On October 21, 2024, the Securities and Exchange Commission Division of Examinations published its examination priorities for fiscal year 2025.1 In this alert, we offer ten observations for broker-dealers. Our observations are not intended to be a comprehensive summary of the exam priorities, which are quite short and should be reviewed in their entirety. Instead, we offer some takeaways and suggestions for broker-dealers as they consider their compliance programs and prepare for examinations. Our observations relate to Regulation BI, Form CRS, bank sweep programs, the execution of retail orders, Regulation SHO, artificial intelligence, third-party vendors, spot crypto exchange-traded products, registrants with crypto operations, Regulation S-ID and Regulation S-P.
1. SEC staff will expect broker-dealers to have robust systems in place to comply with Reg BI and, in particular, the Care Obligation.
Reg BI examination and enforcement activity (and, more specifically, Reg BI enforcement activity involving the Care Obligation) has increased dramatically over the past couple of years. Consistent with this trend, the staff's examinations will focus on Reg BI and, in particular, the following areas:2
- Recommendations involving complex, illiquid or higher-risk products. In listing examples of complex, illiquid and risky products, the staff included products that are typically discussed in SEC and FINRA guidance, such as leveraged or inverse products, crypto assets, structured products, alternative investments and private placements.3
- Products that represent a growth area for retail investment. The fact that a product is popular among retail investors may trigger greater regulatory scrutiny. Firms that sell products that are popular among retail investors and have complex or risky features (such as defined-outcome ETFs, leveraged single-stock ETFs and zero-day options) are likely to be subject to intense scrutiny.
- Account recommendations. In making account recommendations, broker-dealers and their natural person associated persons (“APs”) are expected to consider, among other things, “the services and products provided in the account (including ancillary services provided in conjunction with an account type, account monitoring services, etc.); the projected costs to the retail investor; alternative account types available; and whether the account offers the services requested by the retail investor.”4
SEC staff will expect broker-dealers to have policies and procedures in place that are reasonably designed to ensure that account recommendations are based on a complete understanding of the customer's investment profile and the account options available to the customer. In addition to account recommendations, examinations staff also suggested that examinations may focus on recommendations made “using automated tools or other digital engagement practices” and recommendations “made to certain types of investors, such as older investors and those saving for retirement or college.”5
In addition to the Care Obligation, the staff highlighted issues relating to dual registrants and conflicts. The staff noted that examiners may consider the identification, mitigation and elimination of conflicts of interest, account allocation practices (e.g., “allocation of investments where an investor has more than one type of account”) and account selection practices (e.g., “brokerage versus advisory, including when rolling over to an IRA or transferring an existing brokerage account to an advisory account, as well as advice to open wrap fee accounts”).6 Under the Conflicts Obligation, conflicts of interest that create an incentive for natural person APs to place their interests or the broker-dealer's interests ahead of the customer's interests (i.e., AP-level conflicts) must be mitigated. Disclosure is not enough.
2. SEC staff will also review a broker-dealer's Form CRS and the broker-dealer's filing and delivery practices.
There also has been increased Form CRS enforcement activity (though to a lesser extent).7 The staff emphasized a focus on both the content of Form CRS and whether brokerdealers have met the obligations to file Form CRS with the Commission and deliver the form to retail customers. Form CRS compliance requires an efficient process (along with effective written supervisory procedures) to update, file and deliver Form CRS by the deadlines established by Exchange Act Rule 17a-14. As a simple measure, broker-dealers could also review their public websites to ensure that the current Form CRS is posted prominently and in a format that is easily accessible for retail investors.
3. Broker-dealers should be prepared to explain their bank sweep program and related policies and procedures to SEC examination staff.
Under “Broker-Dealer Trading-Related Practices and Services,” examination staff explain that “[a]reas of review will consider the structure, marketing, fees, and potential conflicts associated with offerings by broker-dealers to retail customers, including bank sweep programs.”8 Bank sweep programs (and, more broadly, cash sweep programs) have recently been a focus in SEC examinations of registered investment advisers, and broker-dealers should be prepared to defend their cash sweep programs in discussions with examinations staff. Note that there are specific broker-dealer rules that apply to cash sweep programs. For example, under 15c3-3(j)(2)(ii), a broker or dealer subject to 15c3-3 (the “Customer Protection Rule”) may not transfer free credit balances9 held in a customer's securities account to a product in its cash sweep program or transfer a customer's interest in one product in a sweep program to another product in a sweep program unless the broker-dealer complies with certain disclosure requirements and received prior written affirmative consent. Depending on the specifics of a cash sweep program, other SEC and FINRA rules may be implicated. As another example, to the extent that a cash sweep program includes money market mutual funds, a recommendation of that program will be subject to Reg BI.
