Priorities Include Artificial Intelligence and Other Emerging Technologies, Complex Products, Reg BI, Cybersecurity, Outsourcing, Private Funds and Compliance with New and Amended SEC Rules
On October 21, 2024, the Division of Examinations ("EXAMS" or the "Division") of the U.S. Securities and Exchange Commission ("SEC") released its examination priorities (the "2025 Priorities") for fiscal year 2025 (which started October 1, 2024).1 Over the course of 2025, the Division intends for its examinations to focus on the use of artificial intelligence ("AI") and other emerging technologies (including digital engagement practices ("DEPs")), complex products, cybersecurity, outsourcing, private fund advisers, and compliance with new and amended SEC rules, such as the recent amendments to Regulation S-P and SEC rule changes relating to the securities industry's transition to a T+1 standard settlement cycle for most securities transactions.
In this Legal Update, we provide a brief overview of the 2025 Priorities, with a focus on topics relevant to broker-dealers and investment advisers.
Broker-dealers, investment advisers and other SEC registrants should review the priorities closely and evaluate their own compliance efforts and examination preparedness, including by raising awareness within their organizations and identifying and addressing opportunities to strengthen internal controls and compliance procedures.
Risk Areas Impacting Various Market Participants
AI, DEPs and Other Emerging Financial Technologies
EXAMS remains focused on registrants' use of automated investment tools, AI, DEPs and trading algorithms or platforms, and the risks associated with the use of these and other emerging technologies and alternative sources of data.
With respect to AI, the Division will review whether registrants have implemented adequate policies and procedures to monitor and/or supervise their use of AI, including in relation to fraud prevention and detection, back-office operations, anti-money laundering ("AML") and trading functions, as applicable. For registrants using third-party AI models and tools, the staff will examine how registrants protect against loss or misuse of client records and information. Additionally, the Division intends to review the accuracy of registrants' representations regarding their AI capabilities and use of AI technology, with certain practices having been characterized as "AI washing."2 The Division's focus on firms' use of AI technology in investor interactions is not surprising given the SEC's July 2023 rule proposal relating to the use of predictive data analytics by broker-dealers and investment advisers (see also our Legal Update here),3 which has not been adopted to date and for which SEC Chair Gensler has indicated that the SEC may issue a re-proposal,4 as well as the historical regulatory focus on automated investment advice.5
The Division also intends to examine firms employing DEPs, such as digital investment advisory services, recommendations and related tools and methods. These reviews will assess whether:
- Representations are fair and accurate;
- Operations and controls are consistent with disclosures;
- Algorithms produce advice or recommendations consistent with investors' investment profiles or stated strategies; and
- Controls to confirm that advice or recommendations resulting from DEPs are consistent with regulatory obligations to investors.
Information Security and Operational Resilience
Cybersecurity
EXAMS will review registrants' practices to prevent interruptions to mission-critical services and to protect investor information, records and assets, with particular attention on firms' cybersecurity policies and procedures, governance practices, data loss prevention, access controls, account management, and responses to cyber-related incidents (including those related to ransomware attacks). Additionally, such reviews will assess how registrants identify and address cybersecurity risks relating to the use of third-party products and services in registrants' essential business operations, including with respect to sub-contractors and any information technology ("IT") resources used by a registrant's business without the IT department's approval, knowledge or oversight. This examination focus reflects a continued interest by the SEC and its staff on cybersecurity-related risks, a topic for which the SEC has announced administrative proceedings and risk alerts, as well as proposed cybersecurity risk management rules for broker-dealers, investment advisers and other SEC registrants.6 Cybersecurity, including in the outsourcing context, also continues to be a focus of the Financial Industry Regulatory Authority, Inc. ("FINRA"). See, for example, FINRA's September 2024 Cybersecurity Advisory regarding increasing cybersecurity risks at third-party providers, You can read more about the FINRA Advisory in our Legal Update here.
