United States:
Thorough Exam: SEC's Division Of Examinations Announces Fiscal Year 2024 Priorities
30 October 2023
Holland & Knight
To print this article, all you need is to be registered or login on Mondaq.com.
Amid ongoing federal government shutdown risks and the close of
its fiscal year, the U.S. Securities and Exchange Commission's
(SEC) Division of Examinations (Exams) recently announced its fiscal year (FY) 2024 priorities. According to Exams, "this
year's examinations will prioritize areas that pose emerging
risks to investors or the markets in addition to core and perennial
risk areas." In addition to key focus areas outlined based on
the types of entities subject to examination, Exams identified the
following risks to various market participants as FY 2024
priorities:
- Information Security and Operational
Resiliency: Firms need to have systems, policies and
people in place to maintain service during volatile events.
- Crypto Assets and Emerging Financial Technology
(FinTech): Firms must ensure rigorous compliance with
applicable professional standards, statutes, and rules even as
their business models involve cutting edge products and
technology.
- Regulation Systems Compliance and Integrity (Reg
SCI): Firms must ensure they invest in and maintain
systems that adequately support key market functions and improve
resiliency.
- Anti-Money Laundering (AML): Firms must
understand and adhere to the Bank Secrecy Act and tailor programs
to meet their particular risk profiles.
Of note, although Exams identified environmental, social and
corporate governance (ESG) as a key priority in FY 2022 and FY
2023, it did not explicitly identify it as a priority for FY
2024.
Entities Subject to Examination
Exams is comprised of more than 1,100 SEC staff members who work
in the agency's Washington, D.C., "home office" and
across the agency's 11 regional offices to examine and inspect
SEC-registered investment advisers, investment companies,
broker-dealers, transfer agents, municipal advisors,
securities-based swap dealers, clearing agencies and other
self-regulatory organizations.
Using a risk-based approach to conducting the National Exam
Program (NEP), Exams staff focus on practices, products and
services they feel pose a heightened risk to investors or the
capital markets at large. Each year, Exams carries out a
comprehensive review and recommendation process to identify its
annual priorities – starting with input from the frontline
examiners most familiar with the registrant practices they
encounter day to day. Of course, the published priorities are just
that – hot topics deemed to be of utmost interest and
importance to the NEP. Hence, registrants subject to examination in
FY 2024 should understand the staff's priorities – as
they will likely inform the types of document and information
requests issued in an examination – while also being prepared
for the staff to inquire about the firm's history, operations,
staffing, resources, services, products offered, policies,
practices and risk factors. Exams staff who spot issues of concern
outside of the stated FY 2024 priorities will continue to address
them through the deficiency letter – and possibly enforcement
referral – processes.
FY 2024 Examination Priorities
Though Exams has published annual exam priorities for more than
a decade, this year – for the first time – it aligned
its release with the start of FY 2024 to "better inform
investors and registrants of the key risks, trends, and examination
topics" the Division will focus on in the year ahead.
Registrants should ensure that their appropriate personnel
familiarize themselves with the 28-page report detailing the
priorities which, at a high level, include:
Investment Advisers
|
- Advice about products, strategies and account topics –
particularly including exchange-traded funds (ETFs), real estate
investment trusts (REITs) and unconventional strategies like those
intended to address rising interest rates – and advice on
these matters to older clients and those saving for retirement
- Processes for determining that investment advice is being
provided in a client's best interest (suitability, best
execution, cost and risk assessment, and identifying and addressing
conflicts)
- Economic incentives for advisers to recommend certain products,
services or account types, including arrangements with affiliated
firms
- Investor disclosure, including all material facts relating to
conflicts
- Adviser compliance programs, policies and procedures, including
whether they 1) reflect the various aspects of the adviser's
business, compensation structure, services, client base and
operations, 2) address applicable current market risks and 3)
address recently enacted rules such as the Marketing Rule and
updated Compliance Rule
- Advisers to private funds, with specific focus on 1) portfolio
management risks around market volatility and interest rates, 2)
limited partner advisory committees (LPAC) and advisory board
contractual requirements for notice and consent, fee and expense
calculations, and valuation of illiquid assets, 3) post-commitment
period management fees and disclosure adequacy, 4) due diligence
practices, 5) conflicts, controls and disclosures for private funds
managed side-by-side with registered investment companies and the
use of affiliate service providers, 6) custody compliance and Form
ADV reporting, 7) timely completion of private fund audits and
distribution of audited financial statements, and 8) policies and
procedures for Form PF reporting
- Continued prioritization of never-before-examined advisers,
including recently registered firms and those that have not been
examined in several years
|
Investment Companies
|
- Compliance programs, fund governance practices, disclosures to
investors and accuracy of SEC reporting
- Board processes for assessing and approving advisory and other
fund fees, particularly for funds with weaker performance relative