4. Broker-dealers should review their policies and procedures regarding the execution of retail orders, including their Rule 606 policies and procedures and their best execution policies and procedures.
Examination staff also provided guidance on the inquiries broker-dealers should expect related to the execution of retail orders.10 According to the Division, reviews will focus on (1) whether retail orders are marked as “held” or “not held” and the consistency of the marking with retail instructions; and (2) the pricing and valuation of illiquid or retail-focused instruments such as variable-rate demand obligations, other municipal securities, and non-traded REITs. The focus on retail instructions and the classification of orders as “held” or “not held” is consistent with FINRA's 2024 Regulatory Oversight Report, which included a new question asking firms whether, for purposes of Rule 606 of Regulation NMS, they “monitor and incorporate SEC guidance on the classification of customer orders (including fractional share orders) as held orders, where customers reasonably expect immediate execution.”11 With respect to the pricing and valuation of illiquid or retail-focused instruments, broker-dealers should review recent SEC guidance regarding the duty of best execution, including in Regulation Best Execution.12
5. Broker-dealers should be prepared to demonstrate compliance with the bona fide marketmaking exceptions in Reg SHO for both SEC examinations and FINRA examinations.
The bona fide market-making exceptions to the locate requirement and the close-out requirement have also been a shared focus of the SEC and FINRA.13 Rule 203(b)(1) of Reg SHO (the locate requirement) generally prohibits a broker-dealer from accepting a short sale order in an equity security from another person, or effecting a short sale in an equity security for the broker-dealer's own account, unless the broker-dealer has borrowed the security, has entered into a bona fide arrangement to borrow it, or has reasonable grounds to believe that the security can be borrowed and delivered on the delivery date. There is an exception to the locate requirement for short sales effected by a market maker in connection with “bona fide market making activities.” Under Rule 204 of Reg SHO (the close-out requirement), registered clearing agency participants must deliver equity securities for clearance and settlement by settlement date or must close out a fail to deliver by the times described in that rule. Under Rule 204(a)(3), participants that have a fail to deliver position attributable to bona fide marketmaking activities are provided additional time to close out such positions.
6. The regulators are continuing to identify risks associated with artificial intelligence and will likely ask firms that use artificial intelligence about their risk mitigation methods.
In a section intended to address issues involving multiple registrant categories, examinations staff discussed some of the risks associated with artificial intelligence (“AI”).14 While FINRA had previously identified AI in its 2024 Regulatory Oversight Report, this is the first time the SEC has identified AI in its exam priorities.15 Based on the Division's 2025 examination priorities, broker-dealers should consider:
- Whether generative AI is making recommendations to customers (which may trigger Reg BI);16
- Whether representations made to customers regarding AI are accurate; and
- Whether broker-dealer policies and procedures address fraud prevention and detection, the protection of customer information, the supervision of AI-assisted functions (including back-office functions and trading functions) and anti-money laundering.
Given the concerns expressed by FINRA and now the SEC, broker-dealers should consider designing policies and procedures specific to their use of AI.
7. Examinations staff will focus on the supervision of third-party vendors.
The examinations priorities contain multiple statements regarding outsourcing arrangements. For example, in the context of broker-dealer financial responsibility rules, the Division explains that examinations will “focus on broker-dealers' operational resiliency programs, including supervision of third-party or vendor provided services that contribute to the records firms used to prepare their financial reporting information.”17 The Division also discusses outsourcing arrangements in the cybersecurity context18 and in a section on Reg SP.19 Broker-dealers may review outsourcing guidance in FINRA Notice to Members 05-48 and Regulatory Notice 21-29.
8. Examinations staff will focus on the recommendation and sale of spot bitcoin exchangetraded products to retail customers.
Late last year, the D.C. Circuit held that the SEC violated section 706(2)(A) of the Administrative Procedure Act, which prohibits “arbitrary and capricious” agency actions, when it denied the listing of a spot bitcoin exchange-traded product but approved the listing of materially similar bitcoin futures ETPs.20 Following the D.C. Circuit's decision, in an omnibus approval order, the Commission granted accelerated approval to national securities exchanges seeking to list spot bitcoin ETPs for trading.21 The SEC also declared effective the registration statements for ten spot bitcoin ETPs. In May, the SEC approved proposals for the first spot ether ETPs as well.22
Even though the SEC has approved spot bitcoin and ether crypto ETPs, during the approval process, certain commissioners expressed concern about these products. For example, after the SEC approved spot bitcoin ETPs, Chair Gary Gensler warned that “bitcoin is primarily a speculative, volatile asset that's … used for illicit activity including ransomware, money laundering, sanction evasion, and terrorist financing.”23 Commissioner Caroline Crenshaw also issued a dissenting statement and expressed concern regarding the bitcoin spot market.24 In the 2025 examination priorities, SEC staff tell registrants that examinations “will focus on the offer, sale, recommendation, advice, trading, and other activities involving crypto assets that are offered and sold as securities or related products, such as spot bitcoin or ether exchange-traded products.”25 As a result, broker-dealers should expect increased regulatory scrutiny if they offer spot crypto ETPs to retail customers.
