Where Innovation Meets Oversight: Managing Artificial Intelligence, Crypto and Cybersecurity Compliance

Innovation in finance has never been linear and today, artificial intelligence (AI), crypto and cybersecurity are proof of that. As these areas accelerate from niche to mainstream, private fund managers and registered investment advisers (RIAs) face a dual reality: unprecedented opportunity on one hand, and an ever-evolving regulatory perimeter on the other. Even as regulators show more openness to crypto products, new enforcement actions, AI oversight expectations and mounting cyber risks remind private fund managers and RIAs that the path forward is as complex as it is promising.

What follows is a snapshot of the latest regulatory trends, developments and compliance considerations around AI adoption, digital assets and the heightened scrutiny on cybersecurity. The Silver Compliance Team shares its perspective on how private fund managers and RIAs can capture opportunities, stay ahead of regulatory pressure and turn compliance from an obligation into a competitive edge.

Harnessing AI Responsibly: Compliance Expectations for Private Fund Managers and RIAs

There is no doubt that AI is set to accelerate research, portfolio construction, client service and much more for private fund managers and RIAs. Yet regulators view AI as a dual-edged sword: powerful efficiency gains, offset by emerging risks tied to unclear models, data concerns and supervisory issues yet to be discovered.

The SEC has already flagged AI as an emerging risk area in exams, highlighting predictive analytics and supervisory oversight as top concerns. More specifically, the SEC’s 2025 Examination Priorities identified AI as a focal point, stressing that they will review registrant representations regarding their AI capabilities or AI use for accuracy. The SEC will assess whether firms have implemented adequate policies and procedures to monitor and/or supervise their use of AI, including tasks related to fraud prevention and detection, back-office operations, anti-money laundering (AML) and trading functions.

Even with intensified regulatory attention, AI adoption continues to rise among private fund managers and crypto firms. Unfortunately, some early adopters touted AI-driven hyper-personalized recommendations, which induced “AI washing” enforcement actions when the resulting performance or risks were misrepresented.

To potentially avoid a similar fate, some core AI compliance concerns center on:

• Accurate Recordkeeping: Preserve model inputs, parameter changes and rationale for each AI-driven decision
• Supervisory Oversight: Ensure human review of material recommendations and trade signals
• Transparent Client Communication: Disclose the use, limitations and risks of AI tools in extremely plain language

Another critical area of concern is vendor due diligence, where firms must do the following when considering AI and selecting AI platforms:

• Vet providers for transparency on model architecture, data protection and provenance, and ongoing regulatory alignment
• Confirm data-protection safeguards, particularly when handling non-public personal or market data
• Ensure alignment with SEC/FINRA expectations for technology controls, avoiding reliance on opaque “black-box” systems that undermine compliance oversight

Silver’s Take: 

• Adopt, but vet carefully: Take advantage of AI tools for research, portfolio management or client service only after conducting risk assessments of vendors’ security, transparency and regulatory alignment
• Document policies from the start: Build a clear record of how AI will be used, including its purpose, data sources and supervisory controls, to demonstrate compliance readiness
• Define supervisory guardrails: Establish governance procedures, such as periodic reviews and human oversight, to ensure AI outputs align with fiduciary and regulatory expectations

Crypto Regulation: The Slow Winds of Progress

Digital assets have long promised efficiency and accessibility. Now, regulators are signaling clearer rules and reduced enforcement, focusing on fostering the innovation and efficiency that blockchain technology promises while building a fit-for-purpose regulatory framework that still offers important investor protections. The window to capitalize on crypto innovation is widening, but enforcement efforts have not halted entirely and firms must choose their paths with purpose. This all begins with the rhetorical signals coming from regulators by means of speeches, statements and interpretive guidance before concrete rules concerning crypto assets are inevitably proposed.

The Spring 2025 SEC Regulatory and Deregulatory Agenda reflects a policy shift in which SEC Chairman Atkins emphasized the need for clear “rules of the road” for the issuance, custody and trading of crypto assets, signaling forthcoming proposals designed to bring more certainty to the digital asset markets.

