State Securities Regulators vs. the SEC — Why Compliance Teams Need to Monitor Both

When the CFPB pulled back from active rulemaking in 2023 and the SEC's enforcement approach shifted under new leadership, state securities regulators moved aggressively to fill the gap. California's DFPI, New York's DFS, Massachusetts's OCSC, and a dozen others have opened more examinations, issued more enforcement actions, and adopted more rules through 2024 and 2025 than in any comparable recent period.

For compliance teams at SEC-registered RIAs and broker-dealers, this creates a monitoring problem: the primary regulatory body they monitor is not the only regulatory body with enforcement authority over their practices.

What State Securities Regulators Actually Do

State securities regulators operate under state securities laws and enforce them independently from the SEC. Even for SEC-registered investment advisers, states retain authority to: enforce anti-fraud provisions of state securities law against advisers, examine state-registered investment advisers (those with less than $100M AUM), regulate broker-dealers operating in their state, enforce state-specific rules on solicitor disclosures and advertising, and pursue violations involving residents of their state.

The practical implication: an SEC-registered RIA with clients in 15 states is operating in 15 separate state regulatory jurisdictions simultaneously.

Which State Regulators Are Most Active

The states with the most active securities enforcement programs include: California (DFPI) — most active rulemaking program among state regulators, particularly in fintech and investment adviser enforcement; New York (DFS) — primary regulator for financial services in the largest US financial market, particularly active in cybersecurity and crypto regulation; Massachusetts (OCSC) — historically aggressive on investment adviser regulation, has adopted rules exceeding federal standards in specific areas; Texas (SSB) — significant RIA examination activity particularly for smaller firms; and Illinois (IDFPR) — active broker-dealer and RIA examination program.

How State Laws Interact with Federal Rules for RIAs

The Investment Advisers Act preempts state regulation of SEC-registered investment advisers' advisory activities in most areas — but preemption is not complete. States can still regulate fraudulent conduct by SEC-registered advisers, solicitor and referral arrangements, registration and operation of branch offices, and conduct that falls outside the definition of investment advisory activities under federal law. The interaction between federal preemption and state authority is not always clean, particularly when state regulators adopt enforcement positions that appear to conflict with SEC rules.

Building a State Monitoring System

Manual monitoring of 15 state securities commission websites is not practical. An automated monitoring system configured with the firm's state registration footprint and client geography resolves this — each state regulator's publication feed is scanned daily, new publications classified by relevance to the firm's practices in that state, and a digest delivered that separates material guidance from routine administrative notices. For compliance teams focused primarily on SEC and FINRA monitoring, adding the state layer via automation is the most efficient path — and, given the current enforcement climate, an increasingly necessary one.