Five Things Every CCO Needs to Know

Insights from ACA’s Spring 2026 Media Roundtable
  • Article
  • Compliance
The compliance landscape has rarely shifted as fast as it is shifting right now. During ACA’s recent media roundtable, ACA experts discussed the regulatory developments, operational pressures, and enforcement trends shaping the year ahead for investment managers.
 
While the headlines continue to evolve, several themes consistently rose to the top of the conversation, highlighting areas where CCOs are being asked to move faster, make harder decisions, and demonstrate greater oversight across their firms.
 
The following five priorities are quickly becoming essential areas of focus for compliance leaders:
 
Deregulation Is Not a Green Light

The pressure on compliance is not coming from Washington right now; it is coming from private fund LPs. Capital raising has hit its lowest level since 2020. Allocators who need to decide where to deploy scarce capital are now asking harder questions about governance, risk management, and compliance infrastructure. Firms that read deregulation as permission to ease up are getting the story backward.

The SEC’s New Enforcement Focus Is Both Narrower and Broader

The prior administration’s approach, which resulted in more than $4 billion in fines related to books-and-records violations, does not appear to reflect the current enforcement direction. But the recordkeeping rules have not changed – at least not yet. And a subsequent SEC may take a very dim view of firms that have not cleaned up their recordkeeping processes.

The SEC has announced that it is focusing its enforcement resources on fraud and investor harm. However, substantial risks remain beneath these headings. Recent cases have found ‘investor harm’ flowing from negligence, conflicts of interest, and valuation issues in private credit. Leading voices, including Jay Clayton, the former SEC Chair now heading the Southern District of New York (SDNY), have publicly raised concerns about whether marks on the books reflect reality. If you are in private credit or private equity, your valuation governance needs to be defensible, documented, and independently tested.

Your AI Adoption Is Almost Certainly Ahead of Your AI Governance

ACA’s proprietary research shows that over 80% of investment management firms are now using AI, up from roughly 20% three years ago. Most of it is surface-level: desktop tools, question-and-answer prompts, basic drafting assistance. Only about 8% of firms have integrated AI into client-facing workflows. Deep compliance integration is limited.

The governance infrastructure to oversee AI has not kept pace. When our teams talk to CCOs today, the conversation is not about which AI tools to adopt. It is about how to govern the tools already running inside the firm, tools deployed by business units before formal compliance oversight was established.

Regulators and LPs are now testing firms across five key areas:

  1. Do you have an authorized use policy?
  2. Do you have a governance framework?
  3. Do you have model testing and validation?
  4. Do you have cybersecurity controls around AI?

Do you have oversight of how your vendors are using AI with your data?

If you cannot answer all five, there is work to do.

Cybersecurity Exams Have Changed: From Checkbox to Evidence

A risk assessment is no longer enough. Regulators and operational due diligence teams are asking a different question: what did you do with the findings?

SEC examiners have shifted their focus from documentation of process to demonstration of action. Firms that can show an audit trail that shows, “we identified this, we flagged it, we remediated it, here is the evidence” are in a fundamentally different position than firms that can only produce a high-level checklist, even if every item has been ticked. The same shift is happening in LP due diligence.

The Retail Alternatives Door Is Open, and the Education Gap Is Real

The regulatory infrastructure for retail access to alternative investments is in motion. The White House, the DOL, and the SEC have each taken significant steps: the DOL’s proposed fiduciary safe harbor, the SEC’s removal of the 15% illiquid cap for closed-end funds, and co-investment relief for registered vehicles.

The vehicles are there. What is not yet in place is the education infrastructure to support advisers selling these products to retail clients who may not fully understand what ‘illiquid’ means when markets move. Regulatory requirements for marketing to retail investors are also substantially different, particularly with respect to performance information. The SEC is aware of these issues. Their examination sweep of interval funds and private credit vehicles is expanding. Private fund advisers looking to make the leap to retail must consider not only whether their products are compliant but also whether their distribution channels are ready.

The compliance environment in 2026 is not simpler than it was; it’s just different. The rules are changing, the risks are shifting, and the expectations from LPs, regulators, and the market have never been higher.

For more than 20 years, ACA has helped firms stay ahead of regulatory and operational change, and that commitment continues today.

Questions about how these shifts impact your firm? Talk with ACA’s compliance experts.

Contact Us
Contact
Contact