Embedded in this statement from Chair Atkins is a link to the official list of rules the SEC is working on, which shows the status of each proposal and includes an abstract explaining the rationale for the changes. Several new crypto-related rules, along with amendments to existing rules such as the Custody Rule, are already in the “Proposed Rule Stage,” suggesting a flurry of proposals on the horizon, providing both opportunities and obligations for private fund managers.

One landmark change has already taken place: the SEC’s approval of generic listing standards for exchange-traded products (ETPs) that hold spot commodities, including digital assets, which will open the door for many more crypto assets, beyond just Bitcoin and Ether, to have their own ETPs listed and trading on exchanges. This follows the SEC’s approval of in-kind creations and redemptions for Crypto ETPs. These decisions represent a major step toward expanding access to digital assets in traditional securities markets and treating crypto-based ETPs more like traditional commodity ETPs. The effects are significant:

• Greater liquidity across digital asset markets
• Improved tax efficiency for institutional investors
• Reduced transaction costs
• Broader participation from pensions, endowments and insurance companies

These signals point toward an emerging regulatory regime designed not to stifle digital assets, but to integrate them more closely with mainstream financial products.

Notable Digital Asset–Friendly Regulatory Programs

To further this progressive shift, the President’s Working Group on Financial Markets (PWG) issued a report on Digital Asset Markets that has been praised as “the blueprint to make America first in blockchain and crypto technology.” The report emphasizes coordination across regulators and highlights the need for updated frameworks to attract innovation domestically rather than losing it to other jurisdictions.

Both the SEC and CFTC responded swiftly to the call, with the CFTC announcing their “Crypto Sprint” and the SEC introducing “Project Crypto,” a forward-looking initiative designed to modernize classification, custody and disclosures while embracing regulatory innovation. Key features include:

• Token-labeling guidance, providing greater clarity on whether a token constitutes a security or a commodity
• “Super-app” frameworks to regulate multi-function blockchain platforms
• Modernization of custody rules, creating flexibility while maintaining investor safeguards
• Potential innovation exemptions to allow novel projects to flourish under controlled conditions

Additionally, the SEC and CFTC released a joint statement on spot crypto assets, demonstrating unprecedented inter-agency cooperation in building regulatory clarity. This collaboration suggests that turf battles, once a defining feature of U.S. digital asset oversight, may be giving way to coordinated frameworks.

Key Enforcement Actions

Unfortunately, deregulation (or potential deregulation) does not mean the end of enforcement. While several cases against crypto firms have been dropped by the SEC under the new administration, such as the dismissal of enforcement proceedings against Coinbase and Binance, two recent cases underscore that the effects of the “regulation-by-enforcement era” can still be felt, and regulators remain committed to cracking down on misconduct in the digital asset markets:

• Tornado Cash Trial: In this high-profile case against the founder of a crypto-mixing service, Roman Storm received a mixed verdict, where the jury found him guilty of conspiring to operate an unlicensed money transmitting business but deadlocked on the other two charges brought against him relating to money laundering and sanctions. Prosecutors argued that the Ethereum-based mixer facilitated more than $1 billion in criminal transactions, while the defense claims the software operated autonomously through permissionless, open-source code without ever taking custody of user funds and does not meet the definition of a money transmitting business. The case is far from over, with ongoing post-trial motions, a retrial possibility and a potential appeal, but it highlights that privacy-enhancing DeFi tools can still trigger severe legal risk when sanctions intersect with code.
• Mango Labs Settlement Upheld: The SEC pushed back on Mango Labs’ attempt to undo a $700,000 settlement agreed to under the prior administration, asserting that changes in the agency’s crypto policy and the dismissal of certain enforcement actions under the new administration do not justify reopening the case.

Silver’s Take:

As deregulation and enforcement continue to reshape the playing field, Silver outlines the steps managers should take now to position themselves for success:

• Leverage deregulation, but within existing requirements: Prepare to optimize custody arrangements and staking strategies to take advantage of recent signals that the SEC will increase flexibility, but remember to ensure operational safeguards remain robust because existing requirements under the Custody Rule remain in effect.
• Balance innovation with risk controls: When exploring privacy-enhancing DeFi tools or other potentially controversial blockchain applications, implement a clear risk management framework to avoid exposure to enforcement actions.
• Stay alert to evolving definitions: Monitor token classification, custody mechanics and safe harbor proposals closely, as these areas represent both opportunity and ongoing regulatory uncertainty.

