The SEC Publishes 2024 Examination Priorities Ahead of Schedule, Previewing Key Areas of Focus for Registered Entities
2 November 2023On 16 October 2023, the Division of Examinations (Division) of the US Securities and Exchange Commission (SEC) released its examination priorities for the 2024 fiscal year (the Report).1 The Division released this Report earlier than in years past—and just eight months after releasing its 2023 examination priorities—to better inform the market of upcoming examination topics at the 1 October start of the SEC’s fiscal year. The exam focus areas identified in the Report, therefore, substantially align with those identified for fiscal year 2023 and provide important reminders for registered entities in preparing for forthcoming examinations, as well as insight into potential enforcement threats for the coming year.
Entity-Specific Priorities
Overall, the Report demonstrates the Division’s continued commitment to core principles and enhanced scrutiny of compliance policies and procedures for all market participants to ensure transparency and accuracy in reporting to regulatory agencies and the market.
Investment Advisers
Ensuring that advisers are adhering to their dual duties of care and loyalty remains an utmost priority for the Division. In particular, the Division is focused on investment advice involving complex products (e.g., exchange-traded funds (ETFs)), high cost and illiquid products (e.g., real estate investment trusts), and products with “unconventional” investment strategies. Perennial issues, such as evaluation of customer suitability, best execution, costs and risks, and conflicts of interest, will also be top-of-mind for examiners.
In reviewing advisers’ compliance programs, the Division plans to carefully consider:
- Marketing practices, including compliance with reforms to Rule 206(4)-1 (the Marketing Rule) under the US Investment Advisers Act of 1940 (the Advisers Act), and the disclosure of such marketing information on Form ADV, with additional scrutiny on advertisements;
- Compensation arrangements focusing on fiduciary obligations of advisers, alternative means of maximizing revenue, and fee breakpoint calculation processes;
- Valuation assessments of investment recommendations for illiquid or difficult to value assets;
- Adviser controls to protect clients’ material nonpublic information; and
- Disclosure assessments to review filings, including Form CRS, especially considering inadequate or misleading disclosures and registration eligibility.
For advisers to private funds, areas of focus include portfolio management risks, adherence to contract requirements for limited partnerships, calculation and allocation of fees and expenses, due diligence policies, conflicts and disclosures for funds managed alongside registered investment companies, compliance with Advisers Act requirements regarding custody, and procedures for reporting on Form PF.
The Division of Enforcement has already taken action in certain of these areas this past year. For example, the SEC announced charges against nine investment advisers last month for violations of the Marketing Rule’s hypothetical performance requirements for advertisements, presenting the first enforcement sweep under the Marketing Rule.2 In connection with valuation and compensation, the SEC settled an action with an investment adviser based on allegations that the adviser charged excess management fees on private equity funds as a result of the adviser’s failure to value those funds in accordance with the limited partnership agreement.3
Investment Companies
The Report recognizes the importance of robust compliance programs for investment companies and highlights in particular a focus on products utilized by retail investors saving for retirement, such as mutual funds and ETFs. Consistent with recent messaging from SEC representatives, the Report states that examinations of investment companies may focus on policies and procedures concerning calculation of advisory fees and fee waivers, including boards’ approval of advisory fees and investment advisory contracts. The Division is also focused on valuation practices, risk management assessments in line with Rule 18f-4 under the Investment Company Act of 1940 (the fund derivatives rule), and compliance with exemptive order conditions.
Broker-Dealers
The Report’s primary focus for broker-dealers is compliance with the standard of conduct set forth under Regulation Best Interest (Reg BI), including in connection with investment recommendations, disclosures of conflicts of interest, conflict mitigation, processes for reviewing alternatives, and consideration of factors related to an investor’s investment profile. Examinations will focus in particular on compliance with Reg BI in recommending products that are high cost, complex, or illiquid.
