Staying Ahead of the Curve
In the first part of The Definitive 2025 Guide to Regulatory Compliance for US Asset and Investment Managers we are going to look at what is happening right now. There is so much happening around regulatory change and compliance professionals in asset management now that keeping up is no small feat. This guide to regulatory compliance for US Asset Managers looks at the key U.S. regulatory trends of 2024 and some evergreen best practices to futureproof your compliance programme. We assume you’re already an expert and our goal is to help you stay ahead of trends, avoid enforcement actions, and understand how technology can strengthen your programme. Currently there are so many rulebooks and governing regulations and frequently, in-house systems aren’t covering the key risks such as: tracking updates to rulebooks, linkage of controls, limited workflow as well as horizon scanning. So, let’s dive in.
Overview of 2024 Regulatory Trends
In 2024, US asset and investment managers faced a regulatory outlook that was very changeable. This was being shaped by new regulation and heightened oversight. Key themes include ESG and sustainability disclosures, data governance and recordkeeping, and emerging AI regulations. Meanwhile, regulators including the SEC, FINRA, and CFTC sharpened their enforcement priorities to hold firms accountable. Let’s take a look at each trend:
ESG disclosure and sustainable investing
Sustainable investing is here to stay, well this was the view in 2024. In March 2024, under Gary Gensler, the SEC announced the rollout of landmark climate disclosure requirements for public companies, mandating detailed reporting of climate related risks and governance in annual filings. However, in March 2025, the SEC voted to end the defence of climate disclosure rules. This type of swift, pendulum swing may require updates to this US Asset Manager compliance guide as the year progresses
For asset managers, this means change and very rapid change around regulation and deregulation.
Data governance and recordkeeping
Good data is the lifeblood of compliance and regulators are cracking down on how firms manage and safeguard it. A prime example is the ongoing off-channel communications sweep. Both the SEC and CFTC spent the past two years penalising dozens of Wall Street firms for employees’ use of unmonitored messaging apps (texts, WhatsApp, etc.) for business purposes.
Even asset managers have been caught up in this crackdown. This enforcement trend underscores that regulators view robust recordkeeping as non-negotiable in compliance programs. Firms must ensure all official communications (email, chat, voice) are captured and supervised in accordance with SEC and FINRA rules, or face multimillion dollar penalties.
Beyond communications, data privacy and security have risen on the agenda. In 2024 the SEC tightened Regulation S-P (the primary data privacy rule for financial firms), expanding requirements to protect customer information and respond to breaches. Firms must now implement written incident response plans “reasonably designed to detect, respond to, and recover from unauthorised access” to customer data. Furthermore, they must notify affected individuals of any serious data breaches in a timely manner
This aligns with broader expectations that asset managers treat client data with the same care as client funds. Compliance teams should collaborate with IT and cybersecurity teams to ensure data governance policies meet these new standards. Regulators will not only punish outright data misuse but also control failures (https://www.corlytics.com/enforcement-reports/). Indeed, deficiencies in safeguarding data or updating compliance programs have become a significant driver of enforcement actions
Regulation Best Interest (Reg BI) and Conduct Standards
US asset managers traditionally operated under fiduciary duty (for investment advisers) or suitability (for broker dealers). However, the changes brought by Regulation Best Interest (Reg BI) has raised the bar for firms dealing with retail investors. Reg BI, which took full effect in mid-2020, requires broker-dealers to act in the best interest of retail customers when recommending any securities transaction or investment strategy
In fact, 2023 was the first year that Reg BI-related cases cracked FINRA’s “Top 5” enforcement issues. FINRA brought 15 Reg BI cases in 2023 totalling $6 million in fines including one of the giants of Asset Management, Goldman Sachs & Co. LLC.
Experts are expecting Reg BI will likely remain a major focus for years to come as FINRA expands examinations of how firms implement the rule. For compliance teams, this means that if your firm has a broker-dealer entity or distributes investment products to retail channels, you must ensure that your policies, training, and surveillance cover the Reg BI obligations. This includes thorough product due diligence, documentation of the suitability/best interest analysis for recommendations, mitigation of conflicts (like compensation incentives that could bias advice), and ongoing monitoring of recommendations. The SEC and FINRA have signalled they will not hesitate to sanction firms that treat Reg BI as a checkbox exercise. In short, raising conduct standards to demonstrably act in clients’ best interests isn’t just good ethics, it’s now regulatory expectation.
Artificial Intelligence and Innovation in Compliance
No guide to regulatory compliance for US asset and investment managers would be complete without including AI. From trading algorithms to chatbots, artificial intelligence (AI) is transforming finance and regulators are keen observers.
On 27 March, the SEC hosted its first-ever roundtable dedicated exclusively to artificial intelligence in the financial services sector. The event brought together senior figures from major financial institutions, academia, and regulatory bodies. They discussed AI’s potential, governance, and associated risks. However, specific details regarding future regulations or enforcement priorities remained limited.
Acting Chair of the SEC, Mark Uyeda, highlighted the importance of avoiding overly prescriptive regulations. That this type of regulatory treatment could hinder innovation. While Commissioner Caroline Crenshaw mentioned previous concerns about overly broad AI regulations potentially duplicating existing fiduciary duties and standards.
Participants included representatives from leading organisations such as JPMorgan Chase, BlackRock, Nasdaq, Citadel Securities, Charles Schwab, Vanguard, Morgan Stanley, Broadridge, Edward Jones, and Amazon Web Services. They were joined by academics from prominent institutions like the Wharton School, MIT, American University Law, and the University of Michigan.
Discussions centred on transparency and disclosure regarding AI-driven decision-making, client education, and the extensive documentation needed to manage AI risks. Many industry participants felt that existing regulations, combined with standards provided by the National Institute of Standards and Technology (NIST) and the International Organization for Standardization (ISO), were sufficient for overseeing AI at this stage.
Although AI is significantly impacting trade execution, market analysis, operational efficiency, and fraud detection, new risks associated with autonomous ‘Agentic AI’ and opaque ‘black box’ algorithms were highlighted as significant concerns requiring updated and dynamic risk management strategies.
The pace of AI adoption in financial services was noted as slower than commonly perceived, with firms emphasising the continued importance of human oversight, particularly in client interactions and critical decision-making processes.
Participants recommended utilising frameworks such as the NIST AI Risk Management Framework, ISO 42001, and referencing the European Union’s AI Act for further guidance. AI was acknowledged to particularly benefit highly skilled professionals by enabling them to direct their focus more effectively. However, limitations of generative AI, especially regarding human relationships and nuanced judgement, were also clearly emphasised.
Regulatory Enforcement Priorities in 2025
“We saw an exceptional volume of enforcement activity in 2024, with regulators demonstrating a clear commitment to holding firms accountable for compliance failings,” notes Susie MacKenzie, Head of Legal and Regulatory Analysis at Corlytics. However, in 2025 we are seeing the rolling back of regulations, a trend that we expect to continue for the time being.
This guide to regulatory compliance for US Asset Managers continues in Part 2