.png)
SEC Pulls the Plug on 14 Proposals
For the past three years, 14 SEC proposals have promised to revamp multiple areas of advisory compliance: investor protection, ai, tech & cybersecurity resilience, transparency, and oversight.
From strict limits on AI-powered “predictive analytics” and mandatory custody exam overhauls to ESG disclosures and formal risk-management programs implementations for cybersecurity, firms readied for even more regulatory scrutiny. Compliance leaders shook their heads and re-wrote policy manuals, considered adding more headcount to deal with the regs, and started educating their finance teams. The withdrawal effectively pauses the Commission’s AI-oversight agenda giving firms breathing room to refine machine-learning controls.
Then, on June 12, 2025, the SEC said, “we’re done with these proposals,” as it withdrew all 14 of those draft rules.
So, which SEC proposals were withdrawn?
The proposals that were withdrawn were intended to modernize SEC oversight. Here’s a quick glance at the 14 proposals that were withdrawn:
- Substantial Implementation, Duplication, and Resubmission of Shareholder Proposals (Exchange Act Rule 14a-8)
• Goal: standardize the tests companies use to kick shareholder proposals out of their proxy statements so that fewer genuinely new or substantive ideas get filtered out, and investors’ voices make it onto the ballot - Conflicts of Interest Associated with the Use of Predictive Data Analytics • Goal: Spot any biases in your AI tools that could steer clients toward your firm’s products, then eliminate or neutralize those conflicts to ensure the client is served, all while documenting policies, review processes, and remedies to create a clear audit trail of how AI-driven tools affect outcomes.
- Safeguarding Advisory Client Assets• Goal: update the definition of custody to include assets like crypto and require written agreements with custodians to prevent misappropriation or loss of client assets by updating existing rule 206(4)-2.
- Cybersecurity Risk Management for Advisers, Funds, and BDCs
• Goal: Require advisers, funds, and BDCs to establish a formal cyber-risk management program, with mandatory incident reporting to the SEC within 48 hours of detection, an annual summary cybersecurity report for investors, and semi-annual certifications (tied to training) to increase SEC oversight. - Enhanced Disclosures About ESG Investment Practices • Goal: cut through greenwashing and give investors comparable ESG metrics.
- Outsourcing by Investment Advisers
• Goal: ensure that outsourcing relationships (e.g., for portfolio accounting, trading systems) don’t create uncontrolled risks. - Fraud, Manipulation, and Undue Influence in Security-Based Swaps
• Goal: Prohibit (1) fraudulent, deceptive, or manipulative conduct in all security-based swap transactions, and (2) undue influence over the Chief Compliance Officer of a security-based swap dealer. - Volume-Based Exchange Transaction Pricing for NMS Stocks
• Goal: Ensure that volume-driven fee schedules don’t distort brokers’ decisions. - Regulation Best Execution • Goal: Codify & Regulate what “best execution” means, forcing brokers to record and follow detailed policies, with the aim for investors to know their trades are being handled with their interests, not just the interest of the broker.
- Order Competition Rule • Goal: level the playing field and curb preferential “speed-to-market” advantages.
- Regulation Systems Compliance and Integrity (Reg SCI)
• Goal: strengthen resilience of the technological backbone that underpins trading, clearing, and reporting. - Cybersecurity Rule for Broker-Dealers, Clearing Agencies, SBSDs, etc.
• Goal: protect the plumbing of our capital markets from cyber-attack. - Definition of “Exchange” (Exchange Act Rule 3b-16)
• Goal: ensure the statute’s reach keeps pace with innovation in trading platforms. - CAT Data Security Enhancements
• Goal: protect highly sensitive Consolidated Audit Trail data against unauthorized access or cyber-incidents.
Why were the proposals withdrawn?
Not every SEC proposal goes into rule.
With Paul Atkins now at the helm and Republicans in the majority, this move isn’t just housekeeping. Instead, it reflects a clear pivot away from Gary Gensler’s investor-protection agenda toward a lighter regulatory touch (and a pro-crypto stance) for the SEC. Since Atkins took over, the SEC has already cut its staff by roughly 17% and even deactivated its $1 billion insider-trading detection system.
Impact on Compliance Teams
With all 14 proposals formally withdrawn, existing compliance programs continue unchanged. No new filing deadlines, disclosure formats, or monitoring protocols have been introduced.
Procedural Reset under the APA
Any move to revive these topics must begin anew. The Administrative Procedure Act requires a full notice-and-comment cycle for every “statement of general applicability” that carries legal effect. As noted by Allen Matkins Leck Gamble Mallory & Natsis LLP in their 2018 article, the SEC cannot bypass this process; reopening the docket would take roughly 18–24 months before a rule could reach final form, assuming the agency decides to proceed and the public record supports adoption.
Ongoing Enforcement Signal
Withdrawal does not equal deregulation. The Commission continues to authorize more than 100 non-crypto enforcement actions each year, including recent cases involving adviser fraud and CFO misstatements. Supervisory exams and investigative subpoenas will therefore continue to be administered under the existing rulebook.
There is no interim regulatory obligation. Firms continue operating under existing rules, while the SEC’s ability to reissue similar mandates is delayed by the need to solicit and consider public feedback anew.
While this withdrawal marks a regulatory pause, it’s not a free pass. The SEC’s enforcement division remains active, and existing rules still carry weight. For firms, the message is clear: Stay compliant, stay prepared, even as the rules evolve. For a reality check on how messaging apps become blind spots, see our article on off-channel communication risks.
And, for questions about key terms, you can always reference our compliance glossary.
