, and recent risk assessments
Most issues, in my experience, surface in one of these three areas.
The shift I would encourage every advisor to make
Start viewing compliance as part of your business strategy, not just as a regulatory requirement.
Compliance is part of the industry you operate in. It is not going away, even in periods when enforcement appears to slow. The SEC is still watching, and history suggests there will be a swing back. Foot off the gas is the wrong move.
When compliance is done right, it does not slow you down. It helps you grow, compliant, faster and more confidently.
If you are evaluating your current firm and whether the compliance support is genuinely set up for your growth, that is a conversation we are happy to have at ARC. The full episode is on YouTube.
Frequently Asked Questions
What is the SEC Marketing Rule and why does it matter for advisors in 2026?
The SEC Marketing Rule, formally known as Rule 206(4)-1 of the Investment Advisers Act, governs how registered investment advisers can market their services. The 2022 amendments expanded the rule to cover testimonials, endorsements, third-party content, and performance presentation. In 2026, enforcement remains active, with particular attention on how advisors document, disclose, and approve marketing materials. Firms with a clear audit trail and structured approval process are best positioned for examination.
What documentation do regulators expect advisors to maintain?
Books and records requirements under SEC Rule 204-2 require advisors to retain records of communications, marketing materials, and certain transactional records, generally for five years. In 2026, this includes archived versions of every social media post and iteration, marketing approvals and revisions, client communications, AI usage documentation, and cybersecurity incident response records. Documentation should be readily accessible if a regulator requests it.
Are AI tools allowed in advisor workflows under current SEC guidance?
AI tools are not prohibited, but the advisor remains responsible for the accuracy and appropriateness of any content or output that reaches a client. Best practices include maintaining a list of approved AI platforms, documenting where and how AI is used, requiring human review of all AI-generated content before client use, and obtaining client consent before recording or transcribing meetings with AI note takers. Formal SEC guidance on AI continues to develop.
How does the SEC’s 2024 Regulation S-P amendment affect advisor cybersecurity programs?
The 2024 amendments to Regulation S-P expanded notification requirements when an advisor experiences a data breach involving customer information, generally requiring notification within 30 days of discovery. The amendments also reinforced expectations for written policies and procedures covering safeguards, incident response, and ongoing risk assessment. Advisors should ensure their cybersecurity program is documented and reflects the current rule.
What are the most common compliance issues found during SEC examinations?
In my experience, examiners most often focus on marketing materials and the policies behind them, books and records (whether everything is on file and readily accessible), and cybersecurity. Most issues that surface in examinations tend to fall in one of these three areas. Maintaining clear documentation, a structured marketing review process, and a current cybersecurity program addresses the bulk of common findings.
How should an advisor evaluate whether a new firm’s compliance department will support their growth?
Look for clear written policies and procedures, fast response times on review requests, a culture that focuses on “how” rather than “no,” and a compliance team that operates as a partner rather than enforcement. Slow turnaround, vague policies, and a default “no” answer to advisor questions are red flags. The compliance department should be part of the value an advisor receives, not a constraint they work around
This content is provided Advisor Resource Council ("ARC"), a registered investment adviser, and is intended solely for investment professionals and financial advisors. It is intended for promotional purposes and should be viewed as such. Descriptions of firm services, tools, or platforms are general in nature and may not reflect all features or limitations. Not all advisors will have the same experience with ARC. Advisors should conduct their own due diligence regarding ARC before making any decisions regarding engagement or partnership. Statements made in this content are opinion and subject to change. Registration with the SEC does not imply a certain level of skill or training. Viewers are encouraged to review applicable regulatory disclosures and Form ADV documents available on the ARC website or https://adviserinfo.sec.gov/164109.
Investment advice offered by Advisor Resource Council, a registered investment advisor.