Regulations S-ID and S-P (Including Recent Amendments to Regulation S-P)
Related to cybersecurity, EXAMS will assess registrants' compliance with Regulations S-ID and S-P, focusing on firms' policies and procedures, internal controls, oversight of third-party vendors, and governance practices. Examinations will also assess firms' efforts to address operational risk, including technology risks, as operational failures may impact a firm's ability to safeguard customer records and information. Moreover, for firms providing electronic investment services, the Division will review firms' policies and procedures relating to safeguarding customer records, including (1) identification and detection to prevent identity theft during customer account takeovers and fraudulent transfers, (2) practices to prevent account intrusions and safeguard customer records and information, especially for firms with multiple branch offices, and (3) personnel training programs on identity theft prevention.
In addition, in preparation for the compliance date of the SEC's amendments to Regulation S-P (see our Legal Update here), EXAMS will engage with covered firms – including broker-dealers, SEC-registered investment advisers ("RIAs") and investment companies – during examinations about their progress in preparing to establish incident response programs reasonably designed to detect, respond to and recover from unauthorized access to or use of customer information.
Shortening of the Settlement Cycle to T+1
EXAMS will evaluate broker-dealer compliance with amendments to SEC Rule 15c6-1, which reduced the standard settlement cycle for most securities transactions to the day after trade date (T+1), and new SEC Rule 15c6-2, which requires broker-dealers engaging in the allocation, confirmation, or affirmation process to have written agreements or written procedures reasonably designed to ensure completion of the process as soon as practicable and no later than the end of day on trade date (T+0). The Division will also review investment advisers' compliance with the updated books and records requirements relating to T+1, and operational changes or impacts relating to facilitation of institutional transactions involved in the allocation, confirmation or affirmation processes subject to SEC Rule 15c6-2(a). Furthermore, the Division intends to assess registrant technology changes and any areas that need further attention and resources, such as specific products or counterparties that are routinely not settling within the required time frames.
We note that in March 2024, EXAMS published a risk alert, including a sample list of requests for information, to provide registrants with information about the scope and content of its examinations and outreach regarding preparedness associated with the shortening of the standard settlement cycle to T+1 and compliance with related SEC rule requirements. Even after the industry's transition to T+1 in May 2024, the risk alert and accompanying sample request list may be helpful to registrants in assessing their compliance programs and preparing for regulatory examinations and/or outreach.
In July 2024, it was reported that EXAMS had commenced "sweep" examinations of RIA's compliance with related recordkeeping requirements under the Investment Advisers Act of 1940 ("Advisers Act").
Crypto Assets
Reflecting the ongoing interest by the SEC and its staff on crypto assets, EXAMS will continue to monitor and, when appropriate, conduct examinations of registrants offering crypto asset-related services. Examinations will review whether registrants comply with the applicable standard(s) of conduct when recommending or advising customers and clients regarding crypto assets, and whether such registrants routinely review, update, and enhance their compliance practices, risk disclosures, and operational resiliency practices. The Division will also assess registrant practices to address the technological risks associated with the use of blockchain and distributed ledger technology, including risks pertaining to the security of crypto assets. Additionally, the Division will focus on the offer, sale, recommendation, advice, trading and other activities involving crypto assets that are offered and sold as securities or related products, such as spot bitcoin or ether exchange-traded products.
Regulation Systems Compliance and Integrity (SCI)
EXAMS will review SCI entities' policies and procedures regarding their operational, business continuity planning and testing practices, and the effectiveness of their incident response plans. The Division will also evaluate SCI entities' policies and procedures regarding their decision to disconnect or reconnect from another registrant or third-party that is experiencing a cyber event. Additionally, the Division will assess the decision-making process to disconnect or reconnect to registrants or third parties when the SCI entity is experiencing a cyber event.
AML
EXAMS will continue to focus on AML programs and review whether broker-dealers and certain registered investment companies ("RICs") are appropriately tailoring their AML program to their business models and associated AML risks, conducting independent testing, establishing an adequate customer identification program, and meeting their suspicious activity report (SAR) filing obligations.
In addition, the Division will review whether broker-dealers and investment advisers are monitoring the U.S. Department of the Treasury's Office of Foreign Assets Control sanctions and ensuring compliance with such sanctions.