to peers
- Valuation practices (e.g., implementing board oversight duties,
setting recordkeeping and reporting requirements, and overseeing
valuation designees)
- Effectiveness of written compliance policies and procedures
concerning oversight of advisory fees, fee waivers and
reimbursements with a focus on 1) charging different advisory fees
to different share classes of the same fund, 2) identical
strategies offered by the same sponsor through different
distribution channels charging different fee structures, 3) high
advisory fees relative to peers, and 4) high registered investment
company fees and expenses, particularly those of registered
investment companies with weaker performance relative to peers
- Adoption and implementation of written policies and procedures
reasonably designed to prevent violations of the fund derivatives
rule (Investment Company Act Rule 18f-4)
- As with adviser examinations, continued focus on examining
never-before-examined registered investment companies and those
that have not been examined in a number of years
|
Broker-Dealers
|
- Compliance with Regulation BI, including written policies and
procedures with an emphasis on 1) recommendations on products,
investment strategies and account types, 2) conflict disclosures
and mitigation practices, 3) processes for reviewing reasonably
available alternatives, and 4) factors considered in light of an
investor's investment profile, including investment goals and
account characteristics
- Exams focused on products like 1) derivatives and leveraged
ETFs, high-cost variable annuities, non-traded REITs, private
placements, and proprietary and microcap securities, and 2) older
investors and those saving for retirement or college
- Form CRS compliance, including on 1) the relationships and
services offered to retail investors and related fees and costs, 2)
conflicts, 3) whether any disciplinary history is disclosed, and 4)
assessment of whether an entity has satisfied its duty to file the
form and deliver a relationship summary to retail customers
- Compliance with the Net Capital Rule (Exchange Act Rule 15c3-1) and
the Customer Protection Rule (Exchange Act Rule
15c3-3) and related internal processes, procedures and
controls
- Equity and fixed income trading practices, including compliance
with Regulation SHO, Regulation ATS and Exchange Act Rule 15c2-11
|
Self-Regulatory Organizations
(SROs)
|
- National securities exchanges enforcing compliance with SRO
rules and the federal securities laws, with a focus on exchange
order handling, surveillance, investigation, enforcement programs
for disciplining member firm violations and oversight of regulatory
service agreements
- Risk-based oversight examinations of the Financial Industry
Regulatory Authority (FINRA) and the Municipal Securities
Rulemaking Board (MSRB)
|
Clearing Agencies
|
- The SEC is required to examine, at least once annually, each
clearing agency it supervises that is designated as systemically
important.
- Examinations will focus on 1) core risks, processes and
controls, 2) risk-based examinations will be carried out for other
registered clearing agencies that have not been designated as
systemically important, all including a focus on liquidity
management, 3) models and model validation, and 4) margin systems,
third-party service providers and internal audit.
|
Other Market
Participants
|
- Municipal advisor examinations, with a focus on 1) fiduciary
duty satisfaction, including documenting relationships, 2)
disclosing conflicts, 3) registration, 4) professional
qualifications, 5) recordkeeping, 6) supervision, and 7) compliance
with new MSRB Rule G-46 following its March 1, 2024,
effectiveness
- Whether security-based swap dealers have implemented policies
and procedures for compliance with applicable rules and if they are
meeting their obligations under Regulation SBSR
|
Information Security and
Operational Resiliency
|
- Focus on efforts to prevent service interruption and to protect
investor information and assets
- Policies and procedures, controls, vendor oversight, governance
and incident response planning for cyber issues, including
ransomware attacks and whether firms are adequately training staff
on identify theft prevention, customer records and information
protection
- Practices to prevent account intrusions and safeguard customer
records and information, including personally identifiable
information (PII), with a focus on firms with multiple offices
- Practices to promote cyber resiliency, including firm
practices, policies and procedures to prevent account intrusions,
safeguard information and oversee third-party vendors
|
Crypto Assets and Emerging
FinTech
|
- Examinations will focus on 1) the offer, sale, recommendation
of and advice about trading in crypto assets, including whether
firms meet applicable professional standards, especially when
advising retail investors, and 2) if firms are reviewing and
enhancing compliance practices, operational resiliency and risk
disclosures
- For crypto assets that are funds or securities, examinations
will assess 1) if advisers are complying with custody requirements,
2) technological risks associated with the use of blockchain and
distributed ledger technology, 3) whether compliance policies and
procedures are reasonably designed, and 4) disclosures and risks
pertaining to the security of crypto assets.
- Broker-dealers and advisers offering new products and services
or employing new practices, particularly technological and online
solutions that service online accounts targeting compliance and
marketing, including automated investment tools, artificial
intelligence (AI) and trading algorithms or platforms
|
Reg SCI1
|
- Exams will focus on entities' written policies and
procedures for adequate capacity, integrity, resiliency,
availability and security to maintain operational capability and
promote and maintain fair and orderly markets.