9. Examinations staff will pay close attention to firms engaged in crypto-related activities.
More generally, examinations staff will apply heightened scrutiny to the crypto activities of broker-dealers and other SEC registrants.26 In particular:
- Examinations will review whether registrants meet and follow their respective standards of conduct when recommending crypto products. Examinations will focus on initial and ongoing understanding of crypto products (i.e., the reasonable basis suitability component of the Care Obligation), recommendations to retail investors (including older investors) and investments involving retirement assets.
- Examinations will review whether registrants routinely review, update and enhance their compliance practices, risk disclosures and operational resiliency practices. With respect to compliance practices, examinations staff specifically mention crypto asset wallet reviews, custody practices, Bank Secrecy Act compliance reviews and valuation procedures. With respect to operational resiliency practices, staff are focused on data integrity and business continuity plans.
Examinations will also assess registrant practices to address the technological risks associated with the use of blockchain and distributed ledger technology, including risks pertaining to the security of crypto assets.
10. Broker-dealers should be prepared to demonstrate compliance with Reg S-ID and Reg SP (particularly the Safeguards Rule) and to engage with examinations staff regarding the new amendments to Reg S-P.
Examinations staff also added a section regarding Reg S-ID, Reg S-P and the new amendments to Reg S-P (which are not yet effective).27 Rule 30(a) of Reg S-P (the “Safeguards Rule”) requires every “covered institution” (including broker-dealers) to develop, implement, and maintain written policies and procedures that address administrative, technical and physical safeguards for the protection of customer information. The policies and procedures must be reasonably designed to meet the objectives specified by regulation. Separately, Reg S-ID generally requires broker-dealers to develop and implement a written identity theft prevention program. Examinations staff will focus on policies and procedures as they pertain to safeguarding customer records and information at firms providing electronic investment services, including:
- Identification and detection to prevent and protect against identity theft during customer account takeovers and fraudulent transfers;
- Firms' practices to prevent account intrusions and safeguard customer records and information, including personally identifiable information, especially as it pertains to firms with multiple branch offices; and
- Firm training on identity theft prevention programs and whether their policies and procedures are reasonably designed to protect customer records and information.
Examinations will also assess a firm's efforts to address operational risk, including technology risks, as operational failures may impact a firm's ability to safeguard customer records and information. In addition, examinations staff plan to engage with registrants on the new requirement under Reg S-P that they establish incident response programs reasonably designed to detect, respond to and recover from unauthorized access to or use of customer information. We published two client alerts regarding the new amendments to Reg S-P.28
Conclusion
In addition to the topics discussed above, the 2025 examination priorities include brokerdealer supervision of sales practices at branch office locations; broker-dealer financial responsibility rules (including the net capital rule, the customer protection rule, and related internal processes, procedures and controls); anti-money laundering programs; Rule 15c6-1 and the shortening of the settlement cycle to T+129; cybersecurity practices; fully paid lending programs; issues related to mobile apps/online trading platforms; and trading practices associated with trading in pre-IPO companies and the sale of private company shares in secondary markets. Broker-dealers should carefully review the SEC's examination priorities along with related enforcement actions and guidance.
Footnotes
1. Division of Examinations, “Fiscal Year 2025 Examination Priorities” (Oct. 21, 2024), available at https://www.sec.gov/files/2025-exam-priorities.pdf (“Examination Priorities”).
2. Examination Priorities at 8.
3. See, e.g., “Staff Bulletin: Standards of Conduct for Broker-Dealers and Investment Advisers Care Obligations” (updated Sep. 9, 2024), available at https://www.sec.gov/about/divisions-offices/divisiontrading-markets/broker-dealers/staff-bulletin-standards-conduct-broker-dealers-investment-advisers-careobligations; FINRA Regulation Notice 22-08.
4. “Staff Bulletin: Standards of Conduct for Broker-Dealers and Investment Advisers Account Recommendations for Retail Investors” (last updated Oct. 17, 2024), available at https://www.sec.gov/about/divisions-offices/division-trading-markets/broker-dealers/staff-bulletin-standardsconduct-broker-dealers-investment-advisers-account-recommendations-retail#_ftnref14.