From Defense to Differentiator: Cybersecurity’s Role Today

As markets and private fund infrastructure grow more global and complex, so too are the threats through ransomware; phishing, denial of service attacks; state-sponsored actors targeting private fund managers, particularly in the context of digital-asset infrastructure; misuse by insiders; and other cyber misconduct by sophisticated attackers. Cybersecurity and effectively responding to cyber threats are the responsibility of multiple government agencies, as well as every market participant. While institutional and investor due diligence now includes cyber-risk questionnaires and desktop audits, it is vital for everyone to get ahead of cyber threats.

Building Cyber Resilience

In an era where cyber threats are no longer “if” but “when,” and regulators expect rapid, well-documented responses, private fund managers and RIAs must establish resilience that protects both clients and reputation. Here is how Silver recommends approaching cyber resilience proactively:

• Institutionalize incident readiness: The 2024 amendments to Regulation S-P require registered investment advisers, broker-dealers and funds to establish a formal incident response program, complete with written policies and procedures, that can detect, respond to, and recover from data breaches involving customer information. For larger advisers, firms must begin complying in December 2025.
• Strengthen response through structured testing: An effective incident response plan should clearly define roles, escalation triggers and documentation protocols, including preserving forensic evidence and managing executive and board-level communication. Regular practice exercises and alignment between incident response and disclosure control processes are essential to meet SEC expectations and avoid enforcement risk.
• Ongoing cyber risk assessments: In order to conduct full cyber-risk assessments that lead to appropriate changes, firms should implement continuous monitoring of vulnerabilities, patch management programs and automated red-flag alerts for anomalous network activity. Embedding AI-powered threat-detection tools can accelerate response, provided their outputs feed directly into governance workflows. There should also be ongoing user training that incorporates AI.
• Leverage cyber maturity as a competitive advantage:  Rather than viewing compliance as just a checkbox, firms should position a comprehensive cybersecurity program, incorporating insurance, vendor oversight and proactive threat management as a differentiator that builds investor confidence and supports long-term business development. There should also be written policies and procedures that incorporate an AI acceptable-use policy to govern users within a firm.

Silver’s Take:

With regulators and investors scrutinizing cyber maturity, Silver recommends the following proactive measures that both reduce risk and strengthen client confidence:

• Invest in resilience now: Implement strong governance, layered security controls and cyber insurance to minimize exposure in the event of an incident
• Test before the crisis hits: Run tabletop exercises and third-party vendor risk assessments to validate readiness under real-world scenarios
• Use cybersecurity as a differentiator: Position a mature, transparent cyber program not just as a compliance requirement but as a trust signal to investors and allocators

The New Path Forward: Balancing Innovation with Compliance

The convergence of AI adoption, crypto deregulation and heightened cybersecurity expectations makes clear that the private fund manager and digital finance landscape are evolving on multiple fronts simultaneously, with each advancing opportunity bringing along regulatory risk. Private fund managers and RIAs that fail to integrate compliance into their innovation roadmaps risk reactionary pivots, enforcement actions and reputational damage. To not fall behind, private fund managers and RIAs should remember that:

• Opportunity and risk advancing together: Crypto deregulation is creating more efficient products and broader investor access, but parallel enforcement actions underscore that not all innovation will be embraced by regulators.
• AI adoption brings both promise and pressure: New AI tools can transform research, trading and client engagement but without rigorous policies, documentation and oversight, these efficiencies can quickly turn into compliance liabilities.
• Cybersecurity now a baseline expectation: The SEC and other regulators make clear that robust cyber readiness is no longer optional; it is central to operational resilience and investor trust.
• Oversight is essential for success: The firms best positioned for success will move quickly to capture opportunities while embedding and maintaining strong controls to protect against regulatory and reputational risks.
• Compliance as a strategic advantage: A well-developed compliance framework can enhance credibility with investors and differentiate firms in a crowded market.

Silver partners with private fund managers and RIAs to navigate this evolving and dynamic environment, helping firms balance innovation with robust compliance to stay ahead of the curve. The future belongs to private fund managers and RIAs who see compliance as a foundation for growth and long-term success. To learn more about how we can support your firm’s compliance needs, contact our Compliance Team today at [email protected].