Although not mentioned by EXAMS in the 2025 Priorities, investment advisers should also be prepared to address questions from EXAMS staff regarding their preparedness to comply with the new AML program requirements (see our Legal Update here), which have a compliance date of January 1, 2026.7
Additional Focus Areas by Registrant Type
BROKER-DEALERS
Regulation Best Interest
Notable focus: SEC Enforcement has brought numerous actions against broker-dealers and associated persons that include violations of Regulation Best Interest ("Reg BI"), including with respect to complex products, and/or failures to meet Form CRS obligations.
EXAMS will continue to examine broker-dealer practices relating to Reg BI, including recommendations on products, investment strategies, and account types (such as options, margin and self-directed IRAs) to ensure they are in retail customers' best interests. Examinations will also focus on disclosures regarding conflicts of interest, conflict identification and mitigation/elimination practices, and processes for reviewing reasonably available alternatives.
With respect to complex products, the Division intends to scrutinize recommendations of complex, illiquid, or high-risk products, including:
- Highly leveraged or inverse products;
- Crypto assets;
- Structured products;
- Alternative investments;
- Products that are not registered with the SEC (and are therefore less transparent);
- Products with complex fee structures or return calculations;
- Products based on exotic benchmarks; and
- Products that represent a growth area for retail investment.
Consistent with EXAMS broader emphasis on AI and emerging financial technologies (as discussed above), examinations relating to Reg BI may focus on recommendations using automated tools or other DEPs. Moreover, such examinations may assess broker-dealer supervision of sales practices at branch office locations.
Finally, dual registrants should note that examinations may include reviews of their processes for identifying and mitigating and/or eliminating conflicts of interest, account allocation practices and account selection practices (e.g., brokerage versus advisory; advice to open wrap fee accounts).
Form CRS
Examinations will evaluate the content of a broker-dealer's customer relationship summary, including whether it accurately describes the relationships and services offered, fees and costs, conflicts of interest, and any disciplinary history. These examinations will also assess whether broker-dealers have (1) filed their customer relationship summary with the SEC and (2) delivered it to retail customers.
Financial Responsibility Rules
As part of the Division's examinations of broker-dealer compliance with the SEC's financial responsibility rules, EXAMS intends to review broker-dealer accounting practices impacted by recent regulatory changes and the timeliness of financial notifications and other required filings of broker-dealers. EXAMS will also review broker-dealers' operational resiliency programs, including supervision of third-party provided services that contribute to the records firms use to prepare their financial reporting information. In addition, the Division will review firms' credit, market and liquidity risk management controls to ensure they have sufficient liquidity to manage stress events.
Broker-Dealer Trading-Related Practices and Services
Notable focus: Broker-dealers' cash sweep programs (especially bank sweep products) have been the subject of private litigation in recent months and have been attracting regulatory attention.
EXAMS remains focused on broker-dealer equity and fixed income trading practices. In particular, the Division will focus on the structure, marketing, fees and potential conflicts associated with offerings by broker-dealers to retail customers including:
- Bank sweep programs;
- Fully-paid lending programs; and
- Mobile apps/online trading platforms.
Additional areas for examination include broker-dealers' trading practices associated with trading in pre-IPO companies, sales of private company shares in secondary markets, and execution of retail orders. Regarding retail order execution, the Division's reviews will include: (1) whether retail orders are marked as "held" or "not held," and the consistency of such markings with retail instructions, and (2) the pricing and valuation of illiquid or retail-focused instruments such as variable rate demand obligations, other municipal securities, and non-traded real estate investment trusts (REITs). Finally, in relation to Regulation SHO, the Division will review whether broker-dealers are appropriately relying on the bona fide market making exception, including whether quoting activity is away from the inside bid/offer.
INVESTMENT ADVISERS
Adherence to Fiduciary Standards of Conduct
EXAMS will examine investment advisers' adherence to their fiduciary standards of conduct, particularly with respect to recommendations of:
- High-cost products;
- Unconventional instruments;
- Illiquid and difficult-to-value assets; and
- Assets sensitive to higher interest rates or changing market conditions, including commercial real estate.
