Weil Private Funds Regulatory Review

In recent years, the Securities and Exchange Commission (the "SEC" or "Commission") and other regulators have proposed and adopted various rules and interpretative guidance and have brought a wide range of enforcement actions. This publication summarizes: (i) no-action guidance from the Commodities Futures Trading Commission ("CFTC") regarding commodity pool operator and commodity trading adviser registration; (ii) a Marketing Rule risk alert issued by the SEC's Division of Examinations regarding testimonials, endorsements and third-party ratings; (iii) the recent publication by the SEC's Division of Examinations of its 2026 examination priorities; (iv) recent remarks by Brian Daley, the Director of the SEC's Division of Investment Management to the American Bar Association; and (v) a recent speech by SEC Chair Paul Atkins at the New York Stock Exchange.

This publication also discusses (i) the recent entry of a final judgment against a broker-dealer for failing to establish, maintain and enforce policies and procedures reasonably designed to prevent the misuse of its customers' material, nonpublic information and (ii) the SEC's settlement of charges against a broker-dealer and investment adviser for failing to maintain reasonably designed policies and procedures concerning cybersecurity, the protection of customer information and identity theft protection.

As a reminder, the SEC adopted cybersecurity amendments to Regulation S-P in 2024 that require significant changes to investment adviser policies and procedures to, among other things, require an incident response program, a client notification program, increased oversight of service providers and additional recordkeeping. The effective date of these amendments was December 3, 2025. Please reach out to the Weil Private Funds Group and Privacy and Cybersecurity Group for assistance in updating your policies, procedures and processes.¹

REGULATORY ROUND-UP

CFTC ISSUES TEMPORARY NO-ACTION RELIEF FROM CPO/CTA REGISTRATION FOR CERTAIN PRIVATE FUND MANAGERS

On December 19, 2025, the CFTC's Market Participants Division ("MPD") issued a "no action" letter providing interim relief that permits registered investment advisers offering products exclusively to qualified eligible persons ("QEPs") to avoid or withdraw from commodity pool operator ("CPO") and commodity trading advisor registration pending CFTC rulemaking to consider reinstating the former QEP Exemption (the "QEP Exemption") rescinded in 2012.² The relief applies to investment advisers offering commodity interests who meet the following conditions:

1. The adviser is currently, or would be, required to be registered with the CFTC as a CPO for its commodity pool operations, or relies upon an existing exemption from such CPO registration provided under CFTC Regulation 4.13;
2. The adviser is registered with the SEC as an investment adviser;
3. The interests of the pool operated by the adviser are exempt from registration under the Securities Act of 1933, as amended (the "Securities Act"), and not publicly marketed in the United States (unless such interests are exempt from Securities Act registration pursuant to Rule 506(c) thereunder);
4. The adviser reasonably believes that each pool participant meets the QEP definition under CFTC Regulation 4.7(a)(6);
5. The adviser files a Form PF with the SEC with respect to the pool(s) covered by this "no action" letter, which is received by the CFTC; and
6. The adviser complies with the requirements of CFTC Regulations 4.13(b) (except paragraph (b)(2) thereof) and 4.13(c) as if reliance on the "no action" letter were an exemption from registration under 4.13(a), with the exception that notices documenting reliance on the "no action" letter are filed via email to mpdnoaction@cftc.gov.

MPD also confirmed that managers relying solely on this "no action" letter are not subject to the mandatory redemption offer requirement in CFTC Regulation 4.13(e)(2), addressing a key operational impediment to deregistration for existing private funds with negotiated liquidity terms.

The "no action" letter emphasizes that it is an interim, staff-level measure aimed at reducing duplicative oversight for sophisticated, institutional private fund investors while the CFTC evaluates whether to reinstate the QEP Exemption through notice-and-comment rulemaking. The "no action" letter is not binding on the CFTC and may be modified or withdrawn.