- One area of particular focus will be on the physical security
of systems housed in data centers.
|
AML
|
- Focus on whether broker-dealers, advisers and certain
registered investment companies are 1) appropriately tailoring AML
programs to their business risk model and risks, 2) conducting
independent testing of their programs, establishing an adequate
customer identification program, including for beneficial owners of
legal entity customers, and 3) satisfying filing obligations for
Suspicious Activity Reports (SARs)
- Registered investment company exams will likely include a
review of policies and procedures around oversight of financial
intermediaries.
- Broker-dealers and advisers' exams will consider whether
firms are monitoring Office of Foreign Assets Control (OFAC)
sanctions and ensuring compliance with same.
|
Considerations for Registrants
- ESG Not in Priorities, but Registrants Should Remain
Vigilant: As noted above, Exams dropped ESG as a key
priority for FY 2024. The omission is an odd one in light of the
SEC's recently proposed ESG rules for advisers, the
SEC's recently finalized "Names Rule" that governs the names of
investment funds (which has significant ESG implications) and the
Division of Enforcement's continued focus on ESG disclosures,
concerns over greenwashing and growing track record of actions.
Even with the removal from examination priorities, firms should
remain vigilant in policing these areas in light of the new and
proposed rules and recent enforcement activity, and prepare for
continued interest from Exams.
- Cyber, Systems and Operational Resiliency Are
Paramount: The SEC proposed investment adviser cyber rules last year, has
proposed changes to Regulation S-P and recently
finalized cyber rules for public companies. The
agency's focus on cyber issues and operational resiliency as
data theft, ransomware events and other breaches continue, combined
with increased complexity and negative consequences of such events,
mean Exams will be laser-focused on this priority throughout FY
2024 and beyond. Firms must invest time and effort in designing,
implementing, testing and policing their policies and systems.
- Risk Alerts on Firms' Compliance with New
Rules: Exams published nine risk alerts in FY 2023,
summarizing examination observations on firms' compliance with
Regulation S-ID, Regulation BI, LIBOR transition, AML compliance and implementation of the
SEC's new Marketing Rule. Of note, as Exams was carrying
out and reporting on fieldwork examining how firms were adjusting
to and implementing policies to adhere to the new Marketing Rule,
the Division of Enforcement filed a set of inaugural enforcement actions for alleged
violations of the rule. Moving into FY 2024 and in light of
upcoming compliance deadlines for recently adopted rules, firms
should consider the possibility of similar parallel efforts with
regard to examining compliance with, and enforcing alleged
violations of, the SEC's new rules applicable to advisers to
private funds (which includes a material change for registered
advisers' annual compliance assessment obligations).
- Custody Issues Still in Focus: Custody
compliance will remain a focus of examinations as evidenced by the
SEC's proposed new safeguarding rule, collateral implications
from the new private fund adviser rules on audits for
custody purposes and recent enforcement actions involving alleged custody
violations. Registrants have already witnessed Exams
increasingly stress-testing custody compliance over the past year,
and it is expected this will remain at a heightened level,
particularly in light of the increased attention to crypto custody
issues as mentioned above.
- Increased In-Person Visits, Though Virtual Examinations
May Continue: Exams staff conducted more in-person
fieldwork in FY 2023 and are expected to do so in FY 2024 as well,
although in many instances examinations – or portions of them
– have been carried out on a virtual basis.
- Specialized Examination Teams: In FY 2023,
Exams established specialized teams "to better address
emerging issues and risks associated with crypto assets, financial
technology, such as artificial intelligence, and cybersecurity,
among others." Firms should prepare for subject matter experts
to hone in on these and other specialized topics when preparing for
and navigating exams.
Next Steps
The SECond Opinions Blog will continue to monitor
and report on new guidance and risk alerts from the SEC's
Division of Examinations and the Division of Enforcement's
investigations of – and actions against – registered
firms. If you need any additional information on this topic –
or anything related to SEC examinations or enforcement –
please contact the authors or another member of Holland &
Knight's Securities Enforcement Defense Team.
Footnotes
1. Adopted in 2014 to strengthen the securities
markets' technology infrastructure, Reg SCI applies to national securities
exchanges, registered and certain exempt clearing agencies,
Financial Industry Regulatory Authority (FINRA), Municipal
Securities Rulemaking Board (MSRB), Alternative Trading Systems
(ATSs) and certain other entities.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
POPULAR ARTICLES ON: Compliance from United States
Peter Rabbit Discovers Compliance!
Foley & Lardner
Well, Easter has come, which can only mean that it is time for our spring holiday compliance special! In honor of the season, here are some interesting facts...