The Division will also focus on dual registrants and advisers with affiliated broker-dealers, including in respect of: (1) assessing investment advice and recommendations regarding certain products to determine whether they are suitable for clients' advisory accounts; (2) reviewing disclosures to clients regarding the capacity in which such dual registrants and advisers with affiliated broker-dealers are providing advice to clients; (3) evaluating the appropriateness of account selection practices (e.g., brokerage versus advisory), including rollovers from existing brokerage accounts to advisory accounts; and (4) evaluating the sufficiency of conflict mitigation practices and disclosures of conflicts of interest.
In addition, the Division will review the impact of advisers' financial conflicts of interest on providing impartial advice and best execution, taking into account non-standard fee arrangements.
Effectiveness of Advisers' Compliance Programs
The Division will assess the effectiveness of advisers' compliance programs as required by Advisers Act Rule 206(4)-7, which mandates written policies and procedures, designation of a chief compliance officer, and annual reviews of compliance policies and procedures for adequacy and effectiveness of implementation. Examinations of compliance programs generally include certain core areas, such as marketing, valuation, trading, portfolio management, disclosure and filings, and custody. In addition, examinations on this topic typically will include an analysis of advisers' annual compliance reviews, which the Division says are critical in monitoring conflicts of interests. In this connection, the staff called out specific types of conflicts, notably including conflicts stemming from arbitration clauses.8
The Division also stated that if clients invest in illiquid or difficult-to-value assets, such as commercial real estate, the staff may have a heightened focus on valuation.
Additional areas of focus for the Division's examinations may include:
- Fiduciary obligations of advisers that outsource investment selection and management;9
- Supervision and oversight practices of advisers that utilize a large number of independent contractors working from geographically dispersed locations;10
- If AI is integrated into advisory operations (including portfolio management, trading and marketing), in-depth review of related compliance policies and procedures, and disclosures (see also AI section above); and
- Alternative sources of revenue or benefits advisers receive, such as selling non-securities based products to clients.
Lastly, EXAMS also intends to focus on the appropriateness and accuracy of fee calculations, and the disclosure of fee-related conflicts, such as those associated with select clients negotiating lower fees when similar services are provided to other clients at a higher fee rate.
Advisers to Private Funds
Notable Focus: At the outset, and as we expected, the 2025 Priorities with respect to advisers to private funds reflect, at least in part, the consequences of the private fund rulemaking being vacated by the Fifth Circuit this summer, as we note below.
Examinations of advisers to private funds will prioritize specific topics, such as the consistency of disclosures with actual practices, whether an adviser met its fiduciary obligations during times of market volatility, and whether a private fund is exposed to interest rate fluctuations (e.g., investment strategies involving commercial real estate, illiquid assets and private credit). The Division will focus in particular on advisers to private funds experiencing poor performance and significant withdrawals as well as private funds that hold more leverage or difficult-to-value assets.
In addition, the Division will review the accuracy of calculations and allocations of private fund fees and expenses (both fund-level and investment-level), particularly for valuation of illiquid assets, calculation of post-commitment period management fees, offsetting of such fees and expenses, and the adequacy of disclosures. Although a focus on fee calculations and allocations is not new, the specific reference to illiquid assets here and elsewhere (coupled with the references to commercial real estate) is notable. Also notable is the reference to post-commitment period fees, which echoes similar regulatory concerns regarding the fees that advisers charge during wind-down or similar periods.
Furthermore, echoing the private fund rulemaking, the Division stated that it will assess the disclosure of conflicts of interest and the adequacy of policies and procedures, focusing on areas such as:
- Use of debt;
- Fund-level lines of credit;
- Investment allocations;
- Adviser-led secondary transactions;
- Transactions between funds and/or others;
- Investments held by multiple funds; and
- Use of affiliated service providers.11
Compliance with recently adopted amendments to Form PF, as well as with the investment adviser marketing rule, also will be examined.