SEC ISSUES MARKETING RULE RISK ALERT REGARDING TESTIMONIALS, ENDORSEMENTS AND THIRD-PARTY RATINGS

On December 16, 2025, the SEC's Division of Examinations (the "Division") issued a risk alert (the "Alert") to provide SEC registered investment advisers with additional information regarding compliance with Rule 206(4)-1 (the "Marketing Rule") under the Investment Advisers Act of 1940, as amended (the "Advisers Act").³ The Alert focuses on SEC staff observations regarding compliance with (i) the testimonial and endorsement provisions of the Marketing Rule (i.e., Rule 206(4)-1(b)) (the "Testimonials and Endorsements Provisions") and (ii) the third-party ratings provisions of the Marketing Rule (i.e., Rule 206(4)- 1(c)) (the "Third-Party Ratings Provisions").

Observations Regarding Compliance with the Testimonials and Endorsements Provisions

The staff observed advisers using "testimonials"⁴ and "endorsements"⁵ that the staff deemed noncompliant most commonly due to a failure to clearly and prominently provide required disclosures at the time such testimonials or endorsements were disseminated.⁶ Per the Testimonials and Endorsements Provisions, such disclosures generally must indicate whether the person providing the testimonial or endorsement was a current client or investor in a private fund advised by the adviser, and if applicable, whether such person was paid cash or non-cash compensation and/or had a material conflict of interest.

The staff also observed advisers using lead-generation firms, social media influencers and adviser referral networks, offering "refer-a-friend" programs to current clients for de minimis compensation (in some instances without recognizing that certain arrangements created an endorsement or testimonial). In addition, the staff observed that many advisers did not update their written compliance policies and procedures under Advisers Act Rule 206(4)-7 (the "Compliance Rule") to address this practice.

The staff noted the following with regard to advisers' compliance with the Testimonials and Endorsements Provisions:

• Non-compliant testimonials or endorsements were presented on advisers' websites, including websites using alternative business names of their supervised persons ("d/b/a" websites);
• Advertisements contained the required disclosures, but failed to display them in a clear and prominent manner because advisers used hyperlinked disclosures rather than disclosures contained within the testimonial or endorsement itself, or included the disclosures in a smaller or lighter font than the testimonial or endorsement to which they were related;
• Advisers provided compensation in the form of gift cards to clients to write reviews on third-party websites without having a basis to reasonably believe that the person giving the testimonial complied with disclosure requirements;
• Advisers disclosed certain generic information about compensation arrangements but omitted certain material information (e.g., advisers disclosed that promoters, including social media influencers, received compensation from advisers for client referrals but omitted information about the compensation terms of the referral payments); and
• Advisers failed to disclose material conflicts resulting from promoters having financial interests in the promoted advisers, including clients of advisers who were also investors in the promoted advisers, or who were principals or officers of other advisory firms that had sub-advisory or other significant arrangements with the promoted advisers.

In addition, the staff observed that many advisers did not comply with the oversight and compliance requirements⁷ of the Testimonials and Endorsements Provisions, including where advisers were unaware that certain arrangements with promoters involved statements that met the definition of an endorsement under the Marketing Rule.

The staff also observed advisers that did not enter into or maintain written agreements with paid promoters describing the scope of the agreed-upon activities. In some cases, advisers claimed the arrangement with their promoters met the de minimis exemption because each time the adviser compensated the promoter, it was for less than $1,000; however, the total compensation exceeded $1,000 during the preceding 12 months, and therefore the arrangement did not qualify as de minimis compensation, so the Testimonials and Endorsements Provisions applied.

Moreover, the staff observed advisers that compensated promoters who were disqualified due to their disciplinary histories with state securities regulators, in violation of Rule 206(4)-1(b)(3).⁸ Finally, the staff found that some advisers used promoters affiliated with the advisers where such affiliation was not readily apparent or disclosed to clients or investors at the time the testimonials or endorsements were disseminated.

