SEC 2022 Exam Priorities – Learn How They Will Affect Your Compliance Program

The release of the exam priorities report[1] was later this year than in prior years but appears to be worth the wait.  In this year’s report, the Securities and Exchange Commission (“SEC”) outlines, among others, five “significant” areas of focus.  These include: (i) Private Funds, (ii) Environmental, Social, and Governance (ESG) Investing, (iii) Standards of Conduct, (iv) Information Security and Operational Resiliency, and (v) Emerging Technologies and Crypto-Assets.  Notably, most of these areas line up with the various Risk Alerts issued by the SEC in 2021.[2]

In addition to the five significant areas, SEC examiners will be scrutinizing, among other things, the “core” areas of an investment adviser’s compliance program, perennial areas of registered investment companies, and the sales and trading activities of broker-dealers and exchanges.

In the introduction portion of the 2022 report, the SEC discusses the following “commonalities of resilient compliance programs” they found during exams performed in 2021:

  • Inclusivity – firms with compliance programs that require participation and input by all business and operational staff.
  • Change Management – firms that have a solid compliance program that is flexible, adaptable and could pivot with changes in business, operations, and/or new compliance risks.
  • Review and Testing – firms that perform on-going reviews and testing to ensure their compliance program is adequate and effective.

In this Risk Management Update, we will discuss the SEC’s primary focus for each of the five significant areas and provide compliance guidance on how firms can implement the three commonalities to help ensure a resilient and effective compliance program.

 

Private Funds

While the SEC has listed private fund advisers on their exam priorities list since 2016, they have elevated this area to the top due the significant growth of assets in private funds.[3]  According to the report, examiners will look at issues under the Investment Advisers Act of 1940 (“Advisers Act”), including reviewing compliance programs, and will continue to specifically focus on: (i) calculation and allocation of fees and expenses, (ii) preferential treatment of certain investors, (iii) compliance with the custody rule under the Advisers Act,[4] (iv) adequacy of disclosures and

compliance with requirements for certain trading and distressed sales, and (v) conflicts surrounding liquidity. Additional areas of focus will include investment strategies, risk management, recommendations, and allocations of investments (including those in Special Purposes Acquisitions Companies (SPACs), and how firms are addressing conflicts and disclosures in these areas.  Lastly, examiners will look at the practices, controls, and reporting pertaining to trading and risk management.

 

ESG Investing

The SEC first mentioned this area as an exam priority in their 2020 report.  Since then, there has been an expansion of investment advisers and registered funds offering ESG strategies and/or employing ESG criteria to their investments.

The 2022 priorities report outlines that the SEC believes investors can be misled due to certain aspects, such as lack of standard ESG terminology, the different approaches taken by firms when investing, and lack of addressing legal and compliance issues. Due to those factors, examiners will continue to focus on ESG offerings by advisers and funds, including the accuracy of disclosures, implementation of adequate policies and procedures, proxy voting practices, and appropriateness of marketing and performance advertising.

 

Standards of Conduct – Regulation Best Interest, Fiduciary Duty, and Form CRS

This focus is also not new to the SEC exam priorities. It continues to focus on the effectiveness of compliance programs, compliance testing, and training applied by broker-dealers, investment advisers, and dually registered firms.  Areas of concern include acting in the best interest of clients, managing conflicts of interest, trading and best execution requirements, detail of disclosures in Form ADV and Form CRS, account selection, and rollover recommendations.[5]

For broker-dealers, the SEC will mainly review the firm’s sales practices of alternative and complex investment products,[6] compensation structures and applicable conflicts, and the adequacy of policies and procedures on evaluating costs and available alternatives regarding whether recommendations are in an investor’s best interest.  Investment adviser exam focus will be on whether firms are continually acting in their clients’ best interests, with extensive review of revenue sharing arrangements, investment product share class holdings, wrap fee accounts, and recommendations of proprietary investments. Dually registered firms will be subject to similar focus areas outlined above for broker-dealers and advisers, but also will include recommendations and sales of high fee products, proprietary products, and incentives and compensation that can influence or incentivize inappropriate recommendations and investments.

