10 Ways Compliance is Evolving: Insights from the 2025 ACA Conference

  • Article
  • ACA News, Artificial Intelligence (AI), CFTC, Compliance, Cybersecurity, Distribution, eComms Surveillance, ESG, Investment Adviser, Managed Services, NFA, Performance, Private Fund, RegTech, SEC, SEC Marketing Rule

ACA’s 2025 Conference brought together hundreds of compliance professionals, executives, and thought leaders to explore the most pressing issues shaping the financial services industry. Across dozens of sessions, expert speakers and engaged attendees explored the evolving regulatory outlook, the growing influence of technology, emerging fund strategies, and the shifting demands on compliance teams.

From these discussions, 10 key themes and actionable takeaways emerged to help firms stay ahead in an increasingly complex environment.

1. Regulatory resilience is non-negotiable

As the regulatory environment continues to shift, one message was clear: compliance is not optional, even when enforcement may appear to slow. A strong compliance program not only instills confidence in regulators but also attracts investors who value firms that demonstrate a clear commitment to protecting their investments. Proactive firms are preparing now to manage risk, respond to change, and avoid future surprises.

  • Maintain robust programs. Even during periods of reduced exams or enforcement actions, firms must sustain strong compliance programs.
  • Build early partnerships. Don’t wait for a crisis—establish relationships with consultants and technology providers now.
  • Prioritize internal education. Create space for compliance teams to stay current on emerging risks and regulatory expectations.
  • Leverage external support. Peer groups, consultants, and collaborative networks are critical resources for navigating regulatory shifts.

2. AI and other technologies: Enhancements, not replacements

AI dominated discussions across the conference, and the takeaway was clear: while AI and other technologies can enhance compliance functions, they cannot replace the human element. Effective compliance programs must strike the right balance between automation and oversight.

Throughout multiple panels, speakers agreed that AI is a powerful enabler. It can accelerate marketing reviews, compliance monitoring, and documentation, but still requires human judgment and quality control.

  • Monitor your messaging. Be cautious of AI-washing as regulators are closely watching for misleading or exaggerated claims.
  • Take a measured approach. Build an AI strategy that includes oversight, ROI evaluation, and training.
  • Prepare your workforce. Younger employees are increasingly adopting AI tools in their daily work. Ensure they are equipped to use them responsibly.

3. Digital assets require both traditional principles and new oversight

The path forward for digital assets remains uncertain, but compliance leaders can—and should—lean on familiar principles. Traditional risk management practices still apply, even as new regulations and agencies enter the landscape.

  • Apply core frameworks. Compliance officers should continue to rely on established approaches, including policies, testing, and disclosures to manage digital asset risks.
  • Prepare for overlapping insights. Understand that the U.S. Securities Exchange Commission (SEC), Commodity Futures Trading Commission (CFTC), and National Futures Association (NFA) may all have jurisdiction. Firms entering the space must prepare for cross-agency regulatory expectations.
  • Address knowledge gaps. Institutional adoption is growing, but many firms still lag behind employees’ personal knowledge and investing behavior in digital assets.
  • Close ETF and ETP knowledge gaps. Understanding the difference between Exchange-Traded Funds (ETFs) and Exchange-Traded Products (ETPs), and their associated’40 Act regulatory obligations, remains a critical knowledge gap.

4. Marketing Rule enforcement and electronic communications oversight remain a priority

The SEC continues to prioritize marketing oversight across sectors and the importance of surveillance especially around digital communications-remains a top focus. Firms must sharpen their understanding of disclosures, hypothetical performance, superlatives, and policy documentation.

  • Strengthen disclosure discipline. Expect continued scrutiny around AI use in marketing, as well as accuracy, transparency, and proper use of superlatives and hypothetical performance.
  • Align internally. Ensure close coordination between advertising, performance, and compliance teams to maintain consistent and compliant messaging.
  • Modernize surveillance. Electronic communications surveillance, including off-channel communications, must be real-time, technology-enabled, and paired with ongoing employee training.