Never Examined Advisers, Recently Registered Advisers, and Advisers Not Recently Examined
Consistent with previous years, the Division will prioritize examinations of advisers that have never been examined, recently registered advisers, and those that have not been recently examined.
INVESTMENT COMPANIES
EXAMS will examine RICs compliance programs, disclosures, and governance practices, including with respect to:
- Fund fees and expenses, and any associated waivers and reimbursements;
- Oversight of service providers (both affiliated and third-party);
- Portfolio management practices and disclosures, for consistency with claims about investment strategies or approaches and with fund filings and marketing materials; and
- Issues associated with market volatility.
The third bullet above indicates a continued focus on so-called "ESG" funds and strategies, and reflects an ongoing regulatory interest in consistency of actual practice with investment strategy claims.12
EXAMS intends to continue monitoring developing areas of interest, such as RICs with commercial real estate exposure, and to prioritize examinations of funds that have never before been examined or have not been recently examined.
Notable Focus: EXAMS mentions commercial real estate within the investment adviser and investment company sections of the 2025 Priorities. It also mentioned "non-securities based" products and "unconventional" assets. While it is not surprising that any asset class that is unusual, particularly if it is illiquid or difficult to value, would receive additional regulatory attention, the call-outs on commercial real estate, other "non-securities based" products and unconventional assets (which presumably goes beyond crypto) should serve as fair warning to investment advisers and investment companies that they should expect EXAMS to focus on commercial real estate and other "unconventional" assets not only in the manner described in the 2025 Priorities, but also with respect to other applicable aspects of regulatory compliance.
Other Market Participants
MUNICIPAL ADVISORS
The Division's examinations of municipal advisors will focus on whether they have met their fiduciary duty to municipal entity clients when engaging in municipal advisory activities, such as advice or recommendations regarding the pricing or method of sale for an issuance of municipal securities. EXAMs will also focus on compliance with standards of conduct and duties set forth in Rule G-42 of the Municipal Securities Rulemaking Board ("MSRB"), including requirements to disclose conflicts of interest and to document municipal advisory relationships. In addition, EXAMS will assess whether municipal advisors have made required filings with the SEC and met their professional qualification, recordkeeping and supervision requirements as set forth in MSRB rules.
TRANSFER AGENTS
The Division will continue to examine transfer agent processing of items and transfers, recordkeeping and record retention, safeguarding of funds and securities, filings with the SEC, and use of emerging technologies to perform transfer agent functions.
SECURITY-BASED SWAP DEALERS (SBSDs)
Examinations will cover compliance with security-based swap rules generally, including transaction reporting. Examinations also may focus on SBSDs' practices relating to applicable capital, margin and segregation requirements, risk management, and whether SBSDs have taken corrective actions to address issues identified in prior examinations.
SECURITY-BASED SWAP EXECUTION FACILITIES (SBSEFs)
The SEC adopted new Regulation SE, which provides a new set of rules and forms for the registration and regulation of SBSEFs, in November 2023. Regulation SE eliminated the prior temporary registration exemptions for SBSEFs as of August 12, 2024, at which time SBSEFs must have applied for registration with the SEC. Subject to the SEC's decisions regarding any such applications, among other things, the Division may begin conducting examinations of registered SBSEFs in late fiscal year 2025.
FUNDING PORTALS
Examinations will assess funding portals' recordkeeping practices, such as records related to investors who purchase securities, and issuers who offer and sell securities, through a funding portal. Examinations will also review funding portals' written policies and procedures to assess if they are reasonably designed to achieve compliance with applicable federal securities laws and rules, such as restrictions on funding portals regarding: (1) offering investment advice or making recommendations; (2) soliciting transactions in the securities displayed on the funding portal's platform; (3) compensating persons for such solicitation or based on the sale of securities displayed on the platform; and (4) holding, managing, possessing or handling investor funds or securities.
Footnotes
1 SEC Division of Examinations, 2025 Examination Priorities.
2 See Press Release: SEC Charges Two Investment Advisers with Making False and Misleading Statements About Their Use of Artificial Intelligence (Mar. 18, 2024). For a summary of these SEC enforcement actions, see our Legal Update here.