Observations Related to the Third-Party Ratings Provisions

The staff observed advisers using third-party ratings on their websites (including d/b/a websites), social media profiles, marketing brochures, pitchbooks, press releases, newsletters, and blogs that did not comply with the ThirdParty Ratings Provisions,⁹ including where:

• Advisers did not appear to have sufficient information to form a reasonable basis about the design or structure of questionnaires that were used in the preparation of third-party ratings included in advertisements. In these instances, the advisers generally had neither developed policies and procedures for satisfying this requirement, nor taken steps to meet this requirement, such as by obtaining or reviewing a copy of the questionnaires or surveys that were used;
• Advisers failed to clearly or prominently provide some or all of the required disclosures, including where the adviser linked to third-party websites containing a rating without the required disclosures;
• Advisers included third-party ratings in advertisements that did not clearly and prominently identify the date on which the ratings were given and the period of time upon which the rating was based, including where the ratings referenced a range of years in which the adviser was the recipient of the rating, but the dates included by the adviser listed a year in which the adviser did not receive the award;
• Advisers placed third-party rating logos in their advertisements that did not clearly and prominently identify the third parties creating the rating;
• Advisers failed to disclose payments that were made for the use of a third-party rating providers' logos or reprints of the rating; and
• Advisers failed to provide the required disclosures in a clear and prominent manner, for example, by using hyperlinks or smaller font for such disclosures, or by placing the disclosures at the bottom of the website several pages away from the actual ratings.

In response to this Alert, advisers should review both currently used advertisements (e.g., offering memoranda, websites (including d/b/a websites), social media profiles, marketing brochures, pitchbooks, press releases, newsletters, blogs, etc.), as well as their policies and procedures related to the Testimonials and Endorsements Provisions and the Third-Party Ratings Provisions, and implement updates as necessary. Please reach out to the Weil Private Funds Team with any questions. 

SEC DIVISION OF EXAMINATIONS ANNOUNCES 2026 EXAMINATION PRIORITIES

On November 17, 2025, the Division released its examination priorities (the "Priorities") for 2026, which detail the key examination topics and risks that the Division intends to prioritize in the exam setting.¹⁰

While the Priorities do not specifically include private fund advisers under a separate header this year, "private funds" and "alternative investments" are identified throughout the Priorities. In addition, the Priorities highlight numerous focus areas that apply widely to investment advisers, including private fund advisers. Notable areas of focus include the following:

• Regulation S-P: Ahead of the compliance dates for the amendments to Regulation S-P, the Division plans to engage firms about their progress in preparing the requisite incident response programs. After the applicable compliance dates, the Division will examine whether firms have developed, implemented, and maintained policies and procedures in accordance with the rule's new provisions that address administrative, technical, and physical safeguards for the protection of customer information.
• Fiduciary Duties – Investment Recommendations and Disclosures: In particular, the Division will focus on, among other things, (i) private fund advisers which also advise separately managed accounts and/or newly registered funds; (ii) advisers to newly launched funds and advisers that have not previously advised private funds; (iii) recommendations of products that may be sensitive to market volatility; (iv) consistency of disclosures with client objectives, risk tolerance and backgrounds; (v) alternative investments (including private credit and private funds with extended investment lock-ups); (vi) complex investments such as exchange-traded funds ("ETFs") wrappers on less liquid underlying strategies; and (vii) arrangements that may create additional risks and potential or actual conflicts of interest, such as advisers that are dually registered as broker-dealers.
• Adviser Compliance Programs: The Division will continue to review the effectiveness of advisers' compliance programs under the Compliance Rule with a focus on marketing; valuation, trading and portfolio management; disclosure and filings; custody and annual reviews.
• Cybersecurity: The Division will continue to review advisers' practices to prevent interruptions to critical services and to protect investor information, records and assets, with a particular focus on policies and procedures. The Division also plans to focus on training and security controls around artificial intelligence ("AI") and polymorphic malware attacks.
• Emerging Financial Technology: The Division will focus on automated investment tools, AI technologies—and, in particular, the accuracy of advisers' representations concerning their AI capabilities—and trading algorithms and platforms, along with the risks associated with their usage.
• Registered Investment Companies ("RICs"): Examinations of RICs will generally emphasize compliance programs, disclosure filings and governance practices, with a focus on (i) RICs participating in mergers or similar transactions; (ii) RICs with complex strategies and/or with significant holdings of less liquid or illiquid investments; and (iii) RICs with novel strategies or investments, including funds with leverage vulnerabilities.