5. Outsourcing requires transparency, technology, and trust

While outsourcing can be a smart strategic move, the success of these relationships depends on transparency, cultural alignment, and technology that enables real-time collaboration. More firms are turning to third-party providers to do more with less, but proper oversight is essential.

  • Ensure process visibility. Providers that use technology to enable transparency deliver stronger compliance outcomes.
  • Addressing quality concerns head-on. Outsourcing hesitancy often stems from perceived quality issues—acknowledge them and address them directly.
  • Choose disciplined partners. Select partners with strong process discipline and accountability to maintain confidence and oversight.

6. Operational due diligence must be proactive and candid

Transparency isn’t just appreciated, it’s expected. Allocators are increasingly collaborative and supportive, but firms must engage openly, early, and often to build trust and stand out. Relationship building and candid communication remain central to allocator trust.

  • Be candid in RFPs. Clearly communicate forward-looking plans, even if you’re a newer firm when completing a request for proposal (RFP).
  • Focus on fundamental controls. Prioritize basic controls like cash management, address changes, and background checks.
  • Use RFPs as a learning tool. Treat the process as an opportunity to identify best practices from peers and the broader market.

7. Vendor management needs to go beyond cybersecurity

Risk isn’t limited to IT. Expanding third-party oversight into additional domains reflects a maturing view of vendor risk, and regulators and clients are taking notice. Forward-thinking firms are broadening their vendor diligence frameworks to address these expectations.

  • Broaden your diligence scope. Expand due diligence to cover privacy, ESG, financial health, and operations—not just IT and cyber.
  • Plan for offboarding. Ensure documentation and data are accessible and accounted for before ending a vendor relationship.
  • Set expectation early. Use onboarding as an opportunity to define expectations for training, access, and security.

8. Mock exams and tabletop exercises deliver real-world readiness

Simulation isn’t theoretical—it’s essential. Firms that conduct mock exams and cyber tabletop exercises are better equipped to respond to real-world scenarios and evolving SEC expectations. From regulatory exams to cyber response, simulation and testing remain critical components of readiness.

  • Use SEC mock exams to uncover gaps. These exercises help identify weaknesses, prepare staff, and support investor confidence.
  • Conduct cyber tabletop exercises. Simulations help reveal missing links in incident response plans and establish clear messaging protocols for different internal and external audiences.
  • Prepare for rapid response. The SEC expects immediate responses. Ensure your teams are prepared to act within required timelines.

9. Private markets and fund structures are shifting

The increasing retailization of private markets is creating new compliance and operational complexities. For many, interval and tender offer funds represent a bridge between private and registered offerings, but the industry still has catching up to do.

  • Address education gaps. A lack of familiarity among many market participants highlights the growing need for education on these structures.
  • Tackle valuation and compliance challenges. Retail access to private markets is expanding, but valuation and compliance remain complex challenges firms must actively address.
  • Balance innovation with readiness. Firms must strike a careful balance between driving innovation and ensuring regulatory compliance.

10. Compliance careers are evolving

Compliance professionals are facing a transformative moment. From AI adoption to cross-border regulatory expectations, CCOs are being called to lead with agility, strategy, and modern tools. To keep pace with the future of compliance, CCOs will need to:

  • Build AI fluency. Compliance professionals must understand and apply AI responsibly.
  • Increase cross-functional awareness. CCOs need to be deeply embedded in firm technology and data oversight.
  • Embrace strategic leadership. Compliance is not just about following rules, it’s about enabling firms to respond and thrive amid change.

Leading the next era of compliance

The 2025 ACA Conference made one thing clear: compliance is no longer a back-office function. It’s a strategic driver of business success. Firms that invest in readiness, resilience, and relationships, powered by the right people and technology, will set the pace for the future of financial services.

Save the date: The 2026 ACA Conference will take place April 15-17 in Nashville. Subscribe now to be the first to receive your invitation when registration opens.

Contact
Contact