Bates Research | 04-14-22
SEC 2022 Exam Priorities and Chart: Retail Investor Protection, Private Funds, ESG, Cybersecurity and Crypto-Assets Top this Year’s List
SPECIAL REPORT - Including Bates' 2022 SEC Priorities Comparison Chart
In its annual priorities report, the SEC Examinations Division focused on areas of “heightened risk to investors, registrants and the markets.” The report details examination programs covering (i) investment advisers and investment companies, (ii) broker-dealers and exchanges, (iii) clearance and settlement, (iv) oversight of FINRA and the MSRB, and (v) system technology (“Reg SCI”) for securities exchanges, self-regulators and other market participants.
The priorities list serves as both a reflection of new and evolving threats, and as a reminder for firms to address compliance gaps or deficiencies the Division observed over the past fiscal year. This year, the Division highlighted priorities concerning retail investor protections, private funds, environmental, social and governance (“ESG”) investing, cybersecurity and crypto-assets. Bates tracks that evolution to help firms consider how best to prepare for upcoming exams and to better anticipate how their resources might be directed. Here’s a look at the Division’s perspective and their exam priorities for 2022.
Division Acting Director Richard Best and Acting Deputy Director Joy Thomson opened their priorities discussion citing data points from the Division’s FY2021 examination record. They reported a 3% increase in examinations (3,040), the issuance of 2,100 deficiency letters, hundreds of outreach meetings, 190 referrals to the Division of Enforcement, and asserted that examinations in 2021 returned more than $45 million to investors. Leadership offered these results against the backdrop of high market volatility, the effects of the pandemic and challenging market trends (such as the fast growth in the number of RIAs—an increase of 20% over the last five years) which demanded greater regulator efforts to achieve consistent year-over-year market coverage.
In a separate section, Division leadership accentuated the positive by describing efforts to promote compliance engagement and acknowledging best practices. In particular, they focused on the importance of resiliency for an effective compliance program and how the most resilient programs: (i) are “inclusive,” and encourage “input across all business and operational lines;” (ii) are “flexible” with management processes that can adapt and ensure business continuity; and (iii) subject their policies and procedures to periodic review and testing.
The Division leadership also provided a link to a list of a variety of previously issued Risk Alerts on relevant subject matter.
Highlighted Priorities for 2022
As can be seen in Bates’ 2022 Exam Priorities Comparison Chart below, the Division emphasized a series of existing priorities and added several new ones.
© 2022, Bates Group LLC
Source: U.S. SEC Division of Examinations 2022 Examination Priorities (Compiled by Alex Russell, Managing Director, White Collar, Regulatory and Internal Investigations)
Protecting Retail Investors
Compliance with Regulation Best Interest (“Reg BI”) and the Advisory Act fiduciary standard remains a top priority and underscores every aspect of the priority list. The Division stated that examiners will review firm compliance with Reg BI and the fiduciary standard by concentrating on the following: “consideration of investment alternatives” (notably, about potential risks, rewards, and costs), management of conflicts of interest (particularly with respect to incentive practices in connection to certain products or services), trading (re: best execution), disclosures on Form ADV and Form CRS, account selection for brokerage, advisory, or wrap fee accounts, as well as account conversions and rollovers. For both broker-dealers and RIAs, examiners will focus on compliance program effectiveness, testing, and training.
Consistent with its past priorities, the Division emphasized that it would examine for recommendations and sales practices related to complex investments. This year it highlighted “SPACs, structured products, leveraged and inverse exchange traded products (ETPs), REITs, private placements, annuities, municipal and other fixed income securities, and microcap securities.” The Division noted that complex product recommendations, cost assessments, sales-based fees, and conflicts of interest may be subject to “enhanced examination.” Further, the report stated that examiners will evaluate the compensation structures for financial professionals and may focus on highly compensated financial professionals. For RIAs, examinations will focus on fees and expenses, revenue sharing or other compensation arrangements, complex products, and best execution. “Extra attention” will be paid to the use of “turnkey asset management platforms that provide technology, investment research, portfolio management and other outsourcing services.”
The Division reported that 35% of RIAs manage about $18 trillion in private hedge funds, private equity funds, and real estate funds. The size, complexity, and significant growth of this market has pushed the Division to prioritize examinations on practice and procedure, and to ensure compliance with an adviser’s fiduciary duty. These examinations will assess risks, focusing on fees and expenses, custody, fund audits, valuation, conflicts of interest, disclosures of investment risks, and controls around material nonpublic information. The Division stated it will also examine for: calculations and allocations on fees and expenses; the “potential preferential treatment of certain investors by RIAs;” disclosure and reporting requirements under the Custody Rule, as well as for cross trades, principal transactions, or distressed sales; and conflicts of interest concerning liquidity events. Portfolio strategies, risk management, and investment recommendations (e.g., around conflicts and disclosures on SPACs) will also be reviewed.