5. Examination Priorities at 8.
6. Id.
7. Id.
8. Id. at 9.
9. “The term free credit balances means liabilities of a broker or dealer to customers which are subject to immediate cash payment to customers on demand, whether resulting from sales of securities, dividends, interest, deposits or otherwise, excluding, however, funds in commodity accounts which are segregated in accordance with the Commodity Exchange Act or in a similar manner, or which are funds carried in a proprietary account as that term is defined in regulations under the Commodity Exchange Act. The term ‘free credit balances' also includes, if subject to immediate cash payment to customers on demand, funds carried in a securities account pursuant to a self-regulatory organization portfolio margining rule approved by the Commission under section 19(b) of the Act (15 U.S.C. 78s(b)) (‘SRO portfolio margining rule'), including variation margin or initial margin, marks to market, and proceeds resulting from margin paid or released in connection with closing out, settling or exercising futures contracts and options thereon.” 17 CFR § 240.15c3-3(a)(8).
10. Examination Priorities at 9.
11. FINRA 2024 Regulatory Oversight Report (Jan. 2024), available at https://www.finra.org/sites/default/files/2024-01/2024-annual-regulatory-oversight-report.pdf (“FINRA Regulatory Oversight Report”); see also “Responses to Frequently Asked Questions Concerning Rule 606 of Regulation NMS” (updated Jun. 26, 2024), available at https://www.sec.gov/rules-regulations/staffguidance/trading-markets-frequently-asked-questions/faq-rule-606-regulation.
12. Regulation Best Execution, 88 Fed. Reg. 5440 (Jan. 27, 2023).
13. Examination Priorities at 9; FINRA Regulatory Oversight Report at 67.
14. Examination Priorities at 13-14.
15. Regulatory Oversight Report at 10.
16. See Examination Priorities at 8 (“Examinations may also focus on recommendations … using automated tools or other digital engagement practices …”).
17. Id. at 8-9.
18. Id. at 12.
19. Id.
20. Grayscale Investments, LLC v. Securities and Exchange Comm'n, 82 F.4th 1239 (D.C. Cir. 2023).
21. Self-Regulatory Organizations; NYSE Arca, Inc.; The Nasdaq Stock Market LLC; Cboe BZX Exchange, Inc.; Order Granting Accelerated Approval of Proposed Rule Changes, as Modified by Amendments Thereto, to List and Trade Bitcoin-Based Commodity-Based Trust Shares and Trust Units, Exchange Act Release No. 34-99306 (Jan. 10, 2024).
22 Self-Regulatory Organizations; NYSE Arca, Inc.; The Nasdaq Stock Market LLC; Cboe BZX Exchange, Inc.; Order Granting Accelerated Approval of Proposed Rule Changes, as Modified by Amendments Thereto, to List and Trade Shares of Ether-Based Exchange-Traded Products, Exchange Act Release No. 34-100224 (May 23, 2024).
23. Gary Gensler, “Statement on the Approval of Spot Bitcoin Exchange-Traded Products” (Jan. 10, 2024), https://www.sec.gov/news/statement/gensler-statement-spot-bitcoin-011023.
24. Caroline Crenshaw, “Statement Dissenting from Approval of Proposed Rule Changes to List and Trade Spot Bitcoin Exchange-Traded Products” (Jan. 10, 2024), https://www.sec.gov/newsroom/speechesstatements/crenshaw-statement-spot-bitcoin-011023.
25. Examination Priorities at 14.
26. Id.
27 Id. at 12-13
28. Bruce Newman, Stephanie Nicolas, Andre Owens and Joshua Nathanson, “SEC Modernizes Data Protection Rules for Safeguarding Customer Information” (Jun. 10, 2024), available at https://www.wilmerhale.com/insights/client-alerts/20240610-sec-modernizes-data-protection-rules-forsafeguarding-customer-information; Kirk Nahra, Amy Gopinathan and Ali Jessani, “SEC Proposes Changes to Reg S-P to Impose New Cybersecurity-Related Requirements on Covered Institutions” (Mar. 24, 2023), available at https://www.wilmerhale.com/en/insights/blogs/wilmerhale-privacy-and-cybersecuritylaw/20230324-sec-proposes-changes-to-reg-sp-to-impose-new-cybersecurityrelated-requirements-oncovered-institutions.
29. Bruce Newman and Eliza Gonzalez, “SEC Adopts Rules Shortening the Standard Settlement Cycle to T+1” (Apr. 13, 2023), available at https://www.wilmerhale.com/insights/client-alerts/20230413-sec-adoptsrules-shortening-the-standard-settlement-cycle-to-t1.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.