Artificial Intelligence has become investment advisers’ top compliance concern in 2025, displacing the SEC’s marketing rule. While 40% of firms use AI internally, 44% lack proper validation processes. AML readiness and cybersecurity controls rank second and third among compliance priorities.
The regulatory landscape for Registered Investment Advisers (RIAs) is undergoing a significant shift in 2025. According to the latest Investment Management Compliance Testing Survey, Artificial Intelligence has emerged as the dominant compliance concern among investment advisers, displacing the SEC's marketing rule which had held the top position for three consecutive years.
This dramatic shift reflects the rapid adoption of AI technologies across the financial services industry and the complex compliance challenges they present. RIA Compliance Technology has tracked this change, noting that regulatory focus typically follows innovation, especially when that innovation outpaces existing frameworks.
The SEC's examination and enforcement priorities have clearly influenced this shift in compliance concerns. As firms integrate AI tools into their operations, regulators have sharpened their focus on potential risks related to algorithmic decision-making, data privacy, and disclosure requirements.
The survey results demonstrate that compliance officers are responding directly to these regulatory signals, reallocating resources to address emerging priorities while maintaining vigilance in traditional areas of concern.
The full breakdown of top compliance concerns for 2025 reveals a comprehensive picture of the challenges facing RIAs:
This ranking represents a significant reshuffling of priorities compared to previous years, with AI making a dramatic leap to the top position.
The evolution of compliance priorities tells an interesting story about the rapidly changing regulatory environment. Three years ago, the SEC's marketing rule dominated compliance concerns as firms worked to implement the sweeping changes it required. Last year, off-channel communications took the top spot amid heightened regulatory scrutiny of electronic communications.
While AI has rapidly become a top compliance concern, the adoption of AI technologies among investment advisers shows a cautious approach with significant implementation gaps. The survey provides a clear picture of where the industry currently stands with AI integration.
The data shows that 40% of firms have formally adopted AI tools for internal use cases. This represents a significant portion of the industry using AI for operational efficiencies, data analysis, and compliance monitoring. Another 25% of firms reported they are actively considering AI adoption, indicating the technology's growing importance in the industry.
However, these adoption rates show a divide between early adopters and those taking a more cautious approach. Many firms appear to be observing how regulatory expectations develop before making significant investments in AI infrastructure.
Perhaps most concerning is that 44% of firms using AI technologies reported having no formal testing or validation processes for their AI outputs. This significant gap represents a potential regulatory vulnerability that could attract SEC attention.
Without proper validation protocols, firms risk making decisions based on flawed AI outputs, potentially leading to compliance violations, operational inefficiencies, or customer harm. This lack of oversight may become a focus for future regulatory scrutiny as AI adoption continues to grow.
While internal AI adoption continues to grow, only 5% of surveyed firms reported using AI tools to support client interactions. This stark contrast between internal and client-facing applications suggests firms remain highly cautious about deploying AI in customer-facing roles.
The reluctance likely stems from concerns about regulatory compliance, data privacy, and the potential for AI errors to damage client relationships. As regulatory frameworks mature and AI technologies become more reliable, this percentage may increase in the coming years.
In a significant development for investment advisers, the Treasury Department's Financial Crimes Enforcement Network (FinCEN) recently announced plans to postpone the effective date of the Anti-Money Laundering (AML) rule from January 1, 2026, to January 1, 2028.
This two-year extension provides RIAs with additional time to prepare for compliance with these complex requirements. The postponement reflects FinCEN's recognition of the diverse business models and risk profiles within the investment adviser sector, as well as the potential compliance costs for the industry.
The survey findings reveal that while 83% of firms have some AML policies in place, only 22% have updated these policies to align with the new rule requirements. This significant gap in preparedness suggests many firms were struggling to meet the original 2026 deadline.
The extension now provides an opportunity for the 78% of firms with outdated AML policies to develop comprehensive compliance frameworks that address the rule's specific requirements without the pressure of an imminent deadline.
FinCEN has indicated that during the postponement period, it intends to provide regulatory certainty through appropriate exemptive relief. More importantly, the agency plans to revisit the substance of the IA AML Rule through a future rulemaking process.
In partnership with the SEC, FinCEN also intends to revisit the joint proposed rule establishing customer identification program requirements for investment advisers. This comprehensive review may result in regulations that better balance compliance costs and benefits while still addressing illicit finance risks within the investment adviser sector.
As compliance priorities shift, Chief Compliance Officers (CCOs) are strategically reallocating their testing resources to address emerging risks. The survey reveals clear patterns in where firms are intensifying their compliance efforts.
Topping the list of increased testing areas, electronic communication surveillance has become a primary focus for 61% of surveyed firms. This reflects continued regulatory emphasis on monitoring communications, especially with the rise of off-channel communications concerns that dominated 2024's compliance landscape.
Firms are implementing more sophisticated monitoring tools to capture and analyze communications across multiple channels, including email, messaging platforms, and collaboration tools. This expanded surveillance aims to detect potential regulatory violations, inappropriate disclosures, and other compliance risks.
With cybersecurity ranking as the third most pressing compliance concern, it's no surprise that 55% of firms report increased testing in this area. As cyber threats grow more sophisticated and regulatory expectations become more stringent, firms are dedicating substantial resources to testing their security postures.
These testing efforts typically include vulnerability assessments, penetration testing, incident response simulations, and evaluations of access controls. Many firms are also expanding their focus to include vendor security assessments as part of a comprehensive security program.
Despite no longer being the top overall concern, marketing rule compliance remains a significant focus, with 48% of firms increasing their testing in this area. This continued attention reflects the complexity of the rule and its far-reaching implications for adviser communications.
Firms are conducting more rigorous reviews of marketing materials, performance advertising, and testimonials to ensure compliance with the rule's requirements. Many are also implementing enhanced pre-approval workflows and documentation processes to maintain compliance.
Corresponding with AI's rise to the top compliance concern, 46% of firms report increased testing in this area—up significantly from 32% last year. This rapid growth highlights the industry's recognition of AI's compliance implications and potential risks.
Testing efforts focus on ensuring AI tools operate within regulatory boundaries, produce accurate outputs, and maintain appropriate oversight. Firms are developing frameworks to validate AI recommendations, document decision-making processes, and maintain human supervision of AI applications.
Rounding out the top five areas of increased testing is vendor due diligence, with 42% of firms expanding their efforts in this domain. As advisers increasingly rely on third-party services for critical functions, regulatory focus on vendor oversight has intensified.
More comprehensive testing now includes evaluating vendors' compliance capabilities, cybersecurity practices, business continuity plans, and financial stability. Many firms are implementing more formalized vendor risk assessment frameworks and ongoing monitoring processes.
With the compliance landscape changing rapidly, forward-thinking RIAs should take proactive steps to address emerging priorities while maintaining robust oversight of traditional areas. Based on the survey findings from 577 investment adviser firms of varying sizes, several strategic actions stand out as particularly important:
The 2025 survey results provide a valuable roadmap for RIAs working through this complex regulatory landscape. By focusing on these key areas, firms can build more resilient compliance programs capable of addressing both current and emerging regulatory expectations.
RIA Compliance Technology helps investment advisers stay ahead of these shifting compliance challenges with specialized software solutions designed for the unique needs of today's regulatory environment.