3 See Conflicts of Interest Associated With the Use of Predictive Data Analytics by Broker-Dealers and Investment Advisers, U.S. Securities Exchange Act of 1934 ("Exchange Act") Release No. 97990 (Jul. 23, 2023), 88 FR 53960 (Aug. 9, 2023) (available here).
4 See e.g., SEC Chair Gensler, Prepared Remarks Before the 2024 Conference on Emerging Trends in Asset Management, "Jack Bogle, Haystacks, and Putting the Interest of the Clients First" (May 16, 2024) ("As we have done from time to time with other rules, I've asked staff to consider whether it would be appropriate to seek further comment, possibly, on a modified proposal.").
5 For example, over time, the SEC has brought administrative proceedings against investment advisers related to quantitative investment strategies, and in recent years has focused on automated investment advice being given by so-called "robo-advisers."
6 See Cybersecurity Risk Management Rule for Broker-Dealers, Clearing Agencies, Major Security-Based Swap Participants, the Municipal Securities Rulemaking Board, National Securities Associations, National Securities Exchanges, Security-Based Swap Data Repositories, Security-Based Swap Dealers, and Transfer Agents, Exchange Act Release No. 97142 (Mar. 15, 2023), 88 FR 20212 (Apr. 5, 2023) (available here); Cybersecurity Risk Management for Investment Advisers, Registered Investment Companies, and Business Development Companies, Advisers Act Release No. 5956 (Feb. 9, 2022), 87 FR 13524 (Mar. 9, 2022) (available here). See also, Outsourcing by Investment Advisers, Advisers Act Release No. 6176 (Oct. 26, 2022), 87 FR 68816 (Nov. 16, 2022) ("Outsourcing Proposal") (available here).
7 Financial Crimes Enforcement Network: Anti-Money Laundering/Countering the Financing of Terrorism Program and Suspicious Activity Report Filing Requirements for Registered Investment Advisers and Exempt Reporting Advisers, 89 FR 72156 (Sept. 4, 2024) (available here).
8 This examination focus may relate to the fairly recent administrative proceedings against investment advisers involving the use of hedge clauses, particularly with retail clients. Accordingly, given those proceedings and this examination focus, advisers should be cautious in using arbitration clauses as a general matter, but particularly cautious when using them with retail clients.
9 See Outsourcing Proposal, supra note 6.
10 EXAMS specifically references "independent contractors." The SEC and its staff usually refer to branch offices, employees/personnel, or third-party service providers or the like. It is unclear whether the reference to independent contractors is intentional and distinctive.
11 Given the focus on topics that were covered in the private fund rulemaking, advisers might consider using relevant portions of the related rule releases as guidance for their compliance policies and business practices, notwithstanding the vacatur by the Fifth Circuit Court of Appeals.
12 See supra note 5 regarding quantitative investment strategies.
Visit us at mayerbrown.com
Mayer Brown is a global services provider comprising associated legal practices that are separate entities, including Mayer Brown LLP (Illinois, USA), Mayer Brown International LLP (England & Wales), Mayer Brown (a Hong Kong partnership) and Tauil & Chequer Advogados (a Brazilian law partnership) and non-legal service providers, which provide consultancy services (collectively, the "Mayer Brown Practices"). The Mayer Brown Practices are established in various jurisdictions and may be a legal person or a partnership. PK Wong & Nair LLC ("PKWN") is the constituent Singapore law practice of our licensed joint law venture in Singapore, Mayer Brown PK Wong & Nair Pte. Ltd. Details of the individual Mayer Brown Practices and PKWN can be found in the Legal Notices section of our website. "Mayer Brown" and the Mayer Brown logo are the trademarks of Mayer Brown.
© Copyright 2024. The Mayer Brown Practices. All rights reserved.
This Mayer Brown article provides information and comments on legal issues and developments of interest. The foregoing is not a comprehensive treatment of the subject matter covered and is not intended to provide legal advice. Readers should seek specific legal advice before taking any action with respect to the matters discussed herein.