Rethinking Annual Compliance Training

By Mahin Golden, Compliance Officer

Annual Compliance Training is more than a regulatory requirement — it’s an opportunity to reinforce the firm’s compliance culture and establish expectations relating to key compliance requirements.  To maximize the impact of your compliance training, be sure to emphasize topics that i) relate to your business, ii) address common compliance issues within the firm, iii) highlight real enforcement actions, and iv) cover not only traditional compliance areas but also address new and emerging compliance areas.

1. Keep It Relevant

Tailor the content to your audience. While regulatory requirements form the foundation, focus on how those rules apply to your firm’s specific business activities, clients, and risks. Employees are more likely to engage when they understand how compliance affects their daily responsibilities.

In addition, firms should actively solicit feedback from staff regarding topics of concern or interest they would like covered during the training. This will not only increase engagement but also helps ensure the training remains meaningful and responsive to the real-world challenges employees encounter.

Example: If your firm primarily advises private funds, focus part of your training on topics such as limits on general solicitation for private offerings under Regulation D and ensuring consistency between marketing materials, Form ADV disclosures, and PPMs.

2. Address Common Compliance Challenges

Use the annual training as an opportunity to reinforce lessons learned from past compliance issues. Review any recurring trends or findings identified through testing or regulatory exams, and provide clear reminders about rule requirements and firm expectations. Highlighting real examples helps employees see how small oversights can lead to larger compliance risks.

Example: During a recent compliance test, the firm identified instances where personal trades by spouses of Access Persons were not pre-cleared. While no material violations occurred, the pattern underscored the need for greater awareness of the Code of Ethics pre-clearance requirement for members of an Access Person’s household. Incorporating this example into the training allows you to clarify what went wrong, and explain why pre-clearance matters.

3. Highlight Real Enforcement Actions

Bring compliance to life by referencing recent SEC or state enforcement cases. Nothing captures attention like real-world consequences — especially when they involve firms or situations similar to your own. Summarize key takeaways and connect them to your firm’s policies to show that compliance is not just a requirement, but a safeguard.

Example: In 2024, the SEC fined multiple advisory firms for failing to maintain and preserve electronic communications, including text messages and other off-channel communications. The SEC found that business-related discussions — such as client instructions, investment recommendations, and trade approvals — were taking place on personal messaging apps that were not captured by firm systems. This case serves as a reminder that under the Advisers Act Books and Records Rule (Rule 204-2), firms must retain all business communications, regardless of platform. Training can be a great time to revisit your firm’s communication policy and discuss best practices — such as how to respond if a client contacts you through an unapproved channel.

4. Prepare for the Future

Annual Compliance Training isn’t just about reviewing what’s already required — it’s also about preparing for what’s coming next. Training staff on recently adopted rules, pending rules, as well as anticipated future regulatory requirements helps staff anticipate changes and understand how they impact the organization as a whole. Remember: regulatory changes rarely affect only Compliance.

Example: The SEC’s amendments to Regulation S-P (effective December 3, 2025 for large advisers and June 3, 2026 for small advisers) introduced new obligations around incident response and client notification following a data breach. Under the updated rule, advisers must adopt written policies and procedures to detect, respond to, and recover from unauthorized access to sensitive client information — and, in most cases, notify affected clients within 30 days of determining that their data was compromised. Compliance training can help ensure that all staff recognize what constitutes a “security incident,” know who to contact internally if a breach is suspected, and understand their role in protecting client information. Like many regulatory changes, this is an all-hands-on-deck initiative that involves everyone firmwide.

Closing Thoughts

As you prepare for your Annual Compliance Training, remember that it’s more than a yearly requirement — it’s an opportunity to strengthen a culture of integrity, awareness, and accountability across the firm.

Firms should also reinforce that compliance training serves both the firm and employees personally. A compliance violation doesn’t just create regulatory exposure for the firm — it can lead to professional, financial, and reputational consequences for individuals as well. By framing training as a shared responsibility and personal safeguard, you help staff see its true value.

By keeping the content relevant, engaging, and forward-looking, you can turn a regulatory obligation into an informative and engaging experience that keeps compliance at the forefront of everyone’s mind.