Environmental Social and Governance Investing (ESG)
The Division stated that there is a risk that portfolio management disclosures on environmental social and governance (“ESG”) investment strategies could involve “materially false and misleading statements or omissions, which can result in misinformed investors.” Due to concerns over the lack of standardization, multiple approaches to ESG portfolio investing, and failures “to address legal and compliance issues with new lines of business and products,” the Division prioritized (i) examining ESG advisory services and products for disclosure accuracy, (ii) review of proxy voting policies and procedures for consistency with ESG mandates; and (iii) examining for misrepresentations in performance advertising and marketing (and potential “greenwashing”).
Operational Resiliency and Cybersecurity
The Bates chart shows that last year’s focus on information security continues in 2022. The Division will examine firms to ensure that they are applying security controls to protect investor information, records, and assets and to prevent unauthorized account access. Specifically, examiners will review policies and practices on how the firm: (i) supervises vendors and service providers; (ii) addresses malicious email activities; (iii) responds to cyber incidents, (e.g., ransomware attacks); (iv) detects red flags concerning identity theft; and (v) manages operational risk (e.g., remote working employees). Further, the Division said it will review registrants’ business continuity and disaster recovery plans, considering climate risks and other disruptions to business operations.
Crypto-Assets and Emerging Technologies
Concerned about the risks associated with automated investment advice to clients (i.e., “robo-advisers”), the use of financial mobile apps, and increases in crypto-asset trading, the Division stated that examiners will review whether RIAs and broker dealers considered the risks these technologies may add to their compliance programs. As a result, examiners will target firms that offer new digital products and services (“e.g., fractional shares, ‘Finfluencers,’ or digital engagement practices”). Examiners will determine whether (i) operations and controls are in place that are consistent with disclosures and standards of conduct; (ii) algorithmic recommendations are consistent with investors’ strategies; and (iii) associated risks are addressed. Those trading in crypto-assets will be examined for adequate custody arrangements, as well as to assess whether they have met their respective standards of conduct. The Division added that it will also examine the trading of mutual funds and ETFs that may offer exposure to crypto-assets “to assess, among other things, compliance, liquidity, and operational controls around portfolio management and market risk.”
General Examination Issues
The remaining examination priorities mentioned in the Report are largely perennial. Under its program on investment advisers and investment companies, the Division will continue to examine marketing practices and whether investment advice and recommendations are consistent with the appropriate standards. Programs will be assessed for “custody and safety of client assets, valuation, portfolio management, brokerage and execution, conflicts of interest, and related disclosures,” among others. Registered funds will be examined for disclosure and accuracy of reporting, liquidity risk practices, and on the firms’ oversight of third-party service providers. The Division stated that it will prioritize examination of EFTs, money market funds, and business development companies as well as mutual funds that invest in private funds.
Under the broker-dealer and exchange program, the Division highlighted its focus on compliance with Reg BI regarding obligations in the offer, sale, and distribution of microcap securities. The Division stated that examinations will also address timely and accurate municipal issuer disclosure and trading activity in fixed-income securities (i.e., sales practices, best execution, markups/markdowns and commissions, and confirmation disclosure.) Further, the Division noted “the responsibility of broker-dealers who hold customer cash and securities to comply with the Customer Protection Rule and Net Capital Rule.” Examiners will determine compliance with requirements “for borrowing fully paid and excess margin securities from customers; and funding and liquidity risk management practices, with an eye toward the management of stress events.”
Consistent with last year’s report, the Division separated out the importance of compliance with anti-money laundering Bank Secrecy Act rules for broker-dealers and registered investment companies. The Division reiterated that examiners will continue to assess: (i) the adequacy of customer identification programs; (ii) SARs filing performance; and (iii) whether firms are conducting appropriate customer due diligence, beneficial ownership review, and adequate testing of their programs. These exams are also meant to ensure that firm policies are appropriately tailored to the characteristics of the firm and the products and services sold to their clients.
This year, several conclusions can be drawn from the new priorities list. First, the importance of the Reg BI standards to the risk-based approach is taking root, and this year’s emphasis on the Advisor’s Act fiduciary standard is significant. Reg BI has always been emphasized in the context of retail investor protection, but this year’s priorities show that the Division will not only hold advisers and brokers to their respective standards on established rules but will also integrate these standards on newly developing priorities. Preparation for this year’s examination priorities on private funds, ESG, cyber and crypto-assets is a continuation of an ongoing process that requires deeper consideration of firm activities against these standards. Second, the new priorities align with the SEC’s policy agenda on each of these matters. As proposed rules are being contemplated on climate disclosure, crypto-assets, cybersecurity, private funds (e.g., on SPACs), how the SEC examines firm’s compliance programs on these topics this year will matter—if only as prelude to future obligations. Finally, technology is multiplying the types of risks that firms need to cover to be in compliance. It is not yet clear, however, whether the regulatory framework adequately enables firms to assess and address all potential risks. As the chart shows, compliance regulation is expanding to cover more products, more risk and more innovation. It takes a lot to keep up—Bates will continue to keep you apprised.