In response to the Priorities, advisers should review their current practices, policies, procedures and disclosures and reach out to the Weil Private Funds Group with any questions.

BRIAN DALEY'S REMARKS TO AMERICAN BAR ASSOCIATION

On December 2, 2025, Brian Daley, the Director of the SEC's Division of Investment Management ("IM"), spoke to the Private Funds, Investment Advisers and Investment Companies subgroups within the American Bar Association's Federal Regulation of Securities Committee.¹¹

Mr. Daley outlined his priorities and philosophy for IM, with an emphasis on listening to "what the industry has to say, how investors feel, and how the public perceives IM's proposals." By listening to input from industry participants, Mr. Daley intends to direct IM toward initiatives that are grounded in reality and responsive to investors and industry players alike. 

More concretely, Mr. Daley organized IM's mission around four themes: deregulation, modernization, democratization of alternatives, and artificial intelligence. With respect to deregulation, Mr. Daly noted that "thoughtful and measured" deregulation can unlock innovation, citing the explosion of ETFs following the SEC streamlining the ETF approval process. IM plans to be receptive to suggestions on how thoughtful changes to existing rules can facilitate innovation.

With regard to modernization, Mr. Daly generally called for updates to rules originally built for a paper era, highlighting specifically the Custody Rule and recordkeeping requirements as ill-suited for the management of digital assets and for a digitized future generally. IM's goal will be to recommend changes to the Commission in a way that is platform-independent, technology-neutral and future-ready.

On democratization, Mr. Daly stated that he envisions a gradual, incremental path for expanding retail access to private markets, rather than a sweeping "retailization rule". He predicted targeted actions followed by additional IM staff engagement and observations, rather than sudden dramatic changes.

Lastly, Mr. Daly identified AI as a transformative technology that can, for example, turn hundreds of pages of dense disclosure into an interactive, personalized experience that reflects how people actually consume information in the current day. Despite this, Mr. Daly acknowledged that AI poses regulatory questions, specifically around marketing status, the line between tools and advice, registration triggers for the AI agent itself and liability for erroneous outputs.

Mr. Daly closed by embracing the SEC as an "Innovation Commission" and invites discussion and collaboration moving forward.

ATKINS SPEAKS ON REVITALIZING AMERICA'S MARKETS AT NEW YORK STOCK EXCHANGE

On December 2, 2025 SEC Chair Paul Atkins delivered public comments at the New York Stock Exchange.¹² Mr. Atkins characterized the U.S.'s approaching 250th anniversary as a call to realign capital markets with the ideals of property rights, contract enforcement and individual agency. Mr. Atkins noted that, over time, federal disclosure requirements have led to regulatory creep that became burdensome for companies and overwhelming for investors, citing a 40% decline in listed companies since the mid-1990s.

Mr. Atkins noted that his central agenda concerns refocusing the SEC's disclosure regime on financial materiality and avoiding politically motivated mandates unrelated to investor decision making. Mr. Atkins called for a "minimum effective dose" regulation, which emphasizes clarity over volume, and for scaling disclosure requirements to a company's size and maturity.

In addition, Mr. Atkins outlined two additional pillars to reviving public listings: de-politicizing shareholder meetings in order to focus them on governance decisions, and reforming securities litigation to cut down on frivolous suits. The broader aim is to reinvigorate public markets so that capital formation is accessible, not concentrated in a handful of large issuers, and to ensure that public offerings are real capital-raising events and not simply opportunities for liquidity for company insiders.

Finally, Mr. Atkins stated that he plans to move forward with reforms to restore U.S. capital markets and summon the enterprising spirit upon which the country was founded.