 

Information Security and Operational Resiliency

Also a continued focus of the SEC, examiners will look at whether firms have effective protocols in place covering: (i) business continuity, especially in regard to climate risk and substantial disruptions to business operations, (ii) compliance with Regulation S-P (safeguarding client non-public information) and S-ID (identity theft program), (iii) due diligence of service providers/vendors, (iv) management of risk due to remote working, and (v) cybersecurity, including potential malicious attacks and response to incidents.

 

Emerging Technologies and Crypto-Assets

Also known as “robo-advisers” and “digital assets”, these two areas have been mentioned in exam priority reports for at least the last couple of years.  For these, examiners will review whether broker-dealers and investment advisers have considered and addressed the applicable risks within their compliance programs. They also will look closely at firms that offer new products/services or are employing new practices, such as fractional shares, “Finfluencers”, and/or digital engagements to see whether they have appropriate  operational controls, provide consistent advice and recommendations, and have implemented risk controls. Last but not least, the SEC will be conducting exams of mutual funds and ETFs that have crypto-asset exposure to review compliance, liquidity, and operational controls covering portfolio management and market risk.

 

Compliance Program Considerations

  1. Inclusivity – Compliance is not just the responsibility of the Chief Compliance Officer (“CCO”), so it is crucial for a CCO and compliance personnel, as applicable, to have meetings and on-going dialog with appropriate staff and senior management. These should be formulated to: (i) monitor firm investment and operational processes and make necessary changes thereto, (ii) obtain information on potential new service or product offerings, and (iii) provide education and training on applicable compliance regulations, along with any changes that will affect the firm.
  2. Change Management – Compliance programs need to be dynamic to properly and adequately address both regulatory and business changes that occur.  CCOs should be expeditious with establishing and implementing new or revised procedures and controls to address such changes.
  3. Review and Testing – The type and frequency of reviews and testing are essential to ensuring a strong compliance program.  They should be diversified and formulated based on the risks and/or conflicts surrounding the areas, with the higher the risk and/or more material the conflict, the more in-depth and recurring of testing and reviews.  Additionally, CCOs should periodically assess the review and testing processes to ensure continued efficacy.

 

Conclusion

 In an SEC Risk Alert issued in November 2020 on advisory firm compliance programs deficiencies,[7] the SEC identified six main areas, with inadequate compliance resources topping the list.

In today’s ever-changing regulatory environment, just keeping up with compliance requirements is becoming a full-time job. For example, in the first quarter of 2022, the SEC issued approximately 14 proposed rules, 7 of which if adopted will affect investment advisers with certain business practices. CCOs not only have to review the proposals, which average over 200 pages each, to understand their applicability and what steps will be required; upon adoption they must create and implement appropriate policies, procedures, and internal controls, and then train personnel.  Therefore, it is critical for senior management and CCOs to work together to ensure there are adequate resources dedicated to the compliance function.

 

Author: Tina Mitchell, Managing Director, Consultation Services; Core Compliance & Legal Services (“Core Compliance”). We work extensively with investment advisers, broker-dealers, investment companies, and private fund managers on regulatory compliance issues.

 

This article is for information purposes and does not contain or convey legal or tax advice. The information herein should not be relied upon regarding any particular facts or circumstances without first consulting with a lawyer and/or tax professional.

 

[1] See https://www.sec.gov/files/2022-exam-priorities.pdf

[2] See https://www.sec.gov/exams

[3] The SEC states in the report that “in the past five years, there has been a 70% increase in the assets managed by advisers to private funds”, and there is now about $18 trillion invested in private funds.

[4]  Rule 206(4)-2 – https://www.ecfr.gov/current/title-17/chapter-II/part-275/section-275.206(4)-2

[5]  The areas mentioned herein are not all inclusive, as the exam priorities list contains additional areas of focus for investment advisers and broker-dealers.

[6]  These include but are not limited to SPACs, structured products, leveraged and inverse exchange traded products, REITs, private placements, annuities, fixed income, and microcap securities.

[7] See https://www.sec.gov/files/Risk%20Alert%20IA%20Compliance%20Programs_0.pdf

Leave a Reply

Your email address will not be published. Required fields are marked *