Additionally, the Division will review broker-dealers with an eye for compliance with Form CRS requirements and the accuracy of the broker-dealer’s relationship summary, financial responsibility rules (including the Net Capital Rule, the Customer Protection Rule, and related internal policies), and rules governing trading practices (Regulation SHO, Regulation ATS, and Securities Exchange Act of 1934 Rule 15c2-11).
Key Risk Areas
The Report also highlights three key risk areas applicable to market participants: (1) Information Security and Operational Resiliency, (2) Crypto and FinTech, and (3) Anti-Money Laundering (AML). The first two are reprised from the most recent iteration of the exam priorities. Notably absent from the Report, after being featured in the 2022 and 2023 examination priorities, is environmental, social, and governance (ESG) issues. Even so, the SEC remains active in this area, having introduced new ESG rules in 20224 while also bringing enforcement actions relating to alleged deficiencies in firms’ disclosure of ESG information.
These risk areas for 2024, elaborated on in relevant part below, focus on the need for strong compliance policies and procedures, especially concerning cybersecurity and emerging technology.
Information Security and Operational Resiliency
Given the global increase in cybersecurity attacks, it is no surprise the Division is prioritizing the review of policies and controls related to cybersecurity. The Division will focus on a firm’s cybersecurity policies and procedures, internal controls, oversight of third-party vendors, governance practices, and responses to cyber-related incidents. Such reviews will consider employee training programs concerning identity theft prevention and whether written policies and procedures adequately address the protection of customer information, including across multiple offices. The Division will also review how firms identify and assess risks to essential operations in connection with their engagement of third-party vendors. Finally, the SEC recently adopted rule changes to shorten the standard settlement cycle for broker-dealer transactions to one business day after the trade date. Compliance with this rule, effective 28 May 2024, will also be an area of focus for examinations.
Crypto and Fintech
The Division continues to survey emerging fintech and, given the influence of and increase in artificial intelligence and automated tools in the investment services space, is attentive to the risks associated with these technologies. With a focus on compliance and marketing materials, the Division will also continue to review all aspects of a firm’s involvement with crypto-assets and related products. Firms involved in crypto-assets are encouraged to “routinely review, update, and enhance their compliance practices, … risk disclosures, and operational resiliency practices.” In addition, the Division will focus on whether firms have ensured a customer’s understanding of the products, particularly for senior investors and investments that involve retirement assets. Additionally, those crypto-assets that are funds or securities must comply with the custody requirements under the Rule 206(4)-2 of the Advisers Act.
The SEC has taken a heavy and broad enforcement approach in this space, with actions extending to crypto-platforms and exchanges for purported failures to register with the SEC and to individuals who allegedly sold unregistered crypto-assets. The SEC’s jurisdiction over cryptocurrency has also been hotly contested in litigation and not always in the SEC’s favor.5 Yet, the inclusion of crypto again as a key risk area signals that the SEC intends to remain vigilant in this area.
AML
New on this year’s list of priorities is AML procedures and compliance with the Bank Secrecy Act. The Division will review AML programs to determine if firms are tailoring such programs to unique AML risks associated with their business models, conducting independent testing, establishing a customer identification program, and meeting suspicious transaction report (SAR) filing obligations. Additionally, the Division will review whether broker-dealers and advisers are complying with Office of Foreign Assets Control sanctions.
The SEC has recently demonstrated its commitment to policing this area through enforcement actions asserting AML-related charges, including an unusual case against a registered representative for failing to elevate red flags of suspicious transactions in a customer account which resulted in his firm failing to file required SARs.6
Conclusion
The Report provides insight into the Division’s priorities for the upcoming fiscal year, with the intention that the accelerated publication at the start of the fiscal year will cause firms to be increasingly proactive in their preparations. While many of the priorities echo those of years past, a unifying theme is an overall focus on strong compliance and controls across all areas and regulated entities. Firms should evaluate their compliance policies and procedures for potential areas of enhancement. If recent actions are telling, the Division of Enforcement can be expected to align its priorities accordingly.