NOTABLE ENFORCEMENT ACTIVITY

ENFORCEMENT ACTION RELATED TO MATERIAL NON-PUBLIC INFORMATION

On December 2, 2025, the U.S. District Court for the Southern District of New York entered a final consent judgment against a broker-dealer for failing to establish, maintain, and enforce policies and procedures reasonably designed to prevent the misuse of its customers' material, nonpublic information ("MNPI") related to their trades.¹³

According to the SEC's complaint, the broker-dealer operated dual businesses: the first a proprietary trading business in which it bought and sold securities for its own account, and the other a trade execution business through which the broker executed trades for institutional clients. The complaint alleged that the broker did not adopt and enforce policies and procedures reasonably designed to ensure that the broker's proprietary traders could not access information generated from the broker's customer orders housed in a database for daily business operations.

According to the complaint, any employee of the broker, regardless of which of the dual businesses such employee was affiliated with, could access customer trade information such as security names, whether the trade was a purchase or sale, and the execution price and volume. The broker did not track who logged into the database and did not track what information was obtained by its proprietary traders.

In connection with the judgment, the broker was permanently enjoined from violating Section 15(g) of the Securities Exchange Act of 1934 and was ordered to pay a civil monetary penalty of $2.5 million. In connection with the judgment, advisers should ensure that they have in place robust MNPI policies and procedures that are appropriately tailored to their business.

REGULATION S-P ENFORCEMENT ACTION

On November 25, 2025, the SEC announced that it settled charges against a broker-dealer and investment adviser under Regulation S-P and Regulation S-ID.¹⁴

The Order alleges that the adviser, which operates through a nationwide network of registered representatives from 120 branch offices known as "member firms," did not have written policies and procedures to govern information security across its member firms until September 2020, at which time it adopted a policy that required member firms to adopt their own information security policies and controls in 17 categories, which included multi-factor authentication, incident response policies, and security awareness training. According to the Order, this policy violated Rule 30(a) of Regulation S-P (the "Safeguards Rule")¹⁵ because it was not reasonably designed, as a many member firms continued to lack required information security policies and controls after adoption, as the adviser was aware.

In addition, the Order alleges that the email accounts of certain employees at 13 of the 120 member firms were accessed by unauthorized third parties who sent malicious emails from the compromised accounts to approximately 8,500 individuals, which included many customers. The member firms that were victim to the account takeovers either had no written information security policies or had policies that were not reasonably designed because, for example, they did not have information security controls required by the policy, such as multi-factor authentication, incident response policies, or annual security awareness training. These incidents also resulted in the exposure of impacted customers' records and information, including personally identifiable information.

The Order also finds that the adviser had a written identity theft prevention program but failed to ensure that the program was updated periodically to reflect risks to its customers. According to the Order, the adviser did not substantively update the program since at least 2025 and failed to include any specific red flags related to cybersecurity, despite ongoing cybersecurity incidents at member firms. The program also did not include reasonable policies and procedures to respond appropriately to detected red flags. The Order alleges that the adviser violated Rule 201 of Regulation S-ID (the "Identity Theft Red Flags Rule")¹⁶ as a result of this conduct.

The adviser paid a civil monetary penalty of $325,000 to the SEC in connection with this settlement. Advisers should ensure that they have developed appropriate policies and procedures as required by Regulation S-P, particularly in light of the amendments to the Rule, which are effective as of December 3, 2025.

Footnotes

1 A previous alert discussing the amendments to Regulation S-P can be found here.

2 A link to a press release on the no-action letter can be found here.

3 A link to the Alert can be found here.

4 Rule 206(4)-1(e)(17) defines "Testimonial" as any statement by a current client or investor in a private fund advised by the investment adviser:

1. About the client or investor's experience with the investment adviser or its supervised persons;
2. That directly or indirectly solicits any current or prospective client or investor to be a client of, or an investor in a private fund advised by, the investment adviser; or
3. That refers any current or prospective client or investor to be a client of, or an investor in a private fund advised by, the investment adviser.

