SEC Division of Examinations — 2022 examination priorities
Published on April 12, 2022 by Shawaf Ali Baig and Anitha Revanna
Following the recent release of the SEC’s 2022 priorities, we aim to summarise and help institutions plan for the year ahead. Like our blogs that dealt with the previous years’ priorities, we list below the key priorities we believe financial institutions need to incorporate into their assessments for the year. Some emerging themes are crypto-assets, ESG and increasing information security threats, in addition to the core areas that have been part of the SEC’s focus.
The SEC’s overall goal remains focused on safeguarding investors, especially retail investors, from any wrongdoing, by raising awareness among member firms. With markets growing and the number of investors increasing, such awareness and regulatory bodies formulating stringent rules are necessary.
Private funds tend to have increased investment risk, so the Division prioritises Registered Investment Advisers (RIAs) that manage private funds. Examinations will analyse issues under the Investment Advisers Act of 1940, including a review of the adviser’s fiduciary duties, risks relating to, but not limited to, compliance programmes, fees and expenses, conflicts of interest and control over material non-public information (MNPI). The examinations will also review the procedures, rules and investor reporting relating to risk management and trading for private funds.
Continuing its efforts and attention towards ESG-related investment products and services, including mutual funds, exchange-traded funds (ETFs) and private fund offerings could be considered some of the top priorities for this year. They were given even more weight following the SEC proposal to enhance and standardise ESG disclosures. Examinations will focus mainly on the accuracy of ESG investment approaches disclosed by RIAs and registered funds; these are expected to be in line with climate-related investment policies, procedures and practices.
“The prevention of any ESG-related violations of the federal securities laws” should be the prime objective of RIAs, and this should be reflected in their ESG investing approaches, policies and procedures. Another focus would be to ensure that voting on client securities is in accordance with ESG-related disclosures; this could have a significant impact on portfolio selection.
Retail investors and working families:
Retail investors are non-professional market participants who buy and sell securities through brokerage firms and invest in smaller proportions than institutional investors. The knowledge and experience of such investors are limited compared to those of sophisticated investors.
Safeguarding retail investors, has always been a top priority of the SEC and other global regulators. To prevent retail investors being disadvantaged, this year, too, the division will continue to watch for issues relating to standard of conduct on the part of broker-dealers and RIAs to ensure retail investors and working families receive appropriate and suitable investment recommendations in their best interests. The primary objective of these examinations is to focus on whether registrants comply with the regulation’s intent and advisers act in line with their fiduciary duties in the best interests of retail investors, not putting their personal or their organisation’s interests ahead of those of retail investors.
The division will also assess alternative investments, as these are not always suitable for retail investors and tend to be more complex and involved higher fee structures than retail-oriented funds, e.g., equity and debt. It will also pay attention to aspects such as management of conflict of interest, trading, disclosures, account selection, account conversions and roll-overs.
Information security and operational resiliency:
Cyberattacks refer to unwelcome attempts to steal, expose, disable or destroy information through unauthorised access to computer systems. Cyberattacks are becoming sophisticated in their method of operation and increasing daily, requiring organisations to invest in cybersecurity to protect controlled information from falling into the wrong hands. In view of the increase in the number of cyberattacks in recent years, the division will also assess the practices registered members follow, in order to prevent interruptions to critical services. The examinations will continue to monitor whether firms have taken the necessary steps to protect client accounts and prevent account hacking, monitor vendors and service providers, address malicious email activity including phishing, respond to incidents, and identify and detect red flags. Vital checks would also include determining whether business continuity plans (BCPs) and disaster recovery plans are in place to mitigate climate risk and other potential disruptions.
Emerging technologies and crypto-assets:
The market continues to evolve, and new technologies, products and services continue to be offered to investors. Hence, it is important to keep abreast of emerging market trends and determine whether there are appropriate regulatory protocols and controls in place. The Division will periodically examine broker-dealers and RIAs that use such emerging investment themes or technologies, to assess the unique risks these activities present.
The Division will also assess whether firms have considered all possible risks involved when designing and implementing their regulatory compliance programmes. It would determine whether operations and controls are in place and are consistent with the disclosures made. It would also check whether the standard of conduct owed to investors and other regulatory obligations are adhered to, advice and recommendations are consistent with investment strategies, and controls are implemented to mitigate the unique risks associated with such practices.
Cryptocurrencies are an unregulated market; this makes it even riskier to invest in them. The SEC and other global regulators have actively started discussing how to formulate organised governance for the crypto market. To this end, the Division will continue to examine crypto market participants and the offers, sales, recommendations, advice and trading of crypto-assets.
The published priorities are not exhaustive and are not the only areas the Division focuses on in its examinations or review. Other areas that could potentially pose a risk to investors or the financial market in general will also be examined.
What should companies do next?
Companies could consider follow the practices listed below:
- Maintain well-designed policies and procedures
- Disclose ESG investing approaches appropriately and adopt and implement policies to prevent violation of laws relating to ESG-related disclosures
- Have a dedicated team to validate ESG-related content
- Design strong compliance programmes
- Deploy robust social media communication surveillance teams
- Invest in effective cybersecurity tools
- Follow regulatory guidelines to avoid conflicts of interest
- Identify the unique risks posed by new technologies and ensure they are addressed in the compliance programmes
Acuity Knowledge Partners’ perspective:
seek to design an approach that implements operations and controls that are effective and strong. We aim to identify risks and ensure those risks are mitigated, in line with the latest regulatory expectations. We identify gaps in compliance programmes and create unique customised solutions with the help of our technology teams. With our focused set of offerings in the areas of corporate compliance, forensic compliance, and compliance testing and monitoring programmes, we conduct reviews based on the latest guidelines and help you prepare for examinations conducted by regulators.
About the Authors
Shawaf Ali Baig has overall 2.5 years of experience in the financial services industry. Prior to joining Acuity Knowledge Partners, he has worked for State Street Global Advisors as an analyst and his expertise spans across Compliance, Policy monitoring and Personal Account dealing. At Acuity he is a part of the Central compliance team and is responsible for monitoring Corporate Compliance and trading compliance for a client. He has completed Bachelors in Commerce from Jain University, Bengaluru
Anitha has 6+ years of experience in Marketing Compliance. She has previously worked with State Street Global Advisors. Her expertise spans across compliance and risk sector, focusing on compliance reviews of marketing/advertising materials and social media contents. At Acuity Knowledge Partners she is part of the central compliance team and specializes in marketing material review and social media reviews. Anitha is an MBA graduate from RV Institute of Management, Bangalore University.