How’s your summer going so far? For many financial advisors, it’s a slow season. Colleagues and clients are on vacation, and you might have some open stretches on your calendar.

But we all know the summer lull won't last. Once we hit Labor Day, there's usually a flurry of activity that will take us through the fall and into the new year. That makes summer the ideal time to review compliance requirements and refresh your compliance program to ensure it is as effective and efficient as possible. Here are some compliance-focused tasks you can undertake this summer to set your firm up for success, in Q4 and beyond.

 

Start a Compliance Summer Reading List

Looking for a solid beach read? We suggest the SEC 2026 Exam Priorities!

It might not be as captivating as the new thriller or romance novel from your favorite author, but adding compliance literature to your summer reading list is a great way to catch up on vital industry updates.

The SEC is constantly releasing documents to help firms build the best compliance program possible. These reports emphasize the importance of strong controls, clear disclosures, and consistent oversight.

Don’t let these valuable resources go unread. The summer is the perfect time to hunker down with a highlighter and notepad and delve into the details.

 

Review Your Internal Compliance Policies and Procedures

Does your firm have specific policies and procedures you know would benefit from a refresh?

Start with those documents. You likely have dozens of policies and procedures, so reviewing everything might not be a realistic summer goal. But if you can use this time to edit a handful of documents you know need attention, you’re putting your team in a stronger, more compliant position heading into the fall.

 

Reassess Your Risks

Hopefully, you already have a list of your firm’s risks, ordered by priority. (If not, summer is a great time to compile one!)

The thing about priorities is that they often shift. And with so many massive global changes in the past few years (for example, the move to remote work or increased cybersecurity threats), your list may need tweaking.

Use this downtime to thoroughly review your risk list and adjust as needed. Ask yourself:

  • Are all of the risks on our list ranked correctly? 
  • Are there any risks that are no longer relevant and can be removed? 
  • Are there any risks that have recently arisen that need to be added?
Behavioral Finance

Is Your Firm SEC Exam Ready?

Take this quiz and evaluate your compliance readiness through 2026 and beyond.

Take the Quiz

Check Your Controls

Along with your list of risks, you should have a series of internal controls aimed at mitigating them. If your risks have shifted, your controls will need adjustment, too. Even if your risks remain the same, your controls are still worth revisiting. They may need updating for other reasons.

Review each of your controls with the following questions in mind:

  • What risk is this control associated with?
  • Who is responsible for the control?
  • How frequently do we run it?
  • What is the step-by-step process?
  • What tools do we use to complete these tasks?
  • How do we respond to unexpected or unfavorable results?
  • Where do we store the proof of our work?

Did asking these questions uncover any gaps or deficiencies? Now’s the time to adjust your controls to ensure they work as intended.

 

Audit Your Document Storage

The SEC offers specific guidelines1 for record-keeping, with an expectation that most documents are retained for at least five years from when the last entry was made on a given record.

Having quick and easy access to documents is not only an SEC guideline; it’s also a practical concern. When your firm receives a document request from regulators, the last thing you want is a chaotic scramble to find the requested records.

The summer is a perfect time to audit your document storage. Some questions to ask yourself include:

  • Do we have a secure, cloud-based storage system allowing easy access from anywhere? (This is an especially relevant concern if your team is now remote or hybrid.)
  • Is our filing system clear? Do I know where to find a specific type of record or document?
  • Is our document naming convention consistent? (This makes it easier to search for documents by file name.)
  • Do we have a system for properly destroying documents we no longer need to retain?

If the answer to any of these questions is “no,” you’ll want to draft a plan to change that!

 

Invest in Team Training

Is your team up to date on the latest compliance requirements and your firm’s policies, procedures, and expectations?

The summer, with a lighter load of client meetings, is the perfect time to put some compliance training and education time on your team’s calendar.

Compliance can feel like a heavy topic — and it is indeed serious business — but that doesn’t mean you can’t approach it in a fun and engaging way. Why not arrange a Compliance Day for your office, where you create gameshow-style quizzes and encourage some friendly competition among your team? Whoever wins gets a prize, and everyone leaves with valuable compliance knowledge.

 

Run a Mock SEC Exam

The SEC notes that regulatory exams are currently on about a seven-year cycle. So if it’s been a while since you’ve heard from the Commission, your firm might be coming up for re-examination soon.

What better way to use your summer than to run a mock exam with your team to prepare?

Create a fake document request letter and distribute it to your team to see how long it takes everyone to gather the needed evidence. Run mock interviews with your staff, where you roleplay an SEC examiner. Do they know how to accurately and succinctly answer the types of questions they’re likely to hear during an actual exam?

After you’ve run your practice drills, debrief with your team. Consider asking the following questions to assess where you stand:

  • How did everyone feel about the mock exam? Does anyone have any questions about their role?
  • Were you able to respond quickly and accurately to the document request? How can you improve your ability to pull the requisite information?
  • How did your team members respond to questions during the mock interview process? Is there room for improvement?
  • What can your compliance team do (updating policies, adjusting workflows, or offering additional team training and support) to position yourselves to do even better next time?

Ensure that everyone has clear next steps coming out of the debriefing process. This will help each individual improve and make you a stronger team overall.

 

Reassess Your Tech

As you review your various processes, do you find that your technological solutions are helping you or holding you back?

If you rely on outdated technological solutions to manage essential components of your compliance program, you may be creating unnecessary difficulties for yourself. The right compliance technology is:

  • Secure and cloud-based, for access from anywhere
  • Easy for your entire team to use
  • Fully integrated with the rest of your tech stack
  • Capable of automating rote compliance tasks
  • Able to auto-generate and store an audit trail

Switching tech providers can be a big project, but the summer is a great time to research your options and perhaps even implement a new solution. While the buzz of client activity is slower, your team can dig into learning about and optimizing the new tool, so you’re ready to hit the ground running come fall.

 

Move from Seasonal Prep to Continuous Readiness  

Compliance isn’t a once-a-year review — it’s an always-on discipline in 2026.  

Firms should assume exam readiness is continuous. Regulators are taking a more frequent, data-driven approach to exams, which means firms need to show how compliance happens in the normal course of business, not just during an annual review.

Focus less on documents alone and more on execution  

Written policies still matter, but regulators increasingly expect firms to demonstrate how those policies are carried out in practice.  

That means shifting from reviewing documents to operationalizing compliance across systems, workflows, supervision, and records. In 2026, documented supervision matters more than stated intent.

 

Review Where AI Is Used Across the Firm  

A key question for firms today is simple: Do you know where AI is being used across your firm — and who is supervising it?  

AI may now influence marketing, client communications, service, operations, and vendor workflows. Firms should understand where it is being used, what guardrails are in place, and how review is documented.

If AI is being used to draft marketing materials or client communications, firms should have clear review and approval of workflows.  

That includes reviewing:  

  • AI-generated marketing and client communications  
  • required human review  
  • approval and audit trail documentation  

The goal is not to avoid AI. It's to supervise it effectively.

In 2026, compliance technology should do more than send reminders. It should help firms embed supervision into daily workflows, support review processes, and strengthen recordkeeping.

Orion helps firms move beyond periodic cleanup by supporting the systems and workflows that make compliance more visible, consistent, and defensible in an AI-enabled environment.

How Well Is Your Firm Managing Compliance?

Take the SEC Exam readiness quiz to find out.

Take The Quiz

1Source: https://www.ecfr.gov/current/title-12/chapter-I/part-151