5 Rule 206(4)-1(e)(5) defines "Endorsement" as any statement by a person other than a current client or investor in a private fund advised by the investment adviser that:

1. Indicates approval, support, or recommendation of the investment adviser or its supervised persons or describes that person's experience with the investment adviser or its supervised persons;
2. Directly or indirectly solicits any current or prospective client or investor to be a client of, or an investor in a private fund advised by, the investment adviser; or
3. Refers any current or prospective client or investor to be a client of, or an investor in a private fund advised by, the investment adviser.

6 Rule 206(4)-1(b)(1) requires an adviser to disclose, or reasonably believe that the person giving the testimonial or endorsement discloses, the following at the time the testimonial or endorsement is disseminated: (i) clearly and prominently: (A) that the testimonial was given by a current client or investor, and the endorsement was given by a person other than a current client or investor, as applicable; (B) that cash or non-cash compensation was provided for the testimonial or endorsement, if applicable; and (C) a brief statement of any material conflicts of interest on the part of the person giving the testimonial or endorsement resulting from the investment adviser's relationship with such person; (ii) the material terms of any compensation arrangement, including a description of the compensation provided or to be provided, directly or indirectly, to the person for the testimonial or endorsement; and (iii) a description of any material conflicts of interest on the part of the person giving the testimonial or endorsement resulting from the investment adviser's relationship with such person and/or any compensation arrangement. 

7 Rule 206(4)-1(b)(2) requires that advisers have (i) a reasonable basis for believing that the testimonial or endorsement complies with the requirements of the Testimonial and Endorsements Provisions; and (ii) a written agreement with any person giving a testimonial or endorsement that describes the scope of the agreed-upon activities and the terms of compensation for those activities.

8 Rule 206(4)-1(b)(3) generally provides that an adviser may not compensate a person, directly or indirectly, for a testimonial or endorsement if the adviser knows, or in the exercise of reasonable care should know, that the person giving the testimonial or endorsement is an ineligible person at the time the testimonial or endorsement is disseminated.

9 Rule 206(4)-1(c) provides that an adviser may not include any third-party rating in an advertisement, unless the adviser: (1) has a reasonable basis for believing that any questionnaire or survey used in the preparation of the third-party rating is structured to make it equally easy for a participant to provide favorable and unfavorable responses, and is not designed or prepared to produce any predetermined result; and (2) clearly and prominently discloses, or the adviser reasonably believes that the third-party rating clearly and prominently discloses: (i) the date on which the rating was given and the period of time upon which the rating was based; (ii) the identity of the third party that created and tabulated the rating; and (iii) if applicable, that compensation has been provided directly or indirectly by the adviser in connection with obtaining or using the third-party rating.

10 A prior alert discussing the Priorities can be found here. A press release related to the publication of the Priorities can be found here. The full publication can be found here.

11 A link to the speech can be found here.

12 A link to the speech can be found here.

13 A link to the final judgment can be found here. A link to the SEC's complaint can be found here.

14 A press release related to the settlement can be found here. A link to the full SEC Order can be found here.

15 The Safeguards Rule generally requires registered broker-dealers and investment advisers to adopt written policies and procedures that are reasonably designed to: (1) ensure the security and confidentiality of customer records and information; (2) protect against any anticipated threats or hazards to the security or integrity of customer records and information; and (3) protect against unauthorized access to or use of customer records or information that could result in substantial harm or inconvenience to any customer.

16 The Identity Theft Red Flags Rule generally requires registered broker-dealers and investment advisers to develop and implement a written Identity Theft Prevention Program that is designed to detect, prevent, and mitigate identity theft in connection with the opening of a covered account or any existing covered account. The Identity Theft Prevention Program must include reasonable policies and procedures to, among other things, identify relevant red flags for covered accounts, respond appropriately to any red flags and ensure the Program is periodically updated to reflect changes in